From 68d0b708350816eca97c4093c7f16be0556f76b6 Mon Sep 17 00:00:00 2001 From: Thomas Quinot Date: Thu, 2 Nov 2023 11:11:01 +0100 Subject: [PATCH] HA setup --- ...1-01-homeassistant-homekit-docker.markdown | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 _source/_posts/2023-11-01-homeassistant-homekit-docker.markdown diff --git a/_source/_posts/2023-11-01-homeassistant-homekit-docker.markdown b/_source/_posts/2023-11-01-homeassistant-homekit-docker.markdown new file mode 100644 index 0000000..5de093d --- /dev/null +++ b/_source/_posts/2023-11-01-homeassistant-homekit-docker.markdown @@ -0,0 +1,35 @@ +--- +layout: post +title: "Setting up Home Assistant in Docker to control HomeKit device" +date: 2023-11-01 22:00:00 +0200 +comments: true +categories: +--- + +# Context + +Setting up [Home Assistant](https://www.home-assistant.io/) to control brand new Velux roof windows through the Velux Active with Netatmo gateway (through HomeKit integration). + +# Host setup + +## Discovery testing + +Manually make an mDNS query to discover HomeKit devices on an interface: + +`dig -b @224.0.0.251 -p 5353 -t ptr _hap._tcp.local` + +## Container networking mode + +HomeKit discovery relies on mDNS to discover devices, so Home Assistant needs to be able to send out multicast queries, which is currently not supported with non-host networking. So, not choice but to use **host networking**. _(That's clearly written in the doc, but I still tried to get it working with ipvlan, to no avail)._ + +## Interface selection + +By default, HomeAssistant will use only the network interface of the default route (next hop for the link-local multicast address 224.0.0.251). To enable additional interfaces, one needs to [adjust network settings](https://www.home-assistant.io/integrations/network/), which requires setting the user profile to advanced mode. + +## Traefik setup + +When using host networking, Traefik will connect to the container on the host's bridge IP (here `172.17.0.1`). In order for HA to bind only to that address (and not be exposed to the LAN), I therefore set `server_address` to `host.docker.internal`. + +# Mikrotik setup + +I am assigning a separate IoT VLAN to the gateway through a Mikrotik wireless access list. By default, the device will only see multicast frames sent to the [default VLAN of the interface](https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#Vlan_tag_override) (not to the overridden VLAN from the access list). In order for it to get the multicast frames of its ACL-assigned VLAN, the `multicast-helper=full` option must be enabled on the wifi interface ([doc](https://wiki.mikrotik.com/wiki/Manual:Interface/Wireless#General_interface_properties)).