diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b692fd1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+vault_password
diff --git a/.project b/.project
new file mode 100644
index 0000000..c011fc5
--- /dev/null
+++ b/.project
@@ -0,0 +1,11 @@
+
+
+ openhab-ansible
+
+
+
+
+
+
+
+
diff --git a/fix_nfs.yml b/fix_nfs.yml
index e28ad26..92d15c4 100644
--- a/fix_nfs.yml
+++ b/fix_nfs.yml
@@ -1,8 +1,8 @@
---
-- hosts: controller
+- hosts: raspis
become: true
tasks:
- service: name=rpcbind state=restarted
- service: name=nfs-kernel-server state=restarted
- - shell: chmod -R ugo+w /etc/openhab
+ - shell: chmod -R ugo+w /etc/openhab*
diff --git a/group_vars/all/defaults b/group_vars/all/defaults
index 6207a3d..336aa52 100644
--- a/group_vars/all/defaults
+++ b/group_vars/all/defaults
@@ -8,7 +8,7 @@ apt_config:
cache_valid_time: 7200
jdk:
- - oracle-java7-jdk
+ - oracle-java8-jdk
#- oracle-java7-installer
#- oracle-java7-set-default
@@ -20,5 +20,5 @@ ntp:
#- "3.ch.pool.ntp.org"
-
+letsencrypt_email: "{{vault_letsencrypt_email}}"
diff --git a/group_vars/all/vault.sample b/group_vars/all/vault.sample
index a016085..7c92c33 100644
--- a/group_vars/all/vault.sample
+++ b/group_vars/all/vault.sample
@@ -5,6 +5,14 @@
#vault_graphite_server:
#vault_openhab_config_repo:
-
+#vault_nginx_user: user
+#vault_nginx_password: passwd
+
+#vault_dynv6_name: "myhost.dynv6.net"
+#vault_dynv6_device: ""
+#vault_dynv6_token: 'mytoken'
+
+#vault_letsencrypt_email: myname@domain.com
+#vault_fqdn: "example.com"
diff --git a/group_vars/controller b/group_vars/controller
index b0fba12..ad69920 100644
--- a/group_vars/controller
+++ b/group_vars/controller
@@ -1,17 +1,24 @@
---
-bindings:
- - astro
- - ntp
- - rfxcom
- - weather
- - mqtt
+#bindings:
+# - astro
+# - ntp
+# - rfxcom
+# - weather
+# - mqtt
+# - zwave
-persistence:
- - mqtt
+#persistence:
+# - mqtt
+# - mysql
graphite_server: "{{vault_graphite_server}}"
+nginx_user: "{{vault_nginx_user}}"
+nginx_password: "{{vault_nginx_password}}"
+dynv6_name: "{{vault_dynv6_name}}"
+dynv6_device: "{{vault_dynv6_device}}"
+dynv6_token: "{{vault_dynv6_token}}"
-
+fqdn: "{{vault_fqdn}}"
diff --git a/inventory b/inventory
index dfe490b..a40b247 100644
--- a/inventory
+++ b/inventory
@@ -1,3 +1,7 @@
[controller]
-192.168.1.5 ansible_ssh_user=pi
+192.168.1.7 ansible_ssh_user=pi
+
+[raspis]
+192.168.1.5 ansible_ssh_user=pi
+192.168.1.7 ansible_ssh_user=pi
diff --git a/manual.txt b/manual.txt
new file mode 100644
index 0000000..a700873
--- /dev/null
+++ b/manual.txt
@@ -0,0 +1,16 @@
+http://192.168.1.7:8080/
+ -> select standard (recommeded)
+
+-> paper UI
+ -> extensions
+
+ bindings:
+ - astro
+ - ntp
+ - rfxcom
+ - weather
+ - mqtt
+ - zwave
+ persistence:
+ - mqtt
+ - mysql
diff --git a/raspi.yml b/raspi.yml
index 458e62c..92d74f9 100644
--- a/raspi.yml
+++ b/raspi.yml
@@ -2,9 +2,10 @@
- hosts: controller
become: true
+ gather_facts: no
roles:
- raspberry
- mqttwarn
- - openhab
+ - openhab2
diff --git a/roles/openhab2/handlers/main.yml b/roles/openhab2/handlers/main.yml
new file mode 100644
index 0000000..2ccf689
--- /dev/null
+++ b/roles/openhab2/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: restart nginx
+ service: name=nginx state=restarted
+
diff --git a/roles/openhab2/tasks/backup.yml b/roles/openhab2/tasks/backup.yml
new file mode 100644
index 0000000..2492830
--- /dev/null
+++ b/roles/openhab2/tasks/backup.yml
@@ -0,0 +1,11 @@
+---
+
+- name: create backup script
+ template:
+ src: backup.sh.j2
+ dest: "/root/backup"
+ owner: root
+ group: root
+ mode: "u=rwx,g=r,o=r"
+ tags:
+ - backup
diff --git a/roles/openhab2/tasks/dynv6.yml b/roles/openhab2/tasks/dynv6.yml
new file mode 100644
index 0000000..dc25382
--- /dev/null
+++ b/roles/openhab2/tasks/dynv6.yml
@@ -0,0 +1,11 @@
+---
+
+- name: install dynv6 update script
+ template:
+ src: dynv6.sh.j2
+ dest: "/root/dynv6.sh"
+ owner: root
+ group: root
+ mode: "u=rwx,g=r,o=r"
+ tags:
+ - dynv6
diff --git a/roles/openhab2/tasks/habmin.yml b/roles/openhab2/tasks/habmin.yml
new file mode 100644
index 0000000..a88dfd1
--- /dev/null
+++ b/roles/openhab2/tasks/habmin.yml
@@ -0,0 +1,32 @@
+---
+
+
+- name: download HABmin
+ get_url:
+ url: https://github.com/cdjackson/HABmin/archive/master.zip
+ dest: /root/habmin_master.zip
+ mode: 0444
+ tags:
+ - habmin
+
+
+- name: unzip
+ unarchive:
+ remote_src: yes
+ src: /root/habmin_master.zip
+ dest: /usr/share/openhab/webapps/
+ creates: "/usr/share/openhab/webapps/habmin"
+ tags:
+ - habmin
+
+- name: rename
+ command: creates="/usr/share/openhab/webapps/habmin" mv "/usr/share/openhab/webapps/HABmin-master" "/usr/share/openhab/webapps/habmin"
+ tags:
+ - habmin
+
+- name: install addon
+ command: creates="/usr/share/openhab/addons/org.openhab.io.habmin-1.8.0.jar" mv "/usr/share/openhab/webapps/habmin/addons/org.openhab.io.habmin-1.7.0-SNAPSHOT.jar" "/usr/share/openhab/addons/org.openhab.io.habmin-1.8.0.jar"
+ tags:
+ - habmin
+
+
diff --git a/roles/openhab2/tasks/letsencrypt.yml b/roles/openhab2/tasks/letsencrypt.yml
new file mode 100644
index 0000000..ffb508c
--- /dev/null
+++ b/roles/openhab2/tasks/letsencrypt.yml
@@ -0,0 +1,27 @@
+---
+
+- name: download certbot
+ get_url:
+ url: https://dl.eff.org/certbot-auto
+ dest: /root/certbot-auto
+ mode: 0540
+ tags:
+ - letsencrypt
+
+- name: get certificate
+ #shell: '/root/certbot-auto -n run --test-cert --nginx --agree-tos --email {{letsencrypt_email}} --cert-path /etc/nginx/ssl/cert.pem --key-path /etc/nginx/ssl/cert.key --fullchain-path /etc/nginx/ssl/chain.pem -d {{fqdn}}'
+ shell: '/root/certbot-auto -n run --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
+ tags:
+ - letsencrypt
+
+
+- name: cron job
+ cron:
+ name: "get new certificate"
+ minute: "0"
+ hour: "5"
+ day: "11"
+ job: '/root/certbot-auto -n certonly --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
+ tags:
+ - letsencrypt
+
diff --git a/roles/openhab2/tasks/main.yml b/roles/openhab2/tasks/main.yml
new file mode 100644
index 0000000..bd86c90
--- /dev/null
+++ b/roles/openhab2/tasks/main.yml
@@ -0,0 +1,15 @@
+---
+
+- include: repo.yml
+- include: packages.yml
+- include: openhab.yml
+#- include: habmin.yml
+- include: nfs.yml
+- include: mysql.yml
+- include: backup.yml
+- include: nginx.yml
+- include: dynv6.yml
+- include: letsencrypt.yml
+
+
+
diff --git a/roles/openhab2/tasks/mysql.yml b/roles/openhab2/tasks/mysql.yml
new file mode 100644
index 0000000..7ba81f2
--- /dev/null
+++ b/roles/openhab2/tasks/mysql.yml
@@ -0,0 +1,29 @@
+---
+
+- name: install mysql packages
+ apt:
+ pkg: "{{item}}"
+ update_cache: "{{apt_config.update_cache}}"
+ cache_valid_time: "{{apt_config.cache_valid_time}}"
+ with_items:
+ - mysql-server
+ - python-mysqldb
+ tags:
+ - mysql
+
+- name: Create openhab database
+ mysql_db:
+ name: openhab2
+ state: present
+ tags:
+ - mysql
+
+- mysql_user:
+ name: openhab2
+ password: openhab2
+ priv: '*.*:ALL'
+ state: present
+ tags:
+ - mysql
+
+
diff --git a/roles/openhab2/tasks/nfs.yml b/roles/openhab2/tasks/nfs.yml
new file mode 100644
index 0000000..44bda95
--- /dev/null
+++ b/roles/openhab2/tasks/nfs.yml
@@ -0,0 +1,31 @@
+---
+
+- name: ensure packages are installed
+ apt:
+ pkg: "{{item}}"
+ update_cache: "{{apt_config.update_cache}}"
+ cache_valid_time: "{{apt_config.cache_valid_time}}"
+ with_items:
+ - nfs-common
+ - nfs-kernel-server
+ tags:
+ - packages
+ - nfs
+ - openhab2
+
+- name: update /etc/exports
+ lineinfile:
+ dest=/etc/exports
+ regexp="^{{item.mount_point}}\s.*"
+ line="{{item.mount_point}} {{item.options}}"
+ notify: update exportfs
+ with_items:
+ - { mount_point: "/etc/openhab2", options: "*(rw,sync,no_subtree_check,all_squash)" }
+ - { mount_point: "/var/lib/openhab2", options: "*(rw,sync,no_subtree_check,all_squash)" }
+ tags:
+ - nfs
+ - nfsconfig
+ - openhab2
+
+
+
diff --git a/roles/openhab2/tasks/nginx.yml b/roles/openhab2/tasks/nginx.yml
new file mode 100644
index 0000000..8e4e4a4
--- /dev/null
+++ b/roles/openhab2/tasks/nginx.yml
@@ -0,0 +1,83 @@
+---
+
+- name: create nginx config
+ template:
+ src: nginx.conf.j2
+ dest: "/etc/nginx/sites-available/openhab.conf"
+ owner: root
+ group: root
+ mode: "u=rwx,g=r,o=r"
+ notify: restart nginx
+ tags:
+ - nginx
+
+- stat: path=/etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem
+ register: letsencrypt_cert
+ tags:
+ - nginx
+
+- name: overwrite nginx config for letsencrypt initialisation
+ template:
+ src: nginx.init.conf.j2
+ dest: "/etc/nginx/sites-available/openhab.conf"
+ owner: root
+ group: root
+ mode: "u=rwx,g=r,o=r"
+ notify: restart nginx
+ when: letsencrypt_cert.stat.exists == false
+ tags:
+ - nginx
+
+- name: create nginx passwd file
+ htpasswd:
+ name: "{{nginx_user}}"
+ password: "{{nginx_password}}"
+ path: "/etc/nginx/htpasswd"
+ owner: root
+ group: root
+ mode: "u=rw"
+ notify: restart nginx
+ tags:
+ - nginx
+
+- name: remove default site
+ file:
+ dest: /etc/nginx/sites-enabled/default
+ state: absent
+ notify: restart nginx
+ tags:
+ - nginx
+
+- name: enable openhab site
+ file:
+ src: /etc/nginx/sites-available/openhab.conf
+ dest: /etc/nginx/sites-enabled/openhab.conf
+ state: link
+ notify: restart nginx
+ tags:
+ - nginx
+
+
+- name: ssl dir
+ file:
+ dest: /etc/nginx/ssl
+ state: directory
+ tags:
+ - nginx
+
+- name: create self singed certificate
+ command: 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=CH/ST=AG/L=Niederlenz/O=none/OU=none/CN=schnidrig.dynv6.net"'
+ args:
+ creates: "/etc/nginx/ssl/nginx.crt"
+ tags:
+ - nginx
+
+- name: gen dhparam
+ command: 'openssl dhparam -outform PEM -out /etc/nginx/ssl/dhparam2048.pem 2048'
+ args:
+ creates: "/etc/nginx/ssl/dhparam2048.pem"
+ notify: restart nginx
+ tags:
+ - nginx
+
+
diff --git a/roles/openhab2/tasks/openhab.yml b/roles/openhab2/tasks/openhab.yml
new file mode 100644
index 0000000..af2eb17
--- /dev/null
+++ b/roles/openhab2/tasks/openhab.yml
@@ -0,0 +1,20 @@
+---
+
+- name:
+ user:
+ name: openhab
+ groups: "dialout"
+ append: yes
+ tags:
+ - openhab2
+ - user
+
+- name: "configure systemd"
+ systemd:
+ name: openhab2
+ daemon_reload: yes
+ enabled: true
+ state: started
+ tags:
+ - openhab2
+
diff --git a/roles/openhab2/tasks/packages.yml b/roles/openhab2/tasks/packages.yml
new file mode 100644
index 0000000..bc4ef80
--- /dev/null
+++ b/roles/openhab2/tasks/packages.yml
@@ -0,0 +1,20 @@
+---
+
+- name: install openhab packages
+ apt:
+ pkg: "{{item}}"
+ update_cache: "{{apt_config.update_cache}}"
+ cache_valid_time: "{{apt_config.cache_valid_time}}"
+ with_items:
+ - "{{jdk}}"
+ - openhab2
+ - openhab2-addons
+ - openhab2-addons-legacy
+ - sysstat
+ - nginx
+ - python-passlib
+ tags:
+ - packages
+ - openhab2
+
+
diff --git a/roles/openhab2/tasks/repo.old.yml b/roles/openhab2/tasks/repo.old.yml
new file mode 100644
index 0000000..c4da271
--- /dev/null
+++ b/roles/openhab2/tasks/repo.old.yml
@@ -0,0 +1,22 @@
+---
+
+# http://docs.openhab.org/installation/linux.html#package-repository-installation
+
+- name: install ppa key
+ apt_key:
+ url: "http://www.openhab.org/keys/public-key-snapshots.asc"
+ state: present
+ tags:
+ - repo
+ - openhab2
+
+- name: install openhab2 repo
+ apt_repository:
+ repo: 'deb https://openhab.ci.cloudbees.com/job/openHAB-Distribution/ws/distributions/openhab-offline/target/apt-repo/ /'
+ state: present
+ update_cache: yes
+ filename: openhab2
+ tags:
+ - repo
+ - openhab2
+
diff --git a/roles/openhab2/tasks/repo.yml b/roles/openhab2/tasks/repo.yml
new file mode 100644
index 0000000..c9fcb0e
--- /dev/null
+++ b/roles/openhab2/tasks/repo.yml
@@ -0,0 +1,22 @@
+---
+
+# http://docs.openhab.org/installation/linux.html#package-repository-installation
+
+- name: install ppa key
+ apt_key:
+ url: "https://bintray.com/user/downloadSubjectPublicKey?username=openhab"
+ state: present
+ tags:
+ - repo
+ - openhab2
+
+- name: install openhab2 repo
+ apt_repository:
+ repo: 'deb http://dl.bintray.com/openhab/apt-repo2 testing main'
+ state: present
+ update_cache: yes
+ filename: openhab2
+ tags:
+ - repo
+ - openhab2
+
diff --git a/roles/openhab2/templates/backup.sh.j2 b/roles/openhab2/templates/backup.sh.j2
new file mode 100644
index 0000000..98ca0ab
--- /dev/null
+++ b/roles/openhab2/templates/backup.sh.j2
@@ -0,0 +1,11 @@
+# stop openhab instance (here: systemd service)
+sudo systemctl stop openhab2.service
+
+# backup current installation with settings
+TIMESTAMP=`date +%Y%m%d_%H%M%S`;
+mkdir ~/openhab2-backup-$TIMESTAMP
+cp -arv /etc/openhab2 ~/openhab2-backup-$TIMESTAMP/conf
+cp -arv /var/lib/openhab2 ~/openhab2-backup-$TIMESTAMP/userdata
+
+# restart openhab instance
+sudo systemctl start openhab2.service
diff --git a/roles/openhab2/templates/dynv6.sh.j2 b/roles/openhab2/templates/dynv6.sh.j2
new file mode 100644
index 0000000..7c173da
--- /dev/null
+++ b/roles/openhab2/templates/dynv6.sh.j2
@@ -0,0 +1,49 @@
+#!/bin/sh -e
+hostname="{{dynv6_name}}"
+device="{{dynv6_device}}"
+token="{{dynv6_token}}"
+file=$HOME/.dynv6.addr6
+[ -e $file ] && old=`cat $file`
+
+if [ -z "$hostname" -o -z "$token" ]; then
+ echo "Usage: token= [netmask=64] $0 your-name.dynv6.net [device]"
+ exit 1
+fi
+
+if [ -z "$netmask" ]; then
+ netmask=128
+fi
+
+if [ -n "$device" ]; then
+ device="dev $device"
+fi
+address=$(ip -6 addr list scope global $device | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)
+
+if [ -e /usr/bin/curl ]; then
+ bin="curl -fsS"
+elif [ -e /usr/bin/wget ]; then
+ bin="wget -O-"
+else
+ echo "neither curl nor wget found"
+ exit 1
+fi
+
+if [ -z "$address" ]; then
+ echo "no IPv6 address found"
+ exit 1
+fi
+
+# address with netmask
+current=$address/$netmask
+
+if [ "$old" = "$current" ]; then
+ echo "IPv6 address unchanged"
+ exit
+fi
+
+# send addresses to dynv6
+$bin "http://dynv6.com/api/update?hostname=$hostname&ipv6=$current&token=$token"
+#$bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=auto&token=$token"
+
+# save current address
+echo $current > $file
diff --git a/roles/openhab2/templates/nginx.conf.j2 b/roles/openhab2/templates/nginx.conf.j2
new file mode 100644
index 0000000..1998a51
--- /dev/null
+++ b/roles/openhab2/templates/nginx.conf.j2
@@ -0,0 +1,30 @@
+server {
+ listen 80;
+ listen [::]:443 ssl;
+ server_name {{fqdn}};
+
+ ssl_certificate /etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/schnidrig.dynv6.net/privkey.pem;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
+ ssl_prefer_server_ciphers on;
+ ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
+ ssl_ecdh_curve secp384r1;
+ # check settings with: https://www.ssllabs.com/ssltest/analyze.html?d={{fqdn}}
+
+ location / {
+ proxy_pass http://localhost:8080/;
+ proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ auth_basic "Openhab";
+ auth_basic_user_file /etc/nginx/htpasswd;
+ }
+ location /.well-known/acme-challenge/ {
+ root /var/www/html;
+ }
+
+}
diff --git a/roles/openhab2/templates/nginx.init.conf.j2 b/roles/openhab2/templates/nginx.init.conf.j2
new file mode 100644
index 0000000..9b819c4
--- /dev/null
+++ b/roles/openhab2/templates/nginx.init.conf.j2
@@ -0,0 +1,24 @@
+server {
+ listen [::]:80;
+ listen [::]:443 ssl;
+ server_name schnidrig.dynv6.net;
+
+ ssl_certificate /etc/nginx/ssl/nginx.crt;
+ ssl_certificate_key /etc/nginx/ssl/nginx.key;
+
+ location / {
+ proxy_pass http://localhost:8080/;
+ proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ auth_basic "Openhab";
+ auth_basic_user_file /etc/nginx/htpasswd;
+ }
+ location /.well-known/acme-challenge/ {
+ root /var/www/html;
+ }
+
+}
diff --git a/roles/raspberry/files/alias b/roles/raspberry/files/alias
new file mode 100644
index 0000000..8f3831d
--- /dev/null
+++ b/roles/raspberry/files/alias
@@ -0,0 +1,5 @@
+alias openhablog='tail -n 100 -f /var/log/openhab2/openhab.log -f /var/log/openhab2/events.log'
+alias openhablog2='multitail /var/log/openhab2/openhab.log /var/log/openhab2/events.log'
+alias openhablog3='multitail /var/log/openhab2/openhab.log -ci yellow -I /var/log/openhab2/events.log'
+alias ls='/bin/ls -aF --color=auto'
+alias karafshell="sudo su -s /bin/bash -c '/usr/share/openhab2/runtime/bin/client' openhab"
diff --git a/roles/raspberry/tasks/main.yml b/roles/raspberry/tasks/main.yml
index 6b69f86..f70b500 100644
--- a/roles/raspberry/tasks/main.yml
+++ b/roles/raspberry/tasks/main.yml
@@ -4,6 +4,8 @@
- include: ntp.yml
- include: timezone.yml
- include: locale.yml
+- include: skeleton.yml
+
diff --git a/roles/raspberry/tasks/packages.yml b/roles/raspberry/tasks/packages.yml
index bf2ceac..c644a6d 100644
--- a/roles/raspberry/tasks/packages.yml
+++ b/roles/raspberry/tasks/packages.yml
@@ -11,6 +11,7 @@
- tmux
- python-pip
- git
+ - multitail
tags:
- packages
diff --git a/roles/raspberry/tasks/skeleton.yml b/roles/raspberry/tasks/skeleton.yml
new file mode 100644
index 0000000..bc89bb0
--- /dev/null
+++ b/roles/raspberry/tasks/skeleton.yml
@@ -0,0 +1,19 @@
+---
+
+- name: alias
+ copy:
+ src: alias
+ dest: "/home/pi/.alias"
+ owner: pi
+ group: pi
+ mode: "u=rw,g=r,o=r"
+ tags:
+ - alias
+
+- name: update bashrc
+ lineinfile:
+ dest=/home/pi/.bashrc
+ line="test -s ~/.alias && . ~/.alias"
+ tags:
+ - alias
+