Forked from crundberg/gist:a77b22de856e92a7e14c81f40e7a74bd
Created
August 23, 2023 19:16
-
-
Save theendcomplete/3e27534cbc27ce610068239aef7a67a0 to your computer and use it in GitHub Desktop.
Revisions
-
crundberg revised this gist
Jan 5, 2022 . 1 changed file with 2 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,13 +34,13 @@ ostype: ubuntu rootfs: local:120/vm-120-disk-0.raw,size=8G swap: 512 unprivileged: 1 lxc.cgroup2.devices.allow: c 166:* rwm lxc.mount.entry: /lxc/120/devices/ttyACM0 dev/ttyACM0 none bind,optional,create=file ``` `nano /etc/udev/rules.d/50-myusb.rules` ``` SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", MODE="0666", SYMLINK+="conbee" ``` `udevadm control --reload-rules && service udev restart && udevadm trigger`\ `ls -l /dev/ttyACM*` @@ -98,8 +98,6 @@ StartLimitIntervalSec=60 [Service] User=deconz-user PermissionsStartOnly=true ExecStartPre=/bin/mkdir -p /run/udev/data ExecStartPre=/sbin/setcap cap_net_bind_service+ep /usr/bin/deCONZ ExecStartPre=/bin/bash -c "/bin/echo -e 'E:ID_VENDOR_ID=1cf1\nE:ID_MODEL_ID=0030' > /run/udev/data/c166:0" -
Jan 5, 2022 . 1 changed file with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,7 +20,7 @@ To handle the permission for the device I created a new directory where I create `cd /lxc/120/devices/`\ `mknod -m 660 ttyACM0 c 166 0`\ `chown 100000:100020 ttyACM0`\ `ls -al /lxc/120/devices/ttyACM0` Run `nano /etc/pve/lxc/120.conf` and add the last two rows for cgroup and mount. Change **166** in **cgroup** to the cgroup you noted before. ``` @@ -42,14 +42,14 @@ lxc.mount.entry: /lxc/120/devices/ttyACM0 dev/ttyACM0 none bind,optional,create= ``` SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", OWNER="100000", GROUP="100000", MODE="0666", SYMLINK+="conbee" ``` `udevadm control --reload-rules && service udev restart && udevadm trigger`\ `ls -l /dev/ttyACM*` ## Install deCONZ in container `apt install gnupg2`\ `wget -O - http://phoscon.de/apt/deconz.pub.key | apt-key add -`\ `sh -c "echo 'deb [arch=amd64] http://phoscon.de/apt/deconz $(lsb_release -cs) main' > /etc/apt/sources.list.d/deconz.list"`\ `apt update`\ `apt install deconz` `GCFFlasher_internal -l` -
Jan 5, 2022 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -16,11 +16,11 @@ crw-rw-r-- 1 root root 166, 0 Jan 3 21:45 /dev/ttyACM0 ``` To handle the permission for the device I created a new directory where I created a device file with correct permissions. Change **166** in **mknod** to the cgroup you noted in previous step. `mkdir -p /lxc/120/devices`\ `cd /lxc/120/devices/`\ `mknod -m 660 ttyACM0 c 166 0`\ `chown 100000:100020 ttyACM0`\ `ls -al /lxc/120/devices/ttyACM0`\ Run `nano /etc/pve/lxc/120.conf` and add the last two rows for cgroup and mount. Change **166** in **cgroup** to the cgroup you noted before. ``` -
Jan 5, 2022 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -114,8 +114,8 @@ WantedBy=multi-user.target `shutdown -r now` # References https://doc.turris.cz/doc/en/public/deconz_lxc_howto\ https://www.xmodulo.com/change-usb-device-permission-linux.html\ https://monach.us/automation/connecting-zwave-stick-under-lxc/\ https://blog.benoitblanchon.fr/lxc-unprivileged-container/\ https://gist.github.com/Yub0/518097e1a9d179dba19a787b462f7dd2\ -
Jan 5, 2022 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jan 5, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,121 @@ # Setup deCONZ on unprivileged Proxmox container ## Preparation on host First find your Conbee with `lsusb` and note the ID. The vendor is **1cf1** and the product is **0030**. ``` Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 005: ID 1cf1:0030 Dresden Elektronik ZigBee gateway [ConBee II] Bus 001 Device 003: ID 8087:0aaa Intel Corp. Bluetooth 9460/9560 Jefferson Peak (JfP) Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub ``` Run `ls -la /dev/ttyACM0` and note cgroup, in my case it was **166** ``` crw-rw-r-- 1 root root 166, 0 Jan 3 21:45 /dev/ttyACM0 ``` To handle the permission for the device I created a new directory where I created a device file with correct permissions. Change **166** in **mknod** to the cgroup you noted in previous step. `mkdir -p /lxc/120/devices` `cd /lxc/120/devices/` `mknod -m 660 ttyACM0 c 166 0` `chown 100000:100020 ttyACM0` `ls -al /lxc/120/devices/ttyACM0` Run `nano /etc/pve/lxc/120.conf` and add the last two rows for cgroup and mount. Change **166** in **cgroup** to the cgroup you noted before. ``` arch: amd64 cores: 1 features: nesting=1 hostname: zigbee.test.com memory: 512 net0: name=eth0,bridge=vmbr0,firewall=1,gw=192.168.10.1,hwaddr=52:CE:FD:D2:03:0F,ip=192.168.10.120/24,type=veth ostype: ubuntu rootfs: local:120/vm-120-disk-0.raw,size=8G swap: 512 unprivileged: 1 lxc.cgroup.devices.allow: c 166:* rwm lxc.mount.entry: /lxc/120/devices/ttyACM0 dev/ttyACM0 none bind,optional,create=file ``` `nano /etc/udev/rules.d/50-myusb.rules` ``` SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", OWNER="100000", GROUP="100000", MODE="0666", SYMLINK+="conbee" ``` `udevadm control --reload-rules && service udev restart && udevadm trigger` `ls -l /dev/ttyACM*` ## Install deCONZ in container `apt install gnupg2` `wget -O - http://phoscon.de/apt/deconz.pub.key | apt-key add -` `sh -c "echo 'deb [arch=amd64] http://phoscon.de/apt/deconz $(lsb_release -cs) main' > /etc/apt/sources.list.d/deconz.list"` `apt update` `apt install deconz` `GCFFlasher_internal -l` ``` GCFFlasher V3_17 (c) dresden elektronik ingenieurtechnik gmbh Path | Vendor | Product | Serial | Type -----------------+--------+---------+------------+------- | | | | ``` `mkdir -p /run/udev/data/` `echo "E:ID_VENDOR_ID=1cf1 E:ID_MODEL_ID=0030" > /run/udev/data/c166\:0` `GCFFlasher_internal -l` ``` GCFFlasher V3_17 (c) dresden elektronik ingenieurtechnik gmbh Path | Vendor | Product | Serial | Type -----------------+--------+---------+------------+------- /dev/ttyACM0 | 0x1CF1 | 0x0030 | | ConBee II ``` `/sbin/setcap cap_net_bind_service+ep /usr/bin/deCONZ` `getcap /usr/bin/deCONZ` ``` /usr/bin/deCONZ = cap_net_bind_service+ep ``` `useradd deconz-user` `mkdir /home/deconz-user` `chown -R deconz-user:deconz-user /home/deconz-user` `usermod -a -G dialout deconz-user` `systemctl enable deconz` ``` Created symlink /etc/systemd/system/multi-user.target.wants/deconz.service -> /lib/systemd/system/deconz.service. ``` `nano /lib/systemd/system/deconz.service` ``` [Unit] Description=deCONZ: ZigBee gateway -- REST API Wants=deconz-init.service deconz-update.service StartLimitIntervalSec=60 [Service] User=deconz-user PermissionsStartOnly=true #ExecStartPre=/bin/chown root:dialout /dev/ttyACM0 #ExecStartPre=/bin/chmod 664 /dev/ttyACM0 ExecStartPre=/bin/mkdir -p /run/udev/data ExecStartPre=/sbin/setcap cap_net_bind_service+ep /usr/bin/deCONZ ExecStartPre=/bin/bash -c "/bin/echo -e 'E:ID_VENDOR_ID=1cf1\nE:ID_MODEL_ID=0030' > /run/udev/data/c166:0" ExecStart=/usr/bin/deCONZ -platform minimal --http-port=80 Restart=on-failure #AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME [Install] WantedBy=multi-user.target ``` `shutdown -r now` # References https://doc.turris.cz/doc/en/public/deconz_lxc_howto https://www.xmodulo.com/change-usb-device-permission-linux.html https://monach.us/automation/connecting-zwave-stick-under-lxc/ https://blog.benoitblanchon.fr/lxc-unprivileged-container/ https://gist.github.com/Yub0/518097e1a9d179dba19a787b462f7dd2