Disclaimer: I haven’t done a lot of research yet. Still in the “how to handle this” stage.
My profile: Senior Full Stack Web App - with own infrastructure in the cloud, unraid locally. HASSOS in a vm.
Q: in September I’m getting solar panels. My parents lended me the money on the condition they can use up the extra energy I set the net. We live in Belgium and that is possible but to do so they have to take it at most 15 minutes after. For normal usage this is fine but I’m talking heat pump and machines and such.
Both houses have a home assistant setup. His is even more automated than mine. Both run on on a decent machine. Both have stable internet (UniFi) and he is paying for home assistant cloud. Atm I am not.
Now I do have a digital meter and just integrated that with my instance. First I made my own cable but then I stumbled upon “slimmelezer+” module and that thing is just fantastic!
Anyway now I have access to real time data. What would you do to get it to the other instance? I do not have a lot of time but I am experienced with webservices and have the servers. This would be read only off course! lol but I was wondering if any of you knew a project or has done this him/herself.
I’m thinking the easiest way would be for me to pay for cloud access and then create a user for them. They can then add my home to their apps. But it would be super duper sweet to fully integrate both houses!
I’m assuming they aren’t close enough to just run some cat6 between both houses and have a single instance govern them?
I’ll be honest though, although your plan sounds cool as fuck, it also sounds like a really terrifying project from a security perspective.
Use woreguard and do a point to point VPN, I have one with my mate and so I can stream shit from his server over local LAN, wireguard is fucking sick.
Nope. 2.5km or so but in a dense populated city 😁
I’m interested in your terrifying view though. Maybe I’m missing something, this is roughly what’s in my head now: (1 is my home, 2 is a a cloud server, 3 is my parents)
- 1: pushes the relevant entities to 2. Read only.
- 2 received the data. Validation here is a token system with permissions. I’m going to use my SaaS to do this given it already has this in place
- 2 is storing the values in a database
- 3 gets notified of the new values with web hooks. Again by 2, something I have yet to build in de SaaS but will be needed anyway
- 2 can sanitize the values when needed. It will absolutely do validation and verification and such
- 2 is very secure and is the only one who will do write, only to his own db
- I’m not sure if 3 would be able to react to entities directly on 2 but I will investigate this. If not I can push the values
- we make a read only graph on 3 that just displays the values.
- I’m now thinking that doesn’t even have to be on 3 yet, I can just make a very secure view for them in the SaaS. With login and things, something that I already have. I can use an iFrame to let them view it in a dashboard of HA
- later we could do automations when needed but that is not that urgent given I work from home and my parents are retired.
For me this seems very secure, more so given we mostly have read only things. maybe there is something I’m missing?
Sidenote: we have Smappee as well and can access each others home through their app. We can use this at first but it would just be cool to make this flow. I for one don’t want to be this dependent of some vendor, if you know what I mean…
Forgot to mention: 2 can even just send a notification to Slack to my parents. We are already using this. They are helping with testing the SaaS
I’m interested in your terrifying view though.
I mean, don’t misconstrue, I am exaggerating a bit and tend towards caution over utility in these matters - it’s totally doable, of course :)
It’s the overall intent that would worry me - as someone else said downthread, I’m not sure I see the necessity of having the two homes directly linked, and as we know, adding an unnecessary component to a system is necessarily increasing its threat surface. The involvement of a cloud service bothers me a bit - it’d be one thing to have three servers involved, all fully under your control, but what happens if your cloud provider has some kind of security disaster? How do you deal with an external adversary that then has access to both your and your parents’ houses? Or worse, what happens when your parents decide to get experimental with HA and brick all your lights? (I kid - you do make it sound like your folks are switched on and technically sane, but in principle - shit can go wrong on their end).
Personally, I think I’d go very barebones and just host a single bit in a text file on a web server somewhere - your HA could flip it to 1 when there’s power to buy, and your parents’ HA can just poll that every 15 minutes and do whatever it needs to while the value stays at 1. No direct linkage, minimal threat surface, and any bad actor snooping around will only find out that some URL on some web server sometimes serves a ‘0’ and sometimes serves a ‘1’.
What you could do is have one of the HAs install the custom integration remote-homeassistant. However, even then it would mean that you have to somehow make your instance available outside e.g. VPN, port forwarding, cloud service, …
This one connects with the instance directly via a long-lived token and allows you to control and read date from the other instance. The good thing though: The configuration.yaml way allows you to specificially include or exclude entities. So with that you could technically only send the entities from slimmelezer+ without having to pass the other info.
I would say the only caveat would be that because the long-lived token is somewhere on the other house’s instance, they could technically take it and send commands randomly to your instance :P Maybe with an extra user you could maybe limit the permissions or something similar and create the long-lived token there - haven’t tried it though, just a thought.
I don’t know if this is what you are looking for but I personally use a HACS plugin to transfer some entities from my instance to my parent instance.
https://github.com/custom-components/remote_homeassistant
This way I can read some sensors or use some switches/lights directly from my instance.
Thanks, didn’t know about this app. Will investigate, although if it uses long live tokens without a granular permission 🫤 idk the “can send commands” sounds terrifying. And that is an understatement.
That said I will look into it and it will probably help with me building something more secure. Idk how that will go though 😊
I don’t fully understand why them having access to your home assistant is necessary. Do you want them to be able to create automations triggered from your data? If so, you could set up automations that send web hook calls to their instance which they can use to trigger automations. To make this easier since you both have UniFi you should be able to join the networks through a VPN. That way you don’t have to worry about the cloud service.
It wouldn’t, although given we visit each other a lot it would help in way.
But for this I would like to automate it like you suggest. I didn’t think of the vpn way, and that would certainly be possible. Although I fear it would complicate things a bit. That an in our duopoly isp thingie we have have here in Belgium we still have a miserably low and flaky upload of 30mbps. VPN is very slow. It’s on my list to test wire-guard though.
That said: good to hear that simple web hooks seems fairly straight forward. Due to time constraints I haven’t dabbled a lot in automations but this route seems very promising! I think I will now def take that route, al be it with a small server component to handle the forward to their instance. So no vpn and floating ip hassle. Especially on their end.
Probably can build this as an extra service into an existing web app too!
B/c in the end it’s just sending them the data in a certain format it is? I mean it probably is even just a forward call😎 🤔 this sounds more and more the way to go, I could even capture the data in MySQL and let in dept analysis tools loose on it. To learn the tools
Thanks a million! Your insights gave me the direction to move to. 🤗
Awesome! Glad I could help.
