ansible-collection-kit/roles/homeassistant/tasks/main.yml

---
- block:

  - name: install homeassistant dependencies
    apt:
      name:
        - autoconf
        - build-essential
        - libffi-dev
        - libopenjp2-7
        - libssl-dev
        - libtiff5
        - python3
        - python3-dev
        - python3-pip
        - virtualenv
      update_cache: true
      cache_valid_time: 3600

  - name: ensure homeassistant group exits
    group:
      name: homeassistant
      system: true

  - name: ensure homeassistant user exists and has restrictive settings
    user:
      name: homeassistant
      groups: homeassistant
      password: "*"
      home: "{{ homeassistant_dir }}"
      system: true
      shell: /usr/sbin/nologin

  - name: get available groups
    getent:
      database: group

  - name: add homeassistant user to ssl-cert group
    user:
      name: homeassistant
      groups: ssl-cert
      append: true
    become: true
    when:
      - homeassistant_add_to_ssl_cert_group
      - ssl-cert in ansible_facts.getent_group

  - name: add homeassistant user to dialout, gpio and i2c groups
    user:
      name: homeassistant
      groups: dialout,gpio,i2c
      append: true
    when: is_a_raspberrypi

  - name: install wheel and homeassistant inside a virtualenv
    pip:
      name:
        - wheel
        - homeassistant
      virtualenv: "{{ homeassistant_dir }}"

  - name: ensure homeassistant owns "{{ homeassistant_dir }}"
    file:
      path: "{{ homeassistant_dir }}"
      state: directory
      recurse: true
      owner: homeassistant
      group: homeassistant

  - name: install homeassistant systemd unit file
    template:
      src: etc/systemd/system/homeassistant.service.j2
      dest: /etc/systemd/system/homeassistant.service
    notify:
      - systemctl daemon-reload

  - name: ensure homeassistant is enabled and started
    systemd:
      name: homeassistant
      state: started
      enabled: true

  - name: Wait for port 8123
    wait_for:
      port: 8123
      delay: 10

  - name: add custom TLS settings in configuration.yaml
    blockinfile:
      path: "{{ homeassistant_dir }}/.homeassistant/configuration.yaml"
      marker: "# {mark} ANSIBLE TLS SETTINGS"
      block: |
        http:
          ssl_certificate: {{ homeassistant_ssl_certificate }}
          ssl_key: {{ homeassistant_ssl_key }}
    when:
      - homeassistant_add_to_ssl_cert_group
      - ssl-cert in ansible_facts.getent_group
      - homeassistant_ssl_certificate and homeassistant_ssl_key
    notify: systemctl restart homeassistant

  become: "{{ homeassistant_become }}"
  become_user: "{{ homeassistant_become_user }}"
Add Home Assistant role 2020-09-30 01:41:56 +02:00			`---`
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- block:`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: install homeassistant dependencies`
			`apt:`
			`name:`
			`- autoconf`
			`- build-essential`
			`- libffi-dev`
			`- libopenjp2-7`
			`- libssl-dev`
			`- libtiff5`
			`- python3`
			`- python3-dev`
			`- python3-pip`
			`- virtualenv`
			`update_cache: true`
			`cache_valid_time: 3600`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: ensure homeassistant group exits`
			`group:`
			`name: homeassistant`
			`system: true`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: ensure homeassistant user exists and has restrictive settings`
			`user:`
			`name: homeassistant`
			`groups: homeassistant`
			`password: "*"`
			`home: "{{ homeassistant_dir }}"`
			`system: true`
			`shell: /usr/sbin/nologin`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: get available groups`
			`getent:`
			`database: group`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: add homeassistant user to ssl-cert group`
			`user:`
			`name: homeassistant`
			`groups: ssl-cert`
			`append: true`
			`become: true`
Split long lines in when 2021-05-28 16:48:46 +02:00			`when:`
			`- homeassistant_add_to_ssl_cert_group`
			`- ssl-cert in ansible_facts.getent_group`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: add homeassistant user to dialout, gpio and i2c groups`
			`user:`
			`name: homeassistant`
			`groups: dialout,gpio,i2c`
			`append: true`
			`when: is_a_raspberrypi`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: install wheel and homeassistant inside a virtualenv`
			`pip:`
			`name:`
			`- wheel`
			`- homeassistant`
			`virtualenv: "{{ homeassistant_dir }}"`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: ensure homeassistant owns "{{ homeassistant_dir }}"`
			`file:`
			`path: "{{ homeassistant_dir }}"`
			`state: directory`
			`recurse: true`
			`owner: homeassistant`
			`group: homeassistant`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: install homeassistant systemd unit file`
			`template:`
			`src: etc/systemd/system/homeassistant.service.j2`
			`dest: /etc/systemd/system/homeassistant.service`
			`notify:`
			`- systemctl daemon-reload`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Enable systemd unit in same step where we start it 2021-05-28 20:25:07 +02:00			`- name: ensure homeassistant is enabled and started`
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`systemd:`
			`name: homeassistant`
			`state: started`
Enable systemd unit in same step where we start it 2021-05-28 20:25:07 +02:00			`enabled: true`
Add Home Assistant role 2020-09-30 01:41:56 +02:00
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`- name: Wait for port 8123`
			`wait_for:`
			`port: 8123`
			`delay: 10`

			`- name: add custom TLS settings in configuration.yaml`
			`blockinfile:`
Split long lines in when 2021-05-28 16:48:46 +02:00			`path: "{{ homeassistant_dir }}/.homeassistant/configuration.yaml"`
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`marker: "# {mark} ANSIBLE TLS SETTINGS"`
			`block: \|`
			`http:`
Split long lines in when 2021-05-28 16:48:46 +02:00			`ssl_certificate: {{ homeassistant_ssl_certificate }}`
			`ssl_key: {{ homeassistant_ssl_key }}`
			`when:`
			`- homeassistant_add_to_ssl_cert_group`
			`- ssl-cert in ansible_facts.getent_group`
			`- homeassistant_ssl_certificate and homeassistant_ssl_key`
Use homeassistant_become and homeassistant_become_user variables 2021-05-28 00:38:38 +02:00			`notify: systemctl restart homeassistant`

			`become: "{{ homeassistant_become }}"`
			`become_user: "{{ homeassistant_become_user }}"`