Fix home-assistant

docker-compose.yml

@@ -18,6 +18,8 @@ services:
       - ./config/acme.json:/acme.json:rw
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     labels:
       - "traefik.enable=true"
       - "traefik.http.middlewares.traefik-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" 

firewall

@@ -72,9 +72,6 @@ iptables -A OUTPUT -p tcp --dport 2277 -j ACCEPT # ACCEPT SSH OUTPUT LIKE GITLAB
 iptables -A INPUT -p icmp -j ACCEPT
 iptables -A OUTPUT -p icmp -j ACCEPT
 
-# CHROMECAST
-iptables -A OUTPUT -p tcp --dport 5555 -j ACCEPT
-
 # Parer les attaques de type Déni de Service
 iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
 iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
@@ -82,3 +79,6 @@ iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -
 
 # Parer les scans de ports
 iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
+
+# Allow all from private network and docker network
+iptables -A INPUT -j ACCEPT -d 172.17.0.0/16

home_assistant/docker-compose.yml

@@ -10,13 +10,9 @@ services:
     volumes:
       - home_assistant_config:/config
       - /etc/localtime:/etc/localtime:ro
-    ports:
-      - 8123:8123
     network_mode: host
-    cap_add:
+    expose:
-      - NET_ADMIN
+      - 8123
-      - NET_BIND_SERVICE
-      - SYS_ADMIN
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.homeassistant-secure.entrypoints=https"