482 lines
14 KiB
YAML
482 lines
14 KiB
YAML
# OPNsense Device Control Configuration for Home Assistant
|
|
# This provides device discovery, user assignment, and internet blocking capabilities
|
|
|
|
# Input Selects for User Assignment
|
|
input_select:
|
|
# Bella's Devices (Age 14)
|
|
device_user_bella_phone:
|
|
name: "Bella's Phone Owner"
|
|
options:
|
|
- "Bella"
|
|
- "Xander"
|
|
- "William"
|
|
- "Parent"
|
|
- "Guest"
|
|
- "Unassigned"
|
|
initial: "Bella"
|
|
icon: mdi:cellphone
|
|
|
|
device_user_bella_tablet:
|
|
name: "Bella's Tablet Owner"
|
|
options:
|
|
- "Bella"
|
|
- "Xander"
|
|
- "William"
|
|
- "Parent"
|
|
- "Guest"
|
|
- "Unassigned"
|
|
initial: "Bella"
|
|
icon: mdi:tablet
|
|
|
|
# Xander's Devices (Age 15)
|
|
device_user_xander_phone:
|
|
name: "Xander's Phone Owner"
|
|
options:
|
|
- "Bella"
|
|
- "Xander"
|
|
- "William"
|
|
- "Parent"
|
|
- "Guest"
|
|
- "Unassigned"
|
|
initial: "Xander"
|
|
icon: mdi:cellphone
|
|
|
|
device_user_xander_desktop:
|
|
name: "Xander's Desktop Owner"
|
|
options:
|
|
- "Bella"
|
|
- "Xander"
|
|
- "William"
|
|
- "Parent"
|
|
- "Guest"
|
|
- "Unassigned"
|
|
initial: "Xander"
|
|
icon: mdi:desktop-tower
|
|
|
|
# William's Devices (Age 17)
|
|
device_user_william_phone:
|
|
name: "William's Phone Owner"
|
|
options:
|
|
- "Bella"
|
|
- "Xander"
|
|
- "William"
|
|
- "Parent"
|
|
- "Guest"
|
|
- "Unassigned"
|
|
initial: "William"
|
|
icon: mdi:cellphone
|
|
|
|
device_user_william_laptop:
|
|
name: "William's Laptop Owner"
|
|
options:
|
|
- "Bella"
|
|
- "Xander"
|
|
- "William"
|
|
- "Parent"
|
|
- "Guest"
|
|
- "Unassigned"
|
|
initial: "William"
|
|
icon: mdi:laptop
|
|
|
|
# Input Booleans for Internet Blocking
|
|
input_boolean:
|
|
# Master Controls
|
|
parental_controls_enabled:
|
|
name: "Parental Controls Enabled"
|
|
icon: mdi:shield-account
|
|
|
|
# Bella's Device Blocks
|
|
block_bella_phone:
|
|
name: "Block Bella's Phone"
|
|
icon: mdi:cellphone-off
|
|
|
|
block_bella_tablet:
|
|
name: "Block Bella's Tablet"
|
|
icon: mdi:tablet-off
|
|
|
|
# Xander's Device Blocks
|
|
block_xander_phone:
|
|
name: "Block Xander's Phone"
|
|
icon: mdi:cellphone-off
|
|
|
|
block_xander_desktop:
|
|
name: "Block Xander's Desktop"
|
|
icon: mdi:desktop-tower-off
|
|
|
|
# William's Device Blocks
|
|
block_william_phone:
|
|
name: "Block William's Phone"
|
|
icon: mdi:cellphone-off
|
|
|
|
block_william_laptop:
|
|
name: "Block William's Laptop"
|
|
icon: mdi:laptop-off
|
|
|
|
# User-wide blocks (blocks ALL devices for a user)
|
|
block_all_bella_devices:
|
|
name: "Block All Bella's Devices"
|
|
icon: mdi:account-off
|
|
|
|
block_all_xander_devices:
|
|
name: "Block All Xander's Devices"
|
|
icon: mdi:account-off
|
|
|
|
block_all_william_devices:
|
|
name: "Block All William's Devices"
|
|
icon: mdi:account-off
|
|
|
|
# Input Text for Device MAC Addresses
|
|
input_text:
|
|
# Bella's Device MACs
|
|
mac_bella_phone:
|
|
name: "Bella's Phone MAC"
|
|
initial: ""
|
|
icon: mdi:cellphone
|
|
|
|
mac_bella_phone_wifi:
|
|
name: "Bella's Phone WiFi MAC"
|
|
initial: ""
|
|
icon: mdi:wifi
|
|
|
|
mac_bella_tablet:
|
|
name: "Bella's Tablet MAC"
|
|
initial: ""
|
|
icon: mdi:tablet
|
|
|
|
mac_bella_tablet_wifi:
|
|
name: "Bella's Tablet WiFi MAC"
|
|
initial: ""
|
|
icon: mdi:wifi
|
|
|
|
# Xander's Device MACs
|
|
mac_xander_phone:
|
|
name: "Xander's Phone MAC"
|
|
initial: ""
|
|
icon: mdi:cellphone
|
|
|
|
mac_xander_phone_wifi:
|
|
name: "Xander's Phone WiFi MAC"
|
|
initial: ""
|
|
icon: mdi:wifi
|
|
|
|
mac_xander_desktop:
|
|
name: "Xander's Desktop MAC (Wired)"
|
|
initial: ""
|
|
icon: mdi:desktop-tower
|
|
|
|
mac_xander_desktop_wifi:
|
|
name: "Xander's Desktop MAC (WiFi)"
|
|
initial: ""
|
|
icon: mdi:wifi
|
|
|
|
# William's Device MACs
|
|
mac_william_phone:
|
|
name: "William's Phone MAC"
|
|
initial: ""
|
|
icon: mdi:cellphone
|
|
|
|
mac_william_phone_wifi:
|
|
name: "William's Phone WiFi MAC"
|
|
initial: ""
|
|
icon: mdi:wifi
|
|
|
|
mac_william_laptop:
|
|
name: "William's Laptop MAC (Wired)"
|
|
initial: ""
|
|
icon: mdi:laptop
|
|
|
|
mac_william_laptop_wifi:
|
|
name: "William's Laptop MAC (WiFi)"
|
|
initial: ""
|
|
icon: mdi:wifi
|
|
|
|
# Sensors for Device Status
|
|
sensor:
|
|
- platform: template
|
|
sensors:
|
|
bella_devices_blocked_count:
|
|
friendly_name: "Bella Blocked Devices"
|
|
value_template: >
|
|
{% set count = 0 %}
|
|
{% if is_state('input_boolean.block_bella_phone', 'on') %}
|
|
{% set count = count + 1 %}
|
|
{% endif %}
|
|
{% if is_state('input_boolean.block_bella_tablet', 'on') %}
|
|
{% set count = count + 1 %}
|
|
{% endif %}
|
|
{{ count }}
|
|
icon_template: mdi:counter
|
|
|
|
xander_devices_blocked_count:
|
|
friendly_name: "Xander Blocked Devices"
|
|
value_template: >
|
|
{% set count = 0 %}
|
|
{% if is_state('input_boolean.block_xander_phone', 'on') %}
|
|
{% set count = count + 1 %}
|
|
{% endif %}
|
|
{% if is_state('input_boolean.block_xander_desktop', 'on') %}
|
|
{% set count = count + 1 %}
|
|
{% endif %}
|
|
{{ count }}
|
|
icon_template: mdi:counter
|
|
|
|
william_devices_blocked_count:
|
|
friendly_name: "William Blocked Devices"
|
|
value_template: >
|
|
{% set count = 0 %}
|
|
{% if is_state('input_boolean.block_william_phone', 'on') %}
|
|
{% set count = count + 1 %}
|
|
{% endif %}
|
|
{% if is_state('input_boolean.block_william_laptop', 'on') %}
|
|
{% set count = count + 1 %}
|
|
{% endif %}
|
|
{{ count }}
|
|
icon_template: mdi:counter
|
|
|
|
# REST Commands for OPNsense API
|
|
rest_command:
|
|
# Create/Update Firewall Alias for Blocked MACs
|
|
opnsense_update_blocked_alias:
|
|
url: "https://10.0.0.254/api/firewall/alias/setItem/{{ alias_uuid }}"
|
|
method: POST
|
|
headers:
|
|
Content-Type: application/json
|
|
payload: >
|
|
{
|
|
"alias": {
|
|
"enabled": "1",
|
|
"name": "{{ alias_name }}",
|
|
"type": "mac",
|
|
"content": "{{ mac_addresses }}",
|
|
"description": "{{ description }}"
|
|
}
|
|
}
|
|
username: !secret opnsense_api_key
|
|
password: !secret opnsense_api_secret
|
|
verify_ssl: false
|
|
|
|
# Apply Firewall Changes
|
|
opnsense_apply_firewall:
|
|
url: "https://10.0.0.254/api/firewall/filter/apply"
|
|
method: POST
|
|
username: !secret opnsense_api_key
|
|
password: !secret opnsense_api_secret
|
|
verify_ssl: false
|
|
|
|
# Create Block Rule for Alias
|
|
opnsense_create_block_rule:
|
|
url: "https://10.0.0.254/api/firewall/filter/addRule"
|
|
method: POST
|
|
headers:
|
|
Content-Type: application/json
|
|
payload: >
|
|
{
|
|
"rule": {
|
|
"enabled": "1",
|
|
"action": "block",
|
|
"interface": "lan",
|
|
"direction": "out",
|
|
"ipprotocol": "inet",
|
|
"protocol": "any",
|
|
"source_net": "{{ alias_name }}",
|
|
"destination_net": "any",
|
|
"description": "{{ description }}",
|
|
"log": "1"
|
|
}
|
|
}
|
|
username: !secret opnsense_api_key
|
|
password: !secret opnsense_api_secret
|
|
verify_ssl: false
|
|
|
|
# Automations
|
|
automation:
|
|
# Block All Bella Devices Toggle
|
|
- id: block_all_bella_devices_on
|
|
alias: "Block All Bella Devices - ON"
|
|
trigger:
|
|
- platform: state
|
|
entity_id: input_boolean.block_all_bella_devices
|
|
to: 'on'
|
|
action:
|
|
- service: input_boolean.turn_on
|
|
target:
|
|
entity_id:
|
|
- input_boolean.block_bella_phone
|
|
- input_boolean.block_bella_tablet
|
|
|
|
- id: block_all_bella_devices_off
|
|
alias: "Block All Bella Devices - OFF"
|
|
trigger:
|
|
- platform: state
|
|
entity_id: input_boolean.block_all_bella_devices
|
|
to: 'off'
|
|
action:
|
|
- service: input_boolean.turn_off
|
|
target:
|
|
entity_id:
|
|
- input_boolean.block_bella_phone
|
|
- input_boolean.block_bella_tablet
|
|
|
|
# Block All Xander Devices Toggle
|
|
- id: block_all_xander_devices_on
|
|
alias: "Block All Xander Devices - ON"
|
|
trigger:
|
|
- platform: state
|
|
entity_id: input_boolean.block_all_xander_devices
|
|
to: 'on'
|
|
action:
|
|
- service: input_boolean.turn_on
|
|
target:
|
|
entity_id:
|
|
- input_boolean.block_xander_phone
|
|
- input_boolean.block_xander_desktop
|
|
|
|
- id: block_all_xander_devices_off
|
|
alias: "Block All Xander Devices - OFF"
|
|
trigger:
|
|
- platform: state
|
|
entity_id: input_boolean.block_all_xander_devices
|
|
to: 'off'
|
|
action:
|
|
- service: input_boolean.turn_off
|
|
target:
|
|
entity_id:
|
|
- input_boolean.block_xander_phone
|
|
- input_boolean.block_xander_desktop
|
|
|
|
# Block All William Devices Toggle
|
|
- id: block_all_william_devices_on
|
|
alias: "Block All William Devices - ON"
|
|
trigger:
|
|
- platform: state
|
|
entity_id: input_boolean.block_all_william_devices
|
|
to: 'on'
|
|
action:
|
|
- service: input_boolean.turn_on
|
|
target:
|
|
entity_id:
|
|
- input_boolean.block_william_phone
|
|
- input_boolean.block_william_laptop
|
|
|
|
- id: block_all_william_devices_off
|
|
alias: "Block All William Devices - OFF"
|
|
trigger:
|
|
- platform: state
|
|
entity_id: input_boolean.block_all_william_devices
|
|
to: 'off'
|
|
action:
|
|
- service: input_boolean.turn_off
|
|
target:
|
|
entity_id:
|
|
- input_boolean.block_william_phone
|
|
- input_boolean.block_william_laptop
|
|
|
|
# Update OPNsense when blocks change
|
|
- id: update_opnsense_bella_blocks
|
|
alias: "Update OPNsense - Bella Blocks"
|
|
trigger:
|
|
- platform: state
|
|
entity_id:
|
|
- input_boolean.block_bella_phone
|
|
- input_boolean.block_bella_tablet
|
|
action:
|
|
- service: rest_command.opnsense_update_blocked_alias
|
|
data:
|
|
alias_uuid: "bella_blocked"
|
|
alias_name: "Blocked_Bella"
|
|
description: "Bella's Blocked Devices"
|
|
mac_addresses: >
|
|
{% set macs = [] %}
|
|
{% if is_state('input_boolean.block_bella_phone', 'on') %}
|
|
{% if states('input_text.mac_bella_phone') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_bella_phone')] %}
|
|
{% endif %}
|
|
{% if states('input_text.mac_bella_phone_wifi') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_bella_phone_wifi')] %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if is_state('input_boolean.block_bella_tablet', 'on') %}
|
|
{% if states('input_text.mac_bella_tablet') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_bella_tablet')] %}
|
|
{% endif %}
|
|
{% if states('input_text.mac_bella_tablet_wifi') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_bella_tablet_wifi')] %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{{ macs | join('\n') }}
|
|
- delay:
|
|
seconds: 2
|
|
- service: rest_command.opnsense_apply_firewall
|
|
|
|
- id: update_opnsense_xander_blocks
|
|
alias: "Update OPNsense - Xander Blocks"
|
|
trigger:
|
|
- platform: state
|
|
entity_id:
|
|
- input_boolean.block_xander_phone
|
|
- input_boolean.block_xander_desktop
|
|
action:
|
|
- service: rest_command.opnsense_update_blocked_alias
|
|
data:
|
|
alias_uuid: "xander_blocked"
|
|
alias_name: "Blocked_Xander"
|
|
description: "Xander's Blocked Devices"
|
|
mac_addresses: >
|
|
{% set macs = [] %}
|
|
{% if is_state('input_boolean.block_xander_phone', 'on') %}
|
|
{% if states('input_text.mac_xander_phone') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_xander_phone')] %}
|
|
{% endif %}
|
|
{% if states('input_text.mac_xander_phone_wifi') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_xander_phone_wifi')] %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if is_state('input_boolean.block_xander_desktop', 'on') %}
|
|
{% if states('input_text.mac_xander_desktop') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_xander_desktop')] %}
|
|
{% endif %}
|
|
{% if states('input_text.mac_xander_desktop_wifi') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_xander_desktop_wifi')] %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{{ macs | join('\n') }}
|
|
- delay:
|
|
seconds: 2
|
|
- service: rest_command.opnsense_apply_firewall
|
|
|
|
- id: update_opnsense_william_blocks
|
|
alias: "Update OPNsense - William Blocks"
|
|
trigger:
|
|
- platform: state
|
|
entity_id:
|
|
- input_boolean.block_william_phone
|
|
- input_boolean.block_william_laptop
|
|
action:
|
|
- service: rest_command.opnsense_update_blocked_alias
|
|
data:
|
|
alias_uuid: "william_blocked"
|
|
alias_name: "Blocked_William"
|
|
description: "William's Blocked Devices"
|
|
mac_addresses: >
|
|
{% set macs = [] %}
|
|
{% if is_state('input_boolean.block_william_phone', 'on') %}
|
|
{% if states('input_text.mac_william_phone') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_william_phone')] %}
|
|
{% endif %}
|
|
{% if states('input_text.mac_william_phone_wifi') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_william_phone_wifi')] %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if is_state('input_boolean.block_william_laptop', 'on') %}
|
|
{% if states('input_text.mac_william_laptop') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_william_laptop')] %}
|
|
{% endif %}
|
|
{% if states('input_text.mac_william_laptop_wifi') != '' %}
|
|
{% set macs = macs + [states('input_text.mac_william_laptop_wifi')] %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{{ macs | join('\n') }}
|
|
- delay:
|
|
seconds: 2
|
|
- service: rest_command.opnsense_apply_firewall
|