Setting up Home Assistant in Docker to control HomeKit device
Context
Setting up Home Assistant to control brand new Velux roof windows through the Velux Active with Netatmo gateway (through HomeKit integration).
Host setup
Discovery testing
Manually make an mDNS query to discover HomeKit devices on an interface:
dig -b <interface-address> @224.0.0.251 -p 5353 -t ptr _hap._tcp.local
Container networking mode
HomeKit discovery relies on mDNS to discover devices, so Home Assistant needs to be able to send out multicast queries, which is currently not supported with non-host networking. So, not choice but to use host networking. (That’s clearly written in the doc, but I still tried to get it working with ipvlan, to no avail).
Interface selection
By default, HomeAssistant will use only the network interface of the default route (next hop for the link-local multicast address 224.0.0.251). To enable additional interfaces, one needs to adjust network settings, which requires setting the user profile to advanced mode.
Traefik setup
When using host networking, Traefik will connect to the container on the host’s bridge IP (here 172.17.0.1
). In order for HA to bind only to that address (and not be exposed to the LAN), I therefore set server_address
to host.docker.internal
.
Mikrotik setup
I am assigning a separate IoT VLAN to the gateway through a Mikrotik wireless access list. By default, the device will only see multicast frames sent to the default VLAN of the interface (not to the overridden VLAN from the access list). In order for it to get the multicast frames of its ACL-assigned VLAN, the multicast-helper=full
option must be enabled on the wifi interface (doc).
(Actually I ended up creating a separate virtual SSID for all things IoT instead, so that I do not need to manually maintain the access list).