Add homeassistant role

roles/homeassistant/README.md

@@ -0,0 +1,9 @@
+# homessistant
+
+## Example playbook
+
+```yaml
+- hosts: my-server
+  roles:
+    - eriol.pod.homessistant
+```

roles/homeassistant/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+homeassistant_become: true
+homeassistant_become_user: root
+
+homeassistant_dir: /srv/homeassistant
+homeassistant_host_ip: 127.0.0.1
+homeassistant_host_port: 8123
+homeassistant_time_zone: Europe/Rome

roles/homeassistant/tasks/main.yml

@@ -0,0 +1,67 @@
+---
+
+- block:
+
+    - name: install podman and acl
+      ansible.builtin.apt:
+        name:
+          - podman
+          - acl  # needed by ansible to become an unprivileged user
+        update_cache: true
+        cache_valid_time: 3600
+
+    - name: ensure homeassistant group exits
+      ansible.builtin.group:
+        name: homeassistant
+
+    - name: ensure homeassistant user exists and has restrictive settings
+      ansible.builtin.user:
+        name: homeassistant
+        groups: homeassistant
+        password: "*"
+        home: "{{ homeassistant_dir }}"
+        shell: /usr/sbin/nologin
+
+    - name: check if homeassistant user is lingering
+      ansible.builtin.stat:
+        path: "/var/lib/systemd/linger/homeassistant"
+      register: homeassistant_user_lingering
+
+    - name: enable linger for homeassistant user
+      ansible.builtin.command: "loginctl enable-linger homeassistant"
+      when: not homeassistant_user_lingering.stat.exists
+
+  become: "{{ homeassistant_become }}"
+  become_user: "{{ homeassistant_become_user }}"
+
+- block:
+
+    - name: ensure the homeassistant container exist, stopped
+      containers.podman.podman_container:
+        name: homeassistant
+        image: ghcr.io/home-assistant/home-assistant:stable
+        network: host
+        privileged: true
+        ports:
+          - "{{ homeassistant_host_ip }}:{{ homeassistant_host_port }}:8123"
+        env:
+          TZ: "{{ homeassistant_time_zone }}"
+        volume:
+          - "homeassistant_data:/config"
+        state: stopped
+
+    - name: systemd unit files for homeassistant container must exist
+      containers.podman.podman_generate_systemd:
+        name: homeassistant
+        dest: ~/.config/systemd/user/
+
+    - name: homeassistant container must be started and enabled on systemd
+      ansible.builtin.systemd:
+        name: container-homeassistant
+        daemon_reload: true
+        state: started
+        enabled: true
+        scope: user
+
+  become: true
+  become_user: homeassistant

tests/test.yml

@@ -4,9 +4,11 @@
 
   vars:
     ansible_python_interpreter: /usr/bin/python3
+    homeassistant_host_ip: 0.0.0.0
 
   roles:
     - ../roles/changedetection
+    - ../roles/homeassistant
     - ../roles/homer
     - ../roles/matomo
     - ../roles/nodered