A home security alarm panel system built with Django and React. Integrates with Home Assistant, MQTT, Z-Wave JS, and Frigate.
- Multi-state alarm system (Disarmed, Armed Home, Armed Away, Armed Night, Armed Vacation, Pending, Triggered)
- Configurable arming and disarming delays
- Multiple settings profiles with switchable configurations
- Real-time WebSocket updates for instant state changes
- PIN code system with multiple code types (permanent, temporary, one-time, service)
- Time-based and day-of-week restrictions for codes
- Two-factor authentication (TOTP)
- Role-based access control
- Automated trigger, disarm, arm, suppress, and escalate rules
- Priority-based execution with cooldown periods
- Rule simulation and testing before activation
- Comprehensive action logging
- Sensor registry linked to Home Assistant entities
- Entry point designation (doors/windows vs motion)
- Event logging for sensor triggers
- Home Assistant: Entity discovery, notification services, MQTT alarm entity publishing
- MQTT: Broker connection with TLS support
- Z-Wave JS: Device control, entity sync, Ring Keypad v2 support
- Frigate: Video surveillance with person/vehicle detection rules
- Door code management separate from alarm codes
- Code assignment to specific locks
- Usage audit logging
- Physical keypad support (Ring Keypad v2 via Z-Wave)
- Per-device action mapping and volume control
- Comprehensive audit trail for arm/disarm events, sensor triggers, and state transitions
- Failed code attempt tracking
- Create environment file:
cp .env.example .env- Configure required variables in
.env:
SECRET_KEY=your-secure-secret-key
SETTINGS_ENCRYPTION_KEY=your-encryption-key
DEBUG=False
ALLOWED_HOSTS=your-domain.com
DATABASE_URL=postgresql://user:pass@host:5432/dbname
- Pull and run the production container (published to GHCR):
docker pull ghcr.io/latchpoint/latchpoint:latest
docker run -d -p 80:80 --env-file .env ghcr.io/latchpoint/latchpoint:latestPublished tags include latest (default branch), sha-... (commit), and git tags.
Or with docker-compose for production:
services:
db:
image: postgres:15
environment:
POSTGRES_DB: alarm_db
POSTGRES_USER: alarm
POSTGRES_PASSWORD: your-secure-password
volumes:
- db_data:/var/lib/postgresql/data
app:
image: ghcr.io/latchpoint/latchpoint:latest
env_file:
- .env
ports:
- "80:80"
depends_on:
- db
volumes:
db_data:- Run migrations:
docker exec <container> python backend/manage.py migrate- Create a superuser:
docker exec -it <container> python backend/manage.py createsuperuser- Create environment file:
cp .env.example .env- Start the development environment:
docker compose up --build- Access the application at
http://localhost:5427
The development setup:
- Runs Vite dev server with hot module replacement
- Proxies API and WebSocket requests to Django backend
- Mounts source code for live reloading
- Uses PostgreSQL database (or SQLite if DATABASE_URL is omitted)
# Run migrations
docker compose exec app python backend/manage.py migrate
# Create superuser
docker compose exec -it app python backend/manage.py createsuperuser
# Run tests
docker compose exec app python backend/manage.py test
# Access Django shell
docker compose exec app python backend/manage.py shell| Variable | Description | Default |
|---|---|---|
| SECRET_KEY | Django secret key | Required |
| SETTINGS_ENCRYPTION_KEY | Key for encrypting integration credentials | Required |
| DEBUG | Enable debug mode | False |
| LOG_LEVEL | Logging level | INFO |
| ALLOWED_HOSTS | Comma-separated allowed hosts | localhost,127.0.0.1 |
| DATABASE_URL | PostgreSQL connection URL | SQLite fallback |
| CSRF_TRUSTED_ORIGINS | Trusted origins for CSRF | Auto-configured in debug |
| CORS_ALLOWED_ORIGINS | Allowed CORS origins | - |