mirrors/openhab-ansible
2
0
Fork 0
mirror of https://github.com/schnidrig/openhab-ansible synced 2026-01-12 00:48:46 +01:00
Code Issues Releases Wiki Activity

Upgrade to openhab 2

Browse Source 
letsencrypt
This commit is contained in:
Christian Schnidrig
2017-02-26 22:22:25 +01:00
parent 181acab247
commit 0b6010e3a6
30 changed files with 533 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/openhab2/templates/backup.sh.j2 Normal file
View File

@@ -0,0 +1,11 @@
# stop openhab instance (here: systemd service)
sudo systemctl stop openhab2.service
# backup current installation with settings
TIMESTAMP=`date +%Y%m%d_%H%M%S`;
mkdir ~/openhab2-backup-$TIMESTAMP
cp -arv /etc/openhab2 ~/openhab2-backup-$TIMESTAMP/conf
cp -arv /var/lib/openhab2 ~/openhab2-backup-$TIMESTAMP/userdata
# restart openhab instance
sudo systemctl start openhab2.service

49
roles/openhab2/templates/dynv6.sh.j2 Normal file
View File

@@ -0,0 +1,49 @@
#!/bin/sh -e
hostname="{{dynv6_name}}"
device="{{dynv6_device}}"
token="{{dynv6_token}}"
file=$HOME/.dynv6.addr6
[ -e $file ] && old=`cat $file`
if [ -z "$hostname" -o -z "$token" ]; then
echo "Usage: token=<your-authentication-token> [netmask=64] $0 your-name.dynv6.net [device]"
exit 1
fi
if [ -z "$netmask" ]; then
netmask=128
fi
if [ -n "$device" ]; then
device="dev $device"
fi
address=$(ip -6 addr list scope global $device | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)
if [ -e /usr/bin/curl ]; then
bin="curl -fsS"
elif [ -e /usr/bin/wget ]; then
bin="wget -O-"
else
echo "neither curl nor wget found"
exit 1
fi
if [ -z "$address" ]; then
echo "no IPv6 address found"
exit 1
fi
# address with netmask
current=$address/$netmask
if [ "$old" = "$current" ]; then
echo "IPv6 address unchanged"
exit
fi
# send addresses to dynv6
$bin "http://dynv6.com/api/update?hostname=$hostname&ipv6=$current&token=$token"
#$bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=auto&token=$token"
# save current address
echo $current > $file

30
roles/openhab2/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,30 @@
server {
listen 80;
listen [::]:443 ssl;
server_name {{fqdn}};
ssl_certificate /etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/schnidrig.dynv6.net/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
ssl_ecdh_curve secp384r1;
# check settings with: https://www.ssllabs.com/ssltest/analyze.html?d={{fqdn}}
location / {
proxy_pass http://localhost:8080/;
proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Openhab";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /.well-known/acme-challenge/ {
root /var/www/html;
}
}

24
roles/openhab2/templates/nginx.init.conf.j2 Normal file
View File

@@ -0,0 +1,24 @@
server {
listen [::]:80;
listen [::]:443 ssl;
server_name schnidrig.dynv6.net;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://localhost:8080/;
proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Openhab";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /.well-known/acme-challenge/ {
root /var/www/html;
}
}