2 files changed, 54 insertions, 0 deletions
diff --git a/data/home_assistant/configuration.yaml b/data/home_assistant/configuration.yaml
new file mode 100644
index 0000000..3723739
--- /dev/null
+++ b/data/home_assistant/configuration.yaml
@@ -0,0 +1,16 @@
+default_config:
+homeassistant:
+  currency: USD
+  country: US
+  external_url: "https://homeassistant.chudnick.com"
+  auth_providers:
+    - type: trusted_networks
+      trusted_networks:
+        - 192.168.30.0/24
+      allow_bypass_login: true
+    - type: homeassistant
+http:
+  use_x_forwarded_for: true
+  trusted_proxies: 172.25.22.0/24
diff --git a/data/home_assistant/home_assistant.conf.j2 b/data/home_assistant/home_assistant.conf.j2
new file mode 100644
index 0000000..9f6be24
--- /dev/null
+++ b/data/home_assistant/home_assistant.conf.j2
@@ -0,0 +1,38 @@
+server {
+        listen 443 ssl;
+        server_name {{ home_assistant_server_name }};
+    ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    # Security / XSS Mitigation Headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+        add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always;
+        # authelia
+        include /etc/nginx/snippets/authelia-location.conf;
+    location / {
+                #authelia
+                include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-authrequest.conf;
+           proxy_set_header Upgrade $http_upgrade;
+           proxy_set_header Connection $connection_upgrade;
+       proxy_pass http://127.0.0.1:{{ home_assistant_external_port }}/;
+    }
+}
+server {
+    listen 80;
+    listen [::]:80;
+        server_name {{ home_assistant_server_name }};
+        return 301 https://$host$request_uri;
+}

diff --git a/data/home_assistant/configuration.yaml b/data/home_assistant/configuration.yaml new file mode 100644 index 0000000..3723739 --- /dev/null +++ b/data/home_assistant/configuration.yaml
@@ -0,0 +1,16 @@
	1	default_config:
	2
	3	homeassistant:
	4	currency: USD
	5	country: US
	6	external_url: "https://homeassistant.chudnick.com"
	7	auth_providers:
	8	- type: trusted_networks
	9	trusted_networks:
	10	- 192.168.30.0/24
	11	allow_bypass_login: true
	12	- type: homeassistant
	13
	14	http:
	15	use_x_forwarded_for: true
	16	trusted_proxies: 172.25.22.0/24


diff --git a/data/home_assistant/home_assistant.conf.j2 b/data/home_assistant/home_assistant.conf.j2 new file mode 100644 index 0000000..9f6be24 --- /dev/null +++ b/data/home_assistant/home_assistant.conf.j2
@@ -0,0 +1,38 @@
	1	server {
	2	listen 443 ssl;
	3	server_name {{ home_assistant_server_name }};
	4
	5	ssl_certificate /etc/letsencrypt/live/chudnick.com/fullchain.pem;
	6	ssl_certificate_key /etc/letsencrypt/live/chudnick.com/privkey.pem;
	7	add_header Strict-Transport-Security "max-age=31536000" always;
	8	ssl_stapling on;
	9	ssl_stapling_verify on;
	10
	11	# Security / XSS Mitigation Headers
	12	add_header X-Frame-Options "SAMEORIGIN";
	13	add_header X-XSS-Protection "1; mode=block";
	14	add_header X-Content-Type-Options "nosniff";
	15	add_header 'Access-Control-Allow-Origin' 'https://chudnick.com' always;
	16
	17	# authelia
	18	include /etc/nginx/snippets/authelia-location.conf;
	19
	20
	21	location / {
	22	#authelia
	23	include /etc/nginx/snippets/proxy.conf;
	24	include /etc/nginx/snippets/authelia-authrequest.conf;
	25
	26	proxy_set_header Upgrade $http_upgrade;
	27	proxy_set_header Connection $connection_upgrade;
	28	proxy_pass http://127.0.0.1:{{ home_assistant_external_port }}/;
	29	}
	30
	31	}
	32
	33	server {
	34	listen 80;
	35	listen [::]:80;
	36	server_name {{ home_assistant_server_name }};
	37	return 301 https://$host$request_uri;
	38	}