home-assistant: move patches to here, add support for admin group, fix person entity not being created by ldap login
This commit is contained in:
parent
453f941ff2
commit
549cedc09b
|
@ -0,0 +1,57 @@
|
||||||
|
--- a/homeassistant/auth/providers/command_line.py 2024-02-04 01:41:34.460181490 +0100
|
||||||
|
+++ b/homeassistant/auth/providers/command_line.py 2024-02-04 01:46:55.952650748 +0100
|
||||||
|
@@ -118,6 +118,13 @@
|
||||||
|
username = flow_result["username"].strip().casefold()
|
||||||
|
|
||||||
|
users = await self.store.async_get_users()
|
||||||
|
+ hass = async_get_hass()
|
||||||
|
+ meta = self._user_meta.get(flow_result["username"], {})
|
||||||
|
+
|
||||||
|
+ pretty_name = meta.get("fullname")
|
||||||
|
+ if not pretty_name:
|
||||||
|
+ pretty_name = flow_result["username"]
|
||||||
|
+
|
||||||
|
for user in users:
|
||||||
|
if user.name and user.name.strip().casefold() != username:
|
||||||
|
continue
|
||||||
|
@@ -127,28 +134,34 @@
|
||||||
|
|
||||||
|
for credential in await self.async_credentials():
|
||||||
|
if credential.data["username"] and credential.data["username"].strip().casefold() == username:
|
||||||
|
+ coll: person.PersonStorageCollection = hass.data[person.DOMAIN][1]
|
||||||
|
+ found = False
|
||||||
|
+ for pers in coll.async_items():
|
||||||
|
+ if pers.get(person.ATTR_USER_ID) == user.id:
|
||||||
|
+ found = True
|
||||||
|
+ break
|
||||||
|
+
|
||||||
|
+ if "person" in hass.config.components and not found:
|
||||||
|
+ await person.async_create_person(hass, pretty_name, user_id=user.id)
|
||||||
|
+
|
||||||
|
return credential
|
||||||
|
|
||||||
|
cred = self.async_create_credentials({"username": username})
|
||||||
|
await self.store.async_link_user(user, cred)
|
||||||
|
return cred
|
||||||
|
|
||||||
|
- hass = async_get_hass()
|
||||||
|
- meta = self._user_meta.get(flow_result["username"], {})
|
||||||
|
-
|
||||||
|
provider = _async_get_hass_provider(hass)
|
||||||
|
await provider.async_initialize()
|
||||||
|
|
||||||
|
user = await hass.auth.async_create_user(flow_result["username"], group_ids=[meta.get("group")])
|
||||||
|
cred = await provider.async_get_or_create_credentials({"username": flow_result["username"]})
|
||||||
|
|
||||||
|
- pretty_name = meta.get("fullname")
|
||||||
|
- if not pretty_name:
|
||||||
|
- pretty_name = flow_result["username"]
|
||||||
|
await provider.data.async_save()
|
||||||
|
await hass.auth.async_link_user(user, cred)
|
||||||
|
+
|
||||||
|
if "person" in hass.config.components:
|
||||||
|
await person.async_create_person(hass, pretty_name, user_id=user.id)
|
||||||
|
+
|
||||||
|
# Create new credentials.
|
||||||
|
return cred
|
||||||
|
|
|
@ -0,0 +1,15 @@
|
||||||
|
diff --git a/homeassistant/components/zha/number.py b/homeassistant/components/zha/number.py
|
||||||
|
index 24964d7a15..4c43958f41 100644
|
||||||
|
--- a/homeassistant/components/zha/number.py
|
||||||
|
+++ b/homeassistant/components/zha/number.py
|
||||||
|
@@ -956,8 +956,8 @@ class ThermostatLocalTempCalibration(ZHANumberConfigurationEntity):
|
||||||
|
"""Local temperature calibration."""
|
||||||
|
|
||||||
|
_unique_id_suffix = "local_temperature_calibration"
|
||||||
|
- _attr_native_min_value: float = -2.5
|
||||||
|
- _attr_native_max_value: float = 2.5
|
||||||
|
+ _attr_native_min_value: float = -5.0
|
||||||
|
+ _attr_native_max_value: float = 5.0
|
||||||
|
_attr_native_step: float = 0.1
|
||||||
|
_attr_multiplier: float = 0.1
|
||||||
|
_attribute_name = "local_temperature_calibration"
|
|
@ -0,0 +1,10 @@
|
||||||
|
--- a/homeassistant/components/default_config/manifest.json 2023-10-22 01:46:48.596580412 +0200
|
||||||
|
+++ b/homeassistant/components/default_config/manifest.json 2023-10-22 01:47:01.916784170 +0200
|
||||||
|
@@ -7,7 +7,6 @@
|
||||||
|
"assist_pipeline",
|
||||||
|
"automation",
|
||||||
|
"bluetooth",
|
||||||
|
- "cloud",
|
||||||
|
"conversation",
|
||||||
|
"counter",
|
||||||
|
"dhcp",
|
|
@ -14,13 +14,44 @@ in
|
||||||
Only enable this after completing the onboarding!
|
Only enable this after completing the onboarding!
|
||||||
:::
|
:::
|
||||||
'');
|
'');
|
||||||
|
|
||||||
userGroup = libS.ldap.mkUserGroupOption;
|
userGroup = libS.ldap.mkUserGroupOption;
|
||||||
|
adminGroup = lib.mkOption {
|
||||||
|
type = with lib.types; nullOr str;
|
||||||
|
default = null;
|
||||||
|
example = "home-assistant-admins";
|
||||||
|
description = lib.mdDoc "Name of the ldap group that grants admin access in Home-Assistant.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
recommendedDefaults = libS.mkOpinionatedOption "set recommended default settings";
|
recommendedDefaults = libS.mkOpinionatedOption "set recommended default settings";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
config.nixpkgs.overlays = lib.mkIf cfg.enable [
|
||||||
|
(final: prev: {
|
||||||
|
home-assistant = (prev.home-assistant.override (lib.optionalAttrs cfg.recommendedDefaults {
|
||||||
|
extraPackages = ps: with ps; [
|
||||||
|
pyqrcode # for TOTP qrcode
|
||||||
|
];
|
||||||
|
})).overrideAttrs ({ patches ? [ ], ... }: {
|
||||||
|
patches = patches ++ lib.optionals cfg.recommendedDefaults [
|
||||||
|
./home-assistant-increase-local_temperature_calibration.diff
|
||||||
|
./home-assistant-no-cloud.diff
|
||||||
|
] ++ lib.optionals cfg.ldap.enable [
|
||||||
|
# expand command_line authentication provider
|
||||||
|
(final.fetchpatch {
|
||||||
|
url = "https://github.com/home-assistant/core/pull/107419.diff";
|
||||||
|
hash = "sha256-rbdu6aMpBExblMT2oOuPS4kb+S71AFtyxBCgKWLi6g8=";
|
||||||
|
})
|
||||||
|
./home-assistant-create-person-when-credentials-exist.diff
|
||||||
|
];
|
||||||
|
|
||||||
|
doInstallCheck = false;
|
||||||
|
});
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
config.services.home-assistant = lib.mkMerge [
|
config.services.home-assistant = lib.mkMerge [
|
||||||
(lib.mkIf (cfg.enable && cfg.recommendedDefaults) {
|
(lib.mkIf (cfg.enable && cfg.recommendedDefaults) {
|
||||||
config = {
|
config = {
|
||||||
|
@ -67,10 +98,10 @@ in
|
||||||
args = [
|
args = [
|
||||||
# https://github.com/bob1de/ldap-auth-sh/blob/master/examples/home-assistant.cfg
|
# https://github.com/bob1de/ldap-auth-sh/blob/master/examples/home-assistant.cfg
|
||||||
(pkgs.writeText "config.cfg" /* shell */ ''
|
(pkgs.writeText "config.cfg" /* shell */ ''
|
||||||
ATTRS="${ldap.userField}"
|
ATTRS="${ldap.userField} ${ldap.roleField} isMemberOf"
|
||||||
CLIENT="ldapsearch"
|
CLIENT="ldapsearch"
|
||||||
DEBUG=0
|
DEBUG=0
|
||||||
FILTER="${ldap.groupFilter "home-assistant-users"}"
|
FILTER="${ldap.groupFilter cfg.ldap.userGroup}"
|
||||||
NAME_ATTR="${ldap.userField}"
|
NAME_ATTR="${ldap.userField}"
|
||||||
SCOPE="base"
|
SCOPE="base"
|
||||||
SERVER="ldaps://${ldap.domainName}"
|
SERVER="ldaps://${ldap.domainName}"
|
||||||
|
@ -80,8 +111,12 @@ in
|
||||||
on_auth_success() {
|
on_auth_success() {
|
||||||
# print the meta entries for use in HA
|
# print the meta entries for use in HA
|
||||||
if [ ! -z "$NAME_ATTR" ]; then
|
if [ ! -z "$NAME_ATTR" ]; then
|
||||||
name=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*$NAME_ATTR:\s*(.+)\s*\$/\1/Ip")
|
name=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*${ldap.userField}:\s*(.+)\s*\$/\1/Ip")
|
||||||
[ -z "$name" ] || echo "name=$name"
|
[ -z "$name" ] || echo "$name = $name"
|
||||||
|
fullname=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*${ldap.roleField}:\s*(.+)\s*\$/\1/Ip")
|
||||||
|
[ -z "$fullname" ] || echo "fullname = $fullname"
|
||||||
|
group=$(echo "$output" | ${lib.getExe pkgs.gnused} -nr "s/^\s*isMemberOf: cn=${cfg.ldap.adminGroup}\s*(.+)\s*\$/\1/Ip")
|
||||||
|
[ -z "$group" ] && echo "group = system-users" || echo "group = system-admin"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
'')
|
'')
|
||||||
|
@ -95,6 +130,10 @@ in
|
||||||
long_name = "Home-Assistant Users";
|
long_name = "Home-Assistant Users";
|
||||||
name = cfg.ldap.userGroup;
|
name = cfg.ldap.userGroup;
|
||||||
permissions = { };
|
permissions = { };
|
||||||
|
} ++ lib.optional (cfg.ldap.adminGroup != null) {
|
||||||
|
long_name = "Home-Assistant Administrators";
|
||||||
|
name = cfg.ldap.adminGroup;
|
||||||
|
permissions = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
config.systemd.tmpfiles.rules = lib.mkIf (cfg.enable && cfg.recommendedDefaults) [
|
config.systemd.tmpfiles.rules = lib.mkIf (cfg.enable && cfg.recommendedDefaults) [
|
||||||
|
|
Loading…
Reference in New Issue