Hey all, new user to the forums.
I’ve come here from watching some of the Youtube content about home automation using Home Assistant. I’m interested in getting HASS up and running in a Docker container, but I’m running in to some issues understanding the basics of networking within Docker. Specifically, I want to be able to isolate the IoT equipment to internal access while maintaining external access to web interface.
My scenario follows:
I’ve got an Ubuntu home server with two NICs; eth0 and eth1. eth0 is connected to the externally accessible network. eth1 is connected to a L2/L3 PoE switch that hosts all the IoT stuff. The idea here is to keep the cheap, Chinese IoT crap from phoning home or otherwise spying on the rest of my network. Problem is, I cannot figure out how to get both eth0 and eth1 traffic associated with the Docker container.
I’ve made it as far as creating and attaching macvlan networks for both interfaces, but neither seem accessible when entered in to my docker-compose YAML.
Anyone else out there have a similar scenario for their HASS implementation? I know Wendell has done something like this using the Synology appliance with two NICs, so it makes sense that I should be able to get this operational using my own bare-metal server and Docker.
*** Update ***
After a few days of grinding, I finally tapped out on the whole Docker idea. From what I discovered, it is nigh impossible to get Docker HASS to dual-NIC. The convenience of having a simple to deploy and maintain instance of HASS is just completely offset by the lack of functionality the Docker version offers. Instead, I have opted to use the full OS version of HASS via KVM.
For those who stumble upon this thread in search of answers, I was able to accomplish the isolation for IoT devices by means of segmenting my network through port isolation rules. This permits me to have bi-directional communication between the HASS instance and IoT device while restricting the IoT devices to only the port associated with the HASS instance.