openhab 2.5 on raspi4

2026-01-12 00:48:46 +01:00 · 2020-01-01 20:34:53 +01:00
parent caf4dcd77a
commit 0c652dfbd2
30 changed files with 203 additions and 185 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,4 +1,6 @@
 [defaults]
 interpreter_python = auto_silent
 #interpreter_python = /usr/bin/python3
 retry_files_enabled = False
 vault_password_file = vault_password
--- a/group_vars/all/defaults
+++ b/group_vars/all/defaults
@@ -7,17 +7,8 @@ apt_config:
  update_cache: yes
  cache_valid_time: 7200
 jdk:
    - oracle-java8-jdk
    #- oracle-java7-installer
    #- oracle-java7-set-default
 ntp:
    - "ntp.bluewin.ch"
    #- "0.ch.pool.ntp.org"
    #- "1.ch.pool.ntp.org"
    #- "2.ch.pool.ntp.org"
    #- "3.ch.pool.ntp.org"
 letsencrypt_email: christian.schnidrig@gmail.com
--- a/group_vars/controller
+++ b/group_vars/controller
@@ -19,7 +19,9 @@ nginx_user: "{{ vault_nginx_user }}"
 nginx_password: "{{ vault_nginx_password }}"
 dynv6_name: "schnidrig.dynv6.net"
 #dynv6_name: "raspi4.dynv6.net"
 dynv6_device: "{{ vault_dynv6_device }}"
 dynv6_token: "{{ vault_dynv6_token }}"
 fqdn: "schnidrig.dynv6.net"
 #fqdn: "raspi4.dynv6.net"
--- a/1
+++ b/1
@@ -1,6 +1,7 @@
 [controller]
 192.168.1.7 ansible_ssh_user=pi
 192.168.1.12 ansible_ssh_user=pi
 192.168.1.9 ansible_ssh_user=pi
 [raspis]
 #192.168.1.5 ansible_ssh_user=pi
--- a/roles/mqttwarn/tasks/main.yml
+++ b/roles/mqttwarn/tasks/main.yml
@@ -1,4 +1,8 @@
 ---
 - include: mosquitto.yml
  tags:
  - mosquitto
 - include: mqttwarn.yml
  tags:
  - mqttwarn
--- a/roles/mqttwarn/tasks/mosquitto.yml
+++ b/roles/mqttwarn/tasks/mosquitto.yml
@@ -1,16 +1,12 @@
 ---
- name: install main packages
+- name: install mosquitto packages
  apt: 
-    pkg: "{{item}}"
+    pkg:
    - mosquitto
    - mosquitto-clients
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
  with_items:
     - mosquitto
     - mosquitto-clients
  tags:
     - packages
     - mosquitto
--- a/roles/mqttwarn/tasks/mqttwarn.apt.yml
+++ b/roles/mqttwarn/tasks/mqttwarn.apt.yml
@@ -0,0 +1,50 @@
 ---
 - name: install packages
  apt: 
    pkg:
    - python3-paho-mqtt
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
 - name: install mqttwarn
  vars:
    ansible_python_interpreter: /usr/bin/python3
  pip:
    name: mqttwarn
 - name: install config file
  template:
    src: mqttwarn.ini
    dest: "/etc/mqttwarn.ini"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify: restart mqttwarn
  tags:
    - mqttwarnconfig
 - name: create log dir
  file: 
    dest: "/var/log/mqttwarn"
    state: directory
    owner: pi
    group: pi
 - name: install service file
  template:
    src: mqttwarn.service
    dest: "/etc/systemd/system/mqttwarn.service"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify: restart mqttwarn
 - name: "configure systemd"
  systemd:
    name: mqttwarn
    daemon_reload: yes
    enabled: true
    state: started 
--- a/roles/mqttwarn/tasks/mqttwarn.yml
+++ b/roles/mqttwarn/tasks/mqttwarn.yml
@@ -1,10 +1,12 @@
 ---
- pip: 
+- name: install packages
-    name: "paho-mqtt"
+  apt: 
-  tags:
+    pkg:
-    - mqttwarn
+    - python-paho-mqtt
-
+    - python3-paho-mqtt
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
 - git: 
    repo: "https://github.com/jpmens/mqttwarn.git"
--- a/roles/mqttwarn/templates/mqttwarn.service
+++ b/roles/mqttwarn/templates/mqttwarn.service
@@ -6,7 +6,10 @@ After=mosquitto.service
 Type=simple
 User=pi
 Group=pi
 #WorkingDirectory=/home/pi
 WorkingDirectory=/opt/mqttwarn
 #Environment="MQTTWARNINI=/etc/mqttwarn.ini"
 #ExecStart=/usr/local/bin/mqttwarn
 ExecStart=/opt/mqttwarn/mqttwarn.py
 [Install]
--- a/roles/openhab2/tasks/backup.yml
+++ b/roles/openhab2/tasks/backup.yml
@@ -7,5 +7,3 @@
     owner: root
     group: root
     mode: "u=rwx,g=r,o=r"
  tags:
    - backup
--- a/roles/openhab2/tasks/dynv6.yml
+++ b/roles/openhab2/tasks/dynv6.yml
@@ -7,8 +7,6 @@
     owner: root
     group: root
     mode: "u=rwx,g=r,o=r"
  tags:
    - dynv6
 - name: Cron file for dynv6
  cron:
@@ -16,6 +14,4 @@
    user: root
    job: "/root/dynv6.sh"
    cron_file: dynv6
  tags:
    - dynv6
--- a/roles/openhab2/tasks/letsencrypt.yml
+++ b/roles/openhab2/tasks/letsencrypt.yml
@@ -1,29 +1,24 @@
 ---
- name: download certbot
+- name: ensure packages are installed
-  get_url:
+  apt: 
-    url: https://dl.eff.org/certbot-auto
+    pkg:
-    dest: /root/certbot-auto
+    - certbot
-    mode: 0540
+    - python-certbot-nginx
-  tags:
+    - python3-certbot-nginx
-    - letsencrypt
+    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
 - name: get certificate
-  #shell: '/root/certbot-auto -n run --test-cert --nginx --agree-tos --email {{letsencrypt_email}} --cert-path /etc/nginx/ssl/cert.pem --key-path /etc/nginx/ssl/cert.key --fullchain-path /etc/nginx/ssl/chain.pem -d {{fqdn}}'
+  shell: 'certbot -n run --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
  shell: '/root/certbot-auto -n run --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
  tags:
    - letsencrypt
- name: cron job
+# - name: cron job
-  cron:
+#   cron:
-    name: "get new certificate"
+#     name: "get new certificate"
-    minute: "0"
+#     minute: "0"
-    hour: "5"
+#     hour: "5"
-    day: "11"
+#     day: "11"
-    job: '/root/certbot-auto -n certonly --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
+#     job: 'certbot -n certonly --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
-    cron_file: letsencrypt
+#     cron_file: letsencrypt
-    user: root
+#     user: root
  tags:
    - letsencrypt
    - letsencrypt_cron
--- a/roles/openhab2/tasks/main.yml
+++ b/roles/openhab2/tasks/main.yml
@@ -1,19 +1,50 @@
 ---
 - include: repo.yml
  tags:
  - repo
  - openhab2
 - include: packages.yml
  tags:
  - packages
  - openhab2
 - include: openhab.yml
  tags:
  - openhab
  - openhab2
 #- include: habmin.yml
 - include: nfs.yml
  tags:
  - nfs
  - openhab2
 - include: mysql.yml
  tags:
  - mysql
  - openhab2
 - include: backup.yml
  tags:
  - backup
  - openhab2
 - include: nginx.yml
  tags:
  - nginx
  - openhab2
 - include: dynv6.yml
  tags:
  - dynv6
  - openhab2
 - include: letsencrypt.yml
  tags:
  - letsencrypt
  - openhab2
 - include: scripts.yml
  tags:
  - scripts
  - openhab2
 - include: gardena.yml
  tags:
-    - gardena
+  - gardena
  - openhab2
--- a/roles/openhab2/tasks/mysql.yml
+++ b/roles/openhab2/tasks/mysql.yml
@@ -2,15 +2,11 @@
 - name: install mysql packages
  apt: 
-    pkg: "{{item}}"
+    pkg:
    - default-mysql-server
    - python-mysqldb
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
  with_items:
     - mysql-server
     - python-mysqldb
  tags:
     - mysql
     - packages
 - name: Create openhab database
  mysql_db:
@@ -24,7 +20,5 @@
    password: openhab2
    priv: '*.*:ALL'
    state: present
  tags:
     - mysql
--- a/roles/openhab2/tasks/nfs.yml
+++ b/roles/openhab2/tasks/nfs.yml
@@ -2,30 +2,21 @@
 - name: ensure packages are installed
  apt: 
-    pkg: "{{item}}"
+    pkg:
    - nfs-common
    - nfs-kernel-server
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
  with_items:
     - nfs-common
     - nfs-kernel-server
  tags:
     - packages
     - nfs
     - openhab2
 - name: update /etc/exports
  lineinfile:
-    dest=/etc/exports
+    dest: "/etc/exports"
-    regexp="^{{item.mount_point}}\s.*"
+    regexp: '^{{item.mount_point}}\s.*'
-    line="{{item.mount_point}} {{item.options}}"
+    line: "{{item.mount_point}} {{item.options}}"
  notify: update exportfs
  with_items:
    - { mount_point: "/etc/openhab2", options: "*(rw,sync,no_subtree_check,all_squash)" }
    - { mount_point: "/var/lib/openhab2", options: "*(rw,sync,no_subtree_check,all_squash)" }
  tags:
    - nfs
    - nfsconfig
    - openhab2
--- a/roles/openhab2/tasks/nginx.yml
+++ b/roles/openhab2/tasks/nginx.yml
@@ -8,15 +8,11 @@
     group: root
     mode: "u=rwx,g=r,o=r"
  notify: restart nginx
  tags:
    - nginx
 - stat: path=/etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem
  register: letsencrypt_cert
  tags:
    - nginx
- name: overwrite nginx config for letsencrypt initialisation
+- name: overwrite nginx config for letsencrypt initialization
  template:
     src: nginx.init.conf.j2
     dest: "/etc/nginx/sites-available/openhab.conf"
@@ -25,8 +21,6 @@
     mode: "u=rwx,g=r,o=r"
  notify: restart nginx
  when: letsencrypt_cert.stat.exists == false
  tags:
    - nginx
 - name: create nginx passwd file
  htpasswd:
@@ -37,16 +31,12 @@
     group: root
     mode: "u=rw"
  notify: restart nginx
  tags:
    - nginx
 - name: remove default site
  file: 
    dest: /etc/nginx/sites-enabled/default
    state: absent
  notify: restart nginx
  tags:
    - nginx
 - name: enable openhab site
  file: 
@@ -54,30 +44,21 @@
    dest: /etc/nginx/sites-enabled/openhab.conf
    state: link
  notify: restart nginx
  tags:
    - nginx
 - name: ssl dir
  file: 
    dest: /etc/nginx/ssl
    state: directory
  tags:
    - nginx
 - name: create self singed certificate
  command: 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=CH/ST=AG/L=Niederlenz/O=none/OU=none/CN=schnidrig.dynv6.net"'
  args: 
    creates: "/etc/nginx/ssl/nginx.crt"
  tags:
    - nginx
 - name: gen dhparam
  command: 'openssl dhparam -outform PEM -out /etc/nginx/ssl/dhparam2048.pem 2048'
  args: 
    creates: "/etc/nginx/ssl/dhparam2048.pem"
  notify: restart nginx
  tags: 
    - nginx
--- a/roles/openhab2/tasks/openhab.yml
+++ b/roles/openhab2/tasks/openhab.yml
@@ -3,11 +3,12 @@
 - name:
  user: 
    name: openhab
-    groups: "dialout"
+    groups: 
        - dialout
        - tty
        - bluetooth
        - audio
    append: yes
  tags:
    - openhab2
    - user
 - name: "configure systemd"
  systemd:
@@ -15,19 +16,14 @@
    daemon_reload: yes
    enabled: true
    state: started 
  tags:
    - openhab2
 - name: Download Rollershutters dependencies
  get_url:
    url: "{{ item.src }}"
    dest: "/usr/share/openhab2/runtime/lib/boot/{{ item.name }}"
  loop:
-    #- { name: "jython-standalone-2.7.0.jar", src: 'http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.7.0/jython-standalone-2.7.0.jar' }
+    - { name: "jython-standalone-2.7.1.jar", src: 'http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.7.1/jython-standalone-2.7.1.jar' }
-    - { name: "snakeyaml-1.18.jar", src: "http://central.maven.org/maven2/org/yaml/snakeyaml/1.18/snakeyaml-1.18.jar" }
+    - { name: "snakeyaml-1.25.jar", src: "http://central.maven.org/maven2/org/yaml/snakeyaml/1.25/snakeyaml-1.25.jar" }
  tags:
    - openhab2
    - jython
 - name: cron job
  cron:
@@ -36,11 +32,8 @@
    hour: "5"
    weekday: "0"
    job: 'systemctl restart nginx.service'
-    cron_file: openhab
+    cron_file: openhab2
    user: root
  tags:
    - openhab2
    - openhab_cron
 - name: cron job
  cron:
@@ -49,12 +42,8 @@
    hour: "5"
    weekday: "0"
    job: 'touch /etc/openhab2/automation/jsr223/shutters.py'
-    cron_file: openhab
+    cron_file: openhab2
    user: root
  tags:
    - openhab2
    - openhab_cron
 - name: install python modules for jython
  pip: 
@@ -62,16 +51,12 @@
    virtualenv_command: "/usr/bin/virtualenv"
    virtualenv_python: "/usr/bin/python2.7"
    name: jsonmerge
  tags:
    - openhab2
- name: enable virtual env from above in jython
+- name: set EXTRA_JAVA_OPTS
  lineinfile:
    path: "/etc/default/openhab2"
    regexp: '^EXTRA_JAVA_OPTS='
-    line: 'EXTRA_JAVA_OPTS="-Dpython.path=/etc/openhab2/automation/lib/python/lib/python2.7/site-packages/"'
+    line: 'EXTRA_JAVA_OPTS="-Dpython.path=/etc/openhab2/automation/lib/python/lib/python2.7/site-packages/ -Dgnu.io.rxtx.SerialPorts=/dev/ttyACM0:/dev/ttyACM1:/dev/ttyUSB0:/dev/ttyUSB1:/dev/ttyS0:/dev/ttyS2:/dev/ttyAMA0"'
  tags:
    - openhab2
--- a/roles/openhab2/tasks/packages.yml
+++ b/roles/openhab2/tasks/packages.yml
@@ -2,21 +2,17 @@
 - name: install openhab packages
  apt: 
-    pkg: "{{item}}"
+    pkg:
    - zulu-embedded-8 # java 8
    - openhab2
    - openhab2-addons
    - openhab2-addons-legacy
    - sysstat
    - nginx
    - python-pip # jython only supports 2.7
    - virtualenv
    - python-passlib
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
  with_items:
     - "{{jdk}}"
     - openhab2
     - openhab2-addons
     - openhab2-addons-legacy
     - sysstat
     - nginx
     - python-passlib
     #- jython
     #- jython-doc
  tags:
     - packages
     - openhab2
--- a/roles/openhab2/tasks/repo.yml
+++ b/roles/openhab2/tasks/repo.yml
@@ -6,18 +6,26 @@
  apt_key: 
    url: "https://bintray.com/user/downloadSubjectPublicKey?username=openhab"
    state: present
  tags:
     - repo
     - openhab2
 - name: install openhab2 repo
  apt_repository:
    repo: 'deb https://dl.bintray.com/openhab/apt-repo2 stable main'
    #repo: 'deb http://openhab.jfrog.io/openhab/openhab-linuxpkg unstable main'
    state: present
    update_cache: yes
    filename: openhab2
  tags:
     - repo
     - openhab2
 # Zulu
 # https://docs.azul.com/zulu/zuludocs/ZuluUserGuide/PrepareZuluPlatform/AttachAPTRepositoryUbuntuOrDebianSys.htm
 - name: install zulu key
  apt_key:
    keyserver: hkp://keyserver.ubuntu.com:80
    id: B1998361219BD9C9
    state: present
 - name: install zulu repo
  apt_repository:
    repo: 'deb http://repos.azulsystems.com/debian stable main'
    state: present
    update_cache: yes
    filename: zulu
--- a/roles/openhab2/tasks/scripts.yml
+++ b/roles/openhab2/tasks/scripts.yml
@@ -4,8 +4,6 @@
  file: 
    dest: /root/bin
    state: directory
  tags:
    - scripts
 - name: create scripts
  template:
@@ -16,5 +14,3 @@
     mode: "u=rwx,g=r,o=r"
  loop:
    - karaf.sh
  tags:
    - scripts
--- a/roles/openhab2/templates/nginx.conf.j2
+++ b/roles/openhab2/templates/nginx.conf.j2
@@ -1,11 +1,10 @@
 server {
-    listen                          [::]:80;
+    listen                          [::]:80 ipv6only=off;
    server_name                     {{fqdn}};
    return 301                      https://$server_name$request_uri;
 }
 server {
-    #listen                          [::]:80;
+    listen                          [::]:443 ipv6only=off ssl;
    listen                          [::]:443 ssl;
    server_name                     {{fqdn}};
    ssl_certificate                 /etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem;
--- a/roles/openhab2/templates/nginx.init.conf.j2
+++ b/roles/openhab2/templates/nginx.init.conf.j2
@@ -1,6 +1,6 @@
 server {
-    listen                          [::]:80;
+    listen                          [::]:80 ipv6only=off;
-    listen                          [::]:443 ssl;
+    listen                          [::]:443 ipv6only=off ssl;
    server_name                     schnidrig.dynv6.net;
    ssl_certificate                 /etc/nginx/ssl/nginx.crt;
--- a/roles/raspberry/handlers/main.yml
+++ b/roles/raspberry/handlers/main.yml
@@ -1,9 +1,7 @@
 ---
- name: restart ntp
+- name: timedatectl
-  service: name=ntp state=restarted
+  command: timedatectl set-ntp true
 - name: update exportfs
  shell: exportfs -rav
--- a/roles/raspberry/tasks/_attic/ntp.yml
+++ b/roles/raspberry/tasks/_attic/ntp.yml
--- a/roles/raspberry/tasks/_attic/timezone.yml
+++ b/roles/raspberry/tasks/_attic/timezone.yml
--- a/roles/raspberry/tasks/locale.yml
+++ b/roles/raspberry/tasks/locale.yml
@@ -13,8 +13,6 @@
 - name: generate locale
  locale_gen: name="{{locale}}" state=present
  tags:
    - locale
 - name: set environment file
  template:
--- a/roles/raspberry/tasks/main.yml
+++ b/roles/raspberry/tasks/main.yml
@@ -1,10 +1,17 @@
 ---
 - include: packages.yml
- include: ntp.yml
+  tags:
- include: timezone.yml
+  - packages
- include: locale.yml
+- include: timedate.yml
  tags: 
  - ntp
 # - include: locale.yml
 #   tags:
 #   - locale
 - include: skeleton.yml
  tags:
  - skeleton
--- a/roles/raspberry/tasks/packages.yml
+++ b/roles/raspberry/tasks/packages.yml
@@ -2,25 +2,15 @@
 - name: ensure packages are installed
  apt: 
-    pkg: "{{item}}"
+    pkg:
    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
  with_items:
     - apt-transport-https
     - ntp
     - tmux
     - python-pip
     - python3-pip
     - git
     - multitail
     - python3-requests
-  tags:
+     - python3-websocket
-     - packages
+    update_cache: "{{apt_config.update_cache}}"
    cache_valid_time: "{{apt_config.cache_valid_time}}"
 - name: install python 3 modules with pip
  pip:
    name: websocket-client
    executable: pip3
  tags:
     - packages
--- a/roles/raspberry/tasks/skeleton.yml
+++ b/roles/raspberry/tasks/skeleton.yml
@@ -3,17 +3,8 @@
 - name: alias
  copy:
     src: alias
-     dest: "/home/pi/.alias"
+     dest: "/home/pi/.bash_aliases"
     owner: pi
     group: pi
     mode: "u=rw,g=r,o=r"
  tags:
    - alias
 - name: update bashrc
  lineinfile:
    dest=/home/pi/.bashrc
    line="test -s ~/.alias && . ~/.alias"
  tags:
    - alias
--- a/roles/raspberry/tasks/timedate.yml
+++ b/roles/raspberry/tasks/timedate.yml
@@ -0,0 +1,13 @@
 ---
 - name: update ntp.conf
  lineinfile:
    dest: "/etc/systemd/timesyncd.conf"
    regexp: '^#*\s*NTP='
    line: "NTP={{ ntp | join(' ') }}"
  notify: timedatectl
 - name: "set Timezone"
  timezone: 
    name: "{{ timezone }}"
  notify: timedatectl