From fe11431b7f212805a5c19f9d33b294a4c68ea8d3 Mon Sep 17 00:00:00 2001 From: Travis Carr Date: Thu, 25 Oct 2018 12:27:57 -0700 Subject: [PATCH] Converting HASS Configurator to the new configuration template format. (#6651) * Converting HASS Configurator to the new configuration template format. * Adding in sesame * Added back in the markup from previous descriptions... * Add missing default and clean up description to match. * Fixes from comments * Update source/_addons/configurator.markdown Co-Authored-By: tmcarr * Update source/_addons/configurator.markdown Co-Authored-By: tmcarr --- source/_addons/configurator.markdown | 86 ++++++++++++++++++++++------ 1 file changed, 68 insertions(+), 18 deletions(-) diff --git a/source/_addons/configurator.markdown b/source/_addons/configurator.markdown index b5956384ba9..0b0dae29d00 100644 --- a/source/_addons/configurator.markdown +++ b/source/_addons/configurator.markdown @@ -57,27 +57,77 @@ Screenshot of the HASS Configurator. ], "dirsfirst": false, "enforce_basepath": false, - "notify_service": "persistent_notification.create", - "ignore_ssl": false + "notify_service": "persistent_notification.create" } ``` -- **username** (*Required*): Set a username to access your configuration is protected. -- **password** (*Required*): Set a password for access. -- **ssl** (*Required*): Enable or Disable SSL/TLS for the editor. -- **certfile** (*Required*): Set the path the your SSL certificate if the ssl-option is set to `true`. -- **keyfile** (*Required*): Set the path the your SSL private key if the ssl-option is set to `true`. -- **allowed_networks** (*Required*): Limit access to the configurator by adding allowed IP addresses/networks to the list. -- **banned_ips** (*Required*): List of statically banned IP addresses. -- **banlimit** (*Required*): Ban access from IPs after `banlimit` failed login attempts. The default value `0` disables this feature. Restart the add-on to clear the list of banned IP addresses. -- **ignore_pattern** (*Required*): Files and folders to ignore in the UI. -- **dirsfirst** (*Required*): List directories before files in the file browser. -- **enforce_basepath** (*Required*): If set to `true`, access is limited to files within the `/config` directory. -- **notify_service** (*Required*): Specify a custom notify-service to be used to push notifications. -- **ignore_ssl** (*Required*): Ignore SSL errors when accessing the Home Assistant API. -- **sesame** (*Optional*): Secret token to dynamically allow access from the IP the request originates from. Open your bookmark https://hassio.yourdomain.com:8123/somesecretnobodycanguess while `allowed_networks` is set to `[]` and your IP will get whitelisted. You can use the _Network status_ menu to revoke IP addresses for which access has been granted. Regular authentication is still required. -- **sesame_totp_secret** (*Optional*): Like the `sesame` option, but instead as Base32 encoded secret string must be provided. This string then can be added to a TOTP App like Google Authenticator. This way you get a 6-digit `sesame` that changes every 30 seconds. -- **loglevel** (*Optional*): You can change the logging level from the default value `info` if you want to. Valid values are: `debug`, `info`, `warning`, `error`, `critical`. +{% configuration %} +username: + description: Set a username so that access your configuration is protected. + required: true + type: string +password: + description: Set a password for access. + required: true + type: string +ssl: + description: Enable or Disable SSL/TLS for the editor. + required: true + type: boolean + default: false +certfile: + description: Set the path the your SSL certificate if the ssl-option is set to `true`. + required: true + type: string +keyfile: + description: Set the path the your SSL private key if the ssl-option is set to `true`. + required: true + type: string +allowed_networks: + description: Limit access to the configurator by adding allowed IP addresses/networks to the list. + required: true + type: string +banned_ips: + description: List of statically banned IP addresses. + required: true + type: string +banlimit: + description: Ban access from IPs after `banlimit` failed login attempts, setting the value to 0 disables this feature. Restart the add-on to clear the list of banned IP addresses. + required: true + type: integer + default: 0 +ignore_pattern: + description: Regex of files and folders to ignore in the UI. + required: true + type: string +dirsfirst: + description: List directories before files in the file browser. + required: true + type: boolean + default: false +enforce_basepath: + description: If set to `true`, access is limited to files within the `/config` directory. + required: true + type: boolean + default: false +notify_service: + description: Specify a custom notify-service to be used to push notifications. + required: true + type: string +loglevel: + description: The log level the configurator should run with. Valid values are `debug`, `info`, `warning`, `error`, `critical`. + required: false + type: string + default: info +sesame: + description: Secret token to dynamically allow access from the IP the request originates from. Open your bookmark https://hassio.yourdomain.com:8123/somesecretnobodycanguess while `allowed_networks` is set to `[]` and your IP will get whitelisted. You can use the Network status menu to revoke IP addresses for which access has been granted. Regular authentication is still required. + required: false + type: string +sesame_totp_secret: + description: Like the `sesame` option, but instead as Base32 encoded secret string must be provided. This string then can be added to a TOTP App like Google Authenticator. This way you get a 6-digit `sesame` that changes every 30 seconds. + required: false + type: string +{% endconfiguration %}

Be careful when setting up port forwarding to the configurator while embedding into Home Assistant. If you don't restrict access by requiring authentication and/or blocking based on client IP addresses, your configuration will be exposed to the internet!