Supervised Home Assistant on Turris Omnia

I’ve been successfully running Home Assistant in LXC container for a while now, but I’ve been missing the features of supervised installation, like easy installation of addons, or automatic updates.

Since the latest Turris OS supports docker via OpenWRT package, I started looking at the option of running a supervised version of Home Assistant on my Turris.

I could not run HA directly in Turris for two reasons:

• Docker package is not officially supported by Turris OS and it is utilising eMMC for storage, constant writes required by Docker it would quickly wear it down.
• Home Assistant does not officially support OpenWRT and there are no packages that could be easily installed.

For those reasons I had no choice but to install Debian inside LXC container and try to run Docker inside it.

After a bit of searching, I’ve found someone who was able to run Docker inside LXC container and after a bit of tweaking, I had it running successfully. Installing HA inside the container was just a simple matter of following the official Supervised HA Installation documents.

I’ve written down all the necessary steps in here - Supervised Home Assistant on Turris Omnia · GitHub

Any comments or feedback welcome.

If you move Turris to a mSATA SSD I see no reason why any Docker container would use eMMC storage.

In any case, Debian seems to be a better choice for the base OS than Ubuntu which refused running Docker due to some unmet nftables dependencies.

I do not have any empty slots for mSATA so I use external usb drive mounted to /srv, however OpenWRT turris is being installed to /opt and for some reason /opt was explicitly mounted to mmcblk.

The nftable dependency you’re referring to may be ip6tables-mod-nat, which I had to install in order to get everything running?

The mountpoint should be easy to change. But yeah, that still wouldn’t give you a supervised install which relies on a VM, as far as I recall.

Regarding nft I’d need to look into it again, I just remember that Ubuntu was too new and Turris too old. Starting with Openwrt 22.03/Turris OS 7 there will be nft, I’ll give it another try then.

Sorry for highjacking the topic but on TOS7.0 Docker natively is not working because of nftables. I dont know nftables to make it work manually but you could easily change the root for docker in config so it stays on ssd.

But also there is docker on TOS6.0 that works and I see no reason to use docker in a lxc container. I mean it works for you. But its a container in container. Unnesserary complication.

I am wanting to have HA at some point. For now I prepared IOT network on separate VLAN but still I dont own any smart devices yet. But the ground is prepared.

EDIT:
Ok I managed to run HA with docker compose and its kinda working ok

LXC is there mainly because supervised HA installation does not support OpenWRT, just Debian

Is that supervised version?

I just realized its indeed normal container installation not supervised so no addons and stuff.

Hi Bezda,
I tried your script manualy and I have problem with install homeassistant-supervised package still. I tried install official Debian docker package and also docker from official sources.

dpkg --ignore-depends=docker-ce -i homeassistant-supervised.deb
Selecting previously unselected package homeassistant-supervised.
(Reading database … 19893 files and directories currently installed.)
Preparing to unpack homeassistant-supervised.deb …
[warn]
[warn] If you want more control over your own system, run
[warn] Home Assistant as a VM or run Home Assistant Core
[warn] via a Docker container.
[warn]
[warn] ModemManager service is enabled. This might cause issue when using serial devices.
Adding ‘diversion of /etc/NetworkManager/NetworkManager.conf to /etc/NetworkManager/NetworkManager.conf.real by homeassistant-supervised’
Adding ‘diversion of /etc/NetworkManager/system-connections/default to /etc/NetworkManager/system-connections/default.real by homeassistant-supervised’
Adding ‘diversion of /etc/docker/daemon.json to /etc/docker/daemon.json.real by homeassistant-supervised’
Adding ‘diversion of /etc/network/interfaces to /etc/network/interfaces.real by homeassistant-supervised’
Unpacking homeassistant-supervised (1.4.1) …
Setting up homeassistant-supervised (1.4.1) …
[info] Restarting NetworkManager
[info] Enable systemd-journal-gatewayd
[info] Restarting docker service
Job for docker.service failed because the control process exited with error code.
See “systemctl status docker.service” and “journalctl -xe” for details.
dpkg: error processing package homeassistant-supervised (–install):
installed homeassistant-supervised package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
homeassistant-supervised

George

Hey George, this error means that your docker daemon inside the debian image is not starting. In my case the issue was the missing ip6tables-mod-nat package on turris. As the error message suggests, see the output of systemctl status docker.service and journalctl -xe to see why is docker daemon refusing to start on your machine.

Yes, I have problem with docker. Package ip6tables-mod-nat was realy missing. After install package I created new lxc container homeassistant, but problem is still. When I install home assistant, there was one problem:

Failed to write ‘change’ to ‘/sys/devices/platform/soc/f1010600.spi/spi_master/spi0/spi0.0/mtd/mtd0/mtdblock0/uevent’: Read-only file system

systemctl status

failed (Result: exit-code) since Mon 2023-02-20 19:48:31 UTC; 18h ago
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com
Process: 5802 ExecStart=/usr/sbin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock $DOCKER_OPTS (code=exited, status=1/FAILURE)
Main PID: 5802 (code=exited, status=1/FAILURE)
CPU: 724ms

Feb 20 19:48:31 homeassistant systemd[1]: docker.service: Scheduled restart job, restart counter is at 3.
Feb 20 19:48:31 homeassistant systemd[1]: Stopped Docker Application Container Engine.
Feb 20 19:48:31 homeassistant systemd[1]: docker.service: Start request repeated too quickly.
Feb 20 19:48:31 homeassistant systemd[1]: docker.service: Failed with result ‘exit-code’.
Feb 20 19:48:31 homeassistant systemd[1]: Failed to start Docker Application Container Engine.

journalctl -xe =>

Feb 21 13:55:03 homeassistant systemd[1]: Starting Daily apt download activities…
░░ Subject: A start job for unit apt-daily.service has begun execution
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ A start job for unit apt-daily.service has begun execution.
░░
░░ The job identifier is 1075.
Feb 21 13:55:33 homeassistant apt-helper[6204]: E: Sub-process nm-online returned an error code (1)
Feb 21 13:55:34 homeassistant systemd[1]: apt-daily.service: Succeeded.
░░ Subject: Unit succeeded
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ The unit apt-daily.service has successfully entered the ‘dead’ state.
Feb 21 13:55:34 homeassistant systemd[1]: Finished Daily apt download activities.
░░ Subject: A start job for unit apt-daily.service has finished successfully
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ A start job for unit apt-daily.service has finished successfully.
░░
░░ The job identifier is 1075.
Feb 21 13:55:34 homeassistant systemd[1]: apt-daily.service: Consumed 1.208s CPU time.
░░ Subject: Resources consumed by unit runtime
░░ Defined-By: systemd
░░ Support: Debian -- User Support
░░
░░ The unit apt-daily.service completed and consumed the indicated resources.
Feb 21 14:00:33 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:04:28 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:05:59 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:09:11 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:11:19 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:17:55 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:22:11 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:23:59 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:27:04 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:30:32 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:34:55 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:38:16 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:38:48 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost
Feb 21 14:44:36 homeassistant systemd-networkd[49]: eth0: DHCPv6 address 2a03:3b40:2d0::b6f/128 timeout preferred 43200 valid 43200
Feb 21 14:48:16 homeassistant systemd-networkd[49]: eth0: DHCPv6 lease lost

Thank you for the write-up. I did it and it worked the first time, but then I restarted the container and home assistant didn’t start back up. It should autostart with the container right?

I followed your script, but then in HomeAssistant once I set it up I have these 3 errors. Do you know what might cause them?

Mar 05 22:31:23 hassio hassio_supervisor[119]: 23-03-06 00:31:23 WARNING (MainThread) [supervisor.resolution.evaluations.base] Docker cgroup version 2 is not supported! {'1'} (more-info: https://www.home-assistant.io/more-info/>
Mar 05 22:31:23 hassio hassio_supervisor[119]: 23-03-06 00:31:23 WARNING (MainThread) [supervisor.resolution.evaluations.base] NetworkManager is not correctly configured (more-info: https://www.home-assistant.io/more-info/unsup>
Mar 05 22:31:23 hassio hassio_supervisor[119]: 23-03

Screenshot 2023-03-06 at 10.44.091914×1024 174 KB

Screenshot 2023-03-06 at 10.46.481478×1454 238 KB

Screenshot 2023-03-06 at 10.44.291706×1042 173 KB

Screenshot 2023-03-06 at 10.44.191704×1006 165 KB

Hey, I have the same warnings, but HA works just fine with those, so I didn’t dig any deeper into that. If you happen to get those solved, let me know and I can update the script.

One issue is that the backup restore process fails because of the network manager error, so I cannot import my configuration, integrations and addons from another working HA installation. I also assume updates won’t work in the future.

I don’t think the apparmor error can be fixed because Turris OS 6 doesn’t appear to have apparmor support in the kernel, or rather the OpenWRT version it’s based doesn’t. Maybe Turris OS 7 does, but someone else will have to confirm as I’m not still on 6 and don’t wan to switch due to stability concerns.

root@hassio:~# aa-enabled
No - not available on this system.
root@hassio:~# aa-status
apparmor not present.

The cgroup issue I’m trying to figure out. You used in your script:
lxc.mount.auto = proc:rw
lxc.cgroup2.devices.allow = a

But eminguez’s script you took as inspiration for running docker inside lxc uses:
lxc.mount.auto = cgroup:rw:force
lxc.cgroup.devices.allow = a

I’ve actually ran into the networkmanager issue today, when I was trying to update to the latest version. Just like you said, it’s complaining about no host internet connection. I’ll look into it when I have a bit of time and try to resolve that.

I have the same problem as you.

@zachy I got a workaround - in the HA instance terminal run

ha network info

You should see host_internet: false. Then run

ha network reload
ha network info

and you should get host_internet: true. It’s not ideal, but at least I could get my HA instance updated.