Use a macvlan network to keep down the number of exposed ports

2019-01-17 23:15:50 +01:00 · 2019-01-17 23:15:50 +01:00 · 9b68a1559c
commit 9b68a1559c
parent d78a2f2eae
4 changed files with 32 additions and 24 deletions
--- a/configuration.yaml
+++ b/configuration.yaml
@ -13,7 +13,7 @@ homeassistant:
 discovery:
 frontend:
 recorder:
-  db_url: !secret db_url
+  db_url: mysql://hass:hass@db:3306/hass?charset=utf8
 history:
 logbook:
 config:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,11 +1,24 @@
 version: '2.0'
 networks:
  # By adding the homeassistant image to this network, it gets a local ip in
  # the network and can use the discovery component
  host:
    driver: macvlan
    driver_opts:
      parent: vmbr1
    ipam:
      config:
      # The following values are overridden in docker-compose.override.yml
        - subnet: <subnet>
          gateway: <gateway ip>
          ip_range: <homeassistant ip>/32
 services:
  mysensors:
    container_name: MySensors
    image: akshmakov/serialport-server:amd64
    restart: always
    ports:
      - "2000:2000"
    devices:
      - "/dev/mysensors:/dev/ttyUSB0"
    environment:
@ -16,8 +29,6 @@ services:
    container_name: RFLink
    image: akshmakov/serialport-server:amd64
    restart: always
    ports:
      - "2001:2000"
    devices:
      - "/dev/rflink:/dev/ttyUSB0"
    environment:
@ -29,9 +40,8 @@ services:
    image: marthoc/deconz:amd64-2.05.55
    restart: always
    ports:
-      - "8082:8082"
+      - "8082:8082" # Management port
-      - "10443:10443"
+      - "5900:5900" # VNC port
      - "5900:5900"
    devices:
      - "/dev/conbee:/dev/ttyUSB0"
    volumes:
@ -47,17 +57,15 @@ services:
    container_name: MariaDB
    image: mariadb
    restart: always
    ports:
      - "3306:3306"
    volumes:
      - /root/docker/mariadb:/var/lib/mysql
    environment:
      TZ: Europe/Stockholm
-      # The following values are overridden in docker-compose.override.yml
+      MYSQL_DATABASE: hass
      MYSQL_USER: hass
      MYSQL_PASSWORD: hass
      # The following value is overridden in docker-compose.override.yml
      MYSQL_ROOT_PASSWORD: secret
      MYSQL_DATABASE: secret
      MYSQL_USER: secret
      MYSQL_PASSWORD: secret
  mosquitto:
    container_name: Mosquitto
@ -65,7 +73,7 @@ services:
    restart: always
    ports:
      - "1883:1883"
-      - "9001:9001"
+      - "9001:9001" # Websocket port
    volumes:
      - /root/docker/mosquitto/data:/mosquitto/data
      - /root/docker/mosquitto/log:/mosquitto/log
@ -74,7 +82,9 @@ services:
    container_name: HomeAssistant
    image: homeassistant/home-assistant:0.85.0
    restart: always
-    network_mode: host
+    networks:
      - default
      - host
    ports:
      - "8123:8123"
    volumes:
@ -86,14 +96,12 @@ services:
    container_name: AppDaemon
    image: acockburn/appdaemon
    restart: always
    ports:
      - "5050:5050"
    volumes:
      - /root/docker/hass/home-assistant/appdaemon:/conf
      - /root/docker/appdaemon/certs:/certs
    environment:
      TZ: Europe/Stockholm
      # The following values ar overridden in docker-compose.override.yml
-      HA_URL: host-ip:8123
+      HA_URL: homeassistant:8123
-      DASH_URL: host-ip:5050
+      DASH_URL: appdaemon:5050
      TOKEN: secret_token
--- a/packages/mysensors.yaml
+++ b/packages/mysensors.yaml
@ -26,8 +26,8 @@ homeassistant:
 mysensors:
  gateways:
-    - device: !secret swarm_ip
+    - device: mysensors
-      tcp_port: !secret mysensors_port
+      tcp_port: 2000
      nodes:
        2: { name: Vardagsrum }
        24: { name: Skrivbordslampa }
--- a/packages/rflink.yaml
+++ b/packages/rflink.yaml
@ -20,8 +20,8 @@ homeassistant:
      <<: *common
 rflink:
-  host: !secret swarm_ip
+  host: rflink
-  port: !secret rflink_port
+  port: 2000
 light:
  - platform: rflink