/
/
/
This repo is destined for my server automations and setup.
1---
2# ============================================================================
3# Home Assistant
4# ============================================================================
5#
6# ============================================================================
7# USER CONFIGURATION
8# ============================================================================
9
10# User management role variables (standardized naming)
11my_user_primary_group: "{{ my_user_username }}"
12my_user_groups:
13 - docker
14 - sudo
15 - dialout # For serial device access (Z-Wave, Zigbee, etc.)
16 - users
17my_user_passwordless_sudo: true
18my_user_ssh_public_key: "{{ homeassistant_ssh_key | default('') }}"
19my_user_github_username: "{{ homeassistant_github_username | default('') }}"
20ensure_acl: true
21home_mode: "0755"
22
23# ============================================================================
24# DOCKER CONFIGURATION
25# ============================================================================
26# Note: Docker is installed by geerlingguy.docker role, not by homeassistant role
27# HA Supervised requires: journald logging, overlay2 storage, no live-restore
28
29docker_daemon_options:
30 log-driver: "journald"
31 storage-driver: "overlay2"
32 live-restore: false
33
34# ============================================================================
35# SECURITY CONFIGURATION
36# ============================================================================
37
38# Security settings specific to Home Assistant server
39security_sudoers_passwordless:
40 - "{{ my_user_username }}" # Allow passwordless sudo for HA user
41security_autoupdate_enabled: true # Re-enabled - will coordinate with system role
42security_autoupdate_reboot: "false" # Don't auto-reboot HA server
43security_fail2ban_enabled: true
44
45# ============================================================================
46# SYSTEM CONFIGURATION
47# ============================================================================
48
49# System settings specific to Home Assistant server
50system_auto_upgrades: true # Override group default for HA server
51system_unattended_upgrades: true
52system_packages_extra:
53 - curl
54 - wget
55 - vim
56 - htop
57 - tree
58 - git
59 - rsync
60 - unzip
61 - network-manager
62 - dbus
63 - apparmor
64 - jq
65 - socat
66
67# System role variables
68system_packages: "{{ system_packages_extra | default([]) }}"
69system_remove_unattended_upgrades: false # Don't remove - security role will manage it
70
71# ============================================================================
72# HOME ASSISTANT CONFIGURATION
73# ============================================================================
74
75# Home Assistant Supervised installation options
76homeassistant_install_supervisor: true
77homeassistant_configure_network: true
78homeassistant_install_os_agent: true
79homeassistant_machine_type: "{{ 'qemux86-64' if ansible_architecture == 'x86_64' else 'qemuarm-64' }}"
80homeassistant_validate_installation: true
81
82# Home Assistant data and configuration
83homeassistant_data_share: "/usr/share/hassio"
84homeassistant_config_dir: "/usr/share/hassio/homeassistant"
85homeassistant_supervisor_version: "latest"
86
87# Network configuration
88homeassistant_network_interface: "{{ ansible_default_ipv4.interface }}"
89homeassistant_network_manager_required: true
90
91