Installing Home Assistant Supervised using Debian 12

DivanX10 · September 14, 2023, 3:54am

I thought about what you said and I decided to try creating a homeassistant user and added it to the docker group. The homeassistant user does not have privileged access to system files or the administrative account. What do you think, is this a good way to go about it?

Installation on a clean Debian 12 system without editing /etc/docker/daemon.json
2023-09-14_05-58-25

After creating and adding the homeassistant user to the docker group and editing /etc/docker/daemon.json

User ID homeassistant

uid=999(homeassistant) gid=991(homeassistant) groups=991(homeassistant),992(docker)

Groups

docker:x:992:homeassistant
homeassistant:x:991:

Tamsy · September 14, 2023, 4:04am

If you decide to follow this guide strictly and by the book you wont need all these extra steps which consequences on the system’s security can not being overseen anymore.

Not following this guide for whatsoever reason is just clogging the thread with useless posts. Best is to simply open a new thread about your particular installation method.

HelpITru · October 1, 2023, 7:52am

Clean install same problem! This man resolved. Thanks

avd706 · October 2, 2023, 12:46pm

Use ssh. If HA starts acting up, install an ssh add-on and remove the bare metal ssh.

cateim · October 2, 2023, 9:01pm

Can you explain how make this?

Tks!!

DivanX10 · October 3, 2023, 12:32am

Could you please clarify what you mean by “how to do it?” What problem are you talking about? If the problem is with curl: (6) Could not resolve host, then try rebooting Debian 12, sometimes that helps, if that doesn’t help, then try doing this post, it worked for me, and if that doesn’t help, then you can do the following

If there is no privileged access

Create a user

sudo useradd -rm homeassistant

Add a user to the docker group

sudo usermod -aG docker homeassistant

Open the daemon.json file

nano /etc/docker/daemon.json

and add the line “group”: “docker”.

{
“log-driver”: “journald”,
“storage-driver”: “overlay2”,
“group”: “docker”,
“ip6tables”: true,
“experimental”: true,
“log-opts”: {
“tag”: “{{.Name}}”
}
}

Rebooting docker

sudo systemctl restart docker

Background information

Create a user and home directory

sudo useradd -rm homeassistant

Add a user to the docker group

sudo usermod -aG docker homeassistant

Remove a user from the docker group

sudo gpasswd -d homeassistant docker

Display the list of users, where you can see which group the user is in

cat /etc/group

Get homeassistant user ID

id homeassistant

Delete user homeassistant

sudo deluser homeassistant

Tamsy · October 3, 2023, 2:01am

A simpler and cleaner way to resolve this issue you will find HERE.

I strongly advise you to not do the following:

The above “solution” by simply adding another user (homeassistant here) and assigning certain privileges to that user is a workaround at best.

If you really follow:

Section 1 - Install Debian 12, pharagraph 1.11)

and

Section 1 - Install Debian 12, pharagraph 1.16, Step 1.10),
and
Don’t miss this one (!): Pharagraph 1.17)

There will be no need to add that additional user “homeassistant”. Neither you will need to tamper with the permissions of the docker container.

Keep it nice and simple!

Probably caused by half baked knowledge about the security/privileges concept of *nix systems some users are just skipping Section 1, pharagraph 1.17 and simply continue the guide as the root-user without being aware of the consequences this might bring up!

nickrout · October 3, 2023, 2:04am

and @GSzabados I use openssh server on the host as per normal, port 22 as usual.

I also use the advanced ssh & web terminal addon in HA, set to port 2222.

Both work fine and I have never been seen as unhealthy. (not on account of ssh anyway).

It may not be strictly according to Hoyle, but it works.

nickrout · October 3, 2023, 2:19am

cgroup errors are resolved by installing homeassistant-supervised.deb. The post install script takes care of it. Perhaps you didn’t follow the instructions.

Tamsy · October 3, 2023, 2:40am

Absolutely correct

Most obviously!

And if you read (I mean really read, not just skimming through) the referring pharagraph you will notice that little:

before the execution of:

where this is done by being a “normal” (unprivileged) user and only temporarily root privileges are granted to the user/group to access system resources for executing those individual commands by prepending “sudo -i”.

If you are not familiar with the sudo command in Linux I recommend you to read through “Linux sudo commands for beginners” to get the idea why it is important to do adminitrative tasks as a non-privileged user whenever possible.

snappingneuron · October 7, 2023, 10:50pm

Chefs kiss for those setup scripts, just moved to Debian and the install and restore from another HA instance went flawlessly. Nice work.

asjapulk · October 8, 2023, 11:28am

I don’t know if I did everything correctly but after the installation HA seems to run as root. How do I change it to run as non-privileged user?

Tinkerer · October 8, 2023, 11:29am

You don’t - it runs as root by design.

asjapulk · October 8, 2023, 11:47am

That sad. The HA keeps reminding me how not safe it is. It even blocked updating itself for a while.

Tinkerer · October 8, 2023, 12:08pm

That’s got nothing to do with HA running as root.

wu5 · October 18, 2023, 5:16pm

I’m following the guide exactly, but after installing the packages, during docker installation I get:

curl -fsSL get.docker.com | sh
curl: (6) Could not resolve host: get.docker.com

I tried several hacks in this thread, but they didn’t work except for this one.

For those who will be looking for this, here’s a working solution: #1076 by SkynetNexus

snappingneuron · October 24, 2023, 11:35am

wu5:

I’m following the guide exactly, but after installing the packages, during docker installation I get:
curl -fsSL get.docker.com | sh
curl: (6) Could not resolve host: get.docker.com
I tried several hacks in this thread, but they didn’t work except for this one.

I had this happen on an install today. The install script sent a lot of DNS queries at once and triggered anti flood protection on the router (depending on your router settings). It filtered the client connection and stopped all DNS requests and hence " Could not resolve host: get.docker.com" error.

Simple fix was to reboot which clears the cache and it works again. Also making sure ipv6 is disabled. Something to look into if you have that issue as it worked for me.

HelpITru · October 27, 2023, 2:32pm

Hello !

Clean install Debian 12 (last release) and folowing instruction I get the following errors:

dns stops working after completion of execution “apt install apparmor jq wget curl udisks2 libglib2.0-bin network-manager dbus lsb-release systemd-journal-remote systemd-resolved -y”
errors when executing the installation script HA

изображение1573×717 32 KB
after correcting errors with hands, I try to restore a backup copy and it turns for hours (while the machine does not use computing resources)

изображение920×558 17.7 KB

Tamsy · October 28, 2023, 1:23am

For a possible solution to the dns-issue you might want to look HERE.

You should have given more attention to “Section 1 – Install Debian 12”, step 1.10, step 1.16, and step 1.17.

With this you would have continued “Section 2 - Install OS Agent, Docker and Dependencies” as that non-privileged user you have created with step 1.10 which in turn would most probably have saved you from these kind of privilege issues like “couldn’t be accesses by user '_apt”’ and “(13: Permission denied)”.

cuonguct · November 9, 2023, 4:29am

Someone please help me, when I execute this command I get an error. I don’t know how to fix it.