server_automation

This repo is destined for my server automations and setup.

3.7 KB•YML

homeassistant.yml

3.7 KB • 103 lines • yaml

1---
2# ============================================================================
3# Home Assistant
4# ============================================================================
5#
6# ============================================================================
7# USER CONFIGURATION
8# ============================================================================
9
10# Home Assistant user configuration
11homeassistant_user: yannick
12homeassistant_user_groups:
13  - docker
14  - sudo
15  - dialout  # For serial device access (Z-Wave, Zigbee, etc.)
16  - users
17
18# User management role variables
19my_user_username: "{{ homeassistant_user }}"
20my_user_primary_group: "{{ homeassistant_user }}"
21my_user_groups: "{{ homeassistant_user_groups }}"
22my_user_passwordless_sudo: true
23my_user_ssh_public_key: "{{ homeassistant_ssh_key | default('') }}"
24my_user_github_username: "{{ homeassistant_github_username | default('') }}"
25ensure_acl: true
26home_mode: "0755"
27
28# ============================================================================
29# DOCKER CONFIGURATION
30# ============================================================================
31# Note: Docker is installed by geerlingguy.docker role, not by homeassistant role
32
33# Docker configuration is handled by geerlingguy.docker role via group_vars/all.yml
34# The homeassistant role only validates Docker is installed and running
35
36# ============================================================================
37# SECURITY CONFIGURATION
38# ============================================================================
39
40# SSH and security settings optimized for Home Assistant servers
41security_ssh_port: 22
42security_ssh_password_authentication: "no" 
43security_ssh_permit_root_login: "no"
44security_ssh_usedns: "no"
45security_ssh_permit_empty_password: "no"
46security_ssh_challenge_response_auth: "no"
47security_ssh_gss_api_authentication: "no"
48security_ssh_x11_forwarding: "no"  # Disable for security on HA server
49security_sudoers_passwordless: 
50  - "{{ homeassistant_user }}"  # Allow passwordless sudo for HA user
51security_autoupdate_enabled: true  # Re-enabled - will coordinate with system role
52security_autoupdate_reboot: "false"  # Don't auto-reboot HA server
53security_fail2ban_enabled: true
54
55# ============================================================================
56# SYSTEM CONFIGURATION  
57# ============================================================================
58
59# System settings
60system_hostname: "{{ inventory_hostname }}"
61system_timezone: "{{ ansible_date_time.tz | default('UTC') }}"
62system_auto_upgrades: true
63system_unattended_upgrades: true
64system_packages_extra:
65  - curl
66  - wget 
67  - vim
68  - htop
69  - tree
70  - git
71  - rsync
72  - unzip
73  - network-manager
74  - dbus
75  - apparmor
76  - jq
77  - socat
78
79# System role variables
80system_packages: "{{ system_packages_extra | default([]) }}"
81system_remove_unattended_upgrades: false  # Don't remove - security role will manage it
82
83# ============================================================================
84# HOME ASSISTANT CONFIGURATION
85# ============================================================================
86
87# Home Assistant Supervised installation options
88homeassistant_install_supervisor: true
89homeassistant_configure_network: true
90homeassistant_install_os_agent: true
91homeassistant_machine_type: "{{ 'qemux86-64' if ansible_architecture == 'x86_64' else 'qemuarm-64' }}"
92homeassistant_validate_installation: true
93
94# Home Assistant data and configuration
95homeassistant_data_share: "/usr/share/hassio"
96homeassistant_config_dir: "/usr/share/hassio/homeassistant"
97homeassistant_supervisor_version: "latest"
98
99# Network configuration
100homeassistant_network_interface: "{{ ansible_default_ipv4.interface }}"
101homeassistant_network_manager_required: true
102
103

1--- 2# ============================================================================ 3# Home Assistant 4# ============================================================================ 5# 6# ============================================================================ 7# USER CONFIGURATION 8# ============================================================================ 9 10# Home Assistant user configuration 11homeassistant_user: yannick 12homeassistant_user_groups: 13 - docker 14 - sudo 15 - dialout # For serial device access (Z-Wave, Zigbee, etc.) 16 - users 17 18# User management role variables 19my_user_username: "{{ homeassistant_user }}" 20my_user_primary_group: "{{ homeassistant_user }}" 21my_user_groups: "{{ homeassistant_user_groups }}" 22my_user_passwordless_sudo: true 23my_user_ssh_public_key: "{{ homeassistant_ssh_key | default('') }}" 24my_user_github_username: "{{ homeassistant_github_username | default('') }}" 25ensure_acl: true 26home_mode: "0755" 27 28# ============================================================================ 29# DOCKER CONFIGURATION 30# ============================================================================ 31# Note: Docker is installed by geerlingguy.docker role, not by homeassistant role 32 33# Docker configuration is handled by geerlingguy.docker role via group_vars/all.yml 34# The homeassistant role only validates Docker is installed and running 35 36# ============================================================================ 37# SECURITY CONFIGURATION 38# ============================================================================ 39 40# SSH and security settings optimized for Home Assistant servers 41security_ssh_port: 22 42security_ssh_password_authentication: "no" 43security_ssh_permit_root_login: "no" 44security_ssh_usedns: "no" 45security_ssh_permit_empty_password: "no" 46security_ssh_challenge_response_auth: "no" 47security_ssh_gss_api_authentication: "no" 48security_ssh_x11_forwarding: "no" # Disable for security on HA server 49security_sudoers_passwordless: 50 - "{{ homeassistant_user }}" # Allow passwordless sudo for HA user 51security_autoupdate_enabled: true # Re-enabled - will coordinate with system role 52security_autoupdate_reboot: "false" # Don't auto-reboot HA server 53security_fail2ban_enabled: true 54 55# ============================================================================ 56# SYSTEM CONFIGURATION 57# ============================================================================ 58 59# System settings 60system_hostname: "{{ inventory_hostname }}" 61system_timezone: "{{ ansible_date_time.tz | default('UTC') }}" 62system_auto_upgrades: true 63system_unattended_upgrades: true 64system_packages_extra: 65 - curl 66 - wget 67 - vim 68 - htop 69 - tree 70 - git 71 - rsync 72 - unzip 73 - network-manager 74 - dbus 75 - apparmor 76 - jq 77 - socat 78 79# System role variables 80system_packages: "{{ system_packages_extra | default([]) }}" 81system_remove_unattended_upgrades: false # Don't remove - security role will manage it 82 83# ============================================================================ 84# HOME ASSISTANT CONFIGURATION 85# ============================================================================ 86 87# Home Assistant Supervised installation options 88homeassistant_install_supervisor: true 89homeassistant_configure_network: true 90homeassistant_install_os_agent: true 91homeassistant_machine_type: "{{ 'qemux86-64' if ansible_architecture == 'x86_64' else 'qemuarm-64' }}" 92homeassistant_validate_installation: true 93 94# Home Assistant data and configuration 95homeassistant_data_share: "/usr/share/hassio" 96homeassistant_config_dir: "/usr/share/hassio/homeassistant" 97homeassistant_supervisor_version: "latest" 98 99# Network configuration 100homeassistant_network_interface: "{{ ansible_default_ipv4.interface }}" 101homeassistant_network_manager_required: true 102 103