home-assistant: move patches to here, add support for admin group, fix person entity not being created by ldap login
This commit is contained in:
parent
453f941ff2
commit
549cedc09b
|
@ -0,0 +1,57 @@
|
|||
--- a/homeassistant/auth/providers/command_line.py 2024-02-04 01:41:34.460181490 +0100
|
||||
+++ b/homeassistant/auth/providers/command_line.py 2024-02-04 01:46:55.952650748 +0100
|
||||
@@ -118,6 +118,13 @@
|
||||
username = flow_result["username"].strip().casefold()
|
||||
|
||||
users = await self.store.async_get_users()
|
||||
+ hass = async_get_hass()
|
||||
+ meta = self._user_meta.get(flow_result["username"], {})
|
||||
+
|
||||
+ pretty_name = meta.get("fullname")
|
||||
+ if not pretty_name:
|
||||
+ pretty_name = flow_result["username"]
|
||||
+
|
||||
for user in users:
|
||||
if user.name and user.name.strip().casefold() != username:
|
||||
continue
|
||||
@@ -127,28 +134,34 @@
|
||||
|
||||
for credential in await self.async_credentials():
|
||||
if credential.data["username"] and credential.data["username"].strip().casefold() == username:
|
||||
+ coll: person.PersonStorageCollection = hass.data[person.DOMAIN][1]
|
||||
+ found = False
|
||||
+ for pers in coll.async_items():
|
||||
+ if pers.get(person.ATTR_USER_ID) == user.id:
|
||||
+ found = True
|
||||
+ break
|
||||
+
|
||||
+ if "person" in hass.config.components and not found:
|
||||
+ await person.async_create_person(hass, pretty_name, user_id=user.id)
|
||||
+
|
||||
return credential
|
||||
|
||||
cred = self.async_create_credentials({"username": username})
|
||||
await self.store.async_link_user(user, cred)
|
||||
return cred
|
||||
|
||||
- hass = async_get_hass()
|
||||
- meta = self._user_meta.get(flow_result["username"], {})
|
||||
-
|
||||
provider = _async_get_hass_provider(hass)
|
||||
await provider.async_initialize()
|
||||
|
||||
user = await hass.auth.async_create_user(flow_result["username"], group_ids=[meta.get("group")])
|
||||
cred = await provider.async_get_or_create_credentials({"username": flow_result["username"]})
|
||||
|
||||
- pretty_name = meta.get("fullname")
|
||||
- if not pretty_name:
|
||||
- pretty_name = flow_result["username"]
|
||||
await provider.data.async_save()
|
||||
await hass.auth.async_link_user(user, cred)
|
||||
+
|
||||
if "person" in hass.config.components:
|
||||
await person.async_create_person(hass, pretty_name, user_id=user.id)
|
||||
+
|
||||
# Create new credentials.
|
||||
return cred
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
diff --git a/homeassistant/components/zha/number.py b/homeassistant/components/zha/number.py
|
||||
index 24964d7a15..4c43958f41 100644
|
||||
--- a/homeassistant/components/zha/number.py
|
||||
+++ b/homeassistant/components/zha/number.py
|
||||
@@ -956,8 +956,8 @@ class ThermostatLocalTempCalibration(ZHANumberConfigurationEntity):
|
||||
"""Local temperature calibration."""
|
||||
|
||||
_unique_id_suffix = "local_temperature_calibration"
|
||||
- _attr_native_min_value: float = -2.5
|
||||
- _attr_native_max_value: float = 2.5
|
||||
+ _attr_native_min_value: float = -5.0
|
||||
+ _attr_native_max_value: float = 5.0
|
||||
_attr_native_step: float = 0.1
|
||||
_attr_multiplier: float = 0.1
|
||||
_attribute_name = "local_temperature_calibration"
|
|
@ -0,0 +1,10 @@
|
|||
--- a/homeassistant/components/default_config/manifest.json 2023-10-22 01:46:48.596580412 +0200
|
||||
+++ b/homeassistant/components/default_config/manifest.json 2023-10-22 01:47:01.916784170 +0200
|
||||
@@ -7,7 +7,6 @@
|
||||
"assist_pipeline",
|
||||
"automation",
|
||||
"bluetooth",
|
||||
- "cloud",
|
||||
"conversation",
|
||||
"counter",
|
||||
"dhcp",
|
|
@ -14,13 +14,44 @@ in
|
|||
Only enable this after completing the onboarding!
|
||||
:::
|
||||
'');
|
||||
|
||||
userGroup = libS.ldap.mkUserGroupOption;
|
||||
adminGroup = lib.mkOption {
|
||||
type = with lib.types; nullOr str;
|
||||
default = null;
|
||||
example = "home-assistant-admins";
|
||||
description = lib.mdDoc "Name of the ldap group that grants admin access in Home-Assistant.";
|
||||
};
|
||||
};
|
||||
|
||||
recommendedDefaults = libS.mkOpinionatedOption "set recommended default settings";
|
||||
};
|
||||
};
|
||||
|
||||
config.nixpkgs.overlays = lib.mkIf cfg.enable [
|
||||
(final: prev: {
|
||||
home-assistant = (prev.home-assistant.override (lib.optionalAttrs cfg.recommendedDefaults {
|
||||
extraPackages = ps: with ps; [
|
||||
pyqrcode # for TOTP qrcode
|
||||
];
|
||||
})).overrideAttrs ({ patches ? [ ], ... }: {
|
||||
patches = patches ++ lib.optionals cfg.recommendedDefaults [
|
||||
./home-assistant-increase-local_temperature_calibration.diff
|
||||
./home-assistant-no-cloud.diff
|
||||
] ++ lib.optionals cfg.ldap.enable [
|
||||
# expand command_line authentication provider
|
||||
(final.fetchpatch {
|
||||
url = "https://github.com/home-assistant/core/pull/107419.diff";
|
||||
hash = "sha256-rbdu6aMpBExblMT2oOuPS4kb+S71AFtyxBCgKWLi6g8=";
|
||||
})
|
||||
./home-assistant-create-person-when-credentials-exist.diff
|
||||
];
|
||||
|
||||
doInstallCheck = false;
|
||||
});
|
||||
})
|
||||
];
|
||||
|
||||
config.services.home-assistant = lib.mkMerge [
|
||||
(lib.mkIf (cfg.enable && cfg.recommendedDefaults) {
|
||||
config = {
|
||||
|
@ -67,10 +98,10 @@ in
|
|||
args = [
|
||||
# https://github.com/bob1de/ldap-auth-sh/blob/master/examples/home-assistant.cfg
|
||||
(pkgs.writeText "config.cfg" /* shell */ ''
|
||||
ATTRS="${ldap.userField}"
|
||||
ATTRS="${ldap.userField} ${ldap.roleField} isMemberOf"
|
||||
CLIENT="ldapsearch"
|
||||
DEBUG=0
|
||||
FILTER="${ldap.groupFilter "home-assistant-users"}"
|
||||
FILTER="${ldap.groupFilter cfg.ldap.userGroup}"
|
||||
NAME_ATTR="${ldap.userField}"
|
||||
SCOPE="base"
|
||||
SERVER="ldaps://${ldap.domainName}"
|
||||
|
@ -80,8 +111,12 @@ in
|
|||
on_auth_success() {
|
||||
# print the meta entries for use in HA
|
||||
if [ ! -z "$NAME_ATTR" ]; then
|
||||
name=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*$NAME_ATTR:\s*(.+)\s*\$/\1/Ip")
|
||||
[ -z "$name" ] || echo "name=$name"
|
||||
name=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*${ldap.userField}:\s*(.+)\s*\$/\1/Ip")
|
||||
[ -z "$name" ] || echo "$name = $name"
|
||||
fullname=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*${ldap.roleField}:\s*(.+)\s*\$/\1/Ip")
|
||||
[ -z "$fullname" ] || echo "fullname = $fullname"
|
||||
group=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*isMemberOf: cn=${cfg.ldap.adminGroup}\s*(.+)\s*\$/\1/Ip")
|
||||
[ -z "$group" ] && echo "group = system-users" || echo "group = system-admin"
|
||||
fi
|
||||
}
|
||||
'')
|
||||
|
@ -95,6 +130,10 @@ in
|
|||
long_name = "Home-Assistant Users";
|
||||
name = cfg.ldap.userGroup;
|
||||
permissions = { };
|
||||
} ++ lib.optional (cfg.ldap.adminGroup != null) {
|
||||
long_name = "Home-Assistant Administrators";
|
||||
name = cfg.ldap.adminGroup;
|
||||
permissions = { };
|
||||
};
|
||||
|
||||
config.systemd.tmpfiles.rules = lib.mkIf (cfg.enable && cfg.recommendedDefaults) [
|
||||
|
|
Loading…
Reference in New Issue