User Login      + Register  

Table_of_Contents

1      Introduction

1.1                What is Home Assistant?

1.2                Is Home Assistant For You?

1.3                Home Assistant Features

1.4                Hass.io Versus Standalone Home Assistant

1.5                Further Reading

2      Home Assistant With SecureOffice

2.1                Scope Of Documentation

3      HA Installation Options

3.1                Using Home Assistant Virtual Machine

3.1.1      Install SecureOffice VmWare Workstation

3.2                Using Home Assistant Server On LAN

4      Home Assistant Configuration

5      Configure Using Provided Snapshot

6      Install HA Basic Integrations

6.1                Samba Share

6.2                SSH and Web Terminal

6.3                Hass-Custom-Alarm

6.3.1      Alarm Installation

6.3.2      Alarm Configuration

6.3.3      Alarm Notifications

6.4                File Editor

6.5                Mosquitto Broker

6.6                ZHA Network Card

7      Use Standard Sonoff Devices

7.1                Install SonoffLAN

7.2                Discover and Configure Sonoff Devices

8      Use Tasmota Flashed Sonoff Devices

9      Use Z-Wave Devices

1  0Use Zigbee Devices

1  1Remote Access

11.1            Remote Access Clients

11.2            Public Remote Access

11.2.1  Using Alternate Ports

11.2.2  Using Nginx Webserver - Primary Domain

11.2.3  Using Nginx Webserver - Subdirectory

11.2.4  Using Nginx Webserver - Subdomain

11.3            Private Remote Access

1  2Adding Automations

1  3Final Result

List of Figures

Figure 1:       HA Initial Registration Page

Figure 2:       HA Restore Snapshot

Figure 3:       HA Alarm Main Page

Figure 4:       Alarm Configuration Page

Figure 5:       Alarm Detected Sensors

Figure 6:       Enable Email Notifications

Figure 7:       Alarm Send Notifications Automation

Figure 8:       HA Sonoff Switches

Figure 11:       HA Final Main Page

Figure 12:       Detected Zigbee Devices

List of Tables

Table 1:       Hass.io Versus Standalone

1      Introduction

1.1                What is Home Assistant?

Home Assistant (HA) is the most popular opensource home automation platform by a very wide margin. It supports integration with a vast array of third party IOT (Internet of Things), security, sensor and control devices. HA supports various device control protocols such as MQTT (TCP, WiFi, Ethernet) , Zigbee (WiFi - 2.4GHz, interface required), Z-Wave (ISM band - 800Mhz, interface required) and X10 (powerline, ISM band, interface required).

HA also supports various voice control frontends such as Amazon Alexa, Apple Siri and Google Home Assistant which allow voice commands such as "dim lights", "lock doors", "call mom", etc. These cloud services have serious privacy issues, as reported for Amazon Alexa here and here. All third-party voice control cloud services must, for operation and AI (Artificial Intelligence) learning collect and store such information. It comes down to trust of your cloud provider.

Imagine that your spouse, during a nasty divorce requests history and recordings from the cloud provider and misrepresents recorded heated arguments as proof of your "abusive nature". The provider, by law, despite their alleged "privacy policies" is obligated to comply. You will be toast, since the "law" thrives on the illusion of compensating manufactured victims of "abuse" while ignoring real abuse by entrenched powers. Can it really be "free speech" to be sanctioned for stating an opinion, no matter how emotionally loaded? You have been warned. Proceed with cloud voice control at your own risk. It is best to keep your affairs private.

The surveillance state is at war with all of us and, the first rule of war is "know your enemy". They know this and you should know: "don't let them". It is left as an exercise for the reader to use online HowTo's to integrate HA with cloud services should this risk be considered acceptable.

Alternative local (no cloud) voice control options do exist, but they require technical skills and are far more basic than cloud services. Options are Almond, Rhasspy and conversation integration. The home assistant community is working very hard to perfect local voice control which is not yet ready for general usage. Online HowTo's exist for these voice control options.

HA is locally hosted and does not depend on or share information with external cloud services (unless you choose). This avoids issues such as cloud service providers knowing far too much about you, eavesdropping on you, latency (takes time to interact with cloud services) and reliability issues when the internet or service is down.

1.2                Is Home Assistant For You?

HA is a frontend, a central point to control all your home automation devices. It is useless without something to control.

Home Assistant is for "tinkerers", users willing and able to dig into the details of devices to control and define simple configuration files. Luckily, odds are, whatever the feature, device or function, somebody in the Home Assistant community has already done it and published HowTo's on the internet.

It is suggested, prior to installing HA that internet searches be performed: "Home Assistant review", "Home Assistant <what you want to do / control>".

If you are seeking simple solutions with zero effort / learning, Home Assistant and perhaps home automation in general is not for you. Either choose a simple commercial home automation gateway / hub or hire a home automation consultant to do it for you. Search "home automation gateway" on the internet, read reviews and choose what is right for you. The selection criteria in subsequent sections may assist in the selection process.

Here's a useful introduction to home automation video using SamSung SmartThings and Google Home Assistant. This combination is a very popular choice. Note the explanation of "how it works" and how much information is shared to the cloud, such as everything you say. If you have no issues with the reliability, security, privacy and latency issues of cloud-based services, perhaps choose this approach. If you have "issues" with the dystopian, Orwellian "big sister" future that the (in)security state and technology trends is taking us to, read on.

1.3                Home Assistant Features

  • SecureOffice uses the docker (Hass.io) version of Home-Assistant hosted by an Ubuntu virtual machine which is easiest to configure, use and upgrade.
  • Custom features / integrations (addons, to support extra functions, protocols) can be easily added.
  • HA can turn on / off / dim, receive status (binary or value such as temperature, power consumption) / alarm from any device with corresponding functions.
  • Chains of actions (turn on lights, play song, record IP camera, etc - scenes) can be created in response to events (remote button push, door opened, camera motion detect, etc).
  • Addons exist for popular devices with custom protocols such as Sonoff (inexpensive, market leader). A user-maintained list of Home Assistant compatible devices providing requirements, protocol, interface and special notes for each device is available.
  • Able to control / monitor any home automation device using many protocols. Caveat: obscure devices may require searching for user submitted integrations.
  • Alarms (sensor, motion, etc) can be sent via email, SMS (via SMS gateway) using various notification addons.
  • Supports GPS tracking of phones, devices.
  • Private local / public remote access using domain, strong passwords and 2 factor authentications. General instructions here and within this document. Access from any browser on any device (PC, tablet, phone).
  • Private remote access using VPN. Access from any browser on any device (PC, tablet, phone). Instructions within this document.
  • Private remote access using Home Assistant Cloud (paid, subscription service, also has privacy concerns). Access from any browser on any device (PC, tablet, phone).
  • Integrates with Amazon Alexa, Apple Siri and Google Assistant which allow voice commands such as "dim lights", "lock doors", "call mom", etc. Caveat: leaks information to cloud. HA is also able to do limited voice control (geeks only), without cloud access.
  • Integrates with ZoneMinder (IP camera security monitoring system). SecureOffice also provides ZoneMinder.
  • Very large development / user community making contributions.
  • Extensive documentation and user support options.

1.4                Hass.io Versus Standalone Home Assistant

Home Assistant comes in two basic flavors, Hass.io and standalone, compared in the table below.

Standalone refers to the premium SecureOffice package "python3-home-assistant". It may also be Home Assistant running on an external system or virtual machine. Following references to "standalone" refers to the SecureOffice "python3-home-assistant package".

Hass.io is not a SecureOffice package but can integrate with SecureOffice as a dedicated LAN server using an external system such as Raspberry PI3+ or a virtual machine on the LAN or managed by SecureOffice. Be aware that Raspberry PI has serious SD card reliability issues resulting in instability. If intending to use a single board computer as a HA server, reliable storage such as eMMC or external hard disk / SSD is a must.

The main differences between standalone and Hass.io are how they are implemented, ease of adding extra functionality (integrations) and. integrations available.

Hass.io cannot (yet) be directly run by SecureOffice due to a systemd requirement which conflicts with OpenWrt. From a technical POV, the Hass.io supervisor code (add, delete, control docker containers) must be re-written to eliminate the systemd dependency.

Feature

Hass.io

Standalone

Notes

Runs under SecureOffice

No, use external system or virtual machine on SecureOffice.

Yes

 

Easy, suitable for novices.

Yes

No

Standalone, geeks only

Ease of adding functionality (integrations)

Very, limited to what Hass.io provides which is suitable for most users.

Not. Requires manually installing extra packages, some of which may not be available (yet) for SecureOffice.

More complex to create extra integrations for Hass.io, much richer set of HowTo's for Standalone. It is a work in progress to create extra packages for home-assistant, upon user request.

Number of Integrations available.

Limited to what Hass.io provides which is suitable for most users.

Huge. Many user contributed HowTo's.

See above.

Implementation

Group of supervised docker containers each providing some functionality, like musicians in an orchestra.

Native program and addons, runs directly under SecureOffice.

 

Ease of upgrade

Very. Select upgrade in UI

Backup config, install new version, restore config.

Must wait for updates to become available for python3-home-assistant package

Support

User forums, HowTo's

User forums, HowTo's

Both are standard implementations, once deployed, all corresponding HowTo's apply.

Table 1: Hass.io Versus Standalone

Hass.io is a HA distribution intended for installation on Raspberry PI or other Linux systems (virtual machines included) using supervised docker containers. When searching for HA HowTo's, be aware that standalone HA is not Hass.io.

Hass.io and integration installation / configuration instructions are not identical to standalone HA which may require installing extra packages. An overview of Hass.io is located here.

The differences between Hass.io and standalone HA installation are outlined here.

For SecureOffice, hass.io (supervised docker containers) is recommended and is the only Home Assistant flavor that subsequent documentation refers to. Users wishing to use other Home Assistant distributions are on their own using online HowTo's.

1.5                Further Reading

There is a huge amount of reference material on the internet regarding Home Assistant. Rather than repeat, a few pertinent links are provided below.

Since internet links go stale with time, use these search terms: "Home Assistant <what you want to do>", "Home Assistant overview", "Home Assistant <device you are interested in>".

Overview of Home Automation Protocols

Another Protocol Overview

Home Assistant compatible devices

WiFi, ZigBee, Z-Wave Differences

IEEE - Zigbee Versus Z-Wave

Video - Z-Wave versus Zigbee

Zigbee (Wikipedia)

Z-Wave (Wikipedia)

Zigbee And WiFi Co-existence / Interference

2      Home Assistant With SecureOffice

2.1                Scope Of Documentation

Various methods of installing Home Assistant, including links to various HowTo's are provided. This documentation goes as far as getting basic HA running and configuring Sonoff, Zigbee and / or Z-Wave interface device support, setting up a few Zigbee and Z-Wave devices, plus remote access methods. Once basic device control / status support is in place, it is up to users to determine how to use Home-Assistant to create simple automations to link device events (example: hass custom burglar alarm) to actions (send text message intruder alarm or chain of actions - scenes).

Integration of devices using other protocols such as X10 is possible (research HowTo's), just not covered by this document.

There is a vast array of HowTo's and information regarding Home Assistant, home automation, Zigbee and Z-Wave on the internet and so much flexibility that covering it all here is pointless and redundant.

Since this is a standard HA is installation, there is no reason that it cannot be configured any way you choose (ignoring these instructions / recommendations) using online HowTo's. This documentation recommends what is, IMHO, best practice.

3      HA Installation Options

For all HA installations, if intending to use Zigbee and / or Z-Wave devices, an interface device or hub is required. See Home Assistant Interfaces for options.

After installing HA by any of the following methods, navigate to <Home Assistant LAN Address>:8123 to see the Home Assistant initial registration page as shown below:

 

Figure 1: HA Initial Registration Page

3.1                Using Home Assistant Virtual Machine

The virtual machine can be hosted by SecureOffice in which case, the premium Vmware Workstation package is required. Alternatively, the virtual machine can be hosted by another PC on the LAN.

Create a Hass.io virtual machine on a PC by following Create_Hass.io_Virtual_Machine instructions.

Do not proceed until you can access the Home Assistant initial registration page (like Figure 1) at <HA / VM IP Address>: 8123.

If Home Assistant VM is to he hosted by another PC or SecureOffice, shutdown HA, copy the VM to target PC (if host is not SecureOffice).

If the HA VM is to be hosted by SecureOffice, go to the next section.

Proceed to the Assign Static IP Address to Home Assistant, and Share Host PC Folders With VM sections.

3.1.1      Install SecureOffice VmWare Workstation

Omit this step if HA (virtual or real machine) is hosted on another (non SecureOffice) PC on the LAN.

Once the Home Assistant virtual machine has been created, it can be copied over to SecureOffice and the SecureOffice / VmWare Workstation application installed by following the instructions starting at Create VM Directory on SecureOffice.

Proceed to the Assign Static IP Address to Home Assistant, and Share Host PC Folders With VM sections.

3.2                Using Home Assistant Server On LAN

A dedicated or shared server on the LAN can be used to provide Home Assistant services. Internet research to determine hardware, OS and installation methods, for example Raspberry PI (which has issues with SD card reliability and performance).

Do not proceed until you can access the Home Assistant initial registration page (like Figure 1) at <Home Assistant LAN address>: 8123.

Proceed to the Assign Static IP Address to Home Assistant section.

4      Home Assistant Configuration

Given the vast number of ways and features that Home Assistant can be configured, instructions are limited to achieving control of basic Sonoff, Zigbee and Z-Wave devices plus installing the integrations (packages) required for doing so. To proceed further requires knowing unique per-user requirements and searching the internet for HowTo's for any features / devices desired.

HA can be configured by restoring from backup (snapshot) which automatically installs basic integrations and configuration or, manually installing and configuring integrations. Both methods are documented.

5      Configure Using Provided Snapshot

Given that HA configuration is a daunting task for new users with a steep learning curve, a snapshot (backup) of a pre-configured system is available to be up and running quickly. Experienced HA users may choose to skip this and start from the beginning and / or restore snapshots from their previous HA installations (eg: upgrading from unreliable Raspberry Pi installations).

As a convenience, a pre-configured Hassio snapshot (created from instructions in next section) is available to download by registered SecureOffice users from the SecureOffice premium repository. The snapshot is already included in the Pre-Configured Hassio Virtual Machine. This snapshot will work with any Hass.io installation on real or virtual machines.

The snapshot has the following configuration: HA user: "admin", password: "admin_54321".

The snapshot must be downloaded for all HA installations except the Pre-Configured Hassio Virtual Machine.

Download Hassio Snapshot using a PC on your registered domain (otherwise, access will be denied) from the SecureOffice custom repository. When prompted, enter your SecureOffice user ID and password to download the snapshot (ha_default.tar).

On your Home Assistant PC or virtual machine, enter "mkdir /usr/share/hassio/backup" to create (if not exist) the HA backup directory. Copy the downloaded snapshot (ha_default.tar) to the above directory (using VM shared folders, WinSCP or another method). Reboot the HA PC or VM (Web GUI Supervisor -> System -> Reboot) for HA to detect the snapshot.

After HA reboots, the snapshot can be accessed by (web GUI) Supervisor -> Snapshots -> Available Snapshots. Click on the snapshot, a "Restore Snapshot" window will display, as shown below:

Figure 2: HA Restore Snapshot

De-select Home Assistant to keep the existing HA version. Click "Wipe & Restore", click OK when prompted. Connection with HA will be lost until restore completes. After restore completes, several configuration values are required to personalize settings.

Using Windows Explorer or another access method, navigate to the shared Home Assistant configuration directory (\\<Home Assistant IP Address\config and edit configuration.yaml.

If using standard Sonoff devices, alter the sonoff entry for your EWeLink user ID and password using the Install SonoffLAN instructions.

If using email notifications (for Hassio Custom Alarm or other purposes), alter the notify entry for your email server parameters using the Alarm Notifications instructions.

A HA reboot (Supervisor -> System -> Reboot) is required for the altered configuration to take effect.

The snapshot is pre-configured and tested with the following configuration / integrations:

  • Samba Share - Allows you to enable file sharing across different operating systems over a network. It lets you access your config files using Windows, Linux and macOS devices, including remote access using VPN. Pre-configured: username: "admin", password: "admin_54321"
  • SSH and Web Terminal - Allows you to log in to your Home Assistant instance using SSH or by using the Web Terminal, including remote access using VPN. Pre-configured: username: "admin", password: "admin_54321", SSH server port: "2223".
  • Mosquitto Broker - A MQTT server. MQTT is a machine-to-machine (M2M) / "Internet of Things" connectivity protocol used by flashed Tasmota and other devices. Pre-configured: (per installation instructions below): active: "true", MQTT user: "mqtt", MQTT password: "mqtt".
  • SonoffLAN - Control Sonoff Devices with eWeLink (original) firmware over LAN and / or Cloud from Home Assistant. To configure, follow instructions in Discover and Configure Sonoff Devices.
  • ZHA Network Card - Custom Lovelace card that displays ZHA (Zigbee) network and device information. No configuration required.
  • Hass-Custom-Alarm - Fully functional burglar alarm. Requires motion detect devices. More features than standard HA alarm. Configuration password: "admin_54321", Disarm code: "1234"
  • Nortek HUSBZB-1 combo Z-Wave / Zigbee interface. Can easily reconfigure to use any HA compatible interface device.

6      Install HA Basic Integrations

The following integrations may be installed manually or by restoring from the preconfigured snapshot with the following configuration settings. Any settings that are not mentioned are left at default values:

Samba Share: username: admin, password: "admin_54321"

SSH & Web Terminal: username: "admin", password: "admin_54321", SSH server port: "2223"

Mosquitto Broker: (configured per installation instructions): active: "true", MQTT user: "mqtt", MQTT password: "mqtt".

Hass-Custom-Alarm: Configuration password: "admin_54321", Disarm code: "1234"

6.1                Samba Share

This addon enables Home Assistant file sharing across different operating systems over a network. It lets you access your Home Assistant configuration files from Windows, Linux and macOS devices.

Using the Home Assistant web GUI, navigate to "Supervisor - > Add-on Store". Select "Samba Share", press "Install"

Enter add-on configuration values. It is mandatory to at least set the "start on boot, workgroup, username and password" values. After done, press "Start".

Using Windows explorer, navigate to <LAN address of Home Assistant>. You should see the following directories: "addons, backup, config, share, ssl". If not, restart Home Assistant and try again. Fix any errors before proceeding.

If this add-on was installed using restore snapshot from backup, the default configuration values can be seen and changed from "Supervisor - > Samba Share". It is recommended to change the default password.

6.2                SSH and Web Terminal

This add-on allows you to log in to Home Assistant using SSH or the integrated Web Terminal in a browser. It also provides access to the HA command line utility for managing home-assistant.

Using the Home Assistant web GUI, navigate to "Supervisor - > Add-on Store". Select "SSH & Web Terminal", press "Install". If the application does not show, enable advanced mode on your profile page to make it visible.

Enter configuration values. It is mandatory to at least set the "username, password, SSH server port" values. The "SSH server port" must not be "22" or "2222", since it will conflict with the host OS SSH server (2223 is a good choice). Press "Save" after any changes. Press "Start". Under "Log", press "REFRESH" periodically until you see " Starting session". Fix any errors such as insecure password before proceeding.

A HA console session can be started either by "OPEN WEB UI" from within the add-on or using a SSH client (putty) to connect to <IP Address of host>:< SSH server port>.

If this add-on was installed using restore snapshot from backup, the default configuration values can be seen and changed from "Supervisor - > SSH & Web Terminal". It is recommended to change the default password.

6.3                Hass-Custom-Alarm

This add-on replaces the standard Home Assistant alarm panel with a fully functional burglar alarm with the following features:

  • State specific groups and times
  • User specific codes
  • Panic Mode
  • MQTT Integration
  • Floorplan Integration
  • Alarm State Persistence on reboots/power restore
  • Lockout of HA sidebar when armed
  • Custom Panel allowing your own html to display whatever you choose (Cameras, Sliding Images etc)
  • Passcode Attempts/Lockout
  • Support for custom device states
  • Code panel 0-9 on disarm only
  • Weather Status (Optional) - NOTE: Weather sensor now supports generic sensors (sensor.weather_summary & sensor.weather_temperature) if these are not found then it will default to the dark sky sensors (sensor.dark_sky_summary & sensor.dark_sky_temperature)
  • Perimeter Mode (Optional) - Use this to only arm a particular set of sensors (doors) when home.
  • Masks passcode on entry
  • Clock display (Optional)
  • Digit code entry on disarm
  • Themed colors depending on alarm state
  • Countdown timer on 'Pending' state
  • Notification of Open Sensors with the option to override
  • Information/Debug panel
  • Can send SMS (text) notifications on alarm events

This addon requires motion detectors to function. Tested with Xiaomi Aqara motion sensors, but any HA compatible motion sensor should work.

6.3.1      Alarm Installation

From within the Home Assistant machine (console or Putty session), enter the following commands (without outer quotes, keeping any inner quotes):

  • "sudo apt -y install unzip"
  • "cd /tmp; wget https://github.com/akasma74/Hass-Custom-Alarm/archive/master.zip; mv master.zip Hass-Custom-Alarm.zip"
  • "unzip Hass-Custom-Alarm.zip"
  • "sudo cp -rf Hass-Custom-Alarm-master/custom_components/bwalarm /usr/share/hassio/homeassistant/custom_components"
  • "sudo cp -rf Hass-Custom-Alarm-master/resources /usr/share/hassio/homeassistant/"
  • "sudo echo "alarm_control_panel: !include resources/bwalarm/bwalarm.yaml" > /usr/share/hassio/homeassistant/configuration.yaml"

Home Assistant must be restarted to detect the changes.

6.3.2      Alarm Configuration

Prior to configuration, ensure that all motion detect devices have been discovered by Home Assistant (Configuration -> Devices). If not, install and configure your devices prior to proceeding.

For more configuration details and documentation please refer to the configuration variables page, examples and notes.

After HA restarts, Click on "Alarm" in the Home Assistant sidebar. The Alarm main page will display, as shown below:

Figure 3: HA Alarm Main Page

Click on the bottom right icon to enter the settings menu. Enter the admin password (default: " HG28!!&dn") and press enter. The main configuration page will display as shown below:

Figure 4: Alarm Configuration Page

Click on "Design" and change the "Admin Password". Do not change any other options until more familiar with this addon.

Click on "Alarm", enable "Alarm Persistence" and change the "Master Passcode" (for arming / disarming the alarm).

Click on "Sensors", enable "Sensors Panel" (allows state of enabled sensors to be viewed).

Scroll down to the device list below "Immediate Delayed Override" title. Your motion detectors should be in this list as shown below:

Figure 5: Alarm Detected Sensors

Click on (enable) all motion detectors that should cause an alarm when in "Away Mode". For example, Aquara motion sensors have the form of "lumi.sensor_motion.aq2 something ias_zone" as shown above.

6.3.3      Alarm Notifications

A burglar alarm is useless without some way to announce that intruders have been detected. Options are:

  • Siren controlled by Home Assistant (search for HowTo's) to alert neighbors.
  • Email notification (modify example SMS notification to use email address rather than SMS gateway)
  • SMS (text) notifications to cellphone - requires a SMS gateway, which most cellular operators provide free for their customers.

Configuration instructions follow.

Enable HA built in email notifications by adding the following code to file "/usr/share/hassio/homeassistant/configuration.yaml":

notify:
- name: gmail
platform: smtp
server: <your email server>
port: 587 <verify port>
timeout: 15
sender: <your email address>
encryption: starttls
username: <your user name for email server>
password: <your password for email server>
recipient: <email or SMS gateway address for notifications>
sender_name: Home Assistant

 

Figure 6: Enable Email Notifications

Create file "/usr/share/hassio/homeassistant/automations/bwalarm.yaml" with the following code:

- id: alarm_armed_away
alias: '[Alarm] Away Mode Armed'
trigger:
- platform: state
entity_id: alarm_control_panel.house
to: 'armed_away'
action:
service: notify.gmail
data:
title: 'Alarm Away Mode Armed'
message: 'Alarm has changed to away mode.'

- id: alarm_armed_home
alias: '[Alarm] Home Mode Armed'
trigger:
- platform: state
entity_id: alarm_control_panel.house
to: 'armed_home'
action:
service: notify.gmail
data:
title: 'Alarm Home Mode Armed'
message: 'Alarm has changed to home mode.'

- id: alarm_arming_away
alias: '[Alarm] Away Mode Arming'
trigger:
- platform: state
entity_id: alarm_control_panel.house
to: 'pending'
action:
service: notify.gmail
data:
title: 'Alarm away mode activating'
message: 'Alarm activating, ensure all doors and windows are closed.'

- id: alarm_disarmed
alias: '[Alarm] Disarmed'
trigger:
- platform: state
entity_id: alarm_control_panel.house
to: 'disarmed'
action:
service: notify.gmail
data:
title: 'Alarm Mode Disrmed'
message: 'Alarm has changed to disarmed mode.'

- id: alarm_triggered
alias: '[Alarm] Triggered'
trigger:
- platform: state
entity_id: alarm_control_panel.house
to: 'triggered'
action:
- service: notify.gmail
data:
title: 'Alarm Triggered'
message: 'Alarm triggered.'
# Optional (testing) turn light on for five minutes
- service: switch.turn_on
data:
entity_id: switch.sonoff_s31_lite_zb_059b661f_on_off
- delay: 0:05
- service: switch.turn_off
data:
entity_id: switch.sonoff_s31_lite_zb_059b661f_on_off

- id: alarm_warning
alias: '[Alarm] Warning'
trigger:
- platform: state
entity_id: alarm_control_panel.house
to: 'warning'
action:
service: notify.gmail
data:
title: 'Alarm Warning'
message: 'Alarm warning.'
- alias: '[Alarm] Panic Mode'
trigger:
platform: template
value_template: "{{ is_state_attr('alarm_control_panel.house', 'panic_mode', 'ACTIVE') }}"
action:
service: notify.gmail
data:
title: 'Alarm Panic Mode Entered'
message: 'Alarm is in panic mode.'

 

Figure 7: Alarm Send Notifications Automation

The above configuration will send an Email / Text message when the following alarm events occur: armed home, arming away, armed away, alarm disarmed, alarm triggered, alarm warning.

Restart HA to have the changes take effect.

6.4                File Editor

This is optional. It is better (more flexible) to use the "SSH & Web Terminal" add-on to access configuration files.

This add-on (formerly known as Configurator) allows browser-based Home Assistant file system access / editor for configuration files. Non-browser access can be achieved using the Samba Share add-on, which may be enough, making this add-on optional.

Using the Home Assistant web GUI, navigate to "Supervisor - > Add-on Store". Select "File Editor", press "Install".

Review the configuration values and change as desired. Default configuration should be adequate. After done, press "Start".

6.5                Mosquitto Broker

The Mosquitto Broker is a MQTT server. MQTT is a machine-to-machine (M2M) / "Internet of Things" connectivity protocol. It was designed as an extremely lightweight publish / subscribe messaging transport. It is useful for connections with remote locations where a small code footprint is required and / or network bandwidth is at a premium. For example, it has been used by sensors communicating to a broker via satellite link, over occasional dial-up connections with healthcare providers, and in a range of home automation and small device scenarios. It is ideal for mobile applications because of its small size, low power usage, minimised data packets, and efficient distribution of information to one or many receivers. The MQTT protocol provides a lightweight method of carrying out messaging using a publish (event sources publish events) / subscribe (event listeners subscribe to events of interest) model. This makes it suitable for Internet of Things messaging such as low power sensors or mobile devices, phones, embedded computers or microcontrollers.

This addon can be used to control devices flashed with Tasmota (MQTT client), Z-Wave devices using the ZWave2MQTT (gateway) add-on and Zigbee devices by flashing Zigbee2mqtt firmware, (gateway to Zigbee devices - technical skills, hardware required) on an inexpensive CC2531 USB stick.

Do not install this add-on until instructed to do so when (optionally) configuring MQTT for Tasmota, ZWave2MQTT or the CC2531 USB stick.

To install using the Home Assistant web GUI, navigate to "Supervisor - > Add-on Store". Select "Mosquitto broker", press "Install".

Do not start the add-on until subsequent configuration is complete and instructed to do so.

6.6                ZHA Network Card

This add-on displays discovered ZHA (Zigbee) network and device information as shown in Detected Zigbee Devices.

Documentation and installation instructions are available at the author's site.

7      Use Standard Sonoff Devices

Two options (integrations) are discussed for controlling standard Sonoff Devices:

7.1                Install SonoffLAN

  • Download latest SonoffLAN-master.zip file and extract it to a temporary location.
  • Using Windows explorer, navigate to <LAN address of Home Assistant>/config. (Assumes Samba Share add-on is installed) If a "/config/custom_components" directory does not exist, create it. The directory "<LAN address of Home Assistant>/config" will be referred to as "<HA_CONFIG_DIR>" in subsequent instructions.
  • Using Windows Explorer, navigate to where you extracted the downloaded "SonOffLAN-master.zip" file. Navigate to subdirectory "SonoffLAN-master/custom_compenents" You should see a "sonoff" directory. Select and copy the "sonoff" directory to the "<LAN address of Home Assistant>/config/custom_components/" directory.
  • Next Section

7.2                Discover and Configure Sonoff Devices

Ensure that your Sonoff WiFi device(s) (including RF Bridge - if using) are connected and powered on.

The EWeLink application is required for device discovery. It can be installed on Android or IOS devices. An EWeLink user manual is available (read it).

After installing EWeLink, perform the following steps using EWeLink:

Insure that EWeLink (phone, tablet) is connected to the same (2.4GHz only) WiFi network as your Sonoff device(s) will use.

Register an account. Remember your username and password.

Login to EWeLink server.

For each Sonoff device, enter pairing mode (press device button for 7 seconds). Press (EWeLink) "+" to enter discovery mode, Select "Quick Pairing". Fill in the WiFi credentials the device will use. If pairing takes too long, press the device button for 7 seconds again. Enter a "Device name" when prompted, press "Complete". The device will show up in EWeLink. Select the icon next to the device name for further configuration. If you see "Firmware update available", go to "Settings" to update.

Important: Every time you add or change devices using EWeLink, delete the hidden file "<HA_CONFIG_DIR>/.sonoff.json" and restart Home Assistant (Supervisor -> System -> Reboot). This file contains device settings downloaded from the EWeLink server, if the file does not exist locally. Downloading device settings from EWeLink is the only internet access that SonoffLAN requires and only if a local copy of "<HA_CONFIG_DIR>/.sonoff.json" does not exist.

Append the following at the end of file "<HA_CONFIG_DIR>/configuration.yaml" to allow Home Assistant to get device configuration from the EWeLink server.

sonoff:

username: <EWeLink user ID>

password: <EWeLink password>

Restart Home Assistant and navigate to "Overview". You should see the Sonoff devices added. The figure below shows two Sonoff Basic switches controlled via the SonOffLAN addon.

Figure 8: HA Sonoff Switches

 

8      Use Tasmota Flashed Sonoff Devices

Install add-on Mosquitto Broker, Detailed instructions here.

Change Mosquitto Broker options as below:

logins: []

anonymous: false

customize:

active: true

folder: mosquitto

certfile: fullchain.pem

keyfile: privkey.pem

require_certificate: false

Create a new user for MQTT via Configuration -> Users (manage users). Note: This name cannot be homeassistant or addon, those are reserved usernames. Suggest name: MQTT, username: "mqtt", enter and remember the password. This user must have administrator privileges.

Several files need to be created in the "/share" directory on the Home Assistant filesystem. The "/share" directory (internal to Home Assistant) can be accessed (if the Samba Share addon is installed) using Windows Explorer at "<IP address of Home Assistant>/share", otherwise, the File Access add-on (Supervisor -> File editor -> Open webUI) can be used.

Create file "/share/mosquitto/acl.conf" with contents "acl_file /share/mosquitto/accesscontrollist".

Create file "/share/mosquitto/accesscontrollist" with the following contents (MQTT userid created above):

user <YOUR_MQTT_USER>

topic readwrite #

Start Mosquitto Broker, check the log (Supervisor -> System) and fix any reported issues.

Navigate in your Home Assistant frontend to Configuration -> Integrations.

If the MQTT integration is enabled, delete it. Press "+" and search for MQTT. Click on MQTT.

Configure the Broker. IP Address: 127.0.0.1, Port (defaults), MQTT Username, Password (created previously) and Submit.

If not already done, flash your sonoff devices and insure they show up and are controllable from Home Assistant -> Overview.

Enable MQTT auto-discovery (add devices). Add the following to "/config/configuration.yaml":

mqtt:

discovery: true

broker:'mqtt://127.0.0.1:1883' # Remove if you want to use builtin-in MQTT broker

birth_message:

topic: 'hass/status'

payload: 'online'

will_message:

topic: 'hass/status'

payload: 'offline'

Restart Home Assistant for the configuration to take effect.

9      Use Z-Wave Devices

Enable the HA Z-Wave built-in integration for the Nortek HUSBZB-1.Zigbee / Z-Wave combo USB interface. Add the following to "/config/configuration.yaml":

zwave:

usb_path: /dev/ttyUSB0

If running HA in a virtual machine it is necessary to (Vmware GUI) to connect the Z-Wave interface to the virtual machine. Select "Player -> Removable Devices -> <Interface Device> -> Connect (Disconnect from Host)"

If using a different Z-Wave interface device, the USB path may be different. See Identify USB Interface Devices to determine the correct USB path.

1  0Use Zigbee Devices

Enable the HA Zigbee built-in integration for the Nortek HUSBZB-1.Zigbee / Z-Wave combo USB interface. Add the following to "/config/configuration.yaml":

zha:

# Older HA versions require USB path

# usb_path: /dev/ttyUSB1

database_path: /config/zigbee.db

If running HA in a virtual machine it is necessary to (Vmware GUI) to connect the Zigbee interface to the virtual machine. Select "Player -> Removable Devices -> <Interface Device> -> Connect (Disconnect from Host)"

If using a different Zigbee interface device, the USB path may be different. See Identify USB Interface Devices to determine the correct USB path.

1  1Remote Access

A choice needs to be made. Do you want to provide public (everyone) access to Home Assistant or keep it private (for those you choose such as family members), accessible locally and / or using VPN?

Four options exist for HA remote access (http, https, etc, including virtual machines) on the SecureOffice LAN:

  • Use the SecureOffice VPN server (recommended) which makes remote clients local to the remote client device such as PC, tablet, phone.
  • Use the SecureOffice nginx webserver (can route to various servers)
  • Open firewall port(s) (discouraged, since ports may be blocked by business, schools, internet cafe's).
  • Users of Home Assistant Cloud (subscription service) can use the Remote UI without requiring any further remote access configuration.

Public access means anyone on the internet can access your services. This is the least secure remote access method, since passwords can be cracked.

Private access means that only users on your local LAN and / or remote VPN (such as family members) can access your service. This is the most secure and recommended approach.

11.1            Remote Access Clients

Home Assistant can always be accessed from anywhere (local and / or remote if configured) using a web browser on any device. Various Android and IOS clients exist. To choose the remote access client that is best for you, search "Home Assistant remote client apps". A review of several popular Home Assistant client apps is available here.

Remote access client configuration is client specific and not covered by this document. Consult the app documentation and search for HowTo's.

11.2            Public Remote Access

This means anyone can take a crack at hacking your site, since anyone can access the login page. This poses a security risk from hackers, despite strong authentication. Security can be increased using multi-factor authentication, but this increases login complexity and requires extra packages to be installed on remote devices.

11.2.1  Using Alternate Ports

This configures Home Assistant to be locally accessible by "home-assistant:8123" and remotely by "http(s)//www.<your domain>:<port you choose>"

This approach has the following disadvantages:

  • Firewall ports must be opened or forwarded,
  • Non-standard ports may be blocked by business, schools, internet cafes.
  • If https (secure) access required, Home Assistant must be further configured with SSL certificates. If not, only http access. Consult online for HowTo's.

For port forwarding, follow port forwarding instructions, add the following port forward. When done, from a SecureOffice command prompt, enter "/etc/init.d/firewall restart"

Name

Protocol

Ext Zone

Ext port

Int Zone

Int IP Addr

Int port

Notes

 

 

 

 

 

 

 

 

Allow-Home-Assistant

tcp

wan

<Port you choose>

lan

<home-assistant>

8123

Home Assistant is VM or another computer on LAN. Unnecessary if nginx used for domain web services.

 

Table 1: Home Assistant Port Forwards

Try to access "http//www.<your domain><port you chose>". You should see the Home Assistant add user or login page (Figure 1). Fix any issues before proceeding.

11.2.2  Using Nginx Webserver - Primary Domain

This configures Home Assistant to be accessible at a dedicated domain. for example, "http(s)//<my-homeassistant.com>"

Home Assistant can be accessed locally by "home-assistant:8123" or remotely by "http(s)//www.<your dedicated Home Assistant domain>".

This approach has the following advantages:

  • No port forwarding
  • Uses standard ports (http:80, https:443) which no one can block without killing internet.
  • Http is automatically upgraded to https.
  • https (secure) access shares SecureOffice SSL certificates.

Final nginx configuration ("/etc/nginx/vhosts/<your dedicated Home Assistant domain>.conf") will be like below (using method and all prerequisites from Create Nginx Virtual Host):

# Change "example.com" to your_site DNS name
#
server {
listen 80;
listen [::]:80;
server_name example.com *.example.com;
location /.well-known/acme-challenge/ {
default_type "text/plain";
allow all;
alias /tmp/letsencrypt/;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
listen [::]:443;
server_name example.com *.example.com;

location / {
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
# Allow downstream sites to know who's connecting
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://home-assistant:8123;
}
}

 

Figure 9: Nginx Primary Domain Configuration

From a SecureOffice command prompt, enter "/etc/init.d/nginx restart" to have the new settings take effect. Try to access "http//www.<your dedicated Home Assistant domain>". You should see the Home Assistant add user or login page (Figure 1). Fix any issues before proceeding.

11.2.3  Using Nginx Webserver - Subdirectory

This configures Home Assistant to be accessible locally by "home-assistant:8123" or "http(s)//www.<your domain>/<subdirectory>". Use this approach to have Home Assistant available as a subdirectory of your primary domain, for example "http(s)//www.<example.com>/home-assistant"

This approach has the following advantages:

  • No port forwarding
  • Uses standard ports (http:80, https:443) which no one can block without killing internet.
  • Http automatically upgrades to https.
  • https (secure) access uses / shares SecureOffice SSL certificates.
  • A subdirectory (such as "home-assistant") is easier to remember than a port number.

Final nginx configuration ("/etc/nginx/vhosts/<yourdomain>.conf") will be altered like below (using method and all prerequisites in Create Nginx Subdirectory):

Insert two location blocks after existing location blocks and before final "}" in domain configuration file as shown below: Change "my-castle" to desired subdomain such as "my-fort".

# Change "my-castle" to desired subdirectory
#
# other stuff above here
server {
listen 443;
listen [::]:443;
# other location blocks here
location /my-castle/ {
rewrite /my-castle/(.*) /$1 break;
proxy_pass http://home-assistant:8123;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ ^/(api|auth|static|frontend_es5|frontend_latest|lovelace)/ {
proxy_pass http://home-assistant;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# end of home-assistant inserts
}

 

Figure 10: Nginx Subdirectory Configuration

From a SecureOffice command prompt, enter "/etc/init.d/nginx restart" to have the new settings take effect. Try to access "http//www.<your domain>/<your subdirectory>". You should see the Home Assistant add user or login page. Fix any issues before proceeding.

11.2.4  Using Nginx Webserver - Subdomain

This configures Home Assistant to be accessible locally by "home-assistant:8123" or "http(s)//www.<your subdomain>.<example.com>". Use this approach to have Home Assistant available as a subdomain of your primary domain, for example "http(s):/www.home-assistant.<example.com>"

TODO: write it

11.3            Private Remote Access

Your site / services are only available to users connected to your local LAN or, remotely using VPN. This is the most secure approach.

Home Assistant can be accessed by locally or remotely by "home-assistant:8123" using remote VPN on a remote client for access.

1  2Adding Automations

Home Assistant automations are programmed sequences of actions in response to events optionally qualified by states. The Hass Custom Alarm example is an automation. When the alarm is in armed state and an enabled motion detector triggers (event) occurs, a text message or email is sent. Another automation example is when event time occurs: turn on / off a light or appliance.

Thus far, configuration has dealt with setting up the HA infrastructure (interfaces, protocols, devices, integrations) required to provide event sources (sensors) and devices to control for Home Assistant automations.

What to do next is dependent on what YOU want Home Assistant to do. Consult the Home Assistant automations documentation for ideas, examples and HowTo's.

1  3Final Result

After following previous installation / configuration instructions (with configured devices), the Home Assistant completed main page is as shown below:

Figure 11: HA Final Main Page

The "ZHA STATUS" (discovered Zigbee devices) page is shown below:

Figure 12: Detected Zigbee Devices

Technologies Used:

Design by: XOOPS UI/UX Team