Background:
It’s been over 2 years since I started to use Home Assistant. As a complete novice, I got my start watching Ben’s BruhAutomation videos on YouTube. Over those 2 years I’ve continued to upgrade HASS every month integrating everything I could as part of my home renovations alongside my brother in law @Zpeed. I now use HassIO and it blows my mind the amount of integrations that are possible with the docker add-on libraries.
Long story short… The Raspberry Pi 3B+ that I upgraded and migrated to months back just doesn’t cut it anymore for the workload and automations that I get Hassio to do. The more and more integrations that I add to Home Assistant it’s turning into something that our household can no longer live without, so when it crashes/loses performance/sd card is full or corrupt there’s a mini-crisis as I frantically try to figure out what’s going wrong. I can see that many others are in the same position and those who’ve migrated onto dedicated servers, they’re very happy once they do. So I’ve decided to migrate the bulk of HassIO’s workload to a Virtual Machine running on my always on Windows Server. As part of this exercise I’m also going to beef up the security aspects of my setup and try to encrypt all services in the house that are exposed to the net.
My Goals:
- Setup a new instance of Hassio running as a VM on my Windows Server that will bear the bulk of HASS’s workload
- The easiest way to do this for me was to use the supported VMDK file and run it using VirtualBox. Hopefully as more users use this approach, more addons will support this setup too.
- Keep a lightweight instance of Hassio running on my Raspberry Pi
- Why? Because I’m finding that the Raspberry Pi HW is very well supported by the HASS community. The Pi’s bluetooth is well supported and other addons work well with it’s USB ports and GPIO pins. I can understand why, it’s much easier to help others when they’re running the exact same hardware as you.
- Secure as much of the traffic exposed to the internet as possible (i.e. use SSL certificates and stop exposing more and more ports to the internet)
I plan to document my progress for the benefit of other novices here. I’m not sure how i’ll document things and roughly at what pace i’ll go at, however I’m hoping the walk-through guides I write can help others, just like how Ben’s videos got me started. If you’re an absolute beginner, I’d still recommend using a Raspberry Pi because it’s still the most supported solution.
Cheers!!!
Walkthough:
1. How to get Hassio VMDK running on any computer using Virtualbox
Background: As mentioned above, you do this if you want your Home Assistant to have better performance, however the trade-off is that you’ll probably not get the same level of support as you would if you used a Raspberry Pi.
Steps:
- Download VirtualBox for either OSX or Windows and install https://www.virtualbox.org/wiki/Downloads
- Download the Hass.IO VMDK file https://www.home-assistant.io/hassio/installation/
- Within VirtualBox setup as following:
- General > OS "Other Linux (64 bit)
- System > I use 2gb of ram and 4 cpus
- Storage > Controller IDE and point the HDD to be the VMDK file downloaded
- Network > I use “bridge adapter” rather than the default NAT. This allows your Hassio VM to get it’s own IP address that different to the server VirtualBox is running on.
- I use Windows so i create a startup shortcut file by doing the following (if you’re using OSX or other, then google a solution)
- right click, start icon at bottom left corner and choose “run”
- In the Run dialogbox enter “shell:startup”
- This will open up the startup folder where you can right click > new > shortcut
- Enter the following as the Target for the shortcut “C:\Program Files\Oracle\VirtualBox\VBoxManage.exe” startvm “Hassio VM” --type headless" NOTE: “Hassio VM” is the name you’ve given the VM in virtualbox.
All going well you now have a Hassio Instance running on VirtualBox with it’s own unique IP address that will work in much the same way as a Raspberry Pi’s instance of Hassio
2. How to resize Hassio VMDK
Background: By default the standard Hassio VMDK file is only 6gb. This is great for beginner usage, however if you’re heavily invested in Hassio already you’ll find that isn’t enough and you’ll want more pretty quickly. For me i resized the VMDK from the get go. The steps I used are below to make a 30gb vmdk.
Steps:
I followed the following guide to resize the VMDK file https://www.upnxtblog.com/index.php/2018/09/03/how-to-resize-a-virtualbox-vmdk-file/amp/ For me I used the below commands in a Windows Command Prompt
- path C:\Program Files\Oracle\VirtualBox
- vboxmanage clonehd “hassos_ova-1.13.vmdk” “cloned.vdi” --format vdi
- VBoxManage modifyhd “cloned.vdi” --resize 30000
- VBoxManage clonehd “cloned.vdi” “hassos_ova-1.13-resized.vmdk” --format vmdk
- Download GParted per the instrin the link and boot the vm using GParted as a cd. This will allow you to expand the 6gb vmdk to make full use of the 30gb space you just created with the commandline.
- Remove GParted from the VMs cd mount and point the VMDK mounted to the newly resized one.
All going well Hassio will boot as before but have the extra space you allocated for it.
3. How to secure services in your smart home using Caddy and DuckDNS
Background: There’s heaps of instructions out there for how to get your Home Assistant secured using SSL and HTTPS. You don’t have to take these steps, however this is what’s worked well for me. If you do follow the steps below this will allow you to secure other services exposed to the internet. This means lessport forwarding on your router, as all you’ll need to do is port forward 443 to the Home Assistant IP and from there the Caddy and DuckDNS can securely route to any other services within your internal network.
Steps:
To give credit where credit is due I’ve followed the steps in the following link: https://dew-itwebservices.com.au/setting-home-assistant-up-for-secure-access-over-the-internet/
Rather than re-write the article, I’ll summarise the steps in the article:
-
Remove any existing SSL configurations if you’re planning to switch to Caddy (steps 1-6 in the article)
-
Install DuckDNS and Caddy Addons (step 7 Note: you’ll have to add the repository for Caddy). Note: for my own DuckDNS addon config i used the below. Make sure you’ve created all the necessary domains in DuckDNS online.
{
“lets_encrypt”: {
“accept_terms”: true,
“certfile”: “fullchain.pem”,
“keyfile”: “privkey.pem”
},
“token”: “XXXXX-XXX-XXXX-XXXX-tokenfromduckdns”,
“domains”: [
“DOMAIN1.duckdns.org”,
“DOMAIN2.duckdns.org”,
“DOMAIN3.duckdns.org”
],
“seconds”: 300
} -
Configure the Caddyfile and put it in the correct folder using the SMB addon (step 8) Note: Because my ISP blocks port 80 I can’t use sub-domains of the main domain like in the example within the article (this has something to do with how “challenges” are coded into the addons. So instead I create individual domains in DuckDNS like the configuration shown above and use these within the Caddyfile.
-
Remember to alter the URLs you use in future for your services and you can even use the steps above for getting Google Assistant to work on your Home Assistant (steps 9 and onwards)
To Do:
- How to setup MQTT so sensors in one HASS instance is visible in another (this is needed so that anything connected to the Raspberry Pi is visible on the VMDK instance)