azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: Add Wrightstown Solar and Smart Home projects

Browse Source 
New projects from 2026-02-09 research session:

Wrightstown Solar:
- DIY 48V LiFePO4 battery storage (EVE C40 cells)
- Victron MultiPlus II whole-house UPS design
- BMS comparison (Victron CAN bus compatible)
- EV salvage analysis (new cells won)
- Full parts list and budget

Wrightstown Smart Home:
- Home Assistant Yellow setup (local voice, no cloud)
- Local LLM server build guide (Ollama + RTX 4090)
- Hybrid LLM bridge (LiteLLM + Claude API + Grok API)
- Network security (VLAN architecture, PII sanitization)

Machine: ACG-M-L5090
Timestamp: 2026-02-09

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Mike Swanson
2026-02-10 18:44:35 -07:00
parent fee9cc01ac
commit aaf4172b3c
12 changed files with 1953 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
projects/wrightstown-smarthome/documentation/ha-yellow-setup.md Normal file
View File

@@ -0,0 +1,166 @@
# Home Assistant Yellow - Setup Guide
**Created:** 2026-02-09
**Hardware:** Home Assistant Yellow (owned, not yet set up)
---
## What's In the Yellow
- Custom carrier board with Zigbee 3.0 radio (external antenna)
- Matter-ready architecture
- M.2 slot for NVMe SSD (add terabytes of storage)
- Power supply with international adapters (or PoE)
- Custom heatsink and thermal pad
- Ethernet cable
**Important:** Yellow production ended October 2025, but continues receiving full software updates. No action needed -- it's still fully supported.
**Requires separately:** Raspberry Pi Compute Module 4 or 5
- Minimum: CM4 with 2GB RAM + 16GB eMMC
- Recommended: CM4 4GB RAM + 32GB eMMC
- CM4 Lite option requires NVMe SSD (no eMMC)
- CM5 supported since HAOS 14 (November 2024)
---
## Setup Process
### Hardware Assembly
1. Install CM4/CM5 -- align CE mark at bottom, press firmly onto connectors
2. Apply thermal pad to SOC (silver square near Raspberry icon)
3. Place heatsink on thermal pad
4. (Optional) Install NVMe SSD in M.2 slot
5. Close enclosure
### First Boot
1. Connect Ethernet cable to router
2. Connect power supply
3. Wait 5-10 minutes for initial setup
4. Access Home Assistant at `http://homeassistant.local:8123`
5. Follow onboarding wizard:
- Create admin account
- Set location and timezone
- Auto-discover devices on network
### Post-Setup Essentials
1. **Install HACS** (Home Assistant Community Store) -- for custom integrations
2. **Configure Zigbee** -- ZHA integration auto-detects the built-in radio
3. **Set up backups** -- Automatic daily backups to NAS or cloud
4. **Install File Editor** -- for editing YAML configs in browser
---
## Local Voice Assistant (Replace Alexa/Google)
### Core Components (All Local, No Cloud)
**Whisper** -- Speech-to-text (OpenAI's engine, runs locally)
- Processing: ~8 seconds on RPi4 for transcription
- Languages: English primary, expanding multilingual
**Piper** -- Text-to-speech (neural TTS, optimized for RPi)
- Multiple voice options
- Very fast synthesis
- Natural-sounding output
**Wyoming Protocol** -- Communication standard between voice services
- Connects Whisper, Piper, and wake word detection
- Supports remote satellites
**openWakeWord** -- Wake word detection
- "Hey Jarvis", "Alexa" (custom), "OK Nabu"
- Custom wake words trainable
- English-only currently
### Setup Steps
1. Go to Settings > Add-ons
2. Install "Whisper" add-on > Start
3. Install "Piper" add-on > Start
4. Install "openWakeWord" add-on > Start
5. Go to Settings > Voice Assistants
6. Create new assistant:
- Speech-to-text: Whisper
- Text-to-speech: Piper
- Wake word: openWakeWord
- Conversation agent: (Home Assistant default, or Ollama later)
### Voice Satellites (Room-by-Room Control)
**Option 1: Wyoming Satellite (RPi-based)**
- Raspberry Pi Zero 2W + microphone + speaker
- ~$30-50 per room
- Full wake word + voice processing
**Option 2: ESPHome Voice Satellite (ESP32-based)**
- ESP32-S3 + I2S microphone + speaker
- ~$15-25 per room
- Auto-discovery via Zeroconf
- Supports media player, timers, conversations
- ESPHome 2025.5.0+ integration
---
## Key Integrations
### Zigbee (Built-in Radio)
The Yellow has a Silicon Labs Zigbee radio. Use ZHA (Zigbee Home Automation) integration:
- Auto-detected on first boot
- Supports 100+ Zigbee device brands
- No additional dongle needed
**Recommended Zigbee Devices:**
- Lights: IKEA Tradfri, Philips Hue (Zigbee mode)
- Sensors: Aqara door/window, motion, temperature
- Switches: Sonoff SNZB series
- Plugs: Innr, IKEA, Sonoff
### Victron Solar (Future Crossover)
When Victron MultiPlus II + Cerbo GX are installed:
**Integration Methods:**
- **Modbus TCP** (recommended): Direct polling via `hass-victron` custom integration
- **MQTT**: Bidirectional via Cerbo GX
- **VRM API**: Cloud-based (60-minute refresh, built-in since HA 2025.10)
**Best Practice:** Use 5-second Modbus scan interval (not 20 seconds)
**Energy Automations:**
- Run high-load devices when battery SOC > 75%
- Trigger charging at 25%, stop at 50%
- EMHASS (Energy Management for Home Assistant) for optimal solar usage
### Ollama / Local LLM
Native Ollama integration (HA 2025.6+):
1. Settings > Devices & Services > Add Integration > "Ollama"
2. Enter Ollama server URL: `http://<llm-server-ip>:11434`
3. Settings > Voice Assistants > Select "Ollama" as conversation agent
**Extended OpenAI Conversation** (HACS custom component):
- Supports OpenAI-compatible APIs (Ollama, LiteLLM)
- Function calling for HA service control
- Create automations, query APIs, control devices via natural language
- Install via HACS custom repository
**Multi-Model Strategy:**
- Agent 1: Qwen 2.5 7B for real-time voice commands (fast, <1s response)
- Agent 2: Llama 3.1 70B for complex reasoning (slower, smarter)
- Route via LiteLLM proxy
---
## Sources
- https://www.home-assistant.io/yellow/
- https://yellow.home-assistant.io/guides/install-cm4/
- https://www.home-assistant.io/integrations/wyoming/
- https://www.home-assistant.io/voice_control/voice_remote_local_assistant/
- https://www.home-assistant.io/integrations/ollama/
- https://github.com/jekalmin/extended_openai_conversation

290
projects/wrightstown-smarthome/documentation/hybrid-bridge.md Normal file
View File

@@ -0,0 +1,290 @@
# Hybrid LLM Bridge - Local + Cloud Routing
**Created:** 2026-02-09
**Purpose:** Route queries intelligently between local Ollama, Claude API, and Grok API
---
## Architecture
```
User Query (voice, chat, HA automation)
|
[LiteLLM Proxy]
localhost:4000
|
Routing Decision
/ | \
[Ollama] [Claude] [Grok]
Local Anthropic xAI
Free Reasoning Search
Private $3/$15/1M $3/$15/1M
```
---
## Recommended: LiteLLM Proxy
Unified API gateway that presents a single OpenAI-compatible endpoint. Everything talks to `localhost:4000` and LiteLLM routes to the right backend.
### Installation
```bash
pip install litellm[proxy]
```
### Configuration (`config.yaml`)
```yaml
model_list:
# Local models (free, private)
- model_name: local-fast
litellm_params:
model: ollama/qwen2.5:7b
api_base: http://localhost:11434
- model_name: local-reasoning
litellm_params:
model: ollama/llama3.1:70b-q4
api_base: http://localhost:11434
# Cloud: Claude (complex reasoning)
- model_name: cloud-reasoning
litellm_params:
model: claude-sonnet-4-5-20250929
api_key: sk-ant-XXXXX
- model_name: cloud-reasoning-cheap
litellm_params:
model: claude-haiku-4-5-20251001
api_key: sk-ant-XXXXX
# Cloud: Grok (internet search)
- model_name: cloud-search
litellm_params:
model: grok-4
api_key: xai-XXXXX
api_base: https://api.x.ai/v1
router_settings:
routing_strategy: simple-shuffle
allowed_fails: 2
num_retries: 3
budget_policy:
local-fast: unlimited
local-reasoning: unlimited
cloud-reasoning: $50/month
cloud-reasoning-cheap: $25/month
cloud-search: $25/month
```
### Start the Proxy
```bash
litellm --config config.yaml --port 4000
```
### Usage
Everything talks to `http://localhost:4000` with OpenAI-compatible format:
```python
import openai
client = openai.OpenAI(
api_key="anything", # LiteLLM doesn't need this for local
base_url="http://localhost:4000"
)
# Route to local
response = client.chat.completions.create(
model="local-fast",
messages=[{"role": "user", "content": "Turn on the lights"}]
)
# Route to Claude
response = client.chat.completions.create(
model="cloud-reasoning",
messages=[{"role": "user", "content": "Analyze my energy usage patterns"}]
)
# Route to Grok
response = client.chat.completions.create(
model="cloud-search",
messages=[{"role": "user", "content": "What's the current electricity rate in PA?"}]
)
```
---
## Routing Strategy
### What Goes Where
**Local (Ollama) -- Default for everything private:**
- Home automation commands ("turn on lights", "set thermostat to 72")
- Sensor data queries ("what's the temperature in the garage?")
- Camera-related queries (never send video to cloud)
- Personal information queries
- Simple Q&A
- Quick lookups from local knowledge
**Claude API -- Complex reasoning tasks:**
- Detailed analysis ("analyze my energy trends this month")
- Code generation ("write an HA automation for...")
- Long-form content creation
- Multi-step reasoning problems
- Function calling for HA service control
**Grok API -- Internet/real-time data:**
- Current events ("latest news on solar tariffs")
- Real-time pricing ("current electricity rates")
- Weather data (if not using local integration)
- Web searches
- Anything requiring information the local model doesn't have
### Manual vs Automatic Routing
**Phase 1 (Start here):** Manual model selection
- User picks "local-fast", "cloud-reasoning", or "cloud-search" in Open WebUI
- Simple, no mistakes, full control
- Good for learning which queries work best where
**Phase 2 (Later):** Keyword-based routing in LiteLLM
- Route based on keywords in the query
- "search", "latest", "current" --> Grok
- "analyze", "explain in detail", "write code" --> Claude
- Everything else --> local
**Phase 3 (Advanced):** Semantic routing
- Use sentence embeddings to classify query intent
- Small local model (all-MiniLM-L6-v2) classifies in 50-200ms
- Most intelligent routing, but requires Python development
---
## Cloud API Details
### Claude (Anthropic)
**Endpoint:** `https://api.anthropic.com/v1/messages`
**Get API key:** https://console.anthropic.com/
**Pricing (2025-2026):**
| Model | Input/1M tokens | Output/1M tokens | Best For |
|---|---|---|---|
| Claude Haiku 4.5 | $0.50 | $2.50 | Fast, cheap tasks |
| Claude Sonnet 4.5 | $3.00 | $15.00 | Best balance |
| Claude Opus 4.5 | $5.00 | $25.00 | Top quality |
**Cost optimization:**
- Prompt caching: 90% savings on repeated system prompts
- Use Haiku for simple tasks, Sonnet for complex ones
- Batch processing available for non-urgent tasks
**Features:**
- 200k context window
- Extended thinking mode
- Function calling (perfect for HA control)
- Vision support (could analyze charts, screenshots)
### Grok (xAI)
**Endpoint:** `https://api.x.ai/v1/chat/completions`
**Get API key:** https://console.x.ai/
**Format:** OpenAI SDK compatible
**Pricing:**
| Model | Input/1M tokens | Output/1M tokens | Best For |
|---|---|---|---|
| Grok 4.1 Fast | $0.20 | $1.00 | Budget queries |
| Grok 4 | $3.00 | $15.00 | Full capability |
**Free credits:** $25 new user + $150/month if opting into data sharing program
**Features:**
- 2 million token context window (industry-leading)
- Real-time X (Twitter) integration
- Internet search capability
- OpenAI SDK compatibility
---
## Monthly Cost Estimates
### Conservative Use (80/15/5 Split, 1000 queries/month)
| Route | Queries | Model | Cost |
|---|---|---|---|
| Local (80%) | 800 | Ollama | $0 |
| Claude (15%) | 150 | Haiku 4.5 | ~$0.45 |
| Grok (5%) | 50 | Grok 4.1 Fast | ~$0.07 |
| **Total** | **1000** | | **~$0.52/month** |
### Heavy Use (60/25/15 Split, 3000 queries/month)
| Route | Queries | Model | Cost |
|---|---|---|---|
| Local (60%) | 1800 | Ollama | $0 |
| Claude (25%) | 750 | Sonnet 4.5 | ~$15 |
| Grok (15%) | 450 | Grok 4 | ~$9 |
| **Total** | **3000** | | **~$24/month** |
**Add electricity for LLM server:** ~$15-30/month (RTX 4090 build)
---
## Home Assistant Integration
### Connect HA to LiteLLM Proxy
**Option 1: Extended OpenAI Conversation (Recommended)**
Install via HACS, then configure:
- API Base URL: `http://<llm-server-ip>:4000/v1`
- API Key: (any string, LiteLLM doesn't validate for local)
- Model: `local-fast` (or any model name from your config)
This gives HA natural language control:
- "Turn off all lights downstairs" --> local LLM understands --> calls HA service
- "What's my battery charge level?" --> queries HA entities --> responds
**Option 2: Native Ollama Integration**
Settings > Integrations > Ollama:
- URL: `http://<llm-server-ip>:11434`
- Simpler but bypasses the routing layer
### Voice Assistant Pipeline
```
Wake word detected ("Hey Jarvis")
|
Whisper (speech-to-text, local)
|
Query text
|
Extended OpenAI Conversation
|
LiteLLM Proxy (routing)
|
Response text
|
Piper (text-to-speech, local)
|
Speaker output
```
---
## Sources
- https://docs.litellm.ai/
- https://github.com/open-webui/open-webui
- https://console.anthropic.com/
- https://docs.x.ai/developers/models
- https://github.com/jekalmin/extended_openai_conversation
- https://github.com/aurelio-labs/semantic-router

192
projects/wrightstown-smarthome/documentation/llm-server-build.md Normal file
View File

@@ -0,0 +1,192 @@
# Local LLM Server - Build Guide
**Created:** 2026-02-09
**Purpose:** Dedicated local LLM inference server for smart home + general use
---
## Recommended Build: RTX 4090 (Sweet Spot)
| Component | Spec | Est. Cost |
|---|---|---|
| GPU | NVIDIA RTX 4090 24GB | $1,200-1,500 |
| CPU | AMD Ryzen 7 5800X3D | $250 |
| Motherboard | B550 | $120 |
| RAM | 64GB DDR4 (2x32GB) | $120 |
| Storage | 1TB NVMe Gen4 | $80 |
| PSU | 850W Gold | $100 |
| Case | Mid-tower, good airflow | $70 |
| **Total** | | **$1,940-2,240** |
### Why This Build
- 24GB VRAM runs 70B parameter models at 4-bit quantization (7-9 tok/s)
- 30B models at 8-bit quality (20+ tok/s)
- 7-8B models at full speed (30+ tok/s)
- Handles everything from quick voice commands to serious reasoning
- Single GPU keeps complexity low
### Alternative Builds
**Budget (~$580):**
- RTX 3060 12GB (used, $250)
- Ryzen 5 5600X + B450 + 32GB DDR4
- Runs 7B models great, 13B quantized
- Fine for voice commands and basic queries
**Flagship (~$4,000-5,400):**
- RTX 5090 32GB ($2,500-3,800)
- Ryzen 9 7950X + X670E + 128GB DDR5
- 70B models at high quality (20+ tok/s)
- 67% faster than 4090
- Future-proof for larger models
**Efficiency (Mac Mini M4 Pro, $1,399+):**
- 24-64GB unified memory
- 20W power draw vs 450W for 4090
- Great for always-on server
- Qwen 2.5 32B at 11-12 tok/s on 64GB config
---
## Software Stack
### Primary: Ollama
```bash
# Install (Linux)
curl -fsSL https://ollama.com/install.sh | sh
# Install (Windows)
# Download from https://ollama.com/download
# Pull models
ollama pull qwen2.5:7b # Fast voice commands
ollama pull llama3.1:8b # General chat
ollama pull qwen2.5:32b # Complex reasoning (needs 24GB+ VRAM)
ollama pull llama3.1:70b-q4 # Near-cloud quality (needs 24GB VRAM)
# API runs on http://localhost:11434
```
**Why Ollama:**
- One-command install
- Built-in model library
- OpenAI-compatible API (works with LiteLLM, Open WebUI, HA)
- Auto-optimized for your hardware
- Dead simple
### Web Interface: Open WebUI
```bash
docker run -d -p 3000:8080 \
-v open-webui:/app/backend/data \
-e OLLAMA_BASE_URL=http://localhost:11434 \
ghcr.io/open-webui/open-webui:main
```
- ChatGPT-like interface at `http://<server-ip>:3000`
- Model selection dropdown
- Conversation history
- RAG (Retrieval Augmented Generation) support
- User accounts
---
## Model Recommendations
### For Home Assistant Voice Commands (Speed Priority)
| Model | VRAM | Speed (4090) | Quality | Use Case |
|---|---|---|---|---|
| Qwen 2.5 7B | 4GB | 30+ tok/s | Good | Voice commands, HA control |
| Phi-3 Mini 3.8B | 2GB | 40+ tok/s | Decent | Ultra-fast simple queries |
| Llama 3.1 8B | 5GB | 30+ tok/s | Good | General chat |
| Gemma 2 9B | 6GB | 25+ tok/s | Good | Efficient general use |
### For Complex Reasoning (Quality Priority)
| Model | VRAM (Q4) | Speed (4090) | Quality | Use Case |
|---|---|---|---|---|
| Qwen 2.5 32B | 18GB | 15-20 tok/s | Very Good | Detailed analysis |
| Llama 3.1 70B | 35GB | 7-9 tok/s | Excellent | Near-cloud reasoning |
| DeepSeek R1 | Varies | 10-15 tok/s | Excellent | Step-by-step reasoning |
| Mistral 22B | 12GB | 20+ tok/s | Good | Balanced speed/quality |
### For Code
| Model | Best For |
|---|---|
| DeepSeek Coder V2 | Debugging, refactoring |
| Qwen3 Coder | Agentic coding tasks |
| Llama 3.1 70B | General code + reasoning |
### Quantization Guide
4-bit quantization maintains 95-98% quality at 75% less VRAM. Most users can't tell the difference.
| Quantization | VRAM Use | Quality | When to Use |
|---|---|---|---|
| Q4_K_M | 25% of full | 95-98% | Default for most models |
| Q5_K_M | 31% of full | 97-99% | When you have spare VRAM |
| Q8_0 | 50% of full | 99%+ | When quality matters most |
| FP16 (full) | 100% | 100% | Only for small models (7B) |
---
## RAM Requirements
| Model Size | Minimum System RAM | Recommended | GPU VRAM (Q4) |
|---|---|---|---|
| 7B | 16GB | 32GB | 4-5GB |
| 13B | 32GB | 32GB | 8-9GB |
| 30B | 32GB | 64GB | 16-18GB |
| 70B | 64GB | 128GB | 35-40GB |
---
## Power and Noise Considerations
This is an always-on server in your home:
| GPU | TDP | Idle Power | Annual Electricity (24/7) |
|---|---|---|---|
| RTX 3060 12GB | 170W | ~15W | ~$50-80/yr idle |
| RTX 4060 Ti 16GB | 165W | ~12W | ~$45-75/yr idle |
| RTX 4090 24GB | 450W | ~20W | ~$60-100/yr idle |
| RTX 5090 32GB | 575W | ~25W | ~$75-120/yr idle |
**Tips:**
- Configure GPU to idle at low power when no inference running
- Use Ollama's auto-unload (models unload from VRAM after idle timeout)
- Consider noise: a 4090 under load is not quiet. Use a case with good fans and put the server in a utility room/closet
---
## Server OS Recommendations
**Ubuntu Server 24.04 LTS** (recommended)
- Best NVIDIA driver support
- Docker native
- Easy Ollama install
- Headless (no GUI overhead)
**Windows 11** (if you want dual-use)
- Ollama has native Windows support
- Docker Desktop for Open WebUI
- More overhead than Linux
**Proxmox** (if you want to run multiple VMs/containers)
- GPU passthrough to LLM VM
- Run other services alongside
- More complex setup
---
## Sources
- https://localllm.in/blog/best-gpus-llm-inference-2025
- https://sanj.dev/post/affordable-ai-hardware-local-llms
- https://introl.com/blog/local-llm-hardware-pricing-guide-2025
- https://www.glukhov.org/post/2025/11/hosting-llms-ollama-localai-jan-lmstudio-vllm-comparison/
- https://huggingface.co/blog/daya-shankar/open-source-llms

210
projects/wrightstown-smarthome/documentation/network-security.md Normal file
View File

@@ -0,0 +1,210 @@
# Network Security - VLAN Architecture & Privacy
**Created:** 2026-02-09
**Purpose:** IoT isolation, private data protection, PII sanitization for cloud APIs
---
## VLAN Architecture
```
+---------------------------------------------+
| VLAN 1: Trusted (192.168.1.0/24) |
| Laptops, phones, tablets |
| Full internet access |
| Can initiate connections to all VLANs |
+---------------------------------------------+
| (can access)
+---------------------------------------------+
| VLAN 10: Infrastructure (192.168.10.0/24) |
| Home Assistant Yellow |
| LLM Server |
| NAS (if applicable) |
| Can access Trusted + IoT VLANs |
+---------------------------------------------+
| (can access)
+---------------------------------------------+
| VLAN 20: IoT (192.168.20.0/24) |
| Zigbee coordinator (HA Yellow) |
| WiFi cameras, sensors, smart plugs |
| BLOCKED from initiating to Trusted |
| Internet restricted (DNS/NTP only) |
+---------------------------------------------+
| (restricted)
+---------------------------------------------+
| VLAN 99: Guest (192.168.99.0/24) |
| Guest devices |
| Internet only, no internal access |
+---------------------------------------------+
```
---
## Firewall Rules
### Rule 1: IoT Isolation (Critical)
- **ALLOW:** Trusted --> IoT (control devices from phone)
- **BLOCK:** IoT --> Trusted (prevent compromised device probing network)
### Rule 2: Infrastructure Bridge
- **ALLOW:** Infrastructure --> IoT (HA controls devices)
- **ALLOW:** Infrastructure --> Trusted (send notifications)
- **ALLOW:** Trusted --> Infrastructure (access HA web UI, LLM)
### Rule 3: IoT Internet Restriction
- **ALLOW:** IoT --> DNS (port 53) and NTP (port 123)
- **BLOCK:** IoT --> Internet (all other ports)
- **EXCEPTION:** Whitelist specific cloud services if device requires it
### Rule 4: mDNS Control
- **BLOCK:** Broadcast protocols across VLANs by default
- **ALLOW:** Selective mDNS reflection for HA discovery
---
## Hardware Options
### Budget: TP-Link Omada (~$150)
- ER605 router ($60) -- VLAN routing, firewall rules
- TL-SG2008P managed switch ($90) -- VLAN tagging, PoE
### Mid-tier: Ubiquiti UniFi (~$760)
- Dream Machine Pro ($379) -- Router + controller + IDS
- USW-24-PoE switch ($379) -- 24 ports, VLAN, PoE
- Better UI, more features, IDS/IPS built in
### Existing Gear
- Most Netgear managed switches support VLANs
- OpenWRT on consumer routers adds VLAN capability
- pfSense/OPNsense on old PC is free and powerful
---
## Privacy: Keeping Data Local
### Core Principle
**Private data NEVER leaves the local network.**
| Data Type | Route | Why |
|---|---|---|
| Sensor readings | Local LLM only | Reveals activity patterns |
| Camera feeds | Local LLM only | Obvious privacy concern |
| Device names/locations | Local LLM only | Reveals home layout |
| Presence detection | Local LLM only | Reveals who's home |
| Personal names/addresses | Strip before cloud | PII |
| Energy usage patterns | Sanitize before cloud | Activity inference |
| General questions | Cloud OK | No private data |
| Internet searches | Cloud OK (Grok) | No private data |
### PII Sanitization Pipeline
For queries that go to cloud APIs, scrub private information first:
```python
from presidio_analyzer import AnalyzerEngine
from presidio_anonymizer import AnonymizerEngine
analyzer = AnalyzerEngine()
anonymizer = AnonymizerEngine()
def sanitize_for_cloud(query):
"""Remove PII before sending to Claude/Grok"""
# Detect sensitive entities
results = analyzer.analyze(
text=query,
entities=["PERSON", "LOCATION", "PHONE_NUMBER",
"EMAIL_ADDRESS", "DATE_TIME"],
language="en"
)
# Anonymize detected entities
sanitized = anonymizer.anonymize(text=query, analyzer_results=results)
# Hard block certain categories
blocked_keywords = ["camera", "location", "address",
"password", "who is home", "alarm"]
if any(kw in query.lower() for kw in blocked_keywords):
return None # Block query entirely, handle locally
return sanitized.text
```
### Cloud API Data Policies
**Anthropic (Claude):**
- API inputs are NOT used for training by default
- Can explicitly opt out
- Data retained 30 days for safety, then deleted
**xAI (Grok):**
- Data sharing program is opt-in ($150/month credit if you opt in)
- Can opt out and keep data private
- Standard API usage not used for training if opted out
---
## Remote Access
### Recommended: Tailscale (Zero-Config VPN)
```bash
# Install on LLM server and HA
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
```
- WireGuard-based mesh network
- No port forwarding needed
- Free for personal use (up to 20 devices)
- Access HA + LLM from anywhere securely
### Alternative: WireGuard (Self-Hosted)
- Run on router or dedicated server
- Full control, no third-party dependency
- Requires port forwarding (one UDP port)
- More setup, more control
### Home Assistant Cloud (Nabu Casa)
- $6.50/month, official HA remote access
- No VPN config needed
- Supports HA development team
- Simplest option
---
## Security Hardening Checklist
- [ ] Disable UPnP on router
- [ ] Enable 2FA on Home Assistant
- [ ] Strong passwords (16+ chars, random) on all services
- [ ] Regular updates: HA, Ollama, OS, router firmware
- [ ] Monitor failed login attempts in HA logs
- [ ] Daily automated backups (HA + LLM configs)
- [ ] Firewall rules reviewed quarterly
- [ ] IoT devices on isolated VLAN
- [ ] No camera feeds sent to cloud APIs
- [ ] PII sanitization active on cloud-bound queries
---
## Data Retention
| System | Retention | Notes |
|---|---|---|
| HA sensor data | 30 days raw, indefinite aggregated | Purge in Settings > System > Storage |
| Camera recordings | 7-14 days | Local storage only (NAS or NVMe) |
| LLM conversation logs | Purge monthly | Ollama logs stored locally |
| Cloud API logs | Disable or redact PII | Check provider settings |
---
## Sources
- https://newerest.space/mastering-network-segmentation-vlans-home-assistant-iot-security/
- https://www.xda-developers.com/vlan-rules-every-smart-home-should-have/
- https://thehomesmarthome.com/home-assistant-security-vlans-firewalls-ids/
- https://tailscale.com/