 Thanks everyone for joining my presentation about running Home Assistant on Fedora IoT. With that, let's get started. Who am I? My name is Dan Schedmark. I'm a software developer working at SUSE. I'm also a member of the Open SUSE community and of course of the Fedora community. So I'm in the i3 special interest group. I was involved in building up the i3 spin. I'm a long-time package maintainer in Fedora. So I'm, for instance, I'm the maintainer of i3. I also maintain Emacs and a bunch of other tools where I frequently forget that I maintain them until someone opens a bug. Sorry, I'm also, I used to be in Fesco for the Fedora 34 release cycle and I do a bunch of stuff here and there. So my passions also include besides testing, documentation, community building, also development tools, which is what I do at my day job, where I build tools for other developers. And since recently, home automation, this thing that can eat up your time and your money and fill your home with smart devices that turn out to be less smart unless you make them smart. Anyway, if after this presentation, you're still not sick of me, you can stalk me on social media. There's a few links below, including my website, my GitHub account, Twitter, and Mastodon. So let's take a look. What are we going to do today? So first, I want to present you Home Assistant a little bit. What is this thing even if you've never heard of that? Then how we can run this on Fedora IoT, and we'll tweak this setup a little bit and by then we'll probably already run out of time. So you'll have to take a look at the rest in the slides because I'd also like to answer your questions. So what is Home Assistant? If you haven't heard about it, Home Assistant is a free and open source home automation system. So you can run this on your own machine and it's essentially a replacement of your Google Home, or Apple HomeKit, or your Alexa, sorry I don't have any of these devices, but there's essentially everyone nowadays as one of these smart home gateways where you just whip up your cell phone and say, Alexa, turn on the lights and then this goes to somewhere to AWS and they process your voice and then it goes back and turns on your lights. And Home Assistant is essentially an open source implementation of all of this magic. The cool thing about Home Assistant is it integrates with nearly every smart home system out there. So with Alexa you can control the stuff that's certified for Alexa and the rest might work and probably won't. With Google, with the Google stuff, it's for the Google stuff with Apple HomeKit, it's what's Apple HomeKit certified and some standard stuff also works with that. Home Assistant tries to work with everything. Unfortunately some integrations are spotty, but if you have some smart home device or if you have a ton of them from a ton different vendors then Home Assistant could really help you out because it can talk to all of them and you're not tied certainly to a certain ecosystem. It has a very slick and very simple UI. It's easy to use. So really it doesn't require you to be an expert in programming and fiddling with config files. To be frankly honest, I've used Home Assistant mostly from the GUI because it just works and I don't have to look up any stuff and I can configure most of it via that. So that's really convenient. But if you want to do more powerful stuff, you most certainly can. You can create templates where you pre-define certain workflows where you can for instance say, I take an input of some kind of switch or some kind of twiddly knob which allows you to set a certain percentage and you can turn on the lights or change the color of the lights. You can set up scenes. So imagine something like you have a scene for your evening where you turn off most of the lights, tone down the light and play some nice music and then you have the morning scene where you turn up all the lights to max and play some heavy metal so that you actually get awake and you turn on the coffee machine to create a really strong cup of coffee. If you have a smart coffee machine, you can do all of that in Home Assistant. Believe me, you can. And another very cool thing is you have a mobile app. So I'm pretty certain this will not be too visible, but this is the mobile app and I can now turn on my... I can now turn on the lights in my bathroom. Unfortunately, I can't show you that because I'm not at home and I don't have a security cam but so you can all do all this via your cell phone or track where your cell phone is which is pretty neat. So let me just switch the tab. No, this Home Assistant instance. So here you can, for instance, see a Home Assistant instance where you can see all the members which are connected to it and you can see where they're moving around. So let's get back. Okay. So let's put on my salesperson hat on which is, well, I don't have one but let's give it a try. So why should you use it? You want something that's cloud free. Cloud free only works if you really, if you have some, if your smart home devices don't require a cloud themselves. So for instance, if you buy stuff from IKEA, it's really that works without a cloud. You can self host all of this stuff. You don't have to, but you can if this is something you're passionate about. It runs on your machine and by that I mean not only that you own the machine but it runs on literally anything that you have. So if you have an old, I think it might even run on a Pi 2 probably. So it runs without any issues on the Pi 4 and also on the Pi 3 on a low power laptop. Really, it runs on anything that you have. It's not that, it doesn't require so many resources. You can automate literally everything. So the stupidest idea that you have, the silliest automation, you can implement it. Do you want to play some music if you enter on the second Thursday of the month and it's raining and it's night and the light level in your kitchen is below a certain level. You want to play a certain music on your Bluetooth speaker. You can do that in Home Assistant. Should you? Well, that's something that you have to answer. And also since recently it has support for energy tracking. So if you have, for instance, if you have a solar power grid you can track that, you can track your energy consumption and all kinds of stuff. So this is all very convenient if you have your own home. So, where can you run Home Assistant? For testing you can just run it on your PC. So they have virtual machines. They have containers. You can all do that. You don't need a PC for that. But long-term Home Assistant really works very well if you run it all the time and running your main machine all the time is maybe a little wasteful given energy prices going through the roof recently and that ain't going to get better in the future. So maybe get something low power. Something like a Pi, something, some low power board. Maybe you have a home server that's running anyway. Maybe you have an old laptop. Laptops really don't consume that much power if you if you remove if you turn off the screen so that's an option. Yeah and do you really need a Pi for that? Especially a Pi 4 which is unobtainium since the beginning of this year and you don't want to spend the rest of your days on rpilocator.com waiting for someone to sell you one no, you can use a Pi 3 you can use something else. I'm going to show you how to do another Pi 4 but you don't have to, you can use more or less anything else. And with that, let's go to Fedora IoT. So Fedora IoT is an edition of Fedora which is powered by RPMOS3 which is this fancy new thing that allows you to have a little base OS and I'm probably going to I'm not really good at selling you all of this but this is a really it's a very slim system it's very hard to break it's very lightweight by itself it supports provisioning via ignition if this is something you've ever heard of if not you can just ignore it and zzzree sorry this is a really cool system we'll see it in a minute and it's really built for deploying containerized applications it's meant for IoT devices so something like this you can put it on ARM on x86 and if you're curious more about that just go to the Fedora home page there's a link there so what are you going to need as hardware? So first you're going to need a PC this one if it's running Fedora that's really big plus because that's going to make a whole ton of things easier then you need an SD card so I got I am prepared you need obviously an SD card reader and then you need a Pi I have one it's behind there I can't unfortunately show it to you because the network cable is too short sorry it's just lying on the floor you'll have to believe me and it's actually a Pi 400 but more or less the same thing so let's get started first thing that we need to do we go to getFedora.org and we grab the Fedora IoT image so let's do that and I did the thing that I shouldn't have done so news app we grab if you are going to deploy this port grab this image just go to download and we also want to verify the image so I already downloaded it so I'm not going to click it just now and we also want to get the checksum, get the appropriate one this is this one so I just save it and it's those are already on my system so if we take a look at this one in my download folder I have them here and here those are the files so then we need to install GnuPG and the RM image installer I already have them so you can just do that then we need to get the Fedora GnuPG key that's done via this command so we're just verifying that we really got the correct image and as you can see I already entered the stuff so what you do here is you verify that the checksum has been correctly signed which is the case then we can take a look at the checksum and verify that the signature is actually correct because so far we've only verified that this checksum file is correctly signed which doesn't tell us that the correct is actually the checksum of the correct file but if we run the we'll see that this thing and this thing are same so we're fine so we can proceed then we need to find out what is the name of our SD card you can use multiple tools for that so I think the simplest one is UDiskCTL so we just UDiskCTL status is going to tell us what are all connected devices on this machine like storage devices you can see I have three and then you just have to find out okay which one is the SD card simplest thing is you just unplug it and hopefully one of them disappeared you see yeah this one disappeared and that's the SD card double check this if you overwrite your hard drive your system is toast and then you just flash the image with the ARM image installer and let me just tell you quickly what this does so the first flag minus minus image there you just you just pass it the image that you want to flash that's the one that we downloaded then you set the target since I have a pi4 I'm going to type in here rpi4 if you have a pi3 type in rpi3 if you have another ARM board pick a different one then media here you type in the path to the device that you have that you've identified so here mine is called MMCBLK0 so I would type in here instead of this XXX MMCBLK0 as I said double check this otherwise you might total nuke your system resize resize FS just means that the image will get resized to the full SD card in most cases you want to do that unless you want to have another partition there and then the add key option is very nice it will add your SSH key already into the image so you can just SSH into that you don't have to type in passwords or do any other kind of jazz so I can just show you how this looks in my case so I have the image downloaded in my downloads folder so it's there and here is my SSH key this is the device as I said def MMCBLK now I could just overwrite this but since I already prepared the stuff I'm not going to do that because it's going to take something like 5 to 10 minutes and we don't have that much time so let's just assume we overwrite those I took the SD card went to the Pi plugged it in booted it up which already happened and it's currently up so now we can play around with Zzre and that's very simple we just go to provision.fedoraproject.org I'm going to switch the tab increase the size a little bit and you then want to log in I already did that and then go to the claim on devices tab and then you probably should see a device in here unfortunately I already started it up previously at some point this device so it's no longer showing up there but it's this one you'll have to believe me it would appear here under claim on devices you can press on claim and then you can then you can provision it here the nice thing is you can go into SSH key management in Zzre and you can add your SSH keys don't worry these are public keys so you can have them they are not secret you can add additional keys here and they will get copied to your Fedora IoT device which is very convenient because immediately you get access to it so let's get back to the presentation so here we are you go to you claim the unknown device you can also sorry I forgot to show you this part here you can set up you can set a provisioning request so let's just quickly cancel this one you will go to submit provisioning request and you want to go with Fedora IoT stable schedule it and that will also copy your SSH keys so now you need to find out the IP of your home of your home assistant instance there's multiple ways how to do that you can for instance do an nmap of your network like this and wait a bit and then you'll find out which I already did that the IP of my Pi is this one so I'm just gonna log in and I'm there so I get greeted so this is a this is a fresh installation of Fedora IoT and so now we want to run home assistant and that's actually so first thing that we have to do we have to create a folder for the config I simply decided to put it into home containers that folder already now exists and then we just run it via portman so the full command is here so you create a config path then you share it with the container you also share at the local time so it knows what time zone it is you have to run it as privileged and with this option as well because otherwise it will not discover certain stuff it will not contain a name and this is it and then you press then you press enter in my case I already did this previously so can show you it's currently running yeah and that's it you have home assistant running sorry that's kind of unimpressive I guess so let's take a look what is this thing actually doing so home assistant will by default run on port 1 8 1 2 3 so let's go there and you'll find out ooh unable to connect yes because your firewall is still on so first thing firewall cmd you want to add this port like this wait for firewall cmd to allow it and then you'll get greeted with the home assistant onboarding I'm not going to show this to you now because then we'll never get finished with anything and there's much better tutorials than what I could do here um so let's take a look at tweaking the setup a little bit and the first thing that I'd really recommend is run home assistant by a systemd um then you can also set up hdps and maybe zigby um so how to run it by a systemd um so why do you want to do that the thing is I have now started um started um home assistant just via this podman um let's pull up the command via this so this started podman now if I reboot the pie it will not restart so home assistant will be off and that sucks because if your power goes out if uh if your kid or your friend unplugged the pie because they didn't know what it did then home assistant will be off um so that's uh that that's kind of bad and you can remedy this via systemd and for that podman has a very convenient feature that's called podman generate systemd and if we just plot that in so let's just let's just show you what this does uh sorry you need to give it a container name like this and this is unfortunately takes a little bit because podman on the pie is pretty slow unfortunately but bear with me you will get a unit file and the cool thing is this you can just plop somewhere so as you see this is just a systemd unit file so we can just take this you can see a whole bunch of stuff about like how to start home assistant um how to stop it yada yada yada so we can just plot this into xc systemd system system yes and then give it a name home assistant dot service then let's do a systemctl demon reload then we need to stop the currently running container this is going to take a second and then we just enable home yeah we already done so and then systemctl enable now home assistant boom and now home assistant will get restarted every time which is pretty nice in my opinion what you can also do is container auto updates so the thing is containers are like packages you have to update them you can't do it automatically um and there's a convenient feature from podman as well if you add the label this one i o dot containers dot auto update equals registry which how would you do that so essentially you would go into the file that we just created and you would add it like this label i o I forgot the name already I'm sorry I'm terrible at this um like this now exit out of the eye correctly yes spot the emex user uh demon reload uh restart home assistant and the thing is so this this flag will tell podman I run the auto update command pull in a fresh version of this and you can do this manually by just issuing podman auto update yeah we have to wait for home assistant to get up or if you don't want to run home auto update yourself you can also enable the podman auto update timer um there's a great article in the fedora magazine about this and you might want uh and you might want to be careful with this if you always pull in the latest image because they could have breaking changes so be careful with that um okay so with that let me just this still didn't come up wow unfortunately home assistant takes a while to um to start and stop on the pie but we can maybe try to run podman auto update in another let's see what will happen ah cool yeah you can see it already it already saw our home assistant instance did it update no because we started it literally at least I started an hour ago so no updates yet okay um I have a bit more content but since I since I'm already out of time I would just jump into the questions part and if you're so let me just say the slides they will be on up on gitlab so if you're interested in that you can you can find links for how to get in touch with the iot project with home assistant and also with wire guard if you want to set up some bpn um here's also some additional links about the home assistant itself how to run it properly with ignition and butane more stuff about zzre and zincati in case you want to automate rpm of os3 auto updates and my slides will be up on gitlab and with that I'd I'd love to answer your questions if you have any so let me just jump quickly into the qa tab um and Dennis is asking if I have any recommendations for setting up something like her proxy in front of with let's encrypt for securing access um so I can tell you how I do it um my home assistant instance is uh this one and unfortunately I'm afraid this is going to be too tiny to read but that's actually secured by HTTPS and what I do for this is the following I have my personal home page is not running a h a proxy I have a traffic instance that requests a let's encrypt a wildcard certificate so I'm my home page is dancer mac dot name and I just request by let's encrypt a wildcard certificate for anything dot dancer mac dot name um and then I just uh grab this certificate and include it in uh and uh just let me go back a few slides uh sorry this one so essentially I grab these certificates from from traffic I copy them onto the pie so this this traffic instance is running on the note uh I grab the certificate I copy them as podman secrets into uh into the pie um I pass them as flags to the container and then I run them via um and then I configure home assistant to do tls itself so I don't have any proxy in front of that my home assistant instance is also not reachable from the internet it's just reachable internally via via guard but um so not something like h a proxy but I hope this helps a bit and I see Matthew Miller says that he uses nginx with let's encrypt so that's probably uh would be maybe comparable and if you're interested in that I on my I have on my to-do list to document my setup properly so maybe I'll write I hope I'll write a blog post about that at some point uh so there's a question if it's possible to use ipv6 um I think it should I don't see a reason why it shouldn't I haven't tried but the thing is you can always set up something like tail scale or wire guard to go to connect directly to a home assistant instance um and then you don't have to care then you just have to then you just have to get access via via wire guard and that one supports ipv6 I'm relatively certain of that yes so there's a request to get my the URL to my slides I'll give you a link to the GitLab repository uh it's currently empty I'll upload them I just need I just need clearance that I can upload a certain image in there and then you'll get them okay and uh with that see no more questions so I would like to thank you ah Matthew Miller has won well then please shoot uh so Matthew is asking whether we should package up Home Assistant for Fedora Linux to be honest um to be honest we could package it but Home Assistant upstream has been um they have been very they have been say outright hostile but they are not very um they are not happy about distributions packaging up Home Assistant so there has been a huge discussion about this on GitHub in one of their GitHub issues and they explicitly don't want distributions to package them um so and given how much stuff there is in Home Assistant I am not exactly sure whether us repackaging it is really adding any value um I to be frankly honest don't see currently how how us repackaging it would add a whole ton of value if we start creating a Fedora IoT based image with Home Assistant in it then yes but unless we do something like that um I don't see how we would how this would really help but yeah so I see yeah Matthew is proposing that we can get them to switch to UBI or OpenSucelib base or something like the SLEEBCI would also be an option but yeah certainly we just have to convince them but you know most projects don't really care what their base always is so maybe just send a pull request it will work okay so I've exhausted my time and took even more time from you so I'd like to thank you for your attention I'm you can reach me on Matrix you can reach me on Discord so if you have any questions feel free to ping me thanks very much for your attention and hope to see you around