Merge pull request #4355 from esphome/bump-2022.12.8

2022.12.8

docker/Dockerfile

@@ -6,7 +6,7 @@
 ARG BASEIMGTYPE=docker
 
 # https://github.com/hassio-addons/addon-debian-base/releases
-FROM ghcr.io/hassio-addons/debian-base:6.1.3 AS base-hassio
+FROM ghcr.io/hassio-addons/debian-base:6.2.0 AS base-hassio
 # https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye
 FROM debian:bullseye-20221024-slim AS base-docker
 

docker/ha-addon-rootfs/etc/cont-init.d/10-requirements.sh

@@ -1,41 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# ==============================================================================
-# Community Hass.io Add-ons: ESPHome
-# This files check if all user configuration requirements are met
-# ==============================================================================
-
-# Check SSL requirements, if enabled
-if bashio::config.true 'ssl'; then
-    if ! bashio::config.has_value 'certfile'; then
-        bashio::log.fatal 'SSL is enabled, but no certfile was specified.'
-        bashio::exit.nok
-    fi
-
-    if ! bashio::config.has_value 'keyfile'; then
-        bashio::log.fatal 'SSL is enabled, but no keyfile was specified'
-        bashio::exit.nok
-    fi
-
-
-    certfile="/ssl/$(bashio::config 'certfile')"
-    keyfile="/ssl/$(bashio::config 'keyfile')"
-
-    if ! bashio::fs.file_exists "${certfile}"; then
-        if ! bashio::fs.file_exists "${keyfile}"; then
-            # Both files are missing, let's print a friendlier error message
-            bashio::log.fatal 'You enabled encrypted connections using the "ssl": true option.'
-            bashio::log.fatal "However, the SSL files '${certfile}' and '${keyfile}'"
-            bashio::log.fatal "were not found. If you're using Hass.io on your local network and don't want"
-            bashio::log.fatal 'to encrypt connections to the ESPHome dashboard, you can manually disable'
-            bashio::log.fatal 'SSL by setting "ssl" to false."'
-            bashio::exit.nok
-        fi
-        bashio::log.fatal "The configured certfile '${certfile}' was not found."
-        bashio::exit.nok
-    fi
-
-    if ! bashio::fs.file_exists "/ssl/$(bashio::config 'keyfile')"; then
-        bashio::log.fatal "The configured keyfile '${keyfile}' was not found."
-        bashio::exit.nok
-    fi
-fi

docker/ha-addon-rootfs/etc/cont-init.d/20-nginx.sh

@@ -1,34 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# ==============================================================================
-# Community Hass.io Add-ons: ESPHome
-# Configures NGINX for use with ESPHome
-# ==============================================================================
-
-declare certfile
-declare keyfile
-declare direct_port
-declare ingress_interface
-declare ingress_port
-
-mkdir -p /var/log/nginx
-
-direct_port=$(bashio::addon.port 6052)
-if bashio::var.has_value "${direct_port}"; then
-    if bashio::config.true 'ssl'; then
-        certfile=$(bashio::config 'certfile')
-        keyfile=$(bashio::config 'keyfile')
-
-        mv /etc/nginx/servers/direct-ssl.disabled /etc/nginx/servers/direct.conf
-        sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/servers/direct.conf
-        sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/servers/direct.conf
-    else
-        mv /etc/nginx/servers/direct.disabled /etc/nginx/servers/direct.conf
-    fi
-
-    sed -i "s/%%port%%/${direct_port}/g" /etc/nginx/servers/direct.conf
-fi
-
-ingress_port=$(bashio::addon.ingress_port)
-ingress_interface=$(bashio::addon.ip_address)
-sed -i "s/%%port%%/${ingress_port}/g" /etc/nginx/servers/ingress.conf
-sed -i "s/%%interface%%/${ingress_interface}/g" /etc/nginx/servers/ingress.conf

docker/ha-addon-rootfs/etc/cont-init.d/30-dirs.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/with-contenv bashio
-# ==============================================================================
-# Community Hass.io Add-ons: ESPHome
-# This files creates all directories used by esphome
-# ==============================================================================
-
-pio_cache_base=/data/cache/platformio
-
-mkdir -p "${pio_cache_base}"

docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf

@@ -1,6 +1,8 @@
 root            /dev/null;
 server_name     $hostname;
 
+client_max_body_size 512m;
+
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Robots-Tag none;

docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf

@@ -1,7 +1,6 @@
-ssl_protocols TLSv1.2;
-ssl_prefer_server_ciphers on;
-ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
-ssl_ecdh_curve secp384r1;
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 ssl_session_timeout  10m;
 ssl_session_cache shared:SSL:10m;
 ssl_session_tickets off;

docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf

@@ -0,0 +1,3 @@
+upstream esphome {
+    server unix:/var/run/esphome.sock;
+}

docker/ha-addon-rootfs/etc/nginx/nginx.conf

@@ -2,7 +2,6 @@ daemon off;
 user root;
 pid /var/run/nginx.pid;
 worker_processes 1;
-# Hass.io addon log
 error_log /proc/1/fd/1 error;
 events {
     worker_connections 1024;
@@ -10,24 +9,22 @@ events {
 
 http {
     include /etc/nginx/includes/mime.types;
-    access_log stdout;
+
+    access_log              off;
     default_type            application/octet-stream;
     gzip                    on;
     keepalive_timeout       65;
     sendfile                on;
     server_tokens           off;
 
+    tcp_nodelay             on;
+    tcp_nopush              on;
+
     map $http_upgrade $connection_upgrade {
         default upgrade;
         ''      close;
     }
 
-    # Use Hass.io supervisor as resolver
-    resolver 172.30.32.2;
-
-    upstream esphome {
-        server unix:/var/run/esphome.sock;
-    }
-
+    include /etc/nginx/includes/upstream.conf;
     include /etc/nginx/servers/*.conf;
 }

docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep

@@ -0,0 +1 @@
+Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)

docker/ha-addon-rootfs/etc/nginx/servers/direct.disabled

@@ -1,12 +0,0 @@
-server {
-    listen %%port%% default_server;
-
-    include /etc/nginx/includes/server_params.conf;
-    include /etc/nginx/includes/proxy_params.conf;
-    # Clear Hass.io Ingress header
-    proxy_set_header X-HA-Ingress "";
-
-    location / {
-        proxy_pass http://esphome;
-    }
-}

docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl

@@ -1,20 +1,26 @@
 server {
-    listen %%port%% default_server ssl http2;
+    {{ if not .ssl }}
+    listen 6052 default_server;
+    {{ else }}
+    listen 6052 default_server ssl http2;
+    {{ end }}
 
     include /etc/nginx/includes/server_params.conf;
     include /etc/nginx/includes/proxy_params.conf;
+
+    {{ if .ssl }}
     include /etc/nginx/includes/ssl_params.conf;
 
-    ssl on;
-    ssl_certificate /ssl/%%certfile%%;
-    ssl_certificate_key /ssl/%%keyfile%%;
-
-    # Clear Hass.io Ingress header
-    proxy_set_header X-HA-Ingress "";
+    ssl_certificate /ssl/{{ .certfile }};
+    ssl_certificate_key /ssl/{{ .keyfile }};
 
     # Redirect http requests to https on the same port.
     # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/
     error_page 497 https://$http_host$request_uri;
+    {{ end }}
+
+    # Clear Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "";
 
     location / {
         proxy_pass http://esphome;

docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl

@@ -1,14 +1,16 @@
 server {
-    listen %%interface%%:%%port%% default_server;
+    listen 127.0.0.1:{{ .port }} default_server;
+    listen {{ .interface }}:{{ .port }} default_server;
 
     include /etc/nginx/includes/server_params.conf;
     include /etc/nginx/includes/proxy_params.conf;
+
     # Set Home Assistant Ingress header
     proxy_set_header X-HA-Ingress "YES";
 
     location / {
-        # Only allow from Hass.io supervisor
         allow   172.30.32.2;
+        allow   127.0.0.1;
         deny    all;
 
         proxy_pass http://esphome;

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run

@@ -0,0 +1,32 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Add-on: ESPHome
+# Sends discovery information to Home Assistant.
+# ==============================================================================
+declare config
+declare port
+
+# We only disable it when disabled explicitly
+if bashio::config.false 'home_assistant_dashboard_integration';
+then
+    bashio::log.info "Home Assistant discovery is disabled for this add-on."
+    bashio::exit.ok
+fi
+
+port=$(bashio::addon.ingress_port)
+
+# Wait for NGINX to become available
+bashio::net.wait_for "${port}" "127.0.0.1" 300
+
+config=$(\
+    bashio::var.json \
+        host "127.0.0.1" \
+        port "^${port}" \
+)
+
+if bashio::discovery "esphome" "${config}" > /dev/null; then
+    bashio::log.info "Successfully send discovery information to Home Assistant."
+else
+    bashio::log.error "Discovery message to Home Assistant failed!"
+fi

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/type

@@ -0,0 +1 @@
+oneshot

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/discovery/run

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish

@@ -0,0 +1,26 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Home Assistant Community Add-on: ESPHome
+# Take down the S6 supervision tree when ESPHome dashboard fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+
+bashio::log.info \
+  "Service ESPHome dashboard exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run

@@ -1,10 +1,19 @@
-#!/usr/bin/with-contenv bashio
+#!/command/with-contenv bashio
+# shellcheck shell=bash
 # ==============================================================================
 # Community Hass.io Add-ons: ESPHome
 # Runs the ESPHome dashboard
 # ==============================================================================
+readonly pio_cache_base=/data/cache/platformio
 
 export ESPHOME_IS_HA_ADDON=true
+export PLATFORMIO_GLOBALLIB_DIR=/piolibs
+
+# we can't set core_dir, because the settings file is stored in `core_dir/appstate.json`
+# setting `core_dir` would therefore prevent pio from accessing
+export PLATFORMIO_PLATFORMS_DIR="${pio_cache_base}/platforms"
+export PLATFORMIO_PACKAGES_DIR="${pio_cache_base}/packages"
+export PLATFORMIO_CACHE_DIR="${pio_cache_base}/cache"
 
 if bashio::config.true 'leave_front_door_open'; then
     export DISABLE_HA_AUTHENTICATION=true
@@ -30,14 +39,7 @@ else
     fi
 fi
 
-pio_cache_base=/data/cache/platformio
-# we can't set core_dir, because the settings file is stored in `core_dir/appstate.json`
-# setting `core_dir` would therefore prevent pio from accessing
-export PLATFORMIO_PLATFORMS_DIR="${pio_cache_base}/platforms"
-export PLATFORMIO_PACKAGES_DIR="${pio_cache_base}/packages"
-export PLATFORMIO_CACHE_DIR="${pio_cache_base}/cache"
-
-export PLATFORMIO_GLOBALLIB_DIR=/piolibs
+mkdir -p "${pio_cache_base}"
 
 bashio::log.info "Starting ESPHome dashboard..."
 exec esphome dashboard /config/esphome --socket /var/run/esphome.sock --ha-addon

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/type

@@ -0,0 +1 @@
+longrun

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run

@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Configures NGINX for use with ESPHome
+# ==============================================================================
+mkdir -p /var/log/nginx
+
+# Generate Ingress configuration
+bashio::var.json \
+    interface "$(bashio::addon.ip_address)" \
+    port "^$(bashio::addon.ingress_port)" \
+    | tempio \
+        -template /etc/nginx/templates/ingress.gtpl \
+        -out /etc/nginx/servers/ingress.conf
+
+# Generate direct access configuration, if enabled.
+if bashio::var.has_value "$(bashio::addon.port 6052)"; then
+    bashio::config.require.ssl
+    bashio::var.json \
+        certfile "$(bashio::config 'certfile')" \
+        keyfile "$(bashio::config 'keyfile')" \
+        ssl "^$(bashio::config 'ssl')" \
+        | tempio \
+            -template /etc/nginx/templates/direct.gtpl \
+            -out /etc/nginx/servers/direct.conf
+fi

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type

@@ -0,0 +1 @@
+oneshot

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx/run

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish

@@ -0,0 +1,25 @@
+#!/command/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Take down the S6 supervision tree when NGINX fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+
+bashio::log.info \
+  "Service NGINX exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -1,10 +1,11 @@
-#!/usr/bin/with-contenv bashio
+#!/command/with-contenv bashio
+# shellcheck shell=bash
 # ==============================================================================
 # Community Hass.io Add-ons: ESPHome
 # Runs the NGINX proxy
 # ==============================================================================
 
-bashio::log.info "Waiting for dashboard to come up..."
+bashio::log.info "Waiting for ESPHome dashboard to come up..."
 
 while [[ ! -S /var/run/esphome.sock ]]; do
   sleep 0.5

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type

@@ -0,0 +1 @@
+longrun

docker/ha-addon-rootfs/etc/services.d/esphome/finish

@@ -1,15 +0,0 @@
-#!/usr/bin/execlineb -S0
-# ==============================================================================
-# Community Hass.io Add-ons: ESPHome
-# Take down the S6 supervision tree when ESPHome fails
-# ==============================================================================
-
-declare APP_EXIT_CODE=${1}
-
-if [[ "${APP_EXIT_CODE}" -ne 0 ]] && [[ "${APP_EXIT_CODE}" -ne 256 ]]; then
-  bashio::log.warning "Halt add-on with exit code ${APP_EXIT_CODE}"
-  echo "${APP_EXIT_CODE}" > /run/s6-linux-init-container-results/exitcode
-  exec /run/s6/basedir/bin/halt
-fi
-
-bashio::log.info "Service restart after closing"

docker/ha-addon-rootfs/etc/services.d/nginx/finish

@@ -1,15 +0,0 @@
-#!/usr/bin/execlineb -S0
-# ==============================================================================
-# Community Hass.io Add-ons: ESPHome
-# Take down the S6 supervision tree when NGINX fails
-# ==============================================================================
-
-declare APP_EXIT_CODE=${1}
-
-if [[ "${APP_EXIT_CODE}" -ne 0 ]] && [[ "${APP_EXIT_CODE}" -ne 256 ]]; then
-  bashio::log.warning "Halt add-on with exit code ${APP_EXIT_CODE}"
-  echo "${APP_EXIT_CODE}" > /run/s6-linux-init-container-results/exitcode
-  exec /run/s6/basedir/bin/halt
-fi
-
-bashio::log.info "Service restart after closing"

esphome/const.py

@@ -1,6 +1,6 @@
 """Constants used by esphome."""
 
-__version__ = "2022.12.7"
+__version__ = "2022.12.8"
 
 ALLOWED_NAME_CHARS = "abcdefghijklmnopqrstuvwxyz0123456789-_"