I'm trying to configure home-assistant to read presence from the router using: https://www.home-assistant.io/integrations/luci/ . However, I don't feel comfortable hardcoding root password into home-assistant configuration in plain text. I found instructions how to create a read-only user for home-assistant & luci: https://stackoverflow.com/a/70441922/1608594 - but I'm wondering how can I restrict its access further?
I believe I need to put some list of things I would like to read into list read:
There is some documentation on ACLs here: https://openwrt.org/docs/techref/ubus#acls, using that as a guide you can see how you can set specific read values rather than * meaning all. You can also look at the luci-base example:
There is also a luci-app-acl package to manage ACLs as well.