home.hass: add api secret for update check

homeassistant: rework update check
2022-12-24 17:52:04 +01:00 · 2022-12-24 17:51:42 +01:00
4 changed files with 65 additions and 19 deletions
--- a/bundles/homeassistant/files/check_homeassistant_update
+++ b/bundles/homeassistant/files/check_homeassistant_update
@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+
+from sys import exit
+
+import requests
+from packaging import version
+
+bearer = "${bearer}"
+domain = "${domain}"
+OK = 0
+WARN = 1
+CRITICAL = 2
+UNKNOWN = 3
+
+status = 3
+message = "Unknown Update Status"
+
+
+domain = "hass.home.kunbox.net"
+
+s = requests.Session()
+s.headers.update({"Content-Type": "application/json"})
+
+try:
+    stable_version = version.parse(
+        s.get("https://version.home-assistant.io/stable.json").json()["homeassistant"][
+            "generic-x86-64"
+        ]
+    )
+    s.headers.update(
+        {"Authorization": f"Bearer {bearer}", "Content-Type": "application/json"}
+    )
+    running_version = version.parse(
+        s.get(f"https://{domain}/api/config").json()["version"]
+    )
+    if running_version == stable_version:
+        status = 0
+        message = f"OK - running version {running_version} equals stable version {stable_version}"
+    elif running_version > stable_version:
+        status = 1
+        message = f"WARNING - stable version {stable_version} is lower than running version {running_version}, check if downgrade is necessary."
+    else:
+        status = 2
+        message = f"CRITICAL - update necessary, running verison {running_version} is lower than stable version {stable_version}"
+except Exception as e:
+    message = f"{message}: {repr(e)}"
+
+print(message)
+exit(status)
--- a/bundles/homeassistant/items.py
+++ b/bundles/homeassistant/items.py
@ -20,6 +20,14 @@ files = {
            'svc_systemd:homeassistant:restart',
        },
    },
+    '/usr/local/share/icinga/plugins/check_homeassistant_update': {
+        'content_type': 'mako',
+        'context': {
+            'bearer': repo.vault.decrypt(node.metadata.get('homeassistant/api_secret')),
+            'domain': node.metadata.get('homeassistant/domain'),
+        },
+        'mode': '0755',
+    },
 }

 actions = {
--- a/bundles/homeassistant/metadata.py
+++ b/bundles/homeassistant/metadata.py
@ -3,17 +3,18 @@ from bundlewrap.metadata import atomic
 defaults = {
    'apt': {
        'packages': {
-            'bluez':  {},
-            'libffi-dev': {},
-            'libssl-dev': {},
-            'libjpeg-dev': {},
-            'zlib1g-dev': {},
            'autoconf': {},
+            'bluez':  {},
            'build-essential': {},
+            'libffi-dev': {},
+            'libjpeg-dev': {},
            'libopenjp2-7': {},
+            'libssl-dev': {},
            'libtiff5': {},
            'libturbojpeg0-dev': {},
+            'python3-packaging': {},
            'tzdata': {},
+            'zlib1g-dev': {},
        },
    },
    'backups': {
@ -32,7 +33,7 @@ def icinga_check_for_new_release(metadata):
            'homeassistant': {
                'services': {
                    'HOMEASSISTANT UPDATE': {
-                        'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_github_for_new_release homeassistant/core {}'.format(metadata.get('homeassistant/version')),
+                        'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_homeassistant_update',
                        'vars.notification.mail': True,
                        'check_interval': '60m',
                    },
@ -65,15 +66,3 @@ def nginx(metadata):
            },
        },
    }
-
-@metadata_reactor.provides(
-    'firewall/port_rules/8123',
-)
-def firewall(metadata):
-    return {
-        'firewall': {
-            'port_rules': {
-                '8123': atomic(metadata.get('nginx/restrict-to', {'*'})),
-            },
-        },
-    }
--- a/nodes/home.hass.toml
+++ b/nodes/home.hass.toml
@ -19,7 +19,7 @@ ram = 2

 [metadata.homeassistant]
 domain = 'hass.home.kunbox.net'
-version = '2022.12.8'
+api_secret = 'encrypt$gAAAAABjpyuqXLoilokQW5c0zV8shHcOzN1zkEbS-I6WAAX-xDO_OF33YbjbkpELU2HGBzqiWX40J0hsaEbYJOnCHFk8gJ-Xt0vdqqbQ5vca_TGPNQHZPAS4qZoPTcUhmX_I-0EdT6ukhxejXFYBiYRZikTLjH3lcNM5qnckCm-H9NbRdjLb9hbCDIjbEglHmBl_g08S1_ukvX3dDSCIHIxgXXGsdK_Go1KxPJd8G22FL_MMhCfsTW-6ioIqoHSeSA1NGk3MZHEIM2errckiopKBxoBaROsacO9Uqk1zrrgXOs2NsgiTRtrbV1TNlFVaIX9mZdsUnMGZ'

 [metadata.nginx]
 restrict-to = [
Author	SHA1	Message	Date
Sophie Schiller	3019ee4355	home.hass: add api secret for update check	2022-12-24 17:52:04 +01:00
Sophie Schiller	52983a51a9	homeassistant: rework update check	2022-12-24 17:51:42 +01:00