Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tailscale integration #251

Closed
wants to merge 8 commits into from
Closed

Add tailscale integration #251

wants to merge 8 commits into from

Conversation

MelleD
Copy link

@MelleD MelleD commented Apr 25, 2024

This PR makes it possible to start the lambda function as a container and connect to the home assistant via Tailscale VPN. This means that it is not necessary to put your HA on the Internet.

Open points are the adaptation of the wiki and documentation. In addition, you have to clone the repo so that the Docker container can be pushed into its own ECR container in AWS.

In addition, you have to think about how to design the githubaction

If you use PY lamdba directly you now have to adapt the config.py and/or if possible also use ENV variables, then the user no longer has to adapt py at all.

I'm looking forward to feedback.

@DEADSEC-SECURITY
Copy link
Collaborator

Please add your proposed changes to the wiki to explain how to use and the features it has

@MelleD
Copy link
Author

MelleD commented Apr 27, 2024

Yes, of course I will do it if the changes are ok with the config.py too. In the end you only have to set the Ha-Url, Ha-Token and auth Tailscale Key. But I will describe the workflow with forking and adding images, but it takes a bit of effort ;)

@DEADSEC-SECURITY
Copy link
Collaborator

Thats ok with me.

@DEADSEC-SECURITY
Copy link
Collaborator

Please dont edit the wiki directly. Write any mods or new text in here so I can double check before making the changes permanent

@MelleD
Copy link
Author

MelleD commented Apr 28, 2024
edited
Loading

Here are some steps you need to take:

The premise is that Tailscale Integration is installed in HA and the HA instance is available as a node.

  1. The Git repo must be forked so that the Docker image for the AWS Lambda can be pushed to a private repository in the Amazon Elastic Container Registry.
  2. Create a private repository on AWS Amazon Elastic Container Registry. The name must be ha-custom-lambda-tailscale for the repo
ecr-private

[AWS Introduction ECR] (https://aws.amazon.com/de/ecr/getting-started/)
3. Create a keypair on AWS IM to allow github action to push the Docker image
Create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
zugriff_schlüssel

[AWS Introduction credentials] (https://docs.aws.amazon.com/de_de/keyspaces/latest/devguide/access.credentials.html#SigV4_credentials)

Remember both carefully because the secret is only displayed once and is required in the next step.

  1. Go to your formed repo under settings. Go to secrets and variables. Create two new secrets with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the previous step
github secret
  1. Then build and push the Docker image under Github Actions.To do this, run .github/workflows/docker-build-push.yml
githubaction

Congratulations! This is the first step and the result should look like this.

  1. Create a new function. Select Container Image at the top
add-lambda

[AWS Lambda] (https://docs.aws.amazon.com/de_de/lambda/latest/dg/getting-started.html)

  1. Name the function alexa-actionable-notifications-function and select the Docker image from the ECR and click create function
lambda1 create-lambda lambda Kopie

3.Click "Add Trigger" and copy your skill id from the previous step from the https://developer.amazon.com/alexa/console/ask
skill

lambda-alexa skill trigger
  1. Now we have to log in to our Tailscale account and create an ephemeral key. Go to settings --> key
key key1 Please remember the key. You currently have to do this step every 3 months because the key can no longer be created

  1. An HA long-living token (10 years) must then be created. See instructions above
    Please remember the key.

  2. Now the following ENV variables must be inserted into the function.

ha-env

DEBUG true/false
HA_TOKEN
HA_URL Important the TAILSCALE ip from HA e.g http://{tailscale-ha-ip}:8123. Should be start with 100.xxx.xxx.xxx
TAILSCALE_AUTHKEY the ephemeral key. Should be start with tskey-auth-xxxxx

  1. Save function to deploy the function new

Now the Alexa skill can be tested and integrated into HA. These are the same steps.

The only thing that changes in the Alexa Skill chapter in the editor is that you don't have to create a PY for the template. Actually always click Customize

Troubleshooting:
I rarely get timeouts from tailscale. Ticket is open. That's why I increased the timeout to 10 seconds.

Bildschirmfoto 2024-04-28 um 12 18 18

Danger:
The ECR and the AWS Lambda can cost money. For this reason the image was kept small.
But you have to have a lot of traffic and updates. With testing and everything, my most expensive month was 4 cents ;)

@MelleD MelleD deleted the branch keatontaylor:master May 13, 2024 08:38
@MelleD MelleD closed this May 13, 2024
@MelleD MelleD deleted the master branch May 13, 2024 08:38
@MelleD MelleD restored the master branch May 13, 2024 09:28
@MelleD MelleD reopened this May 13, 2024
@MelleD
Copy link
Author

MelleD commented Jul 1, 2024

Ping :)

@github-actions GitHub Actions
Copy link

Stale pull request message

@github-actions github-actions bot closed this Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
no-pr-activity
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MelleD @DEADSEC-SECURITY