mirrors/openhab-ansible
2
0
Fork 0
mirror of https://github.com/schnidrig/openhab-ansible synced 2026-01-12 00:48:46 +01:00
Code Issues Releases Wiki Activity

upgrade to openhab 3

Browse Source
This commit is contained in:
Christian Schnidrig
2021-03-01 08:50:51 +01:00
parent ad6de7aec9
commit 7bccead600
55 changed files with 2025 additions and 993 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/openhab/handlers/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: restart nginx
service: name=nginx state=restarted

17
roles/openhab/tasks/dynv6.yml Normal file
View File

@@ -0,0 +1,17 @@
---
- name: install dynv6 update script
template:
src: dynv6.sh.j2
dest: "/root/dynv6.sh"
owner: root
group: root
mode: "u=rwx,g=r,o=r"
- name: Cron file for dynv6
cron:
name: dynv6 update
user: root
job: "/root/dynv6.sh"
cron_file: dynv6

32
roles/openhab/tasks/habmin.yml
View File

@@ -1,32 +0,0 @@
---
- name: download HABmin
get_url:
url: https://github.com/cdjackson/HABmin/archive/master.zip
dest: /root/habmin_master.zip
mode: 0444
tags:
- habmin
- name: unzip
unarchive:
remote_src: yes
src: /root/habmin_master.zip
dest: /usr/share/openhab/webapps/
creates: "/usr/share/openhab/webapps/habmin"
tags:
- habmin
- name: rename
command: creates="/usr/share/openhab/webapps/habmin" mv "/usr/share/openhab/webapps/HABmin-master" "/usr/share/openhab/webapps/habmin"
tags:
- habmin
- name: install addon
command: creates="/usr/share/openhab/addons/org.openhab.io.habmin-1.8.0.jar" mv "/usr/share/openhab/webapps/habmin/addons/org.openhab.io.habmin-1.7.0-SNAPSHOT.jar" "/usr/share/openhab/addons/org.openhab.io.habmin-1.8.0.jar"
tags:
- habmin

22
roles/openhab/tasks/jdk.yml Normal file
View File

@@ -0,0 +1,22 @@
- name: create directories
file:
path: "{{ item }}"
owner: root
group: root
mode: '0755'
state: directory
loop:
- "/opt/jdk"
- name: Get JDK
ansible.builtin.unarchive:
src: "{{ jdk_url }}"
dest: "/opt/jdk"
remote_src: yes
creates: "/opt/jdk/{{ jdk }}"
- name: Set alternatives
shell: "update-alternatives --install /usr/bin/java java /opt/jdk/{{ jdk }}/bin/java 1"
- name: Set alternatives
shell: "update-alternatives --install /usr/bin/javac javac /opt/jdk/{{ jdk }}/bin/javac 1"

24
roles/openhab/tasks/letsencrypt.yml Normal file
View File

@@ -0,0 +1,24 @@
---
- name: ensure packages are installed
apt:
pkg:
- certbot
#- python-certbot-nginx
- python3-certbot-nginx
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
- name: get certificate
shell: 'certbot -n run --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
# - name: cron job
# cron:
# name: "get new certificate"
# minute: "0"
# hour: "5"
# day: "11"
# job: 'certbot -n certonly --nginx --agree-tos --email {{letsencrypt_email}} -d {{fqdn}}'
# cron_file: letsencrypt
# user: root

37
roles/openhab/tasks/main.yml
View File

@@ -1,10 +1,37 @@
---
- include: repo.yml
- include: packages.yml
- include: jdk.yml
tags:
- jdk
- openhab_all
- include: openhab.yml
- include: habmin.yml
- include: nfs.yml
- include: mysql.yml
tags:
- openhab
- openhab_all
- include: rollershutters.yml
tags:
- rollershutters
- openhab_all
- include: nginx.yml
tags:
- nginx
- openhab_all
- include: dynv6.yml
tags:
- dynv6
- openhab_all
- include: letsencrypt.yml
tags:
- letsencrypt
- openhab_all
- include: scripts.yml
tags:
- scripts
- openhab_all
# - include: gardena.yml
# tags:
# - gardena
# - openhab_all

29
roles/openhab/tasks/mysql.yml
View File

@@ -1,29 +0,0 @@
---
- name: install mysql packages
apt:
pkg: "{{item}}"
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
with_items:
- mysql-server
- python-mysqldb
tags:
- mysql
- name: Create openhab database
mysql_db:
name: openhab
state: present
tags:
- mysql
- mysql_user:
name: openhab
password: openhab
priv: '*.*:ALL'
state: present
tags:
- mysql

30
roles/openhab/tasks/nfs.yml
View File

@@ -1,30 +0,0 @@
---
- name: ensure packages are installed
apt:
pkg: "{{item}}"
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
with_items:
- nfs-common
- nfs-kernel-server
tags:
- packages
- nfs
- openhab
- name: update /etc/exports
lineinfile:
dest=/etc/exports
regexp="^{{item.mount_point}}\s.*"
line="{{item.mount_point}} {{item.options}}"
notify: update exportfs
with_items:
- { mount_point: "/etc/openhab", options: "*(rw,sync,no_subtree_check,all_squash)" }
tags:
- nfs
- nfsconfig
- openhab

72
roles/openhab/tasks/nginx.yml Normal file
View File

@@ -0,0 +1,72 @@
---
- name: ensure packages are installed
apt:
pkg:
- nginx
- python3-passlib
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
- name: create nginx config
template:
src: nginx.conf.j2
dest: "/etc/nginx/sites-available/openhab.conf"
owner: root
group: root
mode: "u=rwx,g=r,o=r"
notify: restart nginx
- stat: path=/etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem
register: letsencrypt_cert
- name: overwrite nginx config for letsencrypt initialization
template:
src: nginx.init.conf.j2
dest: "/etc/nginx/sites-available/openhab.conf"
owner: root
group: root
mode: "u=rwx,g=r,o=r"
notify: restart nginx
when: letsencrypt_cert.stat.exists == false
- name: create nginx passwd file
htpasswd:
name: "{{nginx_user}}"
password: "{{nginx_password}}"
path: "/etc/nginx/htpasswd"
owner: root
group: root
mode: "u=rw"
notify: restart nginx
- name: remove default site
file:
dest: /etc/nginx/sites-enabled/default
state: absent
notify: restart nginx
- name: enable openhab site
file:
src: /etc/nginx/sites-available/openhab.conf
dest: /etc/nginx/sites-enabled/openhab.conf
state: link
notify: restart nginx
- name: ssl dir
file:
dest: /etc/nginx/ssl
state: directory
- name: create self singed certificate
command: 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=CH/ST=AG/L=Niederlenz/O=none/OU=none/CN=schnidrig.dynv6.net"'
args:
creates: "/etc/nginx/ssl/nginx.crt"
- name: gen dhparam
command: 'openssl dhparam -outform PEM -out /etc/nginx/ssl/dhparam2048.pem 2048'
args:
creates: "/etc/nginx/ssl/dhparam2048.pem"
notify: restart nginx

73
roles/openhab/tasks/openhab.yml
View File

@@ -1,20 +1,61 @@
---
- name:
user:
name: openhab
groups: "dialout"
append: yes
tags:
- openhab
- user
- name: Add Openhab Repo Key
ansible.builtin.apt_key:
url: https://bintray.com/user/downloadSubjectPublicKey?username=openhab
state: present
- name: "configure systemd"
systemd:
name: openhab
- name: Add Openhab Repo
ansible.builtin.apt_repository:
repo: "deb https://dl.bintray.com/openhab/apt-repo2 stable main"
state: present
filename: openhab
- name: ensure packages are installed
apt:
pkg:
- openhab
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
- name: Create a symbolic links
ansible.builtin.file:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: pi
group: pi
state: link
loop:
- {"src": "/usr/share/openhab", "dest": "/home/pi/openhab_bin"}
- {"src": "/usr/share/openhab/addons", "dest": "/home/pi/addons"}
- {"src": "/etc/openhab", "dest": "/home/pi/conf"}
- {"src": "/var/log/openhab", "dest": "/home/pi/logs"}
- {"src": "/var/lib/openhab", "dest": "/home/pi/userdata"}
- {"src": "/var/lib/openhab/backups", "dest": "/home/pi/backups"}
- {"src": "/usr/share/openhab/runtime/bin/client", "dest": "/home/pi/bin/client"}
- {"src": "/usr/share/openhab/runtime/bin/restore", "dest": "/home/pi/bin/restore"}
- name: add directories
file:
path: "{{ item }}"
owner: root
group: root
mode: '0755'
state: directory
loop:
- "/etc/systemd/system/openhab.service.d"
# original file from '/lib/systemd/system/openhab.service'
- name: openhab service
template:
src: openhab.service
dest: /etc/systemd/system/openhab.service.d/override.conf
- name: force systemd to reread configs
ansible.builtin.systemd:
daemon_reload: yes
enabled: true
state: started
tags:
- openhab
- name: Enable openhab service
ansible.builtin.service:
name: openhab
enabled: yes

39
roles/openhab/tasks/packages.yml
View File

@@ -1,39 +0,0 @@
---
- name: install main packages
apt:
pkg: "{{item}}"
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
with_items:
- "{{jdk}}"
- openhab-runtime
- sysstat
tags:
- packages
- openhab
- name: install bindings
apt:
pkg: "openhab-addon-binding-{{item}}"
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
with_items: "{{bindings}}"
tags:
- packages
- bindings
- openhab
- name: install persistence add ons
apt:
pkg: "openhab-addon-persistence-{{item}}"
update_cache: "{{apt_config.update_cache}}"
cache_valid_time: "{{apt_config.cache_valid_time}}"
with_items: "{{persistence}}"
tags:
- packages
- persistence
- openhab

18
roles/openhab/tasks/repo.yml
View File

@@ -1,18 +0,0 @@
---
- name: install ppa key
apt_key: url=https://bintray.com/user/downloadSubjectPublicKey?username=openhab state=present
tags:
- repo
- openhab
- name: install openhab repo
apt_repository:
repo='deb http://dl.bintray.com/openhab/apt-repo stable main'
state=present
update_cache=yes
filename=openhab
tags:
- repo
- openhab

15
roles/openhab/tasks/rollershutters.yml Normal file
View File

@@ -0,0 +1,15 @@
- name: Download Rollershutters dependencies
get_url:
url: "{{ item.src }}"
dest: "/usr/share/openhab/addons/{{ item.name }}"
mode: "0644"
loop:
# https://mvnrepository.com/artifact/org.apache.servicemix.bundles/org.apache.servicemix.bundles.quartz
- name: "org.apache.servicemix.bundles.quartz-2.3.2_1.jar"
src: "https://repo1.maven.org/maven2/org/apache/servicemix/bundles/org.apache.servicemix.bundles.quartz/2.3.2_1/org.apache.servicemix.bundles.quartz-2.3.2_1.jar"
# seems to be included in openhab already
#- name: "snakeyaml-1.27.jar"
# src: "https://repo1.maven.org/maven2/org/yaml/snakeyaml/1.27/snakeyaml-1.27.jar"
tags:
- javalibs

16
roles/openhab/tasks/scripts.yml Normal file
View File

@@ -0,0 +1,16 @@
---
- name: create scripts dir
file:
dest: "/home/pi/bin"
state: directory
- name: create scripts
template:
src: "{{ item }}.sh"
dest: "/home/pi/bin/{{ item }}"
owner: root
group: root
mode: "u=rwx,g=xr,o=rx"
loop:
- backup

8
roles/openhab/templates/backup.sh Normal file
View File

@@ -0,0 +1,8 @@
BACKUP_DIR=" /var/lib/openhab/backups"
BACKUP_SERVER_URL="christian@ds3018:/volume1/backup/openhab"
sudo /usr/share/openhab/runtime/bin/backup
BACKUP_FILE=$(/bin/ls -tr ${BACKUP_DIR}/ |tail -1)
scp ${BACKUP_DIR}/${BACKUP_FILE} ${BACKUP_SERVER_URL}/

49
roles/openhab/templates/dynv6.sh.j2 Normal file
View File

@@ -0,0 +1,49 @@
#!/bin/sh -e
hostname="{{dynv6_name}}"
device="{{dynv6_device}}"
token="{{dynv6_token}}"
file=$HOME/.dynv6.addr6
[ -e $file ] && old=`cat $file`
if [ -z "$hostname" -o -z "$token" ]; then
echo "Usage: token=<your-authentication-token> [netmask=64] $0 your-name.dynv6.net [device]"
exit 1
fi
if [ -z "$netmask" ]; then
netmask=128
fi
if [ -n "$device" ]; then
device="dev $device"
fi
address=$(ip -6 addr list scope global $device | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)
if [ -e /usr/bin/curl ]; then
bin="curl -fsS"
elif [ -e /usr/bin/wget ]; then
bin="wget -O-"
else
echo "neither curl nor wget found"
exit 1
fi
if [ -z "$address" ]; then
echo "no IPv6 address found"
exit 1
fi
# address with netmask
current=$address/$netmask
if [ "$old" = "$current" ]; then
echo "IPv6 address unchanged"
exit
fi
# send addresses to dynv6
$bin "http://dynv6.com/api/update?hostname=$hostname&ipv6=$current&token=$token"
#$bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=auto&token=$token"
# save current address
echo $current > $file

64
roles/openhab/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,64 @@
# redirect http to https
server {
listen [::]:80 ipv6only=off;
server_name {{fqdn}};
return 301 https://$server_name$request_uri;
}
server {
listen [::]:443 ipv6only=off ssl;
server_name {{fqdn}};
# Cross-Origin Resource Sharing
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow_Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always;
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;
# certificate
ssl_certificate /etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/schnidrig.dynv6.net/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
ssl_ecdh_curve secp384r1;
# check settings with: https://www.ssllabs.com/ssltest/analyze.html?d={{fqdn}}
location / {
proxy_pass http://localhost:8080/;
proxy_redirect http:// https://;
proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600;
auth_basic "Openhab";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /logs/ {
proxy_pass http://localhost:9001/;
sub_filter_once off;
sub_filter_types text/html;
sub_filter 'href="/' 'href="/logs/';
sub_filter 'src="/' 'src="/logs/';
sub_filter "path: '/socket.io'" "path: '/logs/socket.io'";
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
auth_basic "Openhab";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /.well-known/acme-challenge/ {
root /var/www/html;
}
}

24
roles/openhab/templates/nginx.init.conf.j2 Normal file
View File

@@ -0,0 +1,24 @@
server {
listen [::]:80 ipv6only=off;
listen [::]:443 ipv6only=off ssl;
server_name schnidrig.dynv6.net;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
location / {
proxy_pass http://localhost:8080/;
proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
auth_basic "Openhab";
auth_basic_user_file /etc/nginx/htpasswd;
}
location /.well-known/acme-challenge/ {
root /var/www/html;
}
}

5
roles/openhab/templates/openhab.service Normal file
View File

@@ -0,0 +1,5 @@
[Service]
User=
User=pi
Group=
Group=pi