mirror of
https://github.com/schnidrig/openhab-ansible
synced 2026-01-12 00:48:46 +01:00
upgrade to openhab 3
This commit is contained in:
Christian Schnidrig
8
roles/openhab/templates/backup.sh
Normal file
8
roles/openhab/templates/backup.sh
Normal file
@@ -0,0 +1,8 @@
|
||||
|
||||
BACKUP_DIR=" /var/lib/openhab/backups"
|
||||
BACKUP_SERVER_URL="christian@ds3018:/volume1/backup/openhab"
|
||||
|
||||
sudo /usr/share/openhab/runtime/bin/backup
|
||||
|
||||
BACKUP_FILE=$(/bin/ls -tr ${BACKUP_DIR}/ |tail -1)
|
||||
scp ${BACKUP_DIR}/${BACKUP_FILE} ${BACKUP_SERVER_URL}/
|
||||
49
roles/openhab/templates/dynv6.sh.j2
Normal file
49
roles/openhab/templates/dynv6.sh.j2
Normal file
@@ -0,0 +1,49 @@
|
||||
#!/bin/sh -e
|
||||
hostname="{{dynv6_name}}"
|
||||
device="{{dynv6_device}}"
|
||||
token="{{dynv6_token}}"
|
||||
file=$HOME/.dynv6.addr6
|
||||
[ -e $file ] && old=`cat $file`
|
||||
|
||||
if [ -z "$hostname" -o -z "$token" ]; then
|
||||
echo "Usage: token=<your-authentication-token> [netmask=64] $0 your-name.dynv6.net [device]"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$netmask" ]; then
|
||||
netmask=128
|
||||
fi
|
||||
|
||||
if [ -n "$device" ]; then
|
||||
device="dev $device"
|
||||
fi
|
||||
address=$(ip -6 addr list scope global $device | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)
|
||||
|
||||
if [ -e /usr/bin/curl ]; then
|
||||
bin="curl -fsS"
|
||||
elif [ -e /usr/bin/wget ]; then
|
||||
bin="wget -O-"
|
||||
else
|
||||
echo "neither curl nor wget found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$address" ]; then
|
||||
echo "no IPv6 address found"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# address with netmask
|
||||
current=$address/$netmask
|
||||
|
||||
if [ "$old" = "$current" ]; then
|
||||
echo "IPv6 address unchanged"
|
||||
exit
|
||||
fi
|
||||
|
||||
# send addresses to dynv6
|
||||
$bin "http://dynv6.com/api/update?hostname=$hostname&ipv6=$current&token=$token"
|
||||
#$bin "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=auto&token=$token"
|
||||
|
||||
# save current address
|
||||
echo $current > $file
|
||||
64
roles/openhab/templates/nginx.conf.j2
Normal file
64
roles/openhab/templates/nginx.conf.j2
Normal file
@@ -0,0 +1,64 @@
|
||||
|
||||
# redirect http to https
|
||||
server {
|
||||
listen [::]:80 ipv6only=off;
|
||||
server_name {{fqdn}};
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ipv6only=off ssl;
|
||||
server_name {{fqdn}};
|
||||
|
||||
# Cross-Origin Resource Sharing
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow_Credentials' 'true' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH' always;
|
||||
|
||||
# certificate
|
||||
ssl_certificate /etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/schnidrig.dynv6.net/privkey.pem;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:!MD5:!RC4:!LOW:!MEDIUM:!CAMELLIA:!ECDSA:!DES:!DSS:!3DES:!NULL;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam2048.pem;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
# check settings with: https://www.ssllabs.com/ssltest/analyze.html?d={{fqdn}}
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_redirect http:// https://;
|
||||
proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 3600;
|
||||
|
||||
auth_basic "Openhab";
|
||||
auth_basic_user_file /etc/nginx/htpasswd;
|
||||
}
|
||||
|
||||
location /logs/ {
|
||||
proxy_pass http://localhost:9001/;
|
||||
sub_filter_once off;
|
||||
sub_filter_types text/html;
|
||||
sub_filter 'href="/' 'href="/logs/';
|
||||
sub_filter 'src="/' 'src="/logs/';
|
||||
sub_filter "path: '/socket.io'" "path: '/logs/socket.io'";
|
||||
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
|
||||
auth_basic "Openhab";
|
||||
auth_basic_user_file /etc/nginx/htpasswd;
|
||||
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
}
|
||||
24
roles/openhab/templates/nginx.init.conf.j2
Normal file
24
roles/openhab/templates/nginx.init.conf.j2
Normal file
@@ -0,0 +1,24 @@
|
||||
server {
|
||||
listen [::]:80 ipv6only=off;
|
||||
listen [::]:443 ipv6only=off ssl;
|
||||
server_name schnidrig.dynv6.net;
|
||||
|
||||
ssl_certificate /etc/nginx/ssl/nginx.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/nginx.key;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_buffering off; # openHAB supports non-buffering specifically for SSEs now
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
auth_basic "Openhab";
|
||||
auth_basic_user_file /etc/nginx/htpasswd;
|
||||
}
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
}
|
||||
5
roles/openhab/templates/openhab.service
Normal file
5
roles/openhab/templates/openhab.service
Normal file
@@ -0,0 +1,5 @@
|
||||
[Service]
|
||||
User=
|
||||
User=pi
|
||||
Group=
|
||||
Group=pi
|
||||
Reference in New Issue
Block a user