Create user with specific privileges? How to let HomeAssistant remotely shut down Scale

[JEr4t6kJC3]

Hi,

I'm trying to let my HomeAssistant Pi remotely shut down my TrueNAS Scale server.

I would like to create a user with very specific rights to perform only shutdown without a password prompt. (And do auth through public/private key).

Obviously editing the visudo file will get reset upon reboot. And the functionality is not built into the UI.

Reddit advised that I could create a startup script that edited the visudo on every boot. However this feels like an error prone way of doing things.

Does anyone know how to persistantly edit the visudo or any other config that'll solve my problem?

Thanks!

 

[c77dk]

try looking at the API - I would believe you can trigger a shutdown that way.

May I ask why you want HA to shutdown your NAS? If it's due to a power outage and UPS usage, then it can be accomplished using NUT

 

[JEr4t6kJC3]

I have never ventured into the world of APIs. Are you able to give me some pointers as to how I would go about triggering a shutdown from HomeAssistant? Perhaps a newbie guide or some sort?

I want to be able to power off Scale when I don't use it; to save on the powerbill (With my current HW the server draws 100W idle). With HomeAssistant being able to do this, it allows me to automate power on/off as well as trigger it manually.

 

[c77dk]

I'm on CORE myself, so can't speak about SCALE specifics - but the docs have a little about the API https://www.truenas.com/docs/scale/api/

One thing to consider when stopping/starting the NAS is the wear on the disks, but I fully understand the desire to save on the powerbill. If you haven't done so, try searching the forums for the topic.

 

[Samuel Tai]

There's an alternative, which doesn't require creating system-level accounts with sudo permissions: Network UPS Tools (NUT). If your TrueNAS server has a UPS attached, you could install NUT on your Pi. On your TrueNAS server, you can create NUT application accounts in the Extra Users field:

In your case, you probably want to use:

Code:

[Remote-Power-Off]
password = <set some long password here>
instcmds = shutdown.stop

Then, on your Pi, to initiate a shutdown, run upscmd -u Remote-Power-Off -p <long password set before> <UPS identifier set in UPS service Identifier field>@<IP of your UPS> shutdown.stop.

If you're concerned about the upscmd password passing in the clear, you can SSH tunnel port 3493 between your Pi and the TrueNAS server:

1. ssh -L 3493:localhost:3493 -l <account on TrueNAS with SSH key> <IP of your TrueNAS>
2. upscmd -u Remote-Power-Off -p <long password set before> <UPS identifier set in UPS service Identifier field>@localhost:3493 shutdown.stop