It’s not available? It should be. The PR has been merged a while ago. I wasn’t aware of this. Oo
nope - not available. 0.2.7 still showing as current.
You are right. I just checked and realized, that my PR has not been merged. The notification which I believed was related to this seems to have been for something else.
no worries Daniel. Glad I asked.
My PR has been merged. It should show up as version 0.3. Apparently there has been a switch in the versioning scheme, which is why the add-on version is now out of sync with the configurator version.
The docker container haven’t been updated either, since 0.2.6. Is it no longer maintained?
Docker isn’t maintained by me. I’ll ping the guy who does that. Thanks for mentioning it.
Thanks Daniel - 0.3 this morning.
@danielperna84 Hi, do you know how I could add the configurator as a panel_iframe to homeassistant and have it authenticate automatically? I tried to set the url to https://username:[email protected]:3218, but it just shows a blank page when clicked on (that port is accessible from the interwebs)
Just to clarify: the URL you use works when directly pasted in the address bar, but not when used in the panel_iframe?
It should work with the authentication bit though. You have to use exactly the string you have configured for the credentials parameter, followed by @… The hass api password is not a part of this.
I’m about to release a new version. There’s one new feature I would like some feedback about though before I merge the new stuff into the stable version. In the menu on the left I have added an input field labelled Search entity. It does exactly that. You enter something like sensor.
and you get a list of all entities which have that in their name. The friendly name is also included in the search. Upon selecting the result it gets inserted in the editor, just like with the old entity-list.
It looks like this right now:
I have chosen to also keep the already existing dropdown with all entities to provide an alternative way to simply browse the entities in case someone doesn’t know what he/she is looking for. Do you agree, that keeping the old dropdown makes sense?
If you want to test it out for yourself you can copy the configurator.py
from the dev branch of the repository. The other new features are mentioned in the pull request for the new version.
I have decided to just do it the way I have implemented it. If anyone is annoyed by the old entity-dropdown it can still be discussed.
So here is the new release and the complete changelog:
- Material Icons and HASS-help now open in new tab instead of modal
- Open file by URL
- Added ENFORCE_BASEPATH option
- Cosmetic fix for scaled viewports
- Added search-function for entities
- Updated Ace Editor to 1.3.3
- Updated jQuery to 3.3.1
- Updated js-yaml to 3.12.0
Most interesting for you:
- Open file by URL: The way this is used is by appending
/?loadfile=/path/to/file
to the base URL of the configurator. So for examplehttps://192.168.1.123:3218/?loadfile=/home/homeassistant/.homeassistant/configuration.yaml
. -
ENFORCE_BASEPATH
locks the configurator into the path that is defined byBASEPATH
. So ifBASEPATH
is/home/homeassistant/.homeassistant
you won’t be able to get to/etc/shadow
. - The search function is already mentioned in the post above and explains itself.
As always, the hassio (and Docker) version will take a moment to get updated. But all standalone users can simply copy the latest configurator.py
. And if you want to use the ENFORCE_BASEPATH
option and use a settings.conf
file, then you have to add the parameter there obviously. This is how it looks like when it’s disabled.
UPDATE:
The update should be available for hassio now as well.
I just disabled port forwarding and it doesn’t connect.
Hmmm…can’t reach this page
Myhassio.duckdns.org:3218 is not allowing us to get to the site.
Try this
Checking the connection
ERR_CONNECTION_REFUSED
So I changed ssl to false and then tried to get to the configurator manually 192.168.10.20:3218 and I got this:
This page isn’t working
192.168.10.20 didn’t send any data.
ERR_EMPTY_RESPONSE
Just as a reminder: If you en-/disable ssl, then you have to change the http(s) in the front of the URL accordingly.
As for the rest I have to admit I have trouble understanding correctly what you have done. If you don’t use a reverse proxy you can’t disable port forwarding. At least when connecting from outside of your network. The IP you use is an internal IP, so this is probably not what you are trying to do. So in that case the reminder about http(s) applies. As long as the service is running on the specified port, you should be able to connect.
I think you post may have ended up in the wrong thread.
Ahhh yes, too many tabs open lol my bad.
A new version has been released just now: 0.3.0 (hassio and Docker following)
The changelog:
- Allow passing settings via environment variables
- Added basic
git stash
functionality - Added NOTIFY_SERVICE option
- Notifying if used passwords are insecure and if SESAME has been used
- CREDENTIALS setting replaced by USERNAME and PASSWORD
- PASSWORD can optionally be provided as SHA256 hash
- Added SESAME_TOTP_SECRET for TOTP based IP whitelisting
- Added
git diff
functionality - Red colored menu button as indicator for outdated version
- The GIT setting can now also be set with static settings file or environment variable
- LISTENPORT has been renamed to PORT (LISTENPORT still works though)
- Hiding git menu when git is disabled
- Removed right dragging area for editor settings
- Added IGNORE_SSL option to disable SSL verification when connecting to HASS API
Let me elaborate on some of the new features:
Git related:
- Use the
git stash
feature to discard all changes that haven’t been commited yet - Use the
git diff
feature so see what has changed inside a file that has been previously commited and has been modified since then.
Security related:
- What was the
CREDENTIALS
option until now is separated intoUSERNAME
andPASSWORD
(it’s backwards compatible, so you’re still safe while you haven’t changed your settings file) - Instead of setting your
PASSWORD
in plaintext you can write it in the form of{sha256}abcdef...
, whereabcdef
is a SHA256-hashed version of your password. You can do this here for example. The benefit of this is, that your plaintext password is not stored on your disk anymore. Important: this does not appliy to theHASS_API_PASSWORD
because here we really need the plaintext password to successfully connect. - If you’re using the
SESAME
option, you now have an alternative that’s more secure: Time based OTP (the pyotp module has to be installed for this). If you set theSESAME_TOTP_SECRET
to a valid Base32 encoded string and also add that to your Google Authenticator or similar, theSESAME
changes ever 30 seconds to a new one. Your oldSESAME
(if provided) will keep working in case you are using it in thepanel_iframe
link. - Somwhat security related is the fact, that you can now pass your options via environment variables instead of the conf-file used until now. This way you don’t have to write your
HASS_API_PASSWORD
into a file. Of course a process with sufficient rights is able to view the environment variables of any process on the system. But that process would probably also have access to the file where the password is stored. If you’re using systemd, you can have a look at this template on how environment variables can be used. Yes, theHASS_API_PASSWORD
would be visible in there too. But you can secure that file by not allowing unprivileged users to access the service file. - The
NOTIFY_SERVICE
allows you to specify a notification service of HASS which will be used to push notifications to you. The default is to create persistent notifications in HASS. Scenarios where notifications are pushed: WeakHASS_API_PASSWORD
, weakPASSWORD
(in case it’s provided in plaintext), weakSESAME
,SESAME
usage (with IP that has been whitelisted).
Other stuff
- The
LISTENPORT
setting has changed to justPORT
. The old variant keeps working too, butPORT
looks much nicer. - The
IGNORE_SSL
option allows you to set theHASS_API
to your internal IP address instead of the full hostname (when using SSL). This is because otherwise connecting to the API wouldn’t pass the SSL verification check. The worst case would be, that the configurators request path would go outside to the internet and back into your network. By using the internal IP you dodge this behavior.
Everything else is either minor, cosmetic or self explanationary.
I hope you like the new features I have come up with. And even though the notifications about weak passwords could be annoying, they are relevant. Be secure!
A small update:
There was a bug related to the SESAME
/ SESAME_TOTP_SECRET
feature.
I now have released 0.3.1 which fixes this.
Changelog:
- Fix SESAME / SESAME_TOTP_SECRET bug
- Added client IP to network status modal
- Allow setting logging level with environment variable HC_LOGLEVEL
I’m working on the hassio update now that this is fixed.