diff --git a/bundles/homeassistant/files/check_homeassistant_update b/bundles/homeassistant/files/check_homeassistant_update deleted file mode 100644 index d01d830..0000000 --- a/bundles/homeassistant/files/check_homeassistant_update +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python3 - -from sys import exit - -import requests -from packaging import version - -bearer = "${bearer}" -domain = "${domain}" -OK = 0 -WARN = 1 -CRITICAL = 2 -UNKNOWN = 3 - -status = 3 -message = "Unknown Update Status" - - -domain = "hass.home.kunbox.net" - -s = requests.Session() -s.headers.update({"Content-Type": "application/json"}) - -try: - stable_version = version.parse( - s.get("https://version.home-assistant.io/stable.json").json()["homeassistant"][ - "generic-x86-64" - ] - ) - s.headers.update( - {"Authorization": f"Bearer {bearer}", "Content-Type": "application/json"} - ) - running_version = version.parse( - s.get(f"https://{domain}/api/config").json()["version"] - ) - if running_version == stable_version: - status = 0 - message = f"OK - running version {running_version} equals stable version {stable_version}" - elif running_version > stable_version: - status = 1 - message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary." - else: - status = 2 - message = f"CRITICAL - update necessary, running verison {running_version} is lower than stable version {stable_version}" -except Exception as e: - message = f"{message}: {repr(e)}" - -print(message) -exit(status) diff --git a/bundles/homeassistant/items.py b/bundles/homeassistant/items.py index 6ceeec4..f5f7a08 100644 --- a/bundles/homeassistant/items.py +++ b/bundles/homeassistant/items.py @@ -20,14 +20,6 @@ files = { 'svc_systemd:homeassistant:restart', }, }, - '/usr/local/share/icinga/plugins/check_homeassistant_update': { - 'content_type': 'mako', - 'context': { - 'bearer': repo.vault.decrypt(node.metadata.get('homeassistant/api_secret')), - 'domain': node.metadata.get('homeassistant/domain'), - }, - 'mode': '0755', - }, } actions = { diff --git a/bundles/homeassistant/metadata.py b/bundles/homeassistant/metadata.py index 87855f8..e000af9 100644 --- a/bundles/homeassistant/metadata.py +++ b/bundles/homeassistant/metadata.py @@ -3,18 +3,17 @@ from bundlewrap.metadata import atomic defaults = { 'apt': { 'packages': { - 'autoconf': {}, 'bluez': {}, - 'build-essential': {}, 'libffi-dev': {}, - 'libjpeg-dev': {}, - 'libopenjp2-7': {}, 'libssl-dev': {}, + 'libjpeg-dev': {}, + 'zlib1g-dev': {}, + 'autoconf': {}, + 'build-essential': {}, + 'libopenjp2-7': {}, 'libtiff5': {}, 'libturbojpeg0-dev': {}, - 'python3-packaging': {}, 'tzdata': {}, - 'zlib1g-dev': {}, }, }, 'backups': { @@ -33,7 +32,7 @@ def icinga_check_for_new_release(metadata): 'homeassistant': { 'services': { 'HOMEASSISTANT UPDATE': { - 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_homeassistant_update', + 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release homeassistant/core {}'.format(metadata.get('homeassistant/version')), 'vars.notification.mail': True, 'check_interval': '60m', }, @@ -66,3 +65,15 @@ def nginx(metadata): }, }, } + +@metadata_reactor.provides( + 'firewall/port_rules/8123', +) +def firewall(metadata): + return { + 'firewall': { + 'port_rules': { + '8123': atomic(metadata.get('nginx/restrict-to', {'*'})), + }, + }, + } diff --git a/nodes/home.hass.toml b/nodes/home.hass.toml index b451d32..00fd3c6 100644 --- a/nodes/home.hass.toml +++ b/nodes/home.hass.toml @@ -19,7 +19,7 @@ ram = 2 [metadata.homeassistant] domain = 'hass.home.kunbox.net' -api_secret = 'encrypt$gAAAAABjpyuqXLoilokQW5c0zV8shHcOzN1zkEbS-I6WAAX-xDO_OF33YbjbkpELU2HGBzqiWX40J0hsaEbYJOnCHFk8gJ-Xt0vdqqbQ5vca_TGPNQHZPAS4qZoPTcUhmX_I-0EdT6ukhxejXFYBiYRZikTLjH3lcNM5qnckCm-H9NbRdjLb9hbCDIjbEglHmBl_g08S1_ukvX3dDSCIHIxgXXGsdK_Go1KxPJd8G22FL_MMhCfsTW-6ioIqoHSeSA1NGk3MZHEIM2errckiopKBxoBaROsacO9Uqk1zrrgXOs2NsgiTRtrbV1TNlFVaIX9mZdsUnMGZ' +version = '2022.12.8' [metadata.nginx] restrict-to = [