d-two/hassio-addons
1
0
Fork 0
mirror of synced 2025-12-13 11:22:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
d-two
2023-01-17 11:08:56 +01:00
committed by GitHub
parent 2bd82d790d
commit 308370175b
23 changed files with 585 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
hpessa/DOCS.md Normal file
View File

@@ -0,0 +1,85 @@
# Home Assistant Community Add-on: HPE Smart Storage Administrator
HPE Smart Storage Administrator (HPE SSA) offers a single interface that quickly sets up, configures and manages the HPE Smart Array controllers and the HPE SAS Host Bus Adapters (HBAs).
## Installation
The installation of this add-on is pretty straightforward and not different in
comparison to installing any other Home Assistant add-on.
1. Search for the "HPE Smart Storage Administrator" add-on in the Supervisor add-on store and install it.
1. Start the "HPE Smart Storage Administrator" add-on.
1. Check the logs of the "HPE Smart Storage Administrator" to see if everything went well.
1. Click the "OPEN WEB UI" button!
## Configuration
**Note**: _Remember to restart the add-on when the configuration is changed._
Example add-on configuration:
```yaml
ssl: true
certfile: fullchain.pem
keyfile: privkey.pem
```
**Note**: _This is just an example, don't copy and paste it! Create your own!_
### Option: `log_level`
The `log_level` option controls the level of log output by the addon and can
be changed to be more or less verbose, which might be useful when you are
dealing with an unknown issue. Possible values are:
- `trace`: Show every detail, like all called internal functions.
- `debug`: Shows detailed debug information.
- `info`: Normal (usually) interesting events.
- `warning`: Exceptional occurrences that are not errors.
- `error`: Runtime errors that do not require immediate action.
- `fatal`: Something went terribly wrong. Add-on becomes unusable.
Please note that each level automatically includes log messages from a
more severe level, e.g., `debug` also shows `info` messages. By default,
the `log_level` is set to `info`, which is the recommended setting unless
you are troubleshooting.
### Option: `lang`
Supported languageCode/languages are:
- `en`: English (default)
- `ja`: Japanese
- `de`: German
- `es`: Spanish
- `fr`: French
- `it`: Italian
- `pt`: Portuguese
- `ru`: Russian
- `zh`: Simplified Chinese
### Option: `ssl`
Enables/Disables SSL (HTTPS) on the web interface.
Set it `true` to enable it, `false` otherwise.
### Option: `certfile`
The certificate file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `keyfile`
The private key file to use for SSL.
**Note**: _The file MUST be stored in `/ssl/`, which is the default_
### Option: `leave_front_door_open`
Adding this option to the add-on configuration allows you to disable
authentication on the Web Terminal by setting it to `true` and leaving the
username and password empty.
**Note**: _We STRONGLY suggest, not to use this, even if this add-on is
only exposed to your internal network. USE AT YOUR OWN RISK!_

33
hpessa/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
ARG BUILD_FROM
FROM ${BUILD_FROM}
# Set shell
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
ENV DEBIAN_FRONTEND noninteractive
RUN ( \
apt-get update && \
apt-get install -y --no-install-recommends \
curl \
gnupg \
libnginx-mod-http-lua \
luarocks \
nginx \
procps \
\
&& luarocks install lua-resty-http \
)
RUN ( \
curl https://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | apt-key add - && \
( echo "deb http://downloads.linux.HPE.com/SDR/repo/mcp/ buster/current non-free" > /etc/apt/sources.list.d/proliant.sources.list ) && \
apt-get update && \
apt-get install -y ssa \
)
COPY rootfs /
# Corrects permissions
RUN if [ -d /etc/services.d ]; then chmod -R 755 /etc/services.d; fi
RUN chmod -R 755 /nginx.sh
RUN chmod -R 755 /usr/bin/firefox

3
hpessa/build.yaml Normal file
View File

@@ -0,0 +1,3 @@
---
build_from:
amd64: ghcr.io/home-assistant/amd64-base-debian:bullseye

40
hpessa/config.json Normal file
View File

@@ -0,0 +1,40 @@
{
"name": "HPE Smart Storage Administrator",
"version": "1",
"slug": "hpessa",
"description": "HPE Smart Storage Administrator (HPE SSA) offers a single interface that quickly sets up, configures and manages the HPE Smart Array controllers and the HPE SAS Host Bus Adapters (HBAs).",
"arch": ["amd64"],
"startup": "application",
"boot": "auto",
"ports": {
"80/tcp": null
},
"ports_description": {
"80/tcp": "Web interface (Not required for Ingress)"
},
"webui": "[PROTO:ssl]://[HOST]:[PORT:80]/index.htm",
"ingress": true,
"ingress_port": 0,
"init": false,
"panel_icon": "mdi:database-edit",
"map": [],
"full_access": true,
"privileged": ["NET_ADMIN", "SYS_ADMIN", "SYS_RAWIO", "SYS_TIME", "SYS_NICE"],
"hassio_api": true,
"auth_api": true,
"hassio_role": "default",
"homeassistant_api": false,
"options": {
"ssl": false,
"certfile": "fullchain.pem",
"keyfile": "privkey.pem"
},
"schema": {
"lang": "list(en|ja|de|es|fr|it|pt|ru|zh)?",
"log_level": "list(trace|debug|info|notice|warning|error|fatal)?",
"ssl": "bool",
"certfile": "str",
"keyfile": "str",
"leave_front_door_open": "bool?"
}
}

BIN
hpessa/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
hpessa/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

96
hpessa/rootfs/etc/nginx/includes/mime.types Normal file
View File

@@ -0,0 +1,96 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
font/woff woff;
font/woff2 woff2;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

15
hpessa/rootfs/etc/nginx/includes/proxy_params.conf Normal file
View File

@@ -0,0 +1,15 @@
proxy_http_version 1.1;
proxy_ignore_client_abort off;
proxy_read_timeout 86400s;
proxy_redirect off;
proxy_send_timeout 86400s;
proxy_max_temp_file_size 0;
proxy_set_header Accept-Encoding "";
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;

1
hpessa/rootfs/etc/nginx/includes/resolver.conf Normal file
View File

@@ -0,0 +1 @@
resolver %%dns_host%%;

6
hpessa/rootfs/etc/nginx/includes/server_params.conf Normal file
View File

@@ -0,0 +1,6 @@
root /dev/null;
server_name $hostname;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

9
hpessa/rootfs/etc/nginx/includes/ssl_params.conf Normal file
View File

@@ -0,0 +1,9 @@
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;

3
hpessa/rootfs/etc/nginx/includes/upstream.disabled Normal file
View File

@@ -0,0 +1,3 @@
upstream backend {
server localhost:%%SSA_PORT%%;
}

83
hpessa/rootfs/etc/nginx/lua/ha-auth.lua Normal file
View File

@@ -0,0 +1,83 @@
local http = require "resty.http"
local auths = ngx.shared.auths
function authenticate()
--- Test Authentication header is set and with a value
local header = ngx.req.get_headers()['Authorization']
if header == nil or header:find(" ") == nil then
return false
end
local divider = header:find(' ')
if header:sub(0, divider-1) ~= 'Basic' then
return false
end
local auth = ngx.decode_base64(header:sub(divider+1))
if auth == nil or auth:find(':') == nil then
return false
end
divider = auth:find(':')
local username = auth:sub(0, divider-1)
local password = auth:sub(divider+1)
--- Check if authentication is cached
if auths:get(username) == password then
ngx.log(ngx.DEBUG, "Authenticated user against Home Assistant (cache).")
return true
end
--- HTTP request against the Supervisor API
local httpc = http.new()
local res, err = httpc:request_uri("http://supervisor.local.hass.io/auth", {
method = "POST",
body = ngx.encode_args({["username"]=username, ["password"]=password}),
headers = {
["Content-Type"] = "application/x-www-form-urlencoded",
["X-Supervisor-Token"] = os.getenv("SUPERVISOR_TOKEN"),
},
keepalive_timeout = 60,
keepalive_pool = 10
})
--- Error during API request
if err then
ngx.log(ngx.WARN, "Error during Home Assistant user authentication.", err)
return false
end
--- No result? Something went wrong...
if not res then
ngx.log(ngx.WARN, "Error during Home Assistant user authentication.")
return false
end
--- Valid response, the username/password is valid
if res.status == 200 then
ngx.log(ngx.INFO, "Authenticated user against Home Assistant.")
auths:set(username, password, 60)
return true
end
--- Whatever the response is, it is invalid
ngx.log(ngx.WARN, "Authentication against Home Assistant failed!")
return false
end
-- Only authenticate if its not disabled
if not os.getenv('DISABLE_HA_AUTHENTICATION') then
--- Try to authenticate against HA
local authenticated = authenticate()
--- If authentication failed, throw a basic auth
if not authenticated then
ngx.header.content_type = 'text/plain'
ngx.header.www_authenticate = 'Basic realm="Home Assistant"'
ngx.status = ngx.HTTP_UNAUTHORIZED
ngx.say('401 Access Denied')
ngx.exit(ngx.HTTP_UNAUTHORIZED)
end
end

1
hpessa/rootfs/etc/nginx/modules/ndk_http.conf Normal file
View File

@@ -0,0 +1 @@
load_module "/usr/lib/nginx/modules/ndk_http_module.so";

1
hpessa/rootfs/etc/nginx/modules/ngx_http_lua.conf Normal file
View File

@@ -0,0 +1 @@
load_module "/usr/lib/nginx/modules/ngx_http_lua_module.so";

59
hpessa/rootfs/etc/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,59 @@
# Run nginx in foreground.
daemon off;
# This is run inside Docker.
user root;
# Pid storage location.
pid /var/run/nginx.pid;
# Set number of worker processes.
worker_processes 1;
# Enables the use of JIT for regular expressions to speed-up their processing.
pcre_jit on;
# Write error log to the add-on log.
error_log /proc/1/fd/1 error;
# Load allowed environment vars
env SUPERVISOR_TOKEN;
env DISABLE_HA_AUTHENTICATION;
# Load dynamic modules.
include /etc/nginx/modules/*.conf;
# Max num of simultaneous connections by a worker process.
events {
worker_connections 512;
}
http {
include /etc/nginx/includes/mime.types;
log_format homeassistant '[$time_local] $status '
'$http_x_forwarded_for($remote_addr) '
'$request ($http_user_agent)';
access_log /proc/1/fd/1 homeassistant;
client_max_body_size 4G;
default_type application/octet-stream;
gzip on;
keepalive_timeout 65;
lua_shared_dict auths 16k;
sendfile on;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
include /etc/nginx/includes/resolver.conf;
#include /etc/nginx/includes/upstream.conf;
include /etc/nginx/servers/*.conf;
}

24
hpessa/rootfs/etc/nginx/servers/direct-ssl.disabled Normal file
View File

@@ -0,0 +1,24 @@
server {
listen 80 default_server ssl http2;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/ssl_params.conf;
include /etc/nginx/includes/proxy_params.conf;
ssl on;
ssl_certificate /ssl/%%certfile%%;
ssl_certificate_key /ssl/%%keyfile%%;
location / {
access_by_lua_file /etc/nginx/lua/ha-auth.lua;
proxy_pass http://localhost:%%SSA_PORT%%/;
# proxy_pass http://backend%%ingress_entry%%/;
# sub_filter_once off;
# sub_filter '%%ingress_entry%%/' '';
}
# location %%ingress_entry%%/ {
# access_by_lua_file /etc/nginx/lua/ha-auth.lua;
# proxy_pass http://backend;
# }
}

19
hpessa/rootfs/etc/nginx/servers/direct.disabled Normal file
View File

@@ -0,0 +1,19 @@
server {
listen 80 default_server;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
location / {
access_by_lua_file /etc/nginx/lua/ha-auth.lua;
proxy_pass http://localhost:%%SSA_PORT%%/;
# proxy_pass http://backend%%ingress_entry%%/;
# sub_filter_once off;
# sub_filter '%%ingress_entry%%/' '';
}
# location %%ingress_entry%%/ {
# access_by_lua_file /etc/nginx/lua/ha-auth.lua;
# proxy_pass http://backend;
# }
}

14
hpessa/rootfs/etc/nginx/servers/ingress.disabled Normal file
View File

@@ -0,0 +1,14 @@
server {
listen %%interface%%:%%port%% default_server;
include /etc/nginx/includes/server_params.conf;
include /etc/nginx/includes/proxy_params.conf;
location / {
allow 172.30.32.2;
deny all;
proxy_pass http://localhost:%%SSA_PORT%%/;
#proxy_pass http://backend%%ingress_entry%%/;
}
}

9
hpessa/rootfs/etc/services.d/nginx/finish Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/execlineb -S0
# ==============================================================================
# Home Assistant Community Add-on: HPE SSA
# Take down the S6 supervision tree when Nginx fails
# ==============================================================================
if { s6-test ${1} -ne 0 }
if { s6-test ${1} -ne 256 }
s6-svscanctl -t /var/run/s6/services

21
hpessa/rootfs/etc/services.d/nginx/run Normal file
View File

@@ -0,0 +1,21 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: HPE SSA
# Runs the SSA application
# ==============================================================================
bashio::log.info "Starting HPE SSA..."
# Disable HA Authentication if front door is open
if bashio::config.true 'leave_front_door_open'; then
export DISABLE_HA_AUTHENTICATION=true
fi
if bashio::config.has_value 'lang'; then
ssa -local -lang $(bashio::config 'lang')
else
ssa -local
fi
bashio::log.info "HPE SSA closed..."
kill -9 $(pidof nginx)

50
hpessa/rootfs/nginx.sh Normal file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/with-contenv bashio
# ==============================================================================
# Home Assistant Community Add-on: InfluxDB
# Configures NGINX for use with the Chronograf
# ==============================================================================
declare port
declare certfile
declare dns_host
declare ingress_interface
declare ingress_port
declare ingress_entry
declare keyfile
port=$(bashio::addon.port 80)
ingress_entry=$(bashio::addon.ingress_entry)
if bashio::var.has_value "${port}"; then
bashio::config.require.ssl
if bashio::config.true 'ssl'; then
certfile=$(bashio::config 'certfile')
keyfile=$(bashio::config 'keyfile')
cp -f /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
sed -i "s#%%certfile%%#${certfile}#g" /etc/nginx/servers/direct.conf
sed -i "s#%%keyfile%%#${keyfile}#g" /etc/nginx/servers/direct.conf
else
cp -f /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
fi
sed -i "s#%%ingress_entry%%#${ingress_entry}#g" /etc/nginx/servers/direct.conf
sed -i "s/%%SSA_PORT%%/${@}/g" /etc/nginx/servers/direct.conf
fi
ingress_port=$(bashio::addon.ingress_port)
ingress_interface=$(bashio::addon.ip_address)
if bashio::var.has_value "${ingress_port}"; then
cp -f /etc/nginx/servers/ingress.disabled /etc/nginx/servers/ingress.conf
sed -i "s/%%SSA_PORT%%/${@}/g" /etc/nginx/servers/ingress.conf
sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf
sed -i "s#%%ingress_entry%%#${ingress_entry}#g" /etc/nginx/servers/ingress.conf
fi
dns_host=$(bashio::dns.host)
sed -i "s/%%dns_host%%/${dns_host}/g" /etc/nginx/includes/resolver.conf
cp -f /etc/nginx/includes/upstream.disabled /etc/nginx/includes/upstream.conf
sed -i "s/%%SSA_PORT%%/${@}/g" /etc/nginx/includes/upstream.conf

13
hpessa/rootfs/usr/bin/firefox Normal file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/with-contenv bashio
declare ssa_port
bashio::log.info "Starting fake firefox with '$@'..."
ssa_port=${@}
ssa_port=${ssa_port/http:\/\/127.0.0.1:/}
ssa_port=${ssa_port/\/ssa.htm/}
bashio::log.info "HPE SSA Port: ${ssa_port}"
/nginx.sh ${ssa_port}
bashio::log.info "Starting NGinx..."
exec nginx