Home Assistant - Add host device support

[KKWait]

Hi,

I'm using Home Assistant (1.0.105 current build) app through TrueNas Scale, but it lacks a feature to provide host device access, such as usb device (rf433, z-wave, ...) to be really usefull. I tried to edit the pre-install-job.yaml file located in /mnt/app-pool/ix-applications/catalogs/github_com_truenas_charts_git_master/charts/home-assistant/1.0.105/templates to append : devices: - /dev/ttyUSB0:/dev/ttyACM0 - /dev/ttyUSB1:/dev/ttyACM1

But it doesn't seems to be taken into consideration

Is there any chance to see a future version implementing the device integration ? Or is there any tricky workaround ? (I know it could be ran into a VM that provide direct access to host devices, but ideally, Id like to avoid that, since I just migrated from ESXi with Trenas VM to bare metal TrueNas ... and VMs are not the future contrary to containers)

Thanks !

[tapayne88]

I was hoping to do the same thing. I ended up getting something working by mapping the drive using the 'Extra Host Path Volumes' and editing the deployment's security context.

To edit the deployment run the following from a truenas shell (assuming you used the default naming)

k3s kubectl --namespace ix-home-assistant edit deployment home-assistant

Adding the following under the home-assistant container (not the postgres) might get it working 🤞

    spec:
      containers:
        ...
        image: homeassistant/home-assistant:2023.10.2              # <- find this and add the below
        securityContext:
          privileged: true

Hope this helps! I'm happy to raise a PR @stavros-k

[stavros-k]

Yes this is what's needed in a nutshell, plus making privileged mode toggleable, But I'd like first to investigate how we would do that without the need of privileged. Giving privileged perms is basically allowing all devices from the host to be used, not just USB. eg. You wouldn't even need to add the hostPath at all in this case.

[Justas-S]

@stavros-k I was looking into the options before I found the workaround from @tapayne88. As you explained, privileged grants much more access to the host system than a specific USB device. If it was just docker the --device flag would be sufficient as documented in HA Docker setup but because Scale is running Kubernetes, it needs a "device plugin" to handle it. The only implementation I found for generic devices(which includes USB) is this one but it would need to be added to Truenas itself..

[erlking]

this:

    securityContext:
      privileged: true

is not possible anymore in recent version as it gets overwritten with:

    securityContext:                            
      allowPrivilegeEscalation: false           
      capabilities:                             
        add:                                    
        - CHOWN                                 
        - DAC_OVERRIDE                          
        - FOWNER                                
        - NET_BIND_SERVICE                      
        - NET_RAW                               
        drop:                                   
        - ALL                                   
      privileged: false                         
      readOnlyRootFilesystem: false             
      runAsGroup: 0                             
      runAsNonRoot: false                       
      runAsUser: 0                              
      seccompProfile:                           
        type: RuntimeDefault   

App Version: 2024.1.5 Chart Version: 2.0.3 __

has someone an idea how to workaround or fix this? thanks!

[tapayne88]

Hi @erlking, I've just run into this. I ended up modifying the new structure to set allowPrivilegeEscalation: true and privileged: true which seems to have worked for me.

[tannisroot]

As a workaround, you could get the zigbee2mqtt chart from TrueCharts and use that for what I assume is a zigbee dongle, instead of ZHA from Home Assistant.