1cfe1aff13
* root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2.3 KiB
| title |
|---|
| Home-Assistant |
What is Home-Assistant
From https://www.home-assistant.io/
:::note Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. :::
Preparation
The following placeholders will be used:
hass.companyis the FQDN of the Home-Assistant install.authentik.companyis the FQDN of the authentik install.
:::note This setup uses https://github.com/BeryJu/hass-auth-header and the authentik proxy for authentication. When this PR is merged, this will no longer be necessary. :::
Home-Assistant
This guide requires https://github.com/BeryJu/hass-auth-header, which can be installed as described in the Readme.
Afterwards, make sure the trusted_proxies setting contains the IP(s) of the Host(s) authentik is running on.
With the default Header of X-Forwarded-Preferred-Username matching is done on a username basis, so your Name in Home-Assistant and your username in authentik have to match.
If this is not the case, you can simply add an additional header for your user, which contains the Home-Assistant Name and authenticate based on that.
For example add this to your user's properties and set the Header to X-ak-hass-user.
additionalHeaders:
X-ak-hass-user: some other name
authentik
Create a Proxy Provider with the following values
-
Internal host
If Home-Assistant is running in docker, and you're deploying the authentik proxy on the same host, set the value to
http://homeassistant:8123, where Home-Assistant is the name of your container.If Home-Assistant is running on a different server than where you are deploying the authentik proxy, set the value to
http://hass.company:8123. -
External host
Set this to the external URL you will be accessing Home-Assistant from.
Create an application in authentik and select the provider you've created above.
Deployment
Create an outpost deployment for the provider you've created above, as described here. Deploy this Outpost either on the same host or a different host that can access Home-Assistant.
The outpost will connect to authentik and configure itself.