New services, cleanup, readme

hass/Dockerfile

@@ -0,0 +1,41 @@
+ARG HASS_VERSION=latest
+
+FROM homeassistant/home-assistant:$HASS_VERSION
+
+RUN apk add --update-cache zbar mysql-client \
+  && rm -rf /var/cache/apk/*
+
+# Check if root
+# If running as root, remove setuid and setgid flags of everything
+# Then add a hass user and make that the owner of /config
+# Finally, make pip install to user folders
+RUN python3 -c 'import os; assert os.geteuid() == 0, "Already non-root! Skip changing user"' \
+  && find / -xdev -type f -perm /u+s -exec chmod -c u-s {} \; \
+  && find / -xdev -type f -perm /g+s -exec chmod -c g-s {} \; \
+  && adduser -D hass \
+  && addgroup hass dialout \
+  && chown hass /config \
+  && mkdir -p ~hass/.config/pip \
+  && chown hass ~hass/.config \
+  && chown hass ~hass/.config/pip \
+  && echo -e '[install]\nuser = yes' > ~hass/.config/pip/pip.conf \
+  && mkdir -p ~hass/.local/lib \
+  && chown hass ~hass/.local \
+  && chown hass ~hass/.local/lib
+
+COPY wait-for-db.sh /home/hass/wait-for-db.sh
+RUN chmod +x /home/hass/wait-for-db.sh
+
+USER hass
+
+# Make /config persistent even if not mounted
+VOLUME /config
+# Make pip cache persistent
+VOLUME /home/hass/.local/lib
+WORKDIR /config
+# Export default port for use with routers like traefik
+EXPOSE 8123/tcp
+
+CMD ["/home/hass/wait-for-db.sh", "python3", "-m", "homeassistant", "-v", "--config", "/config"]
+
+HEALTHCHECK CMD curl http://localhost:8123/ || exit 1