1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 40, 'rankSpacing': 50}}}%%
flowchart TB
subgraph ha_host ["huitral 192.168.99.22 - network_mode: host"]
direction TB
subgraph ha_container ["Home Assistant - Docker"]
direction TB
ha_core["HA Core<br/>ghcr.io/home-assistant/<br/>home-assistant:stable<br/>Port: 8123"]
ha_ws["WebSocket<br/>connexions longues"]
end
subgraph ha_config ["Configuration"]
direction LR
config_dir["/opt/homeassistant/config<br/>-> /config"]
config_yaml["configuration.yaml<br/>internal_url: ha.arauco.online<br/>external_url: ha.arauco.online"]
secrets["secrets.yaml"]
config_dir --- config_yaml
config_dir --- secrets
end
subgraph ha_proxy ["Reverse Proxy"]
trusted["trusted_proxies<br/>192.168.99.0/24<br/>use_x_forwarded_for: true"]
end
subgraph ha_integrations ["Integrations"]
direction TB
subgraph hacs_int ["HACS"]
direction LR
oidc_comp["hass-oidc-auth<br/>Composant OIDC"]
vikunja_int["Vikunja Todo<br/>Listes de taches"]
end
subgraph cameras ["Cameras"]
direction LR
onvif["ONVIF<br/>Decouverte auto + PTZ"]
rtsp["RTSP / MJPEG<br/>Flux video"]
end
subgraph local_todo ["Todo local"]
ha_todo["HA Shopping List<br/>Listes locales"]
end
end
end
subgraph oidc_auth ["Authentification OIDC"]
direction TB
auth_flow["auth_oidc:<br/>client_id: homeassistant<br/>discovery_url: kc.arauco.online<br/>/realms/chiruca/.well-known/<br/>openid-configuration"]
login_btn["Bouton SSO<br/>OpenID Connect"]
welcome["/auth/oidc/welcome<br/>Code unique 5 min"]
auth_flow --> login_btn --> welcome
end
subgraph keycloak_ext ["Keycloak npagnun .35"]
kc["Realm chiruca<br/>Client: homeassistant<br/>Redirect: ha.arauco.online<br/>/auth/oidc/callback"]
google["-> Google IdP"]
kc --> google
end
subgraph caddy_ext ["Caddy araucaria .50"]
caddy["ha.arauco.online<br/>HTTPS -> :8123<br/>WebSocket: read_timeout 0"]
end
subgraph vikunja_ext ["Vikunja huitral .22"]
vk["vk.arauco.online<br/>:3456<br/>API REST"]
end
subgraph users_ext ["Utilisateurs"]
direction TB
persons["Personnes HA<br/>paul, anne, toshiro..."]
notify["Notifications mobiles<br/>notify.mobile_app_*"]
end
caddy -->|"HTTP + WS"| ha_core
oidc_comp -->|"OIDC"| kc
vikunja_int -->|"API"| vk
ha_core --> ha_integrations
users_ext --> ha_core
persons -.-> notify
classDef haStyle fill:#1e4a4a,stroke:#4a9a9a,color:#a8e0e0
classDef configStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8
classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
classDef userStyle fill:#3a1e5f,stroke:#8a6ad9,color:#c8b0f0
class ha_core,ha_ws haStyle
class config_dir,config_yaml,secrets configStyle
class trusted,auth_flow,login_btn,welcome secStyle
class oidc_comp,vikunja_int,onvif,rtsp,ha_todo svcStyle
class kc,google iamStyle
class caddy netStyle
class vk svcStyle
class persons,notify userStyle
|
