home-assistant: allow enabling privileged mode for devices (#2513)

* home-assistant: allow enabling privileged mode for devices

* default false always

* allowEsc is required with priv

library/ix-dev/charts/home-assistant/Chart.yaml

@@ -4,7 +4,7 @@ description: Home Assistant is an open source home automation that puts local co
 annotations:
   title: Home Assistant
 type: application
-version: 2.0.25
+version: 2.0.26
 apiVersion: v2
 appVersion: 2024.5.5
 kubeVersion: '>=1.16.0-0'

library/ix-dev/charts/home-assistant/ci/devices-values.yaml

@@ -0,0 +1,18 @@
+haConfig:
+  allowDevices: true
+
+haNetwork:
+  webPort: 31000
+
+haStorage:
+  config:
+    type: pvc
+  media:
+    type: pvc
+  pgData:
+    type: pvc
+  pgBackup:
+    type: emptyDir
+    emptyDirConfig:
+      medium: ""
+      size: ""

library/ix-dev/charts/home-assistant/questions.yaml

@@ -33,6 +33,38 @@ questions:
       $ref:
         - definitions/timezone
 
+  - variable: haConfig
+    label: ""
+    group: Home Assistant Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: allowDevices
+          label: Allow Devices
+          description: |
+            Allow devices to be added to Home Assistant.
+            Keep in mind that this will make the container to run with elevated privileges</br>
+            and privilege escalation. Use with caution.
+          schema:
+            type: boolean
+            default: false
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Additional environment variables for Home Assistant.
+          schema:
+            type: list
+            items:
+              - variable: name
+                label: Name
+                schema:
+                  type: string
+                  required: true
+              - variable: value
+                label: Value
+                schema:
+                  type: string
+                  required: true
+
   - variable: podOptions
     label: ""
     group: Advanced Pod Configuration
@@ -110,7 +142,6 @@ questions:
             default: 568
             required: true
 
-
   - variable: haStorage
     label: ""
     group: Storage Configuration

library/ix-dev/charts/home-assistant/templates/_home-assistant.tpl

@@ -17,6 +17,8 @@ workload:
             runAsUser: 0
             runAsGroup: 0
             runAsNonRoot: false
+            privileged: {{ .Values.haConfig.allowDevices | default false }}
+            allowPrivilegeEscalation: {{ .Values.haConfig.allowDevices | default false }}
             readOnlyRootFilesystem: false
             capabilities:
               add:

library/ix-dev/charts/home-assistant/values.yaml

@@ -25,6 +25,7 @@ podOptions:
     options: []
 
 haConfig:
+  allowDevices: false
   additionalEnvs: []
 
 haNetwork: