[cheeko1234]

Wow, Esphome on the front page. This project is what makes me feel like ironman.

The most used esphome is the one I have installed with a relay to my garage opener. I'm able to automatically conjure siri using 'hey siri' on my airpods and tell her to open my garage, while being on my motorcycle. The response time of my garage opening from having finished my sentence to siri is less than half a second! I drive right in, and I have a timer set on home assistant to hit the relay again after a minute so the garage closes automatically. Also have 5 esphomes with motion/temperature sensors.

All my automations are programmed using node-red. Everything is run using docker-compose.

Keep in mind, my home assistant or esphome is NOT open to the internet, and only controllable by apple devices from outside the network.

[toxik]

> Keep in mind, my home assistant or esphome is NOT open to the internet, and only controllable by apple devices from outside the network.

Sounds like they’re network connected to me!

[avianlyric]

Attached to HomeKit, so the devices outside of the network need to use iCloud and HomeHub (Apple TV, HomePod etc) to bridge into the network.

In short your phone kindly asks an Apple TV (within your local network) to execute a device command on its behalf, via iCloud.

If you trust Apple to get their device-to-device auth and crypto right (which is the same stuff that power iCloud Keychain), then you can trust HomeKit to not expose your home devices to randos on the internet.

[toxik]

I do the same thing, so I understand the topology - that’s why I pointed it out, your Apple TV can be made a trojan horse, as it were, for example if there is a 0-day in tvOS. (And you have to assume that there are.)

I’m not saying it’s likely you’ll be targeted, I’m just saying the actual security offered by this setup is not very good.

[Vladimof]

> If you trust Apple to get their device-to-device auth and crypto right (which is the same stuff that power iCloud Keychain), then you can trust HomeKit to not expose your home devices to randos on the internet.

I would rather host a Wireguard VPN on my home network...

[windexh8er]

I've got a vanilla Wireguard host that terminates connections for my local network but I've been thinking about trying out firezone [0] as it appears I can better segment (with firewall policy) those connections terminating to the host within one UI.

[0] https://www.firezone.dev/

[RcrdBrt]

Didn't know that project. Sounds like an opensource Tailscale with more features. Love it, thanks for sharing!

[razemio]

This would not work with Siri which is the requirement to open a garage door hands free by voice with your iOS device.

[LoveMortuus]

I think I might be missing something, because how does 'not open to the internet' and 'controllable only from outside of the network' not contradict itself?

[thedanbob]

I believe he means the Home Assistant instance is not exposed to the internet, but it's bridged to Homekit which is available outside his home network. I have the opposite setup: my Home Assistant instance is available off network, but I don't have a Homepod or newer Apple TV so I can only use Siri to control it at home.

[LoveMortuus]

Can people not access the Home Assistant through Homekit? Sorry if I'm asking obvious questions, I haven't tried any of these, not even Alexa or Google's one. I don't even think they're available in my country (Slovenia) and they don't really have a lot of useful Slovenian information.

On a surprising note: The language recognition had become really good for Slovenian!

[thedanbob]

Home Assistant has both a HomeKit bridge integration to let HomeKit control HA devices (what I use) and a HomeKit controller integration to let HA control HomeKit devices. The first one is limited to your local network, however, unless you have some sort of Apple hub like a HomePod or recent model AppleTV to stay connected to Home Assistant.