| 1 Dec 2024 |
 K900 | Some reasonable-ish RPC protocol, probably | 17:49:52 |
| K900 | I don't think there's anything out there that would be a good fit for all the use cases | 17:50:14 |
| K900 | Which probably means there should be more than one protocol | 17:50:35 |
 @hexa:lossy.network | ah cool, they start using pnpm with z2m 2.0 | 17:55:03 |
 freewalkr | In reply to @hexa:lossy.network
I rolled that back to 1.1 a while ago i updated to latest nixpkgs-unstable and now it converts to yaml to: 'on'. thanks! | 20:25:23 |
| freewalkr | one more problem, more general this time
maybe someone knows
i pass a usb device to hass via a symlink generated by udev rule:
services.udev.extraRules = ''ACTION=="add", KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="16d6", ATTRS{idProduct}=="0008", MODE="0600", OWNER="hass", GROUP="hass", SYMLINK+="jablotron"'';
then i allow it in systemd unit:
systemd.services.home-assistant.serviceConfig.DeviceAllow = "/dev/jablotron";
and everything works fine
but the device can randomly disconnect and connect back every once in a while
it is available on the symlink /dev/jablotron again (i checked with sudo -u hass cat /dev/jablotron - no access errors)
but home assistant won't have access to it: there are a lot of log lines:
2024-12-01 23:18:33.036 ERROR (ThreadPoolExecutor-2_1) [custom_components.jablotron100] Write error: [Errno 1] Operation not permitted: '/dev/jablotron'
restarting hass service helps, it works fine again until the next reconnect
is it an issue with an integration or it can be solved with systemd tuning?
| 20:33:07 |
| @hexa:lossy.network | what are the permissions when it reconnects? | 20:34:17 |
| @hexa:lossy.network | is it still owned by hass:hass? | 20:34:25 |
| freewalkr | 600 hass:hass | 20:34:27 |
| @hexa:lossy.network | what I would do is create a static group users.groups.jablotron = { } and add SupplementaryGroup = [ "jablotron " ] to the home-assistant unit | 20:35:39 |
| @hexa:lossy.network | but that just shifts things around, not sure it would meaningfully change anything | 20:35:57 |
| freewalkr | well the symlink is 777 of course, but the device it points to is 600 hass:hass | 20:36:07 |
| @hexa:lossy.network | the hass user/group are statically allocated, so I wouldn't expect anything weird to happen | 20:38:23 |
| freewalkr | should i use group jablotron as udev group? | 20:38:52 |
| freewalkr | * should i use group jablotron as udev rule group? | 20:39:03 |
| freewalkr | * should i use group jablotron as udev rule GROUP? | 20:39:13 |
| @hexa:lossy.network | that is what I would do | 20:39:13 |
| @hexa:lossy.network | root/jablotron | 20:39:19 |
| @hexa:lossy.network | then 660 | 20:39:23 |
| @hexa:lossy.network | and group membership delegates access to the device | 20:39:37 |
| freewalkr | well it didn't fix the problem
i guess it maybe something like integration keeps reading from dead file descriptor or something | 20:49:36 |
| freewalkr | * well it didn't fix the problem
i guess it may be something like integration keeps reading from dead file descriptor or something | 20:49:46 |
| @hexa:lossy.network | yeah, plausible | 20:49:47 |
| @hexa:lossy.network | best to talk to the componentn maintainer | 20:50:08 |
| @hexa:lossy.network | on permission error, try to reopen the device | 20:50:42 |
| freewalkr | retard move (at least it works for now)
services.udev.extraRules =
''ACTION=="add", KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ''
+ ''ATTRS{idVendor}=="16d6", ATTRS{idProduct}=="0008", ''
+ ''MODE="0660", OWNER="hass", GROUP="hass", SYMLINK+="jablotron", ''
+ ''RUN+="/bin/sh -c 'systemctl restart home-assistant.service'"''
| 21:32:56 |
| @hexa:lossy.network | 🤡 | 21:33:34 |
| 2 Dec 2024 |
 spacekitteh | ok i've created a nixos module for an openthread border router, any feedback?
{
config,
pkgs,
lib,
...
}:
{
options.services.openthread-border-router = {
enable = lib.mkEnableOption "Enable an OpenThread Border Router";
package = lib.mkOption {
type = lib.types.package;
description = "The OpenThread Border Router package to use";
default = pkgs.otbr-posix;
};
radioProtocol = lib.mkOption {
description = "The protocol used to connect to the radio coprocessor";
default = "spinel+hdlc+uart://";
type = lib.types.string;
};
radioDevice = lib.mkOption {
description = "The device file for the radio coprocessor";
example = "/dev/ttyUSB0";
type = lib.types.path;
};
infrastructureInterface = lib.mkOption {
description = "The IPv6 interface to bridge the Thread network to";
example = "eth0";
type = lib.types.string;
};
logLevel = lib.mkOption {
description = "The log level";
type = lib.types.ints.between 1 7;
default = 5;
};
threadInterface = lib.mkOption {
description = "The Thread interface name to create";
default = "wpan0";
type = lib.types.string;
};
openFirewall = lib.mkOption {
description = "Open the firewall port for the server's REST API";
default = true;
type = lib.types.bool;
};
};
config =
let
cfg = config.services.openthread-border-router;
otbr = cfg.package;
threadInterface = cfg.threadInterface;
accessInterface = cfg.infrastructureInterface;
forwardIngressChain = "OTBR_FORWARD_INGRESS";
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 8081 ];
systemd.services.otbr = {
serviceConfig = {
AmbientCapabilities = [
"CAP_NET_ADMIN"
"CAP_NET_RAW"
];
CapabilityBoundingSet = [
"CAP_NET_ADMIN"
"CAP_NET_RAW"
];
};
script =
let
radioURI = "${cfg.radioProtocol}${cfg.radioDevice}";
in
"${otbr}/bin/otbr-agent --verbose -d ${builtins.toString cfg.logLevel} -I ${threadInterface} -B ${accessInterface} ${radioURI} trel://${accessInterface}";
path = [
otbr
pkgs.ipset
pkgs.iptables
];
postStop = ''
ipset_destroy_if_exist()
{
if ipset list "$1"; then
ipset destroy "$1"
fi
}
while ip6tables -C FORWARD -o ${threadInterface} -j ${forwardIngressChain}; do
ip6tables -D FORWARD -o ${threadInterface} -j ${forwardIngressChain}
done
if ip6tables -L ${forwardIngressChain}; then
ip6tables -w -F ${forwardIngressChain}
ip6tables -w -X ${forwardIngressChain}
fi
ipset_destroy_if_exist otbr-ingress-deny-src
ipset_destroy_if_exist otbr-ingress-deny-src-swap
ipset_destroy_if_exist otbr-ingress-allow-dst
ipset_destroy_if_exist otbr-ingress-allow-dst-swap
'';
preStart = ''
ipset create -exist otbr-ingress-deny-src hash:net family inet6
ipset create -exist otbr-ingress-deny-src-swap hash:net family inet6
ipset create -exist otbr-ingress-allow-dst hash:net family inet6
ipset create -exist otbr-ingress-allow-dst-swap hash:net family inet6
ip6tables -N ${forwardIngressChain}
ip6tables -I FORWARD 1 -o ${threadInterface} -j ${forwardIngressChain}
ip6tables -A ${forwardIngressChain} -m pkttype --pkt-type unicast -i ${threadInterface} -j DROP
ip6tables -A ${forwardIngressChain} -m set --match-set otbr-ingress-deny-src src -j DROP
ip6tables -A ${forwardIngressChain} -m set --match-set otbr-ingress-allow-dst dst -j ACCEPT
ip6tables -A ${forwardIngressChain} -m pkttype --pkt-type unicast -j DROP
ip6tables -A ${forwardIngressChain} -j ACCEPT
'';
};
};
}
| 04:45:59 |
|  xenos76 joined the room. | 19:55:44 |
|  ethan joined the room. | 22:51:10 |
