Okay, let me start by saying that I really do love Home Assistant. I believe that it is a fantastic piece of software, with very dedicated developers that are far more talented than I. Although, that being said, I strongly disagree with a number of their design choices.

My most recent problem has been trying to put Home Assistant behind a reverse proxy with a subpath. The Home Assistant developers flat out refuse any contribution that adds support for this. Supposedly, the frontend has hard-coded paths for some views, to me this doesn’t sound like a good practice to begin with – that being said, I mostly program in Go these days (so I’m unsure if this is something that is pretty common in some frameworks or languages). The official solution is to use a subdomain, which I can’t do – I’m trying to route all services through a Tailscale Funnel (which only provides a single domain; I doubt that Tailscale Funnels where ever designed for this purpose, but I’m trying to completely remove Cloudflare Tunnels for my selfhosted services).

The other major problem I’ve ran into, is that HAOS assumes that you would have no need to run any other Docker services other than those that are add-ons or Home Assistant itself. Which, I’m sorry (not really), Home Assistant add-ons are an absolute pain to deal with! Sure, when they work, they’re supper simple, but having to write an add-on for whenever I just want to spin up a single Docker container is not going to work for me.

Now, some smaller issues I’ve had:

  • There’s no way to change the default authentication providers. I host for my (non-techie) family, they’re not going to know what the difference between local authentication and command-line authentication is, just that one works and the other doesn’t.
  • Everything that is “advanced” requires a workaround. Like mounting external hard drives and sharing it with containers in HAOS requires you to setup the Samba add-on, add the network drive, and then you can use it within containers.

Again, I still really love Home Assistant, it’s just getting to a point where things are starting to feel hacky or not thought out all the way. I’ve considered other self-hosted automation software, but there really isn’t any other good alternative (unless you want to be using HomeKit). Also, I’m a programmer first, and far away from being a self-hosting pro (so let me know if I’ve missed any crucial details that completely flip my perspective on it’s head).

If you got to the end of this thanks for reading my rant, you’re awesome.

  • grue@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    10 months ago

    The other major problem I’ve ran into, is that HAOS assumes that you would have no need to run any other Docker services other than those that are add-ons or Home Assistant itself.

    With the caveat that I can tell just from your post that I certainly know way less about this stuff than you do, HAOS’ assumption seems pretty reasonable to me. Isn’t the point of using HAOS (as opposed to installing HA some other way) that you’d be either (a) using it by itself on bare-metal hardware, or (b) using it in a VM? I’m running HAOS and Docker in two different VMs on Proxmox, and it’s working fine for me so far.

    (The first complaint you mentioned, about reverse proxies and subpaths, sounds a lot more legitimate. In fact, that’s something I’d like to learn more about because I haven’t yet figured out how to make my HA install – or anything, for that matter – accessible outside my LAN and “Tailscale Funnel” sounds intriguing.)

    • Daniel@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      10 months ago

      I’m running HAOS and Docker in two different VMs on Proxmox, and it’s working fine for me so far.

      So, I think I’ve mentioned this in another reply, but, I have a very minimal setup. It’s a RPi4 as the main device, Starlink as the ISP (CGNAT; no port-forwarding), and now Tailscale as the only way to access outside of my LAN. I agree that HAOS meets it’s primary job of running Home Assistant. Although, I don’t have the option to run Proxmox (at least I’ve never seen anyone run Proxmox on an RPi) and also have a massive music library (and soon a large movie and TV show collection, once I rip all of those DVDs) so I really only need to run a few things:

      • A dashboard to make accessing the services easier for the family.
      • A reverse proxy to handle subpaths (this used to be Cloudflare Tunnels with subdomains and NPM with subpaths, now it’s just Nginx).
      • Tailscale (to expose services and run a VPN to get past the CGNAT).
      • Jellyfin (for TV shows and movies).
      • A forked version of Goinc (I have a fork with LDAP support, there’s an open pull request for it, but it needs a little extra work; this wasn’t ran on HA).
      • Something to run LDAP authentication.
      • Some Home Automation software (was Home Assistant, I migth switch to something else).

      Edit: I also run Vaultwarden.

      I’ve really scaled things back since previous self-hosting journeys, and when I first started with HAOS there was even less going on, and really I need things to just work. I’m learning now that my mistake was assuming that HAOS add-ons are supposed to behave just like a Docker container, they’re not. I’ve learned the hard way, but, I still don’t love HA’s attitude towards something that are deemed “complex,” such as sub-paths and alternative authentication providers.

      I’m on RPi OS now.

  • oldfart@lemm.ee
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    10 months ago

    I second the complaint about subpaths. I have all my services on a single domain, except for HA. It’s for security by obscurity, when you issue a certificate for a subdomain you start getting malicious traffic probing for vulnerabilities almost immediately. I don’t have this problems for services with non-obvious subpaths.

    I can’t understand the stubbornness of developers to accept patches for fixing this problem.

    • Heavybell@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      10 months ago

      LetsEncrypt can hand out wildcard certs if you are able to add TXT records to your domain, if that helps any.

      I realised this was a stupid comment that doesn’t help any.

      • oldfart@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        No no, that’s how i’m working around the problem now, but i’m sure sni sniffing will sooner or later make my domain well known

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    10 months ago

    do – I’m trying to route all services through a Tailscale Funnel (which only provides a single domain

    Seems like you have some limitation (I really don’t know tailscail funnel) in your setup, and now you expect them to work around it.

    HAOS assumes that you would have no need to run any other Docker services other than those that are add-ons or Home Assistant itself.

    Yes, HAOS is great when you have one dedicated machine for it, for example a RPi. That’s the whole purpose of HAOS, as far as I understand.

    If you already have a zoo full of docker containers, then you want your Home Assistant (without HAOS) in just one more of your own containers.

    • Daniel@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      Seems like you have some limitation (I really don’t know tailscail funnel) in your setup, and now you expect them to work around it.

      Sub-paths are actually a fairly requested feature for Home Assistant. Although, they have a limitation of hard-coded paths, which they now expect us to work around. I’m actually fairly okay with that, they’re programmers who (a number of) work for free, with the exception of the few apart of Nabu Casa, and they’ve already exceeded my personal expectations it’s not like I deserve any features, but they also don’t deserve me to love 100% of their design decisions.

      Yes, HAOS is great when you have one dedicated machine for it, for example a RPi. That’s the whole purpose of HAOS, as far as I understand.

      I’ve admitted this already, but I seem to have totally miscalculated the ability of HAOS add-ons, and treated them like traditional Docker containers. This was my bad, and I learned the hard way, but at least now I know.

      If you already have a zoo full of docker containers, then you want your Home Assistant (without HAOS) in just one more of your own containers.

      I’m far from a zoo keeper. Once I setup everything on RPi OS again I’ll have just a few things for media (Jellyfin and a fork of Gonic, at least until my PR gets merged), Vaultwarden, and a home automation service (which may or may not be Home Assistant – if I can figure out a decent way of exposing it) I less services being hosted when I was on HAOS.

  • Turbo@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    10 months ago

    I will first admit that I am quite ignorant to Home Assistant.

    I am a happy openHAB user for 5+ years. Have you considered switching to see if you like it?

    I tried Home Assistant once or twice but never felt comfortable enough to switch.

    I run stuff locally and can connect over VPN to my home and operate as if I am inside the home. I have not looked into these other cloudflare tunnels or tail scale as I don’t think it would provide any advantage to my current setup.

    OpenVPN server running on my router does the trick.

    • Daniel@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      I am a happy openHAB user for 5+ years. Have you considered switching to see if you like it?

      I actually have considered it, and I’m still thinking about it.

      I run stuff locally and can connect over VPN to my home and operate as if I am inside the home. I have not looked into these other cloudflare tunnels or tail scale as I don’t think it would provide any advantage to my current setup.

      I have a strange setup. My ISP is Starlink (so I’m behind a CGNAT), meaning I kinda need another service to access them outside the network, but (as mentioned) I mainly host for my family who wouldn’t know how to work another app or VPN.

      • Turbo@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        I had to look that up. So ya, I understand your problem a bit better. Wish I could offer some solutions.

        For anyone interested…

        “Starlink uses Carrier-Grade NAT (CGNAT) to avoid the need for 1,000s of IPv4 addresses, which can be a problem for some users due to how they are using Starlink. However, some VPN services like PureVPN can be used to bypass CGNAT restrictions on Port Forwarding.1 CGNAT prevents direct access to the Starlink antenna from the internet, making setting up a VPN or hosting services challenging. There is no direct public IP address assigned to the Starlink antenna, which hinders traditional methods of setting up a VPN server or hosting services like port forwarding and DMZ access”