HASSIO on NUC - My Journey

The Kodi software also actually runs a DLNA server as well as acting as a client on the host machine.

I use it right now to serve video, music and picture files to several DLNA-enabled bluray players on my network.

I don’t even care if the GUI runs as long as the server portion works and I can run the configuration via a web app.

But it seems the answer to the question is no.

To get Kodi running you need a GUI though, right? Docker doesn’t play well with apps that require a GUI.

Unless someone has created a Kodi server app? I don’t know. Plex works beautifully for me and has for years.

If all you need is a dlna server, there are several out there.

Yes, at least in my current version.

That’s what I was hoping to find any info on.

I use it pretty much exclusively for that right now but I had visions of it being my next step to cutting the cord from the cable/satellite TV companies. Hasn’t worked out for that yet, tho. My wife just isn’t the “cutting edge technology” type.

I have a hard enough time getting her to accept my HA “toy”.

Yeah, maybe I’ll have to give PLEX another shot.

I just remember that it left a bad taste in my mouth after using it a long time back.

Thanks :smiley:

I was a heavy xbmc user back many years ago. Long before it changed it’s name to Kodi. When I gave Plex a fair shot, it has been a perfect fit for my house. I don’t have to manually configure any clients, the service is just discovered on the network. My wife and son know how to use it and I get no flack from them. It has made the TV and movie viewing in my house much more enjoyable

Definitely try Plex again–it may change your mind. Great web UI, Chromecast, iOS, Android, WebOS, XboxOne, Playstation4 apps, and the ability to do direct transcoding to all the apps I tested. I used to use XBMC/Kodi all the time, but it was a pain trying to setup a centralized DB and this DIY work. Plex is very much plug and play, and is really good at scraping TV, movies and music now. I’m really happy with it, especially since it works with Chromecast so well.

1 Like

So, to add to my previous Linux Perils:

I adventured into VLANs. I have now a complete Unifi Setup and segregated my IoT devices, my Voice devices (Google Home, Alexa), my general internet and management network.

However, this brought me some new issues, as Hassio was not able to listen on the Multicast L2 that is required for a lot of component. i.e. the Xiaomi Air Purifier was simply not possible to connect. It even flooded my Network so that the Hue integration stopped working completely.

After reading a lot, i finally found the solution is simply adding the VLANs to my HASSIO. All on the same Ethernet Port.

There were basically 2 posts that helped a lot:

and

I just adjusted the whole thing a little bit. So basically it works like this for me:

Step 1: Add "networkmanager" to the packages in the SSH & Web Terminal Addon from the Community Repo.
Step 2: Turn off Protection Mode so you can edit the base system
Step 3: Check the connections by typing: nmcli connection show
Step 4: Create a new VLAN (you can choose the name) under the device that is your ethernet. For me this is enp2s0. nmcli con add type vlan con-name enp2s0@vlan10 dev eth0 id 10
Because i do not define the IP, the Gateway or the DNS i am using my DHCP Server for it.
Step 5: Recreate for any other VLAN. id = vlan id.
Step 6: After restart all of the previously not found devices are finally back. Even the WOL works like a charm.

3 Likes

New Update - Zero Tier

I recently discovered the great service Zero Tier. Luckily, there already is an Addon for Hassio :slight_smile:

My goal is to replace my VPN (from Unifi) with the ZeroTier solution. However, i do not know if its possible to install ZeroTier on my Unifi Gear (USG). Therefore i needed the possibility for my Hassio Zero Tier to route all traffic from all my LANs (and VLANs) to my ZeroTier Network.

By default, this is not working and i was reading a lot of different things that are required. I tried setting up firewall rules on my unifi gear but nothing worked. Finally i found a great post explaining how to “bridge” the networks.

https://www.reddit.com/r/zerotier/comments/9714a2/easy_way_of_bridging_lan_for_remote_access/

So basically, we need to adjust the IP Tables. I used the same method as in my post above via using the terminal addon. However for IP Tables the terminal addon even works when protection mode is enabled.

So first i checked my current iptables with this command:

iptables -L

then i added my network and all the VLANs: (enp2s0 = NIC ID for my LAN Network. ztc**** = NIC ID for my ZeroTier Lan.) You can find it easily via

ncmli connection

iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.10 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.20 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.30 -j MASQUERADE
iptables -A FORWARD -i enp2s0 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.10 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.20 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.30 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.10 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.20 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.30 -j ACCEPT

Now it is time to also configure the Zero Tier network. So simply login to your zerotier network website https://my.zerotier.com/

In “Managed Routes” you need to add for every LAN or VLAN to the “Destination” side and on the “via” side you add the ZeroTier IP of the Hassio Addon.
This can look like this in the end:

zerotier

And with this its done. I now can ping and access all of my Lan (& VLAN) devices via ZeroTier.

5 Likes

Hi, thanks a lot for your post, do you mind helping me a bit. So I have HASSIO and this ZeroTier One addon. All is working fine.
I can access from outside my LAN only the devices in my network that have a ZeroTier program (HASSIO, a QNAP, PI3), all the other I can’t access.

On my HASSIO/NUC if I do iptable -L I have this


me@ubuntu:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:8126
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:8884
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:8883
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:1884
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:1883
ACCEPT     tcp  --  anywhere             172.30.33.1          tcp dpt:tproxy
ACCEPT     tcp  --  anywhere             172.30.33.2          tcp dpt:9541
ACCEPT     udp  --  anywhere             172.30.33.3          udp dpt:21027
ACCEPT     tcp  --  anywhere             172.30.33.3          tcp dpt:8384
ACCEPT     udp  --  anywhere             172.30.33.4          udp dpt:ntp
ACCEPT     tcp  --  anywhere             172.30.33.7          tcp dpt:8086
ACCEPT     tcp  --  anywhere             172.30.33.8          tcp dpt:ssh
ACCEPT     tcp  --  anywhere             172.30.33.9          tcp dpt:9050
ACCEPT     tcp  --  anywhere             172.30.33.11         tcp dpt:5037
ACCEPT     tcp  --  anywhere             172.30.33.12         tcp dpt:7277
ACCEPT     tcp  --  anywhere             172.30.33.13         tcp dpt:8000
ACCEPT     tcp  --  anywhere             172.30.33.14         tcp dpt:https
ACCEPT     tcp  --  anywhere             172.30.33.14         tcp dpt:81
ACCEPT     tcp  --  anywhere             172.30.33.15         tcp dpt:mmcc
ACCEPT     tcp  --  anywhere             172.30.33.14         tcp dpt:http
ACCEPT     tcp  --  anywhere             172.30.33.15         tcp dpt:5000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Then I do this (enp0s25 is the name of my NIC oif the HASSIO/NUC, zthnxxxo is the ZT1 name, both I got via ifconfig)


me@ubuntu:~$ sudo iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE
me@ubuntu:~$ sudo iptables -A FORWARD -i enp0s25 -o zthnxxxo -m state --state RELATED,ESTABLISHED -j ACCEPT
me@ubuntu:~$ sudo iptables -A FORWARD -i zthnxxxo-o enp0s25 -j ACCEPT

then did this in ZT1 configuration (192.168.192.12 is the ZT1 address of the HASSIO/NUC, which has a local LAN 192.168.1.12)

Now I can access from outside the LAN
192.168.1.12
192.168.192.xxx (xxx my devices that have ZT1 apps)

but not the other 192.168.1.yyy

EDIT, never mind it works, after switching OFF and ON again the Zerotier of my Android!!!

Wow, I was looking for a reliable solution as this since the 90s!!

BTW I did NOT do the following

" make sure you have allowManaged=1 in your /var/lib/zerotier-one/networks.d/###.local.conf file or whatever is respective to your system"

Ah yes me neither :slight_smile: As I read in the reddit thread this also seems not to be a requirement for this solution

Hi, there is a pi3 that I need to reach and can’t since I did your suggestions, nothing i do works.
Wish now to go back, any clue on how to remove those iptables?

Just restart. That should wipe the additional rules.
Or:

From:

List all commands that were used to create the currently used rules, useful to edit or delete rules.

sudo iptables -S

To delete a specific rule choose a rule from sudo iptables -S and replace -A with -D .

# -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

sudo iptables -D INPUT -p tcp -m tcp --

I think I know what hapend (?). Basically if I use your tecquique AND keep zerotier client in a pi3 it does have problems with the pi3, its enough to uninstall zerotier one from the pi3 and UNCHECK the device in the zerotier network webui.
If , as I did, you DELETE the device from the zerotier network webui the pi3 disappears entirely from the network, do you know how to get it back?. Nothing I did works

I noticed that when you click DELETE you get this message

“This marks a member as permanently hidden and banned. Deleted member records are purged from the database after a period of time. To “un-delete” manually add the member.”

. (How to “add the member” back???

What I did is reflash the SD card of the pi3, and NOT install Zerotier on it.

My goal is still accomplished since I can reach the devices at 192.168.1.xxx outside my LAN.

To manually add, just note the Address (10 Digits looks similar to a MAC) and add it to the add manual field in ZeroTier website

Ok, but which address is that? Since I delete that pi3, I do not have that address anymore (?)

For example when you start the Hassio Addon, it shows the address in the Log:

[12:22:04] INFO: ZeroTier node address: XXYY0011ZZ
You can probably see the same when you installed it manually on Linux. Just check the manual or logs when you start it.

very good,thank you

Hi, never mind, the easiest and fastest solution is to delete the zerotier network and redo another one (I think zerotier has a small bug when you delete a member, because you simply can’t add it again).

From scratch to fully working it takes 5 minutes at the most.

Great tool, and great instructions, thanks a lot

Some new updates… since there is no Hassio Addon available so far for Face/Person Recognition via Camera i decided to first try to install Facebox via docker-compose and get it to run.

This means basically following this guide:

So i logged into my Ubuntu via SSH and created a new folder for facebox where i could add my docker-compose.yml for it:

mkdir facebox
cd facebox
nano docker-compose.yml

In the docker compose i added this:

Important to note:

  1. In contrast to the official guide i do not have ${ YOURKEY } where the key goes.
    This didnt work for me, only the plain key worked.
  2. I added an additional environment attribute to load state (the faces i taught facebox) after every restart since facebox is stateless and does not save anything if your not a premium subscriber.
    (This seems to only work from an web accessible address. I was not able to use filesystem for this.)
  3. Since i already use port 8080 for the unifi addon, i had to switch the listening port to something different. i chose 8083 for it.
  4. I had to use the _noavx version since my CPU seems to not be supported.
version: '3'
services:
  facebox:
    image: machinebox/facebox_noavx
    container_name: facebox
    restart: unless-stopped
    ports:
      - 8083:8080
    environment:
      - MB_KEY=YOURKEY
      - MB_FACEBOX_DISABLE_RECOGNITION=false
      - MB_FACEBOX_STATE_URL=https://myserver.duckdns.org/local/facebox/state/state.facebox

Hassio configuration:

I use this in my configuration.yaml:

image_processing: !include image_processing.yaml

And then for the image_processing.yaml itself:

   - platform: facebox
     ip_address: localhost
     port: 8083
     scan_interval: 10000
     source:
       - entity_id: camera.xiaomilivingroom
         name: FaceBox

I chose the scan_interval of 10000 because of this post:

It makes a lot of sense to me, to only manually trigger the scanning. i.e.: When motion is detected.

I also used the python script robmarkcole posted here to automate the teaching:

For this i created a new facebox folder in my home assistant shared folder and for each person an extra folder with all the images. The script lies in the facebox folder and is simply called via:

python3 teach_facebox.py

After the teaching was done, i simply downloaded the state through the local website: localhost:8083 and added it as state.faceboy to my /config/www/facebox/state folder

Now, after every restart, it automatically load the state back into my facebox.

The automation for scanning and handling of the data i do via Node Red.

1 Like