The first installation we will do in our home automation infrastructure (beyond an operating system) is Home Assistant. We are doing home assistant first because I think it is fairly easy to install, and it gives some pretty immediate results (I am into instant gratification). In the not to distant future we will also be installing Mosquito MQTT, and VoxCommando.
There are three phases to the Home Assistant installation:
- Install Home Assistant
- Set Home Assistant to run on boot (set it as a service)
- Configure the firewall to allow connections to Home Assistant
There are many ways to install Home Assistant. Many guides install Home Assistant into a virtual python environment. This is good practice if you intend to use a single Raspberry Pi for multiple examples. You can find the virtual environment instructions here. There is also a pre-configured image you could use, Ben over at BRUH Automation has a good video outlining the installation, and many other ways of installing (see the Home Assistant site for more info).
I am going to show you how to install it directly on the Rasbian OS without the the virtual environment. I do this because my outlined architecture has one service (such as Home Assistant) per device. So there is little benefit to installing it in a virtual environment.
The Steps for installation are simple:
- Ensure the OS is up to date (we are not updating the kernal here but you could do that as well)
sudo apt-get update sudo apt-get upgrade -y
(all installations will start with update and upgrade commands)
- install Python3 and pip (pip is a python based installer similar to apt-get)
sudo apt-get install python3 python3-pip
- use pip3 to install homeassistant (this command will install version 0.32.3, I had issues with 0.32.4 hanging)
sudo pip3 install homeassistant==0.32.3
once all these commands have completed the Home Assistant installation is complete.
Configuring Home Assistant to start at boot
The initial installation of Home Assistant does not have a configuration to allow it to start when your Raspberry Pi boots. So to run it you would have to log on and run it in a command window. This is not ideal. To set Home Assistant to run at boot is fairly easy.
- Find and record the installation location
(will most likely be /usr/local/bin/hass
- Create a service unit (file that contains service info) for the service
sudo nano /etc/systemd/system/hass.service
(email@example.com for example)
- Copy the following text into your service unit
[Unit] Description=Home Assistant After=network.target [Service] Type=simple User=haadmin ExecStart=/usr/local/bin/hass [Install] WantedBy=multi-user.target
- Change the execution location
- Change the value of ExecStart= to match the location you received in step one followed by hass (hass is the executable to run).
- Change the user the service will run under
- Change the value of User= to your user account (haadmin in my case)
- Save the file [ctl]+x,y,[enter]
- reload the deamon (service) to read in the file
sudo systemctl --system daemon-reload
- enable the service to run
sudo systemctl enable hass.service
- Reboot the system
you could also start the service instead of rebooting (sudo systemctl start haadmin.service)
That is it, you are done configuring your service.
For more information:
Home Assistant instruction page
Configure Your Firewall
By default the most recent Rasbian kernel has inbound connections blocked by default. This will stop you from browsing to your home assistant web page, stop home assistant from auto finding some of your devices (things like hue lights, and sonos speakers).
- Edit your iptables firewall rules
sudo nano /etc/iptables.firewall.rules
- copy the following rules into iptables.firewall.rules
*filter # Allow ALL loopback traffic and drop all traffic to 127/8 that doesn't use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow all outbound establised traffic -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT # Allow HTTP and HTTPS connections from your local subnet (leaving 80,443,8080 enabled however for home assistant only 8123 is needed here until we add SSL) -A INPUT -s 192.168.0.0/24 -p tcp --dport 80 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p tcp --dport 443 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p tcp --dport 8080 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p tcp --dport 8123 -j ACCEPT #Allow uPnP requests - this is for the net disco service built into Home Assistant and is a fail safe -A INPUT -s 192.168.0.0/24 -p tcp --dport 2869 -j ACCEPT -A INPUT -s 192.168.0.0/24 -p udp --dport 1900 -j ACCEPT #Allow SSH connections # The -dport number should be the same port number you set in sshd_config -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT # Allow ping -A INPUT -p icmp -j ACCEPT # Log iptables denied calls (this is especially needed if you are going to use fail2ban on DMZ connected home automation servers) -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 # Drop all other inbound - default deny unless explicitly allowed policy -A INPUT -j DROP -A FORWARD -j DROP COMMIT
When copying the above text be sure to change the IP range to your range (192.168.0.0/24 is pretty standard)
- Save the file [ctl]+X,y,[enter],[enter]
- load the firewall rules into the system
sudo iptables-restore < /etc/iptables.firewall.rules
- Set the rules to load at every boot
sudo nano /etc/network/if-pre-up.d/firewall
- copy the following lines into the file
#!/bin/sh /sbin/iptables-restore < /etc/iptables.firewall.rules
- Set permissions so the file is executable
sudo chmod +x /etc/network/if-pre-up.d/firewall
Testing it all out
If all went well you will be able to open a webpage at the ip address of your Pi on port 8123 (192.168.0.15:8123 for example) and the Home Assistant webpage should load.
Our next post will walk through some basic configuration (such as setting a password, and telling Home Assistant where we are), and walk you through what some of the web pages do, as well as how to organize your configuration files.
Until then keep automating.