42 lines
1.3 KiB
Docker
42 lines
1.3 KiB
Docker
ARG HASS_VERSION=latest
|
|
|
|
FROM homeassistant/home-assistant:$HASS_VERSION
|
|
|
|
RUN apk add --update-cache zbar mysql-client \
|
|
&& rm -rf /var/cache/apk/*
|
|
|
|
# Check if root
|
|
# If running as root, remove setuid and setgid flags of everything
|
|
# Then add a hass user and make that the owner of /config
|
|
# Finally, make pip install to user folders
|
|
RUN python3 -c 'import os; assert os.geteuid() == 0, "Already non-root! Skip changing user"' \
|
|
&& find / -xdev -type f -perm /u+s -exec chmod -c u-s {} \; \
|
|
&& find / -xdev -type f -perm /g+s -exec chmod -c g-s {} \; \
|
|
&& adduser -D hass \
|
|
&& addgroup hass dialout \
|
|
&& chown hass /config \
|
|
&& mkdir -p ~hass/.config/pip \
|
|
&& chown hass ~hass/.config \
|
|
&& chown hass ~hass/.config/pip \
|
|
&& echo -e '[install]\nuser = yes' > ~hass/.config/pip/pip.conf \
|
|
&& mkdir -p ~hass/.local/lib \
|
|
&& chown hass ~hass/.local \
|
|
&& chown hass ~hass/.local/lib
|
|
|
|
COPY wait-for-db.sh /home/hass/wait-for-db.sh
|
|
RUN chmod +x /home/hass/wait-for-db.sh
|
|
|
|
USER hass
|
|
|
|
# Make /config persistent even if not mounted
|
|
VOLUME /config
|
|
# Make pip cache persistent
|
|
VOLUME /home/hass/.local/lib
|
|
WORKDIR /config
|
|
# Export default port for use with routers like traefik
|
|
EXPOSE 8123/tcp
|
|
|
|
CMD ["/home/hass/wait-for-db.sh", "python3", "-m", "homeassistant", "-v", "--config", "/config"]
|
|
|
|
HEALTHCHECK CMD curl http://localhost:8123/ || exit 1
|