I recently bought a new AppleTV, which I tried to integrate with HomeAssistant today.
Since the AppleTV is on a different VLAN than my HomeAssistant, I created an appropriate firewall rule, but HomeAssistant still could not find the AppleTV.
After a long search I found out that I also need to enable mDNS and create an additional firewall rule.
So all in all I did the following to make it work:
- Install and configure Multicast DNS Proxy
- Create first firewall rule:
- Action: Pass
- Interface: DMZ
- Direction: in
- TCP/IP Version: IPv4+IPv6
- Protocol: any
- Source: HomeAssistant (this is an alias for my Homeassistant ip)
- Destination: AppleTV (alias)
- Description: Allow HomeAssistant access to AppleTV
- Create second firewall rule:
- Action: Pass
- Interface: DMZ
- Direction: in
- TCP/IP Version: IPv4
- Protocal: any
- Source: HomeAssistant (alias)
- Destination: Single host or Network: 224.0.0.251/32
- Description: Allow HomeAssistant access to Bonjour (for AppleTV)
- Restart HomeAssistant.
A few days ago, a good friend asked me: "How do you restore your encrypted offsite backup when you've lost all your other machines".
If all my devices are down at the same time, I might actually have a problem, as I would need at least a PGP key to decrypt my password manager.
So after some research I decided to copy my private ssh and gpg keys to an encrypted veracrypt volume. This is basically a small encrypted folder (~10MB) you can borrow to some of your friends.
Create encrypted volume
# Create a new volume through a text user interface veracrypt --text --create # Volume type 1 # normal, default # Enter volume path: /private/unencrypted/nextcloud/keys # Enter volume size: 10M # du -sh ~/.gnupg/ ~/.ssh/ # will give you a good idea # Encryption Algorithm: 1 # For AES, default # Hash algorithm: 1 # For SHA-512, default # Filesystem 2 # For FAT, default # Enter passphrase MAGA2020!:D # Enter PIM # For more information: https://documentation.help/VeraCrypt/Personal%20Iterations%20Multiplier%20(PIM).html # I leave this empty because I think my passphrase is strong enough # Enter keyfile none # default
Decrypt volume and mount it
mkdir /tmp/keys veracrypt --text /private/unencrypted/nextcloud/keys /tmp/keys
Copy keys
scp -rp ~/.ssh/ /tmp/keys/ scp -rp ~/.gnupg /tmp/keys/ # ... touch /tmp/keys/FILES_ARE_HIDDEN # just a hint for the future
Dismount volume
veracrypt --text --dismount /tmp/keys/ # make sure you are not in /tmp/keys, otherwise you will see: # Error: umount: /tmp/keys: target is busy. rm -rf /tmp/keys
From time to time I have to setup a Raspberry Pi including ssh and wlan. But it's always super annoying to connect keyboard and screen to setup ssh and wifi. And there are other ways:
- Use
dd
or etcher to flash your (raspbian) image to the Pi - Enable SSH
- Mount sd card on your Computer (not on your raspberry pi)
- Create an empty file named
ssh
and store it on the sd card on /boot
Enable Wifi
- create /boot/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev network={ ssid="YOUR_SSID" psk="YOUR_WIFI_PASSWORD" key_mgmt=WPA-PSK }
- Pi will get an IP adress from your DHCP-Server
- unmount
- Start Rarspberry Pi
- put in sd card
- power on
Get IP Adress
On your computer:
nmap -sP 192.168.XXX.1/24 # replace XXX
- most likely the hostname you are locking for is rasberrypi ;)
Connect to Raspberry Pi:
ssh pi@IpFromPrevCommand # pw: raspberry
Configure system
sudo raspi-config # Change default password! # Update System # Change settings
Update
- Fixed command to restore corrupt backup. It should be sqlite3 for both dump and restore! Thank you Philip for the hint!
Assuming you're using hass.io on a raspberry pi:
Backup
There are multiple option of backing up your home assistant data:
1. Build in option
- Login to WebUI -> in the sidebar go to Hass.io -> snapshots
- Here your can create a new snapshot
- after clicking the reload button (upper right corner) you can download your snapshot
2. An automation to create snapshots on a regular base
- Put the following in your
automation.yaml
- alias: Create hourly backup trigger: - platform: time_pattern minutes: '/60' action: - service: notify.mobile_app_iphone_your_name data: message: Hourly Backup 💾 is created! title: Backup - service: hassio.snapshot_full data_template: name: > Backup_{{ now().strftime('%d-%m-%YT%H-%M-%S') }}
3. Automatic offside backups
- Create new backup user on your server
- Add the user to the allowed group of ssh users in
/etc/ssh/sshd_config
sudo systemctl restart sshd
- Create new ssh key for hass.io
- Add new ssh pub key to
~/authorized_keys
- Add this repo to your plugins https://github.com/carstenschroeder/hassio-addons
Addon config:
{ "ssh_enabled": true, "ssh_host": "192.168.178.27", "ssh_port": 22, "ssh_user": "ms-backup", "ssh_key": [ "-----BEGIN OPENSSH PRIVATE KEY-----", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", cat ~/.ssh/hassio-key "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ", "-----END OPENSSH PRIVATE KEY-----" ], "remote_directory": "/hpdata/homes/ms-backup/backup_hassio", "zip_password": "", "keep_local_backup": "48", "rsync_enabled": false, "rsync_host": "", "rsync_rootfolder": "hassio-sync", "rsync_user": "", "rsync_password": "" }
- Add your new private key to the configuration above
- create a new automation in
automations.yaml
- alias: Offside backup trigger: platform: time_pattern minutes: '/60' action: - service: notify.mobile_app_iphone_your_name data: message: Offside backup 💾 is created! title: Backup - service: hassio.addon_start data: addon: 36883ed7_remote_backup # ^- to get the propper ID go to hass.io -> Addons -> Remote Backup # I couldn't figure out where this ID comes from
- This will trigger the remote backup addon. After the backup is done the state of remote backup goes back to stopped till it is triggered the next time. While testing this did not worked for very short intervals < 3 Minutes. For longer intervals it works like expected.
Restore
No matter how you created the backup to restore it, proceed as follows
- Install latest hass.io to sd card.
- Boot raspberry pi
- It will take up to 20 minutes to initialize hass.io
- Create a tmp account
- power off
- copy backup to sd card (
/hassos-data/supervisor/backup
) - Restart raspberry pi
- In the sidebar go to Hass.io -> Snapshots, choose your snapshot -> wipe and restore, You're done!
I had some problems, with a corrupt database.
(HomeAssistant could not add any more new data. I think there was something like
(sqlite3.DatabaseError) database disk image is malformed
in the logs).
To fix/repair your database:
Copy your (corrupt) database (home-assistant_v2.db
) to your local linux system
sqlite3 home-assistant_v2.db ".dump" | sqlite3 home-assistant_v2.db_fixed
Now delete your old (corrupt database) and replace it with
home-assistant_v2.db_fixed
. To do that delete the corrupt one and rename
home-assistant_v2.db_fixed
to home-assistant_v2.db
. Now, power on your
raspberry pi and everything should be fine again.
1.) Access the remote server via ssh
2.) Start jupyter server on the remote machine
jupyter notebook --no-browser --port=8889
3.) Forward port 8889 from your remote machine to port 8888 of your local machine
ssh -N -f -L localhost:8888:localhost:8889 remote_user@remote_host
4.) Access the remote notebook from your local browser visiting localhost:8888
I find this very usefull, especially when working with plots and audio.
Comments
If you have comments, questions or opinions please drop me a line at 2018-08-04–remote-jupyter-notebook AT zngguvnf dot org. Please tell me whether it's ok to publish your comment here or not.
Make sure X forwarding is enabled on your remote machine
cat /etc/ssh/sshd_config | grep X11Forwarding
If the result it not X11Forwarding yes
adjust the file.
Access remote machine with X forwarding from your local machine.
ssh -X user@remote-host
On the remote machine: Activate X-compatible backend
import matplotlib matplotlib.use('tkagg')
On the remote machine: Plot as normal
import matplotlib.pyplot as plt plt.plot([1,2,3]) plt.show()
See plot on your local machine.
Comments
If you have comments, questions or opinions please drop me a line at 2018-07-21–matplotlib-on-remote-machine AT zngguvnf dot org. Please tell me whether it's ok to publish your comment here or not.