My (almost) complete quick start to installing Home Assistant on FreeNAS 11.2 (Including AppDaemon/HA-Dashboard, Hass-Configurator, Mosquitto and TasmoAdmin)


#41

Hey Troy, thanks for the write up and the instructions. I failed at the manual install but the scripted install worked like a charm. The only thing I can not get working for the life of me is the Homekit integration. I’ve followed the homekit troubleshooting guide, logged at the debug level for homekit and for pyhap, but I don’t see any errors. I found an issue on Github where someone got it to work downgrading zeroconf, but that didn’t do it either. Is there something specific to FreeNAS and a iocage that I’m missing?


#42

@troy
Question for you Troy. Every time I remove the Z-Wave stick to add more devices to it FreeNAS and Home Assistant forgets it when I plug it back in. Also when I go through the instructions to add the Z-wave back I get the “Refusing to remove protected devfs_ruleset: 11”. Should I be concerned about it?

[email protected]:~ # iocage exec homeassistant ls /dev
crypto  fd      null    ptmx    pts     random  stderr  stdin   stdout  urandom zero    zfs

[email protected]:~ # chmod +x zwave-ruleset.sh
[email protected]:~ # sh zwave-ruleset.sh
[email protected]:~ # devfs rule -s 99 show
100 include 1
200 include 2
300 include 3
400 path zfs unhide
500 path bpf* unhide
600 path cua* unhide
[email protected]:~ # iocage set devfs_ruleset=99 homeassistant
Property: devfs_ruleset has been updated to 99
[email protected]:~ # iocage restart homeassistant
* Stopping homeassistant
  + Running prestop OK
  + Stopping services OK
  + Refusing to remove protected devfs_ruleset: 11
  + Removing jail process OK
  + Running poststop OK
* Starting homeassistant
  + Started OK
  + Starting services OK
[email protected]:~ #

#43

@reven
It’s possible there may need to be extra packages installed (inside the jail) to use HomeKit.
I don’t have any Apple products so I can’t really test anything myself. Now that being said I had a look at the HomeKit component page which mentions possibly needing to install libavahi-compat-libdnssd-dev. My first guess would be to try installing the FreeNAS equivalent package which I believe to be avahi-libdns

sudo iocage homeassistant
pkg install avahi-libdns

It’s been awhile since I’ve used the manual guide. I’m traveling for work right now but I’ll give it a run through when I return and make any changes required. Thanks for the heads-up.


@Dayve67
I always had the same problem when removing my Z-wave stick as well. For me it was not so much that HA would forget but actually the path would change. For example my default path is /dev/cuaU0 but if I unplug and re-plug my Z-wave it would change to path dev/cuaU1. Usually restarting my entire FreeNAS would fix the path issue but that is far less than ideal.

Instead I have starting using Add Node or Add Secure Node from the Z-wave control panel.

The “Refusing to remove protected devfs_ruleset:” is normal to see. Note that the number may change though. Be sure to add the script in the FreeNAS GUI as well (only creating this ruleset from the CLI will be lost on (FreeNAS) reboot)

After adding the zwave-ruleset.sh script in the GUI and restarting FreeNAS here’s how mine looks when I restart the HA jail

[email protected]~ $ sudo iocage restart homeassistant
Password:
* Stopping homeassistant
  + Running prestop OK
  + Stopping services OK
  + Tearing down VNET OK
  + Refusing to remove protected devfs_ruleset: 99
  + Removing jail process OK
  + Running poststop OK
* Starting homeassistant
  homeassistant is not using the devfs_ruleset of 4, not generating a ruleset for the jail, DHCP may not work.
  + Started OK
  + Configuring VNET OK
  + DHCP Address: 192.0.1.18/24
  + Starting services OK

#44

@troy
Yes, I had already tried that. No dice. Thanks though!


#45

how is possible add ssl certificate in this installation? I’m go crazy.


#46

@fabrizio.lanni
Can you link to a guide or directions your trying to follow? I’ll take a look and see if I can help but honestly I don’t know much about ssl certification. (I use a VPN to connect from outside) I did at one time have this have working back when Google Assistant was just added. (before Nabu Casa was a thing) At that time I followed this blog post. Take a look there and see if it helps. Or at least let me know if that is what you are trying to accomplish.


#47

Has anyone got SSL working in TasmoAdmin? I cannot seem to figure out what I am doing wrong. Here is my configuration from the MyConfig.json file:

{
    "ota_server_ssl": "1",
    "ota_server_ip": "<removed>",
    "ota_server_port": "80",
    "username": "<removed>",
    "password": "<removed>",
    "ssl": true,
    "certfile": "/usr/local/www/tasmoadmin/data/domain.crt",
    "keyfile": "/usr/local/www/tasmoadmin/data/domian.key",
    "refreshtime": "8",
    "current_git_tag": "v1.6.0",
    "update_automatic_lang": "EN",
    "nightmode": "auto",
    "login": "1",
    "scan_from_ip": "192.168.178.2",
    "scan_to_ip": "192.168.178.254",
    "homepage": "start",
    "check_for_updates": "1",
    "minimize_resources": "1"
}

I can still access TasmoaAdmin with http:// instead of https:// with this config. The strange part is if I modify and save settings from the TasmoAdmin GUI, my cert and key file become:

"certfile": "\/usr\/local\/www\/tasmoadmin\/data\/domain.crt",
"keyfile": "\/usr\/local\/www\/tasmoadmin\/data\/domian.key",

I don’t know why TasmoAdmin adds this backslash. I’ve tried multiple variations of this config including trying “” instead of “/”. TasmoAdmin is supposed to have logs. Where are those kept in our jail? That might help me figure this out. Another issue could be that this jail uses nginx. Maybe I need to put my cert and key somewhere in that instead. I just don’t know.

I have SSL working perfectly fine in Home Assistant, AppDaemon, Hass-Configurator, and Node-RED. I have not set up Mosquitto yet because the current FreshPort version contains a bug that won’t allow you to generate passwords. That was fixed in 1.5.8 but hasn’t been compiled in FreshPorts yet.


#48

The good news is that I got SSL functioning correctly. My FQDN is now showing secure in Chrome when accessing TasmoAdmin using https. Ignore my last post about altering MyConfig.json. You do not need to modify this file.

You do need to modify nginx.conf found in /usr/local/etc/nginx starting at Line 17 with the following:

listen 443 default_server ssl;
listen [::]:443 default_server ssl;
root /usr/local/www/tasmoadmin;
index index.php;

ssl_certificate /usr/local/www/tasmoadmin/data/tasmoadmin.crt;
ssl_certificate_key /usr/local/www/tasmoadmin/data/tasmoadmin.key;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES25
ssl_ecdh_curve secp384r1;
ssl_session_timeout  10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;

Make sure you have the SSL key and cert in the path specified about and named correctly. You are welcome to change the path and file names if you prefer something else.

I created a pull request to at least add the entire nginx.conf for SSL.


#49

Mostly seems to be working, but some things aren’t, - any advice appreciated. I find it strange that it’s referring to the directory as /.cache/pip/http instead of /usr/home/hass/.cache

2019-03-10 18:18:02 ERROR (SyncWorker_8) [homeassistant.util.package] Unable to install package PyNaCl==1.3.0: The directory ‘/.cache/pip/http’ or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo’s -H flag.
The directory ‘/.cache/pip’ or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo’s -H flag.
Building wheel for PyNaCl failed: [Errno 13] Permission denied: ‘/.cache’
Could not build wheels for PyNaCl which use PEP 517 and cannot be installed directly


#50

@troy
Is it possible to use the upgrade script of yours to upgrade home assistant to the beta release?
Of course I would take a snap shoot before I upgrade.


#51

@Dayve67
I think so. I’m not aware of any special command to get the beta. Worst case is it will just say HA is already up to date.

If it doesn’t work let me and I’ll see what I can do to make it an option


#52

@troy
If I run your update like: iocage exec homeassistant bash update it just upgrades to the latest stable version.
I did find this command on the HA’s website: https://www.home-assistant.io/docs/installation/updating/
but I’m not sure it will work.

$ pip3 install --pre --upgrade homeassistant

#53

@Dayve67
ah ok. I can add another bash script for that but it may take some time because of busy work

In the meantime, that will work if you upgrade manually. The full steps would be
(including pip - you can skip that line below if you do not want to upgrade pip)

iocage console homeassistant
service homeassistant stop

su - hass
    source /srv/homeassistant/bin/activate
    pip3 install --upgrade pip
    pip3 install --pre --upgrade homeassistant
    deactivate && exit

service homeassistant start

#54

Perfect. that worked great. Just had to remove “exec” from iocage exec console homeassistant


#55

Glad it worked for you. I’ll add that as a script as soon as I can. I also edited my post above to remove ‘exec’ as you mentioned.


#56

@AlVal

I received this error myself after updating HA. I am curious also as to why this is using /.cache/pip/http instead of /usr/home/hass/.cache but have no answer.

I have found installing PyNaCl manually works as expected. The steps are similar to manually upgrading homeassistant

Starting from your FreeNAS console

iocage console homeassistant

su - hass
source /srv/homeassistant/bin/activate
pip3 install --upgrade PyNaCl
deactivate && exit

Finally restart Home Assistant