├── developer ├── docker.yml ├── docker-compose.yml ├── opencv.retry ├── devstuff.retry ├── developer.yml ├── files │ └── opencv │ │ ├── capture.jpg │ │ ├── Makefile │ │ └── example.cpp ├── devstuff.yml └── opencv.yml ├── files ├── openhab │ └── README.md ├── mongodb │ ├── db │ │ └── README.txt │ └── configdb │ │ └── README.txt ├── nginx │ ├── nginx.service │ ├── nginx.conf │ └── default ├── homeassistant │ ├── groups.yaml │ ├── scripts.yaml │ ├── automations.yaml │ ├── customize.yaml │ ├── secrets.yaml │ ├── appdaemon.yml │ └── configuration.yaml ├── jupyter │ ├── notebooks │ │ ├── readme.txt │ │ └── logs │ │ │ └── readme.txt │ ├── tensorboards │ │ └── readme.txt │ ├── run_jupyter.sh │ └── jupyter_notebook_config.py ├── homeassistant-appdaemon │ ├── apps.yaml │ ├── secrets.yaml │ ├── dashboards │ │ └── main.dash │ └── appdaemon.yaml ├── influxdb │ └── README.txt ├── pip │ └── requirements.txt ├── grafana │ ├── data │ │ └── README.txt │ └── config │ │ └── grafana.ini ├── postgres │ └── data │ │ └── README.txt ├── samba │ ├── README.txt │ └── smb.conf ├── redis │ └── data │ │ └── README.txt ├── nextcloud │ └── config │ │ └── config.php ├── vscode │ ├── vscode.sh │ └── vscode.desktop ├── docker │ ├── fixdocker.sh │ ├── dockercomposescript.sh │ ├── dockerhack.sh │ ├── dockercompose.service │ └── dockerhack.service ├── traefik │ └── traefik.toml ├── nodered │ ├── package.json │ └── settings.js ├── google-assistant │ ├── google-assistant.sh │ └── google-assistant │ │ ├── firstrun.sh │ │ └── install-google-assistant.sh ├── apt-docker │ └── get-docker.sh ├── systemd │ ├── docker-compose.service │ └── jupyter.service ├── ngrok │ ├── ngrok.yml │ ├── ngrok.service │ └── ngrok.py ├── phpmyadmin │ └── config.inc.php ├── webserver │ └── html │ │ └── index.html └── mqtt │ └── mosquitto.conf ├── developer.retry ├── playbook.retry ├── tensorflow.yml ├── .gitignore ├── sendssmtp ├── ssmtp.txt ├── cmdline.txt ├── netdata.yml ├── wpa_supplicant-sample.conf ├── wpa_supplicant.conf ├── apt-update.yml ├── templates ├── extraVars.txt ├── test.txt └── docker-compose-complete-jinja.yml ├── prerequisites.yml ├── pip.yml ├── hosts ├── createbackup.sh ├── lamp.yml ├── apt-software.yml ├── run.sh ├── wpa_supplicant-sample-complex.conf ├── setupkeyboard.sh ├── keyboard-layout.yml ├── nginx.yml ├── wordpress.j2 ├── docker-compose-simple.yml ├── google-assistant.yml ├── ngrok.yml ├── Makefile ├── sambafiles.yml ├── setup-msys32.sh ├── setup-msys64.sh ├── playbook.yml ├── docker-simple.yml ├── amazon-alexa.yml ├── motioneye.yml ├── python.yml ├── node-red-better-upgrade-method.yml ├── docker.yml ├── dockerexperimental.yml ├── group_vars └── raspberrypis.yml ├── jupyter.yml ├── raspbian-setup.yml ├── docker-compose-original.yml ├── wordpress.yml └── readme.md /developer/docker.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/openhab/README.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /developer/docker-compose.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/mongodb/db/README.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/nginx/nginx.service: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /developer.retry: -------------------------------------------------------------------------------- 1 | raspberrypi 2 | -------------------------------------------------------------------------------- /files/homeassistant/groups.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/homeassistant/scripts.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/mongodb/configdb/README.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /playbook.retry: -------------------------------------------------------------------------------- 1 | raspberrypi 2 | -------------------------------------------------------------------------------- /developer/opencv.retry: -------------------------------------------------------------------------------- 1 | raspberrypi 2 | -------------------------------------------------------------------------------- /files/homeassistant/automations.yaml: -------------------------------------------------------------------------------- 1 | [] -------------------------------------------------------------------------------- /files/homeassistant/customize.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/jupyter/notebooks/readme.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/jupyter/tensorboards/readme.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /developer/devstuff.retry: -------------------------------------------------------------------------------- 1 | raspberrypi 2 | -------------------------------------------------------------------------------- /files/homeassistant-appdaemon/apps.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/homeassistant-appdaemon/secrets.yaml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /files/influxdb/README.txt: -------------------------------------------------------------------------------- 1 | influxdb on port 8086 -------------------------------------------------------------------------------- /files/pip/requirements.txt: -------------------------------------------------------------------------------- 1 | docker-compose 2 | -------------------------------------------------------------------------------- /files/grafana/data/README.txt: -------------------------------------------------------------------------------- 1 | Grafana data goes here. -------------------------------------------------------------------------------- /files/homeassistant-appdaemon/dashboards/main.dash: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /developer/developer.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /files/jupyter/notebooks/logs/readme.txt: -------------------------------------------------------------------------------- 1 | TensorBoard Logs -------------------------------------------------------------------------------- /files/postgres/data/README.txt: -------------------------------------------------------------------------------- 1 | Postgres data stored here. -------------------------------------------------------------------------------- /files/samba/README.txt: -------------------------------------------------------------------------------- 1 | SAMBA share available at /storage -------------------------------------------------------------------------------- /files/redis/data/README.txt: -------------------------------------------------------------------------------- 1 | Redis data stored in this directory. -------------------------------------------------------------------------------- /tensorflow.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Tensorflow 3 | 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | roles/ 2 | roles/*.* 3 | roles/* 4 | 5 | *.retry 6 | -------------------------------------------------------------------------------- /files/nextcloud/config/config.php: -------------------------------------------------------------------------------- 1 | google 6 | 7 | 8 | -------------------------------------------------------------------------------- /files/homeassistant/secrets.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Use this file to store secrets like usernames and passwords. 3 | # Learn more at https://home-assistant.io/docs/configuration/secrets/ 4 | #http_password: welcome 5 | -------------------------------------------------------------------------------- /cmdline.txt: -------------------------------------------------------------------------------- 1 | dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory 2 | -------------------------------------------------------------------------------- /netdata.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Raspberry Pi Basic Settings 3 | hosts: raspberrypis 4 | tasks: 5 | - name: Install netdata 6 | shell: bash <(curl -Ss https://my-netdata.io/kickstart.sh) --dont-wait 7 | -------------------------------------------------------------------------------- /files/apt-docker/get-docker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | wget https://download.docker.com/linux/static/stable/armhf/docker-17.06.2-ce.tgz -O /tmp/docker.tgz 3 | tar xzf /tmp/docker.tgz 4 | cd docker 5 | cp -f * /usr/bin 6 | 7 | -------------------------------------------------------------------------------- /wpa_supplicant-sample.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev 2 | update_config=1 3 | 4 | network={ 5 | ssid="MelbPC-NUE" 6 | psk="peachspeak38" 7 | key_mgmt=WPA-PSK 8 | } 9 | -------------------------------------------------------------------------------- /files/homeassistant/appdaemon.yml: -------------------------------------------------------------------------------- 1 | AppDaemon: 2 | logfile: STDOUT 3 | errorfile: STDERR 4 | threads: 10 5 | 6 | HASS: 7 | ha_url: http://localhost:8123 8 | 9 | HADashboard: 10 | dash_url: http://localhost:5050 11 | -------------------------------------------------------------------------------- /wpa_supplicant.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev 2 | update_config=1 3 | 4 | network={ 5 | ssid="{{RASPBIAN_WIFI_SSID}}" 6 | psk="{{RASPBIAN_WIFI_PASSWORD}}" 7 | key_mgmt=WPA-PSK 8 | } 9 | -------------------------------------------------------------------------------- /files/google-assistant/google-assistant/firstrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | source env/bin/activate 3 | google-oauthlib-tool --client-secrets /home/pi/client_secret_client-id.json --scope https://www.googleapis.com/auth/assistant-sdk-prototype --save --headless -------------------------------------------------------------------------------- /files/vscode/vscode.desktop: -------------------------------------------------------------------------------- 1 | [VSCode] 2 | 3 | Type=Application 4 | Version=1.0 5 | Name=VSCode 6 | Path=/home/pi/vscode/scripts 7 | Exec=code.sh 8 | Icon=/home/pi/vscode/resources/linux/code.png 9 | Terminal=false 10 | Categories=Programming 11 | 12 | -------------------------------------------------------------------------------- /files/homeassistant-appdaemon/appdaemon.yaml: -------------------------------------------------------------------------------- 1 | AppDaemon: 2 | logfile: STDOUT 3 | errorfile: STDERR 4 | threads: 10 5 | disable_apps: 1 6 | 7 | HASS: 8 | ha_url: http://localhost:8123 9 | 10 | HADashboard: 11 | dash_url: http://localhost:5050 12 | -------------------------------------------------------------------------------- /apt-update.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: apt-get update 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Get latest Raspbian updates 7 | apt: 8 | update_cache: yes 9 | autoclean: yes 10 | autoremove: yes 11 | 12 | -------------------------------------------------------------------------------- /files/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | events { 2 | worker_connections 4096; ## Default: 1024 3 | } 4 | 5 | http { 6 | server { 7 | listen 80; 8 | server_name localhost; 9 | 10 | location / { 11 | proxy_pass http://localhost:8000; 12 | } 13 | 14 | } 15 | } -------------------------------------------------------------------------------- /templates/extraVars.txt: -------------------------------------------------------------------------------- 1 | 2 | dockerWeb: true 3 | dockerPortainer: true 4 | dockerSAMBA: true 5 | dockerHomeAssistant: false 6 | dockerHomeAssistantAppDaemon: false 7 | dockerOpenHAB: false 8 | dockerMQTT: false 9 | dockerInfluxDB: false 10 | dockerMongoDB: false 11 | dockerJupyter: false -------------------------------------------------------------------------------- /files/systemd/docker-compose.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Docker compose service 3 | After=docker.service 4 | Requires=docker.service 5 | 6 | [Service] 7 | ExecStart=/usr/bin/docker-compose up -d 8 | ExecStop=/usr/bin/docker-compose down 9 | 10 | [Install] 11 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /developer/files/opencv/Makefile: -------------------------------------------------------------------------------- 1 | SOURCES=example.cpp 2 | EXECUTABLE=example 3 | CC=g++ 4 | CGFLAGS=$(shell pkg-config --cflags opencv) 5 | LIBS=$(shell pkg-config --libs opencv) 6 | 7 | 8 | all: $(SOURCES) 9 | $(CC) $(CGFLAGS) $(LIBS) -o $(EXECUTABLE) $(SOURCES) 10 | 11 | run: 12 | ./$(EXECUTABLE) -------------------------------------------------------------------------------- /files/jupyter/jupyter_notebook_config.py: -------------------------------------------------------------------------------- 1 | c = get_config() 2 | c.NotebookApp.open_browser = False 3 | c.NotebookApp.ip = '*' 4 | #c.NotebookApp.base_url = '/jupyter' 5 | c.NotebookApp.trust_xheaders = True 6 | #c.NotebookApp.tornado_settings = {'static_url_prefix': '/jupyter/static/'} 7 | c.NotebookApp.token = u'' 8 | -------------------------------------------------------------------------------- /prerequisites.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Ansible prerequisites on control PC 3 | hosts: localhost 4 | become: true 5 | tasks: 6 | - name: Install prerequisites 7 | apt: 8 | name: "{{item}}" 9 | state: latest 10 | with_items: 11 | - python-apt 12 | - aptitude -------------------------------------------------------------------------------- /files/docker/dockerhack.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | apt-get -y install --reinstall docker-ce 4 | #cd /storage/docker/docker 5 | #dpkg -i docker-engine_17.05.0~ce-0~raspbian-jessie_armhf.deb 6 | cd /storage/docker 7 | docker-compose up -d 8 | sleep 10 9 | docker-compose down 10 | sleep 10 11 | docker-compose up -d 12 | 13 | 14 | -------------------------------------------------------------------------------- /files/docker/dockercompose.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=dockercompose 3 | Requires=dockerhack.service 4 | Wants=dockerhack.service 5 | 6 | [Service] 7 | WorkingDirectory=/storage/docker 8 | ExecStartPre=/bin/sleep 90 9 | ExecStart=/usr/bin/docker-compose up -d 10 | TimeoutSec=infinity 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /files/docker/dockerhack.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=dockerhack 3 | Before=docker.service 4 | Wants=docker.service 5 | 6 | [Service] 7 | Type=simple 8 | ExecStart=/usr/bin/env bash /storage/docker/docker/dockerhack.sh 9 | ExecStartPost=/bin/echo "All Done" 10 | TimeoutStartSec=infinity 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /pip.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install python packages with pip 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Install with pip 7 | shell: pip install -r requirements.txt 8 | args: 9 | chdir: /storage/docker/pip 10 | retries: 3 11 | delay: 5 12 | register: result 13 | until: result.rc == 0 14 | 15 | -------------------------------------------------------------------------------- /files/systemd/jupyter.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Jupyter Notebook 3 | 4 | [Service] 5 | Type=simple 6 | PIDFile=/run/jupyter.pid 7 | ExecStart=/usr/local/bin/jupyter notebook --allow-root --config=/storage/docker/jupyter/jupyter_notebook_config.py 8 | WorkingDirectory=/storage/docker/jupyter/notebooks 9 | 10 | [Install] 11 | WantedBy=multi-user.target 12 | 13 | -------------------------------------------------------------------------------- /hosts: -------------------------------------------------------------------------------- 1 | # Users should edit this file 2 | # http://docs.ansible.com/ansible/intro_inventory.html 3 | # 4 | # Users should change the ansible_host IP address to the Raspberry 5 | # Pi IP address. Users can also change raspberrypi to another 6 | # hostname. 7 | 8 | [raspberrypis] 9 | raspberrypi ansible_host=192.168.81.86 ansible_user=pi ansible_ssh_common_args='-o StrictHostKeyChecking=no' 10 | 11 | -------------------------------------------------------------------------------- /files/samba/smb.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | netbios name = SAMBA 3 | workgroup = WORKGROUP 4 | server string = Samba %v in an Docker container 5 | security = user 6 | guest account = root 7 | 8 | [guest] 9 | comment = data 10 | path = /data 11 | read only = no 12 | guest ok = yes 13 | writable = yes 14 | browsable = yes 15 | public = yes 16 | -------------------------------------------------------------------------------- /files/ngrok/ngrok.yml: -------------------------------------------------------------------------------- 1 | web_addr: 0.0.0.0:4040 2 | authtoken: 3r8b5gGT1s5y6ETDGBb53_2wTYsBxYeyTHfnrRpxDcG 3 | tunnels: 4 | apache: 5 | addr: 80 6 | proto: http 7 | bind_tls: false 8 | nodered: 9 | addr: 1880 10 | proto: http 11 | bind_tls: false 12 | jupyter: 13 | addr: 8888 14 | proto: http 15 | bind_tls: false 16 | nodereddocker: 17 | addr: 1881 18 | proto: http 19 | bind_tls: false 20 | 21 | -------------------------------------------------------------------------------- /createbackup.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #backup 3 | #dd if=/dev/mmcblk0 of=mbr_image bs=446 count=1 4 | #sfdisk -d /dev/mmcblk0 > pi_partitions 5 | #tar cvpJf - --one-file-system / | ssh user@host "cat > turboraspbian.img.xz" 6 | 7 | #restore 8 | #dd if=mbr_image of=/dev/mmcblk0 9 | #sfdisk /dev/mmcblk0 < pi_partitions 10 | #tar xvJf turboraspbian.img.xz 11 | 12 | 13 | 14 | dd if=/dev/mmcblk0 bs=4k | xz -zf - | ssh user@host "cat > turboraspbian.img.xz" -------------------------------------------------------------------------------- /files/nginx/default: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | 5 | location /jupyter { 6 | proxy_pass http://localhost:8888; 7 | proxy_set_header Host $host; 8 | proxy_http_version: 1.1 9 | proxy_set_header Upgrade $http_upgrade; 10 | proxy_set_header Connection "upgrade"; 11 | proxy_set_header Origin ""; 12 | } 13 | 14 | location / { 15 | proxy_pass http://localhost:8000; 16 | } 17 | 18 | } -------------------------------------------------------------------------------- /files/ngrok/ngrok.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Share local port(s) with ngrok 3 | After=syslog.target network.target 4 | 5 | [Service] 6 | PrivateTmp=true 7 | Type=simple 8 | Restart=always 9 | RestartSec=1min 10 | StandardOutput=null 11 | StandardError=null 12 | ExecStart=/usr/local/bin/ngrok start --all --config /storage/docker/ngrok/ngrok.yml 13 | #ExecStartPost=/storage/docker/ngrok/ngrok.py 14 | ExecStop=/usr/bin/killall ngrok 15 | 16 | [Install] 17 | WantedBy=multi-user.target 18 | 19 | 20 | -------------------------------------------------------------------------------- /files/google-assistant/google-assistant/install-google-assistant.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | sudo apt-get update 3 | sudo apt-get -y install python3-dev python3-venv 4 | python3 -m venv env 5 | env/bin/python -m pip install --upgrade pip setuptools 6 | source env/bin/activate 7 | sudo apt-get install portaudio19-dev libffi-dev libssl-dev 8 | python -m pip install wheel 9 | python -m pip install --upgrade google-assistant-library 10 | python -m pip install --upgrade google-assistant-sdk[samples] 11 | python -m pip install --upgrade google-auth-oauthlib[tool] 12 | -------------------------------------------------------------------------------- /lamp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install LAMP(Apache, MySQL, PHP) 3 | hosts: raspberrypis 4 | vars: 5 | php_packages: 6 | - libapache2-mod-php5 7 | - php5-mysql 8 | roles: 9 | - geerlingguy.apache 10 | - geerlingguy.php 11 | - geerlingguy.mysql 12 | become: true 13 | 14 | - name: Copy index.html to /var/www/html 15 | hosts: raspberrypis 16 | become: true 17 | tasks: 18 | - name: Copy index.html to /var/www/html 19 | copy: 20 | src: index.html 21 | dest: /var/www/html 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /apt-software.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install and update software through apt 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Install software 7 | apt: 8 | name: "{{ item }}" 9 | state: latest 10 | with_items: 11 | - at-spi2-core 12 | - florence 13 | - build-essential 14 | 15 | - name: Install software from group_vars/raspberrypis.yml 16 | apt: 17 | name: "{{ item }}" 18 | state: present 19 | with_items: "{{ RASPBIAN_APT_INSTALL }}" 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # if you don't want to run the whole box and dice, use the tags 4 | # ansible-playbook --verbose -i hosts playbook.yml --ask-become-pass --tags=prequisites,apt 5 | # also 6 | # ansible-playbook --verbose -i hosts playbook.yml --ask-become-pass --skip-tags=apt 7 | 8 | 9 | #ansible-playbook --verbose -i hosts playbook.yml --ask-become-pass 10 | #ansible-playbook --verbose -i hosts playbook.yml --extra-vars="ansible_become_pass=Kiac##44" 11 | ansible-playbook --verbose -i hosts rtmpstreaming.yml --extra-vars="ansible_become_pass=Kiac##44" 12 | 13 | 14 | -------------------------------------------------------------------------------- /wpa_supplicant-sample-complex.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev 2 | update_config=1 3 | 4 | network={ 5 | ssid="HUAWEI" 6 | psk="peachspeak38" 7 | key_mgmt=WPA-PSK 8 | id_str="mobilephone" 9 | priority=3 10 | } 11 | 12 | network={ 13 | ssid="garage" 14 | key_mgmt=NONE 15 | id_str="garage" 16 | priority=2 17 | } 18 | 19 | network={ 20 | ssid="MelbPC-NUE" 21 | psk="peachspeak38" 22 | key_mgmt=WPA-PSK 23 | id_str="foyer" 24 | priority=1 25 | } 26 | 27 | 28 | -------------------------------------------------------------------------------- /setupkeyboard.sh: -------------------------------------------------------------------------------- 1 | sudo cat > /etc/default/keyboard <~\`+=,.;:/?|"; 12 | sub salt { join "", map $chars[ rand @chars ], 1 .. 64 } 13 | } 14 | s/put your unique phrase here/salt()/ge 15 | ' /tmp/wp-config.php 16 | mkdir /tmp/wp-content/uploads 17 | chmod 775 /tmp/wp-content/uploads 18 | mkdir -p {{wordpress_install_directory}} 19 | mv /tmp/wordpress/* {{wordpress_install_directory}} -------------------------------------------------------------------------------- /docker-compose-simple.yml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | nodered_one: 4 | image: nodered-rpi 5 | container_name: nodered-one 6 | ports: 7 | - "1881:1880" 8 | nodered_two: 9 | image: nodered-rpi 10 | container_name: nodered-two 11 | ports: 12 | - "1882:1880" 13 | portainer: 14 | image: portainer/portainer:linux-arm 15 | container_name: portainer 16 | command: --no-auth 17 | ports: 18 | - 9000:9000 19 | volumes: 20 | - /var/run/docker.sock:/var/run/docker.sock 21 | samba: 22 | container_name: samba 23 | image: dastrasmue/rpi-samba:v3 24 | network_mode: "host" 25 | ports: 26 | - 137:137/udp 27 | - 138:138/udp 28 | - 139:139 29 | - 445:445 30 | volumes: 31 | - /storage:/share 32 | command: ["-s", "public:/share/public:rw:", "-s", "docker:/share/docker:rw:"] 33 | -------------------------------------------------------------------------------- /templates/test.txt: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | web: 4 | image: httpd 5 | container_name: apache 6 | ports: 7 | - 80:80 8 | volumes: 9 | - /storage/docker/webserver/html:/usr/local/apache2/htdocs/ 10 | 11 | portainer: 12 | image: portainer/portainer:linux-arm 13 | container_name: portainer 14 | command: --no-auth 15 | ports: 16 | - 9000:9000 17 | volumes: 18 | - /var/run/docker.sock:/var/run/docker.sock 19 | 20 | samba: 21 | container_name: samba 22 | image: dastrasmue/rpi-samba:v3 23 | network_mode: "host" 24 | ports: 25 | - 137:137/udp 26 | - 138:138/udp 27 | - 139:139 28 | - 445:445 29 | volumes: 30 | - /storage:/share 31 | command: ["-s", "public:/share/public:rw:", "-s", "docker:/share/docker:rw:"] 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /google-assistant.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # This script is lazy, leaves it to user to run install-google-assistant.sh 3 | # and firstrun.sh, then from then on, you can run the google-assistant.sh 4 | # script from the Desktop 5 | 6 | 7 | - name: Download google assistant scripts 8 | hosts: raspberrypis 9 | tasks: 10 | - name: Create google-assistant directory on Desktop 11 | file: 12 | path: /home/pi/Desktop/google-assistant 13 | state: directory 14 | mode: 0755 15 | 16 | - copy: 17 | src: "{{ item.src }}" 18 | dest: "{{ item.dest }}" 19 | mode: 0755 20 | with_items: 21 | - {src: 'files/google-assistant/google-assistant.sh', dest: '/home/pi/Desktop'} 22 | - {src: 'files/google-assistant/google-assistant/firstrun.sh', dest: '/home/pi/Desktop/google-assistant'} 23 | - {src: 'files/google-assistant/google-assistant/install-google-assistant.sh', dest: '/home/pi/Desktop/google-assistant'} 24 | -------------------------------------------------------------------------------- /ngrok.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install ngrok 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Download and install ngrok 7 | unarchive: 8 | src: https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip 9 | remote_src: true 10 | dest: /usr/local/bin 11 | 12 | - name: Copy ngrok systemd file to right dir 13 | copy: 14 | remote_src: true 15 | src: /storage/docker/ngrok/ngrok.service 16 | dest: /etc/systemd/system 17 | 18 | - name: Make file executable 19 | file: 20 | path: /storage/docker/ngrok/ngrok.py 21 | mode: 0777 22 | 23 | - name: Install python-twitter 24 | pip: 25 | name: python-twitter 26 | 27 | #- name: start and enable ngrok service 28 | # systemd: 29 | # name: ngrok 30 | # enabled: yes 31 | # state: started 32 | 33 | - name: Start and enable ngrok service 34 | shell: "systemctl start ngrok && systemctl enable ngrok" 35 | 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | IPADDRESS=$(shell grep -n ansible_host hosts|tail -1|cut -f2 -d'='|cut -f1 -d' ') 2 | ifdef TAGS 3 | APPENDSTRING=--tags=$(TAGS) 4 | endif 5 | ifdef SKIPTAGS 6 | APPENDSTRING:=$(APPENDSTRING) --skip-tags=$(SKIPTAGS) 7 | endif 8 | 9 | .PHONY: all clean tags test setup 10 | 11 | all: 12 | ssh-keygen -f "/home/mohan/.ssh/known_hosts" -R $(IPADDRESS) ;\ 13 | sshpass -p raspberry ssh-copy-id -o StrictHostKeyChecking=no pi@$(IPADDRESS) ;\ 14 | bash run.sh ;\ 15 | 16 | setup: 17 | echo $(SUDOPASSWORD) | sudo -S add-apt-repository ppa:ansible/ansible ;\ 18 | echo $(SUDOPASSWORD) | sudo -S apt-get update ;\ 19 | echo $(SUDOPASSWORD) | sudo -S apt-get -y install ansible git ;\ 20 | 21 | setupmsys32: 22 | bash setup-msys32.sh 23 | 24 | setupmsys64: 25 | bash setup-msys64.sh 26 | 27 | clean: 28 | ssh-keygen -f $${HOME}/.ssh/known_hosts -R $(IPADDRESS) ;\ 29 | ssh-copy-id pi@$(IPADDRESS) ;\ 30 | 31 | tags: 32 | ansible-playbook --verbose -i hosts playbook.yml $(APPENDSTRING) 33 | 34 | 35 | ping: 36 | ansible -i hosts -m ping all -------------------------------------------------------------------------------- /sambafiles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Samba /storage folder 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Allow guest access to samba share 7 | file: 8 | path: /storage 9 | state: directory 10 | owner: nobody 11 | group: nogroup 12 | mode: 0777 13 | 14 | - name: create /storage/public folder 15 | file: 16 | path: /storage/public 17 | state: directory 18 | owner: nobody 19 | group: nogroup 20 | mode: 0777 21 | 22 | - name: create /storage/docker directory 23 | file: 24 | path: /storage/docker 25 | state: directory 26 | owner: nobody 27 | group: nogroup 28 | mode: 0777 29 | 30 | - name: Copy files 31 | copy: 32 | src: files/ 33 | dest: /storage/docker 34 | owner: nobody 35 | group: nogroup 36 | mode: 0777 37 | 38 | - name: Permissions for nodered docker image 39 | shell: chmod -R 777 /storage/docker/nodered 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | -------------------------------------------------------------------------------- /files/ngrok/ngrok.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import requests 3 | from time import sleep 4 | 5 | sleep(5) 6 | 7 | response = requests.get('http://localhost:4040/api/tunnels') 8 | json = response.json() 9 | endpoints = list(map(lambda x: {"name": x['name'], 10 | "url": x["public_url"]}, json['tunnels'])) 11 | 12 | 13 | # pip install python-twitter 14 | import twitter 15 | consumer_key = "CsFTnKMJbRIfRBAULjl20dIgT" 16 | consumer_secret = "D1pBrJrdGHxXBnrdZEjRwY1q5jWZikECaYtdZOBYadqCgEKvlR" 17 | access_token_key = "848736400161726464-4GJfTme76dN93VEBN3Se0ORChG5hYVK" 18 | access_token_secret = "DmgKguh5lKaSFZgkoWrnDmztsdro3mHisq1NbPAPcMboV" 19 | api = twitter.Api(consumer_key=consumer_key, 20 | consumer_secret=consumer_secret, 21 | access_token_key=access_token_key, 22 | access_token_secret=access_token_secret) 23 | message = "this would be good" 24 | 25 | for endpoint in endpoints: 26 | api.PostUpdate("name:" + endpoint["name"] + " url:" + endpoint['url']) 27 | 28 | # print(endpoints) 29 | # print(json['tunnels']) 30 | -------------------------------------------------------------------------------- /setup-msys32.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | which ansible >/dev/null 2>&1 3 | if [ $? -ne 0 ]; 4 | then 5 | echo "Installing Ansible..." 6 | sleep 5 7 | pushd . 8 | cd ~ 9 | pacman -S libyaml-devel python2 tar libffi libffi-devel gcc pkg-config make openssl-devel openssh --noconfirm --needed 10 | curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py 11 | python2 get-pip.py 12 | wget -c https://download.libsodium.org/libsodium/releases/libsodium-1.0.16-mingw.tar.gz 13 | tar xvzf libsodium-1.0.16-mingw.tar.gz 14 | SODIUM_INSTALL=system CFLAGS=`pkg-config --cflags libffi` LDFLAGS=`pkg-config --libs libffi` C_INCLUDE_PATH=~/libsodium-win32/include LIBRARY_PATH=~/libsodium-win32/lib python2 -m pip install cffi --no-binary :all: 15 | SODIUM_INSTALL=system CFLAGS=`pkg-config --cflags libffi` LDFLAGS=`pkg-config --libs libffi` C_INCLUDE_PATH=~/libsodium-win32/include LIBRARY_PATH=~/libsodium-win32/lib python2 -m pip install pynacl 16 | python2 -m pip install ansible --no-binary :all: 17 | popd 18 | fi 19 | 20 | which ansible >/dev/null 2>&1 21 | if [ $? -eq 0 ]; 22 | then 23 | echo "Ansible installed." 24 | else 25 | echo "Ansible not installed." 26 | fi -------------------------------------------------------------------------------- /setup-msys64.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/bash 2 | which ansible >/dev/null 2>&1 3 | if [ $? -ne 0 ]; 4 | then 5 | echo "Installing Ansible..." 6 | sleep 5 7 | pushd . 8 | cd ~ 9 | pacman -S libyaml-devel python2 tar libffi libffi-devel gcc pkg-config make openssl-devel openssh --noconfirm --needed 10 | curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py 11 | python2 get-pip.py 12 | wget -c https://download.libsodium.org/libsodium/releases/libsodium-1.0.16-mingw.tar.gz 13 | tar xvzf libsodium-1.0.16-mingw.tar.gz 14 | SODIUM_INSTALL=system CFLAGS=`pkg-config --cflags libffi` LDFLAGS=`pkg-config --libs libffi` C_INCLUDE_PATH=~/libsodium-win64/include LIBRARY_PATH=~/libsodium-win64/lib python2 -m pip install cffi --no-binary :all: 15 | SODIUM_INSTALL=system CFLAGS=`pkg-config --cflags libffi` LDFLAGS=`pkg-config --libs libffi` C_INCLUDE_PATH=~/libsodium-win64/include LIBRARY_PATH=~/libsodium-win64/lib python2 -m pip install pynacl 16 | python2 -m pip install ansible --no-binary :all: 17 | popd 18 | fi 19 | 20 | which ansible >/dev/null 2>&1 21 | if [ $? -eq 0 ]; 22 | then 23 | echo "Ansible installed." 24 | else 25 | echo "Ansible not installed." 26 | fi -------------------------------------------------------------------------------- /playbook.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # If you see {{SOME_VARIABLE}} in the yml files, these are 3 | # Ansible variables, defined in the group_vars directory 4 | 5 | - name: Install prerequisites on controlling computer 6 | import_playbook: prerequisites.yml 7 | tags: 8 | - prerequisites 9 | 10 | - name: Update raspbian package list 11 | import_playbook: apt-update.yml 12 | tags: 13 | - aptupdate 14 | 15 | - name: Install Apt Software 16 | import_playbook: apt-software.yml 17 | tags: 18 | - apt 19 | 20 | - name: Raspbian Setup 21 | import_playbook: raspbian-setup.yml 22 | tags: raspbiansetup 23 | 24 | - name: Keyboard Layout 25 | import_playbook: keyboard-layout.yml 26 | tags: 27 | - keyboard 28 | 29 | - name: NodeRED 30 | import_playbook: node-red-better-upgrade-method.yml 31 | tags: 32 | - nodered 33 | 34 | - name: Python 35 | import_playbook: python.yml 36 | tags: 37 | - python 38 | 39 | - name: SAMBA 40 | import_playbook: sambafiles.yml 41 | tags: 42 | - samba 43 | 44 | - name: Docker 45 | import_playbook: docker-simple.yml 46 | tags: 47 | - dockersimple 48 | when: ENABLE_DOCKER 49 | 50 | - name: ngrok 51 | import_playbook: ngrok.yml 52 | tags: 53 | - ngrok 54 | when: ENABLE_NGROK 55 | 56 | -------------------------------------------------------------------------------- /docker-simple.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Simple docker install 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Enabling cgroup options at boot 7 | copy: 8 | src: cmdline.txt 9 | dest: /boot/cmdline.txt 10 | owner: root 11 | group: root 12 | mode: 0755 13 | register: cgroups 14 | 15 | - name: Reboot 16 | shell: "sleep 5 && reboot" 17 | async: 1 18 | poll: 0 19 | when: cgroups is changed 20 | 21 | - name: Wait for reboot to occur 22 | wait_for_connection: 23 | connect_timeout: 30 24 | sleep: 5 25 | delay: 5 26 | timeout: 400 27 | when: cgroups is changed 28 | 29 | - name: Disable Swap 30 | shell: dphys-swapfile swapoff && dphys-swapfile uninstall && update-rc.d dphys-swapfile remove 31 | 32 | - name: Determine if docker is installed 33 | stat: 34 | path: /usr/bin/docker 35 | register: docker_there 36 | ignore_errors: True 37 | 38 | - name: Install docker 39 | shell: "curl -sSL get.docker.com | sh" 40 | when: docker_there.stat.exists == False 41 | 42 | - name: Add group docker to user pi 43 | user: 44 | name: pi 45 | groups: docker 46 | 47 | -------------------------------------------------------------------------------- /amazon-alexa.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install Amazon Alexa sample app for Pi 3 | hosts: raspberrypis 4 | tasks: 5 | # - name: include vars 6 | # include_vars: 7 | # file: group_vars/raspberrypis.yml 8 | # tags: 9 | # - debug 10 | # - name: print debug 11 | # debug: 12 | # msg: "{{ msg }}" 13 | # vars: 14 | # msg: "{{ ALEXA.CLIENT_ID }}" 15 | # tags: 16 | # - debug 17 | 18 | - name: Create alexa directory on Desktop 19 | file: 20 | name: "~/Desktop/alexa" 21 | state: directory 22 | 23 | - name: Download alexa 24 | shell: "wget https://raw.githubusercontent.com/alexa/avs-device-sdk/master/tools/Install/setup.sh && wget https://raw.githubusercontent.com/alexa/avs-device-sdk/master/tools/Install/config.txt && wget https://raw.githubusercontent.com/alexa/avs-device-sdk/master/tools/Install/pi.sh" 25 | args: 26 | chdir: "~/Desktop/alexa" 27 | 28 | 29 | - name: Update client_id config.txt 30 | lineinfile: 31 | path: "~/Desktop/alexa/config.txt" 32 | regexp: "^CLIENT_ID=" 33 | replace: "CLIENT_ID={{ ALEXA.CLIENT_ID }}" 34 | 35 | - name: Update product_id in config.txt 36 | lineinfile: 37 | path: "~/Desktop/alexa/config.txt" 38 | regexp: "^PRODUCT_ID=" 39 | replace: "PRODUCT_ID={{ ALEXA.PRODUCT_ID }}" 40 | 41 | - name: Install alexa 42 | become: true 43 | shell: bash setup.sh config.txt 44 | args: 45 | chdir: "~/Desktop/alexa" 46 | -------------------------------------------------------------------------------- /motioneye.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: MotionEyeOS 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Install prereqs 7 | apt: 8 | name: "{{ item }}" 9 | state: latest 10 | with_items: 11 | - ffmpeg 12 | - v4l-utils 13 | - libmariadbclient18 14 | - libpq5 15 | - python-pip 16 | - python-dev 17 | - libssl-dev 18 | - libcurl4-openssl-dev 19 | - libjpeg-dev 20 | 21 | - name: Install Motion 22 | apt: 23 | deb: https://github.com/Motion-Project/motion/releases/download/release-4.1.1/pi_stretch_motion_4.1.1-1_armhf.deb 24 | 25 | - name: Install MotionEye 26 | pip: 27 | name: motioneye 28 | 29 | - name: Prepare configuration directory 30 | file: 31 | path: /etc/motioneye 32 | state: directory 33 | 34 | - name: Copy main configuration file 35 | copy: 36 | src: /usr/local/share/motioneye/extra/motioneye.conf.sample 37 | dest: /etc/motioneye/motioneye.conf 38 | remote_src: yes 39 | 40 | - name: Prepare media directory 41 | file: 42 | path: /var/lib/motioneye 43 | state: directory 44 | 45 | - name: Add init script 46 | copy: 47 | src: /usr/local/share/motioneye/extra/motioneye.systemd-unit-local 48 | dest: /etc/systemd/system/motioneye.service 49 | remote_src: yes 50 | 51 | - name: Start systemd services 52 | systemd: 53 | daemon-reload: yes 54 | enabled: yes 55 | name: motioneye 56 | state: started 57 | 58 | -------------------------------------------------------------------------------- /python.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install prerequisites on host control computer 3 | hosts: localhost 4 | become: true 5 | tasks: 6 | - name: Install prerequisites 7 | apt: 8 | name: "{{item}}" 9 | with_items: 10 | - python-virtualenv 11 | - python-pip 12 | 13 | - name: Install python modules via apt-get and pip 14 | hosts: raspberrypis 15 | become: true 16 | tasks: 17 | #- name: 18 | # file: 19 | # path: "/var/lib/dpkg/info/nodejs.list" 20 | # state: absent 21 | - name: Upgrade pip 22 | shell: "pip install --upgrade pip && pip install --upgrade setuptools" 23 | 24 | - name: Upgrade pip3 25 | shell: "pip3 install --upgrade pip && pip3 install --upgrade setuptools" 26 | 27 | - name: Install python2 modules via apt-get 28 | apt: 29 | name: "{{item}}" 30 | state: latest 31 | with_items: "{{PYTHON2_APT_MODULES}}" 32 | when: PYTHON_INSTALL_MODULES 33 | 34 | - name: Install python2 modules via pip 35 | pip: 36 | name: "{{item}}" 37 | state: latest 38 | with_items: "{{PYTHON2_PIP_MODULES}}" 39 | when: PYTHON_INSTALL_MODULES 40 | 41 | - name: Install python3 modules via apt-get 42 | apt: 43 | name: "{{item}}" 44 | state: latest 45 | with_items: "{{PYTHON3_APT_MODULES}}" 46 | when: PYTHON_INSTALL_MODULES 47 | 48 | - name: Install python3 modules via pip 49 | pip: 50 | name: "{{item}}" 51 | state: latest 52 | executable: pip3 53 | with_items: "{{PYTHON3_PIP_MODULES}}" 54 | when: PYTHON_INSTALL_MODULES 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /developer/files/opencv/example.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | 8 | using namespace std; 9 | 10 | void fiddleWithCamera() { 11 | cv::VideoCapture cap(1); 12 | 13 | cv::Mat frame; 14 | cv::Ptr ocr2 = cv::text::OCRTesseract::create(); 15 | string output2; 16 | 17 | for (; ; ) { 18 | cap >> frame; 19 | cv::imshow("fromcamera", frame); 20 | if (cv::waitKey(10) != 0xff) { 21 | cout << "--------Start Output from OCR (video)----------" << endl; 22 | ocr2->run(frame, output2); 23 | cout << output2 << endl; 24 | cout << "--------End Output from OCR (video)----------" << endl; 25 | break; 26 | } 27 | 28 | } 29 | 30 | if (!cap.isOpened()) { 31 | cout << "can't open video." << endl; 32 | } 33 | } 34 | 35 | void fiddleWithImages() { 36 | cv::Mat mt = cv::imread("capture.jpg"); 37 | cv::imshow("boo", mt); 38 | cv::waitKey(0); 39 | 40 | cv::Mat gs; 41 | cv::cvtColor(mt, gs, CV_BGR2GRAY); 42 | cv:imshow("moo", gs); 43 | cv::waitKey(0); 44 | 45 | 46 | cout << "--------Start Output from OCR (images)----------" << endl; 47 | cv::Ptr ocr = cv::text::OCRTesseract::create(); 48 | string output; 49 | vector boxes; 50 | vector words; 51 | vector confidences; 52 | ocr->run(gs, output); 53 | cout << output << endl; 54 | cout << "--------End Output from OCR (images)----------" << endl; 55 | } 56 | 57 | int main() { 58 | fiddleWithImages(); 59 | fiddleWithCamera(); 60 | } -------------------------------------------------------------------------------- /node-red-better-upgrade-method.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Upgrade nodejs and npm to latest 3 | hosts: raspberrypis 4 | tasks: 5 | #- name: Install node-red 6 | # become: yes 7 | # apt: 8 | # name: "{{item}}" 9 | # with_items: 10 | # - nodered 11 | # - npm 12 | 13 | #- name: Remove lists for stretch 14 | # shell: "rm -rf /var/lib/apt/lists/*" 15 | # become: yes 16 | 17 | - name: Download update-nodejs-and-nodered 18 | get_url: 19 | url: https://raw.githubusercontent.com/node-red/raspbian-deb-package/master/resources/update-nodejs-and-nodered 20 | dest: /tmp/update-nodejs-and-nodered 21 | mode: 0777 22 | 23 | - name: Upgrade nodejs and nodered 24 | shell: "yes|/tmp/update-nodejs-and-nodered" 25 | 26 | 27 | 28 | #- name: Install node-red modules 29 | # shell: npm install {{ item }} 30 | # args: 31 | # chdir: /home/pi/.node-red 32 | # tags: 33 | # - noderedmodules 34 | # with_items: "{{ NODERED_MODULES }}" 35 | 36 | - name: Upgrade nodejs 37 | shell: "curl -sL https://deb.nodesource.com/setup_6.x | bash -" 38 | become: true 39 | 40 | - name: Remove old nodered 41 | shell: "apt-get purge -y --remove nodejs" 42 | become: true 43 | 44 | - name: apt clean 45 | shell: "apt-get clean" 46 | become: true 47 | 48 | - name: apt update 49 | shell: "apt-get update" 50 | become: true 51 | 52 | - name: Install nodejs 53 | shell: "apt-get install -y nodejs" 54 | become: true 55 | 56 | - name: Install node-red modules 57 | npm: 58 | name: "{{ item }}" 59 | path: /home/pi/.node-red 60 | with_items: "{{ NODERED_MODULES }}" 61 | 62 | - name: start and enable nodered service 63 | systemd: 64 | name: nodered 65 | enabled: yes 66 | state: started 67 | become: true -------------------------------------------------------------------------------- /docker.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Docker containers 3 | hosts: raspberrypis 4 | become: true 5 | tasks: 6 | - name: Grab docker containers from groups vars 7 | set_fact: dockercontainers="{{ hostvars[\"raspberrypi\"][\"DOCKER\"] }}" 8 | tags: 9 | - dockercomposeconfig 10 | 11 | - name: Copy docker-compose.yml to pi 12 | template: 13 | src: docker-compose-complete-jinja.yml 14 | dest: /storage/docker/docker-compose.yml 15 | owner: nobody 16 | group: nogroup 17 | mode: 0777 18 | force: yes 19 | vars: 20 | dockerKitchenSink: false 21 | docker: "{{ dockercontainers }}" 22 | tags: 23 | - dockercomposeconfig 24 | 25 | - name: Copy kitchen sink docker-compose.yml to pi 26 | template: 27 | src: docker-compose-complete-jinja.yml 28 | dest: /storage/docker/docker-compose-kitchensink.yml 29 | owner: nobody 30 | group: nogroup 31 | mode: 0777 32 | force: yes 33 | vars: 34 | dockerKitchenSink: true 35 | 36 | tags: 37 | - dockercomposeconfig 38 | 39 | - name: Check docker status 40 | shell: /usr/bin/env docker version 41 | 42 | - name: Install docker-compose 43 | apt: 44 | name: docker-compose 45 | 46 | - name: Start docker containers (could take 30min) 47 | shell: bash /storage/docker/docker/dockercomposescript.sh 48 | args: 49 | chdir: /storage/docker 50 | retries: 3 51 | delay: 3 52 | register: result 53 | until: result.rc == 0 54 | tags: 55 | - startcontainers 56 | 57 | - name: Copy docker systemd files 58 | copy: 59 | remote_src: yes 60 | src: /storage/docker/docker/dockerhack.service 61 | dest: /etc/systemd/system 62 | tags: 63 | - dockerservices 64 | 65 | - name: Enable docker-hack systemd service 66 | systemd: 67 | name: dockerhack 68 | enabled: yes 69 | state: started 70 | tags: 71 | - hack 72 | - dockerservices 73 | 74 | 75 | -------------------------------------------------------------------------------- /files/homeassistant/configuration.yaml: -------------------------------------------------------------------------------- 1 | homeassistant: 2 | # Name of the location where Home Assistant is running 3 | name: Home 4 | # Location required to calculate the time the sun rises and sets 5 | latitude: -33.494 6 | longitude: 143.2104 7 | # Impacts weather/sunrise data (altitude above sea level in meters) 8 | elevation: 67 9 | # metric for Metric, imperial for Imperial 10 | unit_system: metric 11 | # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones 12 | time_zone: UTC 13 | # Customization file 14 | customize: !include customize.yaml 15 | 16 | # Show links to resources in log and frontend 17 | introduction: 18 | 19 | # Enables the frontend 20 | frontend: 21 | 22 | # Enables configuration UI 23 | config: 24 | 25 | http: 26 | # Secrets are defined in the file secrets.yaml 27 | # api_password: !secret http_password 28 | # Uncomment this if you are using SSL/TLS, running in Docker container, etc. 29 | # base_url: example.duckdns.org:8123 30 | 31 | # Checks for available updates 32 | # Note: This component will send some information about your system to 33 | # the developers to assist with development of Home Assistant. 34 | # For more information, please see: 35 | # https://home-assistant.io/blog/2016/10/25/explaining-the-updater/ 36 | updater: 37 | # Optional, allows Home Assistant developers to focus on popular components. 38 | # include_used_components: true 39 | 40 | # Discover some devices automatically 41 | discovery: 42 | 43 | # Allows you to issue voice commands from the frontend in enabled browsers 44 | conversation: 45 | 46 | # Enables support for tracking state changes over time 47 | history: 48 | 49 | # View all events in a logbook 50 | logbook: 51 | 52 | # Enables a map showing the location of tracked devices 53 | map: 54 | 55 | # Track the sun 56 | sun: 57 | 58 | # Weather prediction 59 | sensor: 60 | - platform: yr 61 | 62 | # Text to speech 63 | tts: 64 | - platform: google 65 | 66 | # Cloud 67 | cloud: 68 | 69 | group: !include groups.yaml 70 | automation: !include automations.yaml 71 | script: !include scripts.yaml 72 | -------------------------------------------------------------------------------- /files/phpmyadmin/config.inc.php: -------------------------------------------------------------------------------- 1 | /etc/hostname' 8 | 9 | - name: Change password for user pi 10 | shell: 'echo pi:{{PI_USER_PASSWORD}} | chpasswd' 11 | 12 | - name: Disable bluetooth LE 13 | systemd: 14 | name: bluetooth 15 | enabled: no 16 | state: stopped 17 | 18 | when: not RASPBIAN_ENABLE_BLUETOOTH 19 | tags: 20 | - bluetooth 21 | 22 | - name: Enable bluetooth LE 23 | systemd: 24 | name: bluetooth 25 | enabled: yes 26 | state: started 27 | when: RASPBIAN_ENABLE_BLUETOOTH 28 | tags: 29 | -bluetooth 30 | 31 | - name: Setup wifi 32 | copy: 33 | src: wpa_supplicant.conf 34 | dest: /etc/wpa_supplicant/wpa_supplicant.conf 35 | when: RASPBIAN_OVERRIDE_WIFI_SETTINGS 36 | 37 | - name: Set raspiconfig variable 38 | set_fact: 39 | raspiconfig: "{{ RASPICONFIG }}" 40 | 41 | - name: Enable serial 42 | shell: "raspi-config nonint do_serial 0" 43 | when: raspiconfig.SERIAL 44 | 45 | - name: Enable I2C 46 | shell: "raspi-config nonint do_i2c 0" 47 | when: raspiconfig.I2C 48 | 49 | - name: Enable SPI 50 | shell: "raspi-config nonint do_spi 0" 51 | when: raspiconfig.SPI 52 | 53 | - name: Enable Camera 54 | shell: "raspi-config nonint do_camera 0" 55 | when: raspiconfig.CAMERA 56 | 57 | - name: Enable VNC 58 | shell: "raspi-config nonint do_vnc 0" 59 | when: raspiconfig.VNC 60 | 61 | - name: Enable OneWire 62 | shell: "raspi-config nonint do_onewire 0" 63 | when: raspiconfig.ONEWIRE 64 | 65 | - name: Enable Remote GPIO 66 | shell: "raspi-config nonint do_rgpio 0" 67 | when: raspiconfig.RGPIO 68 | 69 | - name: Disable serial 70 | shell: "raspi-config nonint do_serial 1" 71 | when: raspiconfig.SERIAL 72 | 73 | - name: Disable I2C 74 | shell: "raspi-config nonint do_i2c 1" 75 | when: not raspiconfig.I2C 76 | 77 | - name: Disable SPI 78 | shell: "raspi-config nonint do_spi 1" 79 | when: not raspiconfig.SPI 80 | 81 | - name: Disable Camera 82 | shell: "raspi-config nonint do_camera 1" 83 | when: not raspiconfig.CAMERA 84 | 85 | - name: Disable VNC 86 | shell: "raspi-config nonint do_vnc 1" 87 | when: not raspiconfig.VNC 88 | 89 | - name: Disable OneWire 90 | shell: "raspi-config nonint do_onewire 1" 91 | when: not raspiconfig.ONEWIRE 92 | 93 | - name: Disable Remote GPIO 94 | shell: "raspi-config nonint do_rgpio 1" 95 | when: not raspiconfig.RGPIO 96 | 97 | 98 | 99 | 100 | 101 | 102 | -------------------------------------------------------------------------------- /developer/opencv.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install OpenCV 3.2.0 3 | hosts: raspberrypis 4 | tasks: 5 | - name: Update apt repos 6 | apt: 7 | update_cache: yes 8 | become: true 9 | 10 | - name: install prereqs 11 | apt: 12 | name: "{{ item }}" 13 | become: true 14 | with_items: 15 | - build-essential 16 | - cmake 17 | - cmake-curses-gui 18 | - pkg-config 19 | - libjpeg-dev 20 | - libtiff5-dev 21 | - libjasper-dev 22 | - libpng12-dev 23 | - libavformat-dev 24 | - libswscale-dev 25 | - libeigen3-dev 26 | - libxvidcore-dev 27 | - libx264-dev 28 | - libgtk2.0-dev 29 | - libv4l-dev 30 | - v4l-utils 31 | - libatlas-base-dev 32 | - gfortran 33 | - python2.7-dev 34 | - python2.7-numpy 35 | - python3-dev 36 | - python3-numpy 37 | - tesseract-ocr 38 | - libtesseract-dev 39 | - libleptonica-dev 40 | 41 | - name: Enable v4l module 42 | modprobe: 43 | name: bcm2835-v4l2 44 | become: true 45 | 46 | - name: create directory for opencv 47 | file: 48 | path: /home/pi/opencv 49 | state: directory 50 | 51 | - name: Download opencv 52 | unarchive: 53 | src: https://github.com/opencv/opencv/archive/3.2.0.zip 54 | dest: /home/pi/opencv 55 | remote_src: True 56 | 57 | - name: Download opencv-contrib 58 | unarchive: 59 | src: https://github.com/opencv/opencv_contrib/archive/3.2.0.zip 60 | dest: /home/pi/opencv 61 | remote_src: True 62 | 63 | - name: create directory for building opencv 64 | file: 65 | path: /home/pi/opencv/opencv-3.2.0/build 66 | state: directory 67 | 68 | - name: cmake 69 | shell: | 70 | cd /home/pi/opencv/opencv-3.2.0/build 71 | cmake -D CMAKE_BUILD_TYPE=RELEASE \ 72 | -D CMAKE_INSTALL_PREFIX=/usr/local \ 73 | -D BUILD_WITH_DEBUG_INFO=OFF \ 74 | -D BUILD_DOCS=OFF \ 75 | -D BUILD_EXAMPLES=OFF \ 76 | -D BUILD_TESTS=OFF \ 77 | -D BUILD_opencv_ts=OFF \ 78 | -D BUILD_PERF_TESTS=OFF \ 79 | -D INSTALL_C_EXAMPLES=ON \ 80 | -D INSTALL_PYTHON_EXAMPLES=ON \ 81 | -D OPENCV_EXTRA_MODULES_PATH=../../opencv_contrib-3.2.0/modules \ 82 | -D ENABLE_NEON=ON \ 83 | -D WITH_LIBV4L=ON \ 84 | ../ 85 | 86 | - name: Install OpenCV 87 | shell: | 88 | make -j2 89 | make install 90 | ldconfig 91 | args: 92 | chdir: /home/pi/opencv/opencv-3.2.0/build 93 | become: true 94 | tags: 95 | - cmake 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | -------------------------------------------------------------------------------- /docker-compose-original.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | web: 4 | image: httpd 5 | container_name: apache 6 | ports: 7 | - 80:80 8 | volumes: 9 | - /storage/docker/webserver/html:/usr/local/apache2/htdocs/ 10 | 11 | portainer: 12 | image: portainer/portainer:linux-arm 13 | container_name: portainer 14 | command: --no-auth 15 | ports: 16 | - 9000:9000 17 | volumes: 18 | - /var/run/docker.sock:/var/run/docker.sock 19 | 20 | samba: 21 | container_name: samba 22 | image: dastrasmue/rpi-samba:v3 23 | network_mode: "host" 24 | ports: 25 | - 137:137/udp 26 | - 138:138/udp 27 | - 139:139 28 | - 445:445 29 | volumes: 30 | - /storage:/share 31 | command: ["-s", "public:/share/public:rw:", "-s", "docker:/share/docker:rw:"] 32 | 33 | homeassistant: 34 | container_name: homeassistant 35 | image: homeassistant/raspberrypi3-homeassistant 36 | network_mode: "host" 37 | ports: 38 | - 8123:8123 39 | volumes: 40 | - /storage/docker/homeassistant:/config 41 | 42 | appdaemon: 43 | container_name: appdaemon 44 | image: torkildr/rpi-appdaemon:2.1.11 45 | network_mode: "host" 46 | environment: 47 | - HA_URL:"http://localhost:8123" 48 | - DASH_URL:"http://localhost:5050" 49 | ports: 50 | - 5050:5050 51 | depends_on: 52 | - homeassistant 53 | volumes: 54 | - /storage/docker/homeassistant-appdaemon:/conf 55 | 56 | tensorflow: 57 | container_name: tensorflow 58 | image: mohankumargupta/rpi-tensorflow 59 | command: bash /run_jupyter.sh 60 | ports: 61 | - 8888:8888 62 | - 6006:6006 63 | volumes: 64 | - /storage/docker/jupyter:/root/.jupyter 65 | - /storage/docker/jupyter/tensorboards:/tensorboards 66 | - /storage/docker/jupyter/run_jupyter.sh:/run_jupyter.sh 67 | - /storage/docker/jupyter/notebooks:/notebooks 68 | 69 | openhab: 70 | container_name: openhab 71 | image: openhab/openhab:2.3.0-snapshot-armhf-debian 72 | tty: true 73 | ports: 74 | - 8080:8080 75 | - 8443:8443 76 | volumes: 77 | - "/etc/localtime:/etc/localtime:ro" 78 | - "/etc/timezone:/etc/timezone:ro" 79 | - "/storage/docker/openhab/openhab_addons:/openhab/addons" 80 | - "/storage/docker/openhab/openhab_conf:/openhab/conf" 81 | - "/storage/docker/openhab/openhab_userdata:/openhab/userdata" 82 | 83 | mqtt: 84 | container_name: mqtt 85 | image: mohankumargupta/mqtt 86 | ports: 87 | - 1883:1883 88 | volumes: 89 | - "/storage/docker/mqtt/:/mosquitto/config/" 90 | 91 | influxdb: 92 | container_name: influxdb 93 | image: influxdb 94 | ports: 95 | - 8086:8086 96 | volumes: 97 | - "/storage/docker/influxdb:/var/lib/influxdb" 98 | 99 | mongodb: 100 | container_name: mongodb 101 | image: joseba/rpi-mongodb 102 | ports: 103 | - 27017:27017 104 | - 28017:28017 105 | volumes: 106 | - "/storage/docker/mongodb/db:/data/db" 107 | - "/storage/docker/mongodb/configdb:/data/configdb" 108 | 109 | 110 | 111 | 112 | 113 | -------------------------------------------------------------------------------- /wordpress.yml: -------------------------------------------------------------------------------- 1 | - name: Install wordpress 2 | hosts: raspberrypis 3 | become: true 4 | vars: 5 | wordpress_tmp_install_dir: '/root/tmp' 6 | wordpress_install_dir: '/var/www/html/wordpress' 7 | wordpress_admin_password: 'password' 8 | wordpress_db_name: 'wordpress' 9 | wordpress_db_user: 'root' 10 | wordpress_db_password: 'root' 11 | tasks: 12 | - name: Create a directory called /root/tmp 13 | file: 14 | path: /root/tmp 15 | state: directory 16 | 17 | - name: Download and Extract wordpress tarball 18 | unarchive: 19 | src: https://wordpress.org/latest.tar.gz 20 | dest: "{{wordpress_tmp_install_dir}}" 21 | remote_src: true 22 | 23 | - name: Copy wp-config-sample.php to wp-config.php 24 | copy: 25 | src: "{{wordpress_tmp_install_dir}}/wordpress/wp-config-sample.php" 26 | dest: "{{wordpress_tmp_install_dir}}/wordpress/wp-config.php" 27 | remote_src: true 28 | force: yes 29 | 30 | - name: Replace db username in wp-config.php 31 | lineinfile: 32 | path: "{{wordpress_tmp_install_dir}}/wordpress/wp-config.php" 33 | regexp: "(.*)username_here(.*)" 34 | line: '\1{{wordpress_db_user}}\2' 35 | backrefs: yes 36 | 37 | - name: Replace db password in wp-config.php 38 | lineinfile: 39 | path: "{{wordpress_tmp_install_dir}}/wordpress/wp-config.php" 40 | regexp: "(.*)password_here(.*)" 41 | line: '\1{{wordpress_db_password}}\2' 42 | backrefs: yes 43 | 44 | - name: Replace db name in wp-config.php 45 | lineinfile: 46 | path: "{{wordpress_tmp_install_dir}}/wordpress/wp-config.php" 47 | regexp: "(.*)database_name_here(.*)" 48 | line: '\1{{wordpress_db_name}}\2' 49 | backrefs: yes 50 | 51 | - name: delete lines in wp-config.php 52 | replace: 53 | path: "{{wordpress_tmp_install_dir}}/wordpress/wp-config.php" 54 | regexp: "(.*)put your unique phrase here(.*)" 55 | 56 | - name: Download salt file 57 | get_url: 58 | url: https://api.wordpress.org/secret-key/1.1/salt 59 | dest: "{{wordpress_tmp_install_dir}}/salt.txt" 60 | 61 | - name: Get contents of salt file 62 | slurp: 63 | src: "{{wordpress_tmp_install_dir}}/salt.txt" 64 | register: salts_content 65 | 66 | - name: Append salt file content to wp-config.php 67 | blockinfile: 68 | path: "{{wordpress_tmp_install_dir}}/wordpress/wp-config.php" 69 | block: "{{ salts_content['content'] | b64decode }}" 70 | insertafter: "EOF" 71 | 72 | - name: Copy wordpress tmp install dir to final directory 73 | shell: "rsync -av {{wordpress_tmp_install_dir}}/wordpress/ {{wordpress_install_dir}}" 74 | 75 | - name: Delete previous instances of wordpress mysql database 76 | mysql_db: 77 | name: wordpress 78 | state: absent 79 | 80 | - name: Create mysql database called wordpress 81 | mysql_db: 82 | name: wordpress 83 | 84 | - name: Download wp-cli 85 | get_url: 86 | url: https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar 87 | dest: "{{wordpress_tmp_install_dir}}" 88 | 89 | - name: Install wordpress using wp-cli 90 | shell: "php {{wordpress_tmp_install_dir}}/wp-cli.phar core install --allow-root --url='http://localhost/wordpress' --path={{wordpress_install_dir}} --title='My wordpress website' --admin_user='admin' --admin_password={{wordpress_admin_password}} --admin_email='a@b.com'" 91 | 92 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # Start with a vanilla Raspbian image, end up with a turbocharged custom Raspbian image 2 | 3 | ## How it works 4 | * Boot Raspberry Pi with a fresh install of Raspbian (remember to put an empty file called ssh in the root 5 | of SD card to enable SSH, and optionally a wpa_supplicant.conf to automatically connect to wifi if running headless, see wpa_supplicant-sample.conf for an example) 6 | * Need to setup a computer running Ubuntu/Linux Mint. It runs an Ansible script which 7 | will create your custom Raspbian image. Need to edit 2 user config files. 8 | 9 | 10 | ## User configuration files 11 | **hosts**: Change IP address of Pi and optionally hostname 12 | 13 | **group_vars/raspberrypis.yml**: Lots of stuff like software to install, nodered modules to install, enable camera etc. 14 | 15 | ## Features 16 | 17 | - Change hostname and password for user called pi 18 | - Configure keyboard layout 19 | - Install an on-screen keyboard 20 | - Configures raspi-config, including VNC,camera 21 | - Install software of your choice including Arduino IDE, audacity, vlc through apt-get 22 | - Updates NodeJS and NodeRed 23 | - Installs NodeRED modules 24 | - Installs ngrok to allow webserver access over the internet 25 | - Installs docker and starts docker containers (see docker-compose.yml) 26 | - Install and configure SAMBA 27 | 28 | 29 | # Detailed Instructions 30 | 31 | ## On the Raspberry Pi (target device) 32 | 1. Download latest raspbian from https://www.raspberrypi.org 33 | 2. Burn onto SD card using Win32Imager or Etcher 34 | 3. Add an empty text file called ssh onto the root of SD card 35 | 4. Boot 36 | 37 | ## On a computer running Ubuntu (host computer) 38 | 39 | 5. Install Ansible 40 | ```sh 41 | sudo add-apt-repository ppa:ansible/ansible 42 | sudo apt-get update 43 | sudo apt-get -y install ansible git 44 | ``` 45 | 46 | 6. Download this repo onto the computer 47 | ```sh 48 | git clone https://github.com/mohankumargupta/raspberrypi-ansible.git 49 | cd raspberrypi-ansible 50 | ``` 51 | 52 | 7. Change the IP address of Raspberry Pi in the hosts file in the raspberrypi-ansible directory 53 | (use Advanced IP Scanner or nmap if running pi headless) 54 | 8. Setup ssh keyless login with Raspberry Pi target (replace PI_IP_ADDRESS with IP Address of Pi) 55 | ```sh 56 | ssh-keygen 57 | ssh-copy-id pi@PI_IP_ADDRESS 58 | ``` 59 | 9. Run the following 60 | ```sh 61 | bash run.sh 62 | ``` 63 | 64 | Be patient, it can take up to 1hr to complete. 65 | 66 | Note that Ansible playbooks are idempotent, meaning that the state of system is the same the first time you run it or subsequent times (take with a grain of salt). 67 | 68 | ## Troubleshooting/Tips 69 | - If the above script (bash run.sh) hangs or is interrupted for whatever reason, just re-run it again. It will skip over the bits it's already done, and push ahead. 70 | - You only need to do the ssh-keygen command one-time on the Control Ubuntu PC for a particular user on that system. 71 | - If you get a MAN IN THE MIDDLE error when doing the 72 | ssh-copy-id command, it means you have done the SSH keyless exchange with a previous raspbian install, just type the command recommended in the error message. 73 | 74 | # Services available external to Pi on the same LAN 75 | 76 | Once the above commands have been run, on the pi 77 | you can go to http://localhost or on another machine on the same network, go to http://PI_IP_ADDRESS to get a 78 | list of web-based services available on the Pi. 79 | 80 | # Windows 10 Bash on Ubuntu on Windows 81 | If using Window 10, run this command 82 | in cmd.exe to login as root. 83 | 84 | ``` 85 | lxrun /setdefaultuser root 86 | ``` 87 | 88 | -------------------------------------------------------------------------------- /templates/docker-compose-complete-jinja.yml: -------------------------------------------------------------------------------- 1 | version: '2' 2 | services: 3 | {% if dockerKitchenSink or docker.WEB == True %} 4 | web: 5 | image: httpd 6 | container_name: apache 7 | ports: 8 | - 80:80 9 | volumes: 10 | - /storage/docker/webserver/html:/usr/local/apache2/htdocs/ 11 | 12 | {% endif %} 13 | {% if dockerKitchenSink or docker.PORTAINER == True %} 14 | portainer: 15 | image: portainer/portainer:linux-arm 16 | container_name: portainer 17 | command: --no-auth 18 | ports: 19 | - 9000:9000 20 | volumes: 21 | - /var/run/docker.sock:/var/run/docker.sock 22 | 23 | {% endif %} 24 | {% if dockerKitchenSink or docker.SAMBA == True %} 25 | samba: 26 | container_name: samba 27 | image: dastrasmue/rpi-samba:v3 28 | network_mode: "host" 29 | ports: 30 | - 137:137/udp 31 | - 138:138/udp 32 | - 139:139 33 | - 445:445 34 | volumes: 35 | - /storage:/share 36 | command: ["-s", "public:/share/public:rw:", "-s", "docker:/share/docker:rw:"] 37 | 38 | {% endif %} 39 | {% if dockerKitchenSink or docker.HOMEASSISTANT == True %} 40 | homeassistant: 41 | container_name: homeassistant 42 | image: homeassistant/raspberrypi3-homeassistant:0.66.0.b2 43 | network_mode: "host" 44 | ports: 45 | - 8123:8123 46 | volumes: 47 | - /storage/docker/homeassistant:/config 48 | 49 | {% endif %} 50 | {% if dockerKitchenSink or docker.HOMEASSISTANT_APPDAEMON == True %} 51 | appdaemon: 52 | container_name: appdaemon 53 | image: torkildr/rpi-appdaemon:2.1.11 54 | network_mode: "host" 55 | environment: 56 | - HA_URL:"http://localhost:8123" 57 | - DASH_URL:"http://localhost:5050" 58 | ports: 59 | - 5050:5050 60 | depends_on: 61 | - homeassistant 62 | volumes: 63 | - /storage/docker/homeassistant-appdaemon:/conf 64 | 65 | {% endif %} 66 | {% if dockerKitchenSink or docker.JUPYTER == True %} 67 | jupyter: 68 | container_name: jupyter 69 | image: elswork/rpi-tensorflow 70 | command: bash /run_jupyter.sh 71 | ports: 72 | - 8888:8888 73 | - 6006:6006 74 | volumes: 75 | - /storage/docker/jupyter:/root/.jupyter 76 | - /storage/docker/jupyter/tensorboards:/tensorboards 77 | - /storage/docker/jupyter/run_jupyter.sh:/run_jupyter.sh 78 | - /storage/docker/jupyter/notebooks:/notebooks 79 | 80 | {% endif %} 81 | {% if dockerKitchenSink or docker.OPENHAB == True %} 82 | openhab: 83 | container_name: openhab 84 | image: openhab/openhab:2.3.0-snapshot-armhf-debian 85 | tty: true 86 | ports: 87 | - 8080:8080 88 | - 8443:8443 89 | volumes: 90 | - "/etc/localtime:/etc/localtime:ro" 91 | - "/etc/timezone:/etc/timezone:ro" 92 | - "/storage/docker/openhab/openhab_addons:/openhab/addons" 93 | - "/storage/docker/openhab/openhab_conf:/openhab/conf" 94 | - "/storage/docker/openhab/openhab_userdata:/openhab/userdata" 95 | 96 | {% endif %} 97 | {% if dockerKitchenSink or docker.MQTT == True %} 98 | mqtt: 99 | container_name: mqtt 100 | image: mohankumargupta/mqtt 101 | ports: 102 | - 1883:1883 103 | volumes: 104 | - "/storage/docker/mqtt/:/mosquitto/config/" 105 | 106 | {% endif %} 107 | {% if dockerKitchenSink or docker.INFLUXDB == True %} 108 | influxdb: 109 | container_name: influxdb 110 | image: influxdb 111 | ports: 112 | - 8086:8086 113 | volumes: 114 | - "/storage/docker/influxdb:/var/lib/influxdb" 115 | {% endif %} 116 | {% if dockerKitchenSink or docker.MONGODB == True %} 117 | mongodb: 118 | container_name: mongodb 119 | command: ["mongod","--rest", "--journal"] 120 | image: joseba/rpi-mongodb 121 | ports: 122 | - 27017:27017 123 | - 28017:28017 124 | volumes: 125 | - "/storage/docker/mongodb/db:/data/db" 126 | - "/storage/docker/mongodb/configdb:/data/configdb" 127 | 128 | {% endif %} 129 | {% if dockerKitchenSink or docker.REDIS == True %} 130 | redis: 131 | container_name: redis 132 | image: redis 133 | ports: 134 | - 6379:6379 135 | volumes: 136 | - "/storage/docker/redis/data:/data" 137 | 138 | {% endif %} 139 | {% if dockerKitchenSink or docker.NODERED == True %} 140 | nodered: 141 | container_name: nodered 142 | image: nodered/node-red-docker:rpi-v8 143 | ports: 144 | - 1881:1880 145 | volumes: 146 | - "/storage/docker/nodered:/data" 147 | 148 | {% endif %} 149 | {% if dockerKitchenSink or docker.GRAFANA == True %} 150 | grafana: 151 | container_name: grafana 152 | image: fg2it/grafana-armhf:v5.0.0 153 | ports: 154 | - 3000:3000 155 | volumes: 156 | - "/storage/docker/grafana/data:/var/lib/grafana" 157 | - "/storage/docker/grafana/config:/etc/grafana" 158 | 159 | {% endif %} 160 | 161 | -------------------------------------------------------------------------------- /files/webserver/html/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Raspberry Pi Index Page 5 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 |

Services available on Pi

20 | 21 |
22 | 23 |
24 | 25 | 39 | 40 | 169 | 170 | 171 | 172 | -------------------------------------------------------------------------------- /files/nodered/settings.js: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright JS Foundation and other contributors, http://js.foundation 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | **/ 16 | 17 | // The `https` setting requires the `fs` module. Uncomment the following 18 | // to make it available: 19 | //var fs = require("fs"); 20 | 21 | module.exports = { 22 | // the tcp port that the Node-RED web server is listening on 23 | uiPort: process.env.PORT || 1880, 24 | 25 | // By default, the Node-RED UI accepts connections on all IPv4 interfaces. 26 | // The following property can be used to listen on a specific interface. For 27 | // example, the following would only allow connections from the local machine. 28 | //uiHost: "127.0.0.1", 29 | 30 | // Retry time in milliseconds for MQTT connections 31 | mqttReconnectTime: 15000, 32 | 33 | // Retry time in milliseconds for Serial port connections 34 | serialReconnectTime: 15000, 35 | 36 | // Retry time in milliseconds for TCP socket connections 37 | //socketReconnectTime: 10000, 38 | 39 | // Timeout in milliseconds for TCP server socket connections 40 | // defaults to no timeout 41 | //socketTimeout: 120000, 42 | 43 | // Timeout in milliseconds for HTTP request connections 44 | // defaults to 120 seconds 45 | //httpRequestTimeout: 120000, 46 | 47 | // The maximum length, in characters, of any message sent to the debug sidebar tab 48 | debugMaxLength: 1000, 49 | 50 | // To disable the option for using local files for storing keys and certificates in the TLS configuration 51 | // node, set this to true 52 | //tlsConfigDisableLocalFiles: true, 53 | 54 | // Colourise the console output of the debug node 55 | //debugUseColors: true, 56 | 57 | // The file containing the flows. If not set, it defaults to flows_.json 58 | //flowFile: 'flows.json', 59 | 60 | // To enabled pretty-printing of the flow within the flow file, set the following 61 | // property to true: 62 | //flowFilePretty: true, 63 | 64 | // By default, credentials are encrypted in storage using a generated key. To 65 | // specify your own secret, set the following property. 66 | // If you want to disable encryption of credentials, set this property to false. 67 | // Note: once you set this property, do not change it - doing so will prevent 68 | // node-red from being able to decrypt your existing credentials and they will be 69 | // lost. 70 | //credentialSecret: "a-secret-key", 71 | 72 | // By default, all user data is stored in the Node-RED install directory. To 73 | // use a different location, the following property can be used 74 | //userDir: '/home/nol/.node-red/', 75 | 76 | // Node-RED scans the `nodes` directory in the install directory to find nodes. 77 | // The following property can be used to specify an additional directory to scan. 78 | //nodesDir: '/home/nol/.node-red/nodes', 79 | 80 | // By default, the Node-RED UI is available at http://localhost:1880/ 81 | // The following property can be used to specifiy a different root path. 82 | // If set to false, this is disabled. 83 | //httpAdminRoot: '/admin', 84 | 85 | // Some nodes, such as HTTP In, can be used to listen for incoming http requests. 86 | // By default, these are served relative to '/'. The following property 87 | // can be used to specifiy a different root path. If set to false, this is 88 | // disabled. 89 | //httpNodeRoot: '/red-nodes', 90 | 91 | // The following property can be used in place of 'httpAdminRoot' and 'httpNodeRoot', 92 | // to apply the same root to both parts. 93 | //httpRoot: '/red', 94 | 95 | // When httpAdminRoot is used to move the UI to a different root path, the 96 | // following property can be used to identify a directory of static content 97 | // that should be served at http://localhost:1880/. 98 | //httpStatic: '/home/nol/node-red-static/', 99 | 100 | // The maximum size of HTTP request that will be accepted by the runtime api. 101 | // Default: 5mb 102 | //apiMaxLength: '5mb', 103 | 104 | // If you installed the optional node-red-dashboard you can set it's path 105 | // relative to httpRoot 106 | //ui: { path: "ui" }, 107 | 108 | // Securing Node-RED 109 | // ----------------- 110 | // To password protect the Node-RED editor and admin API, the following 111 | // property can be used. See http://nodered.org/docs/security.html for details. 112 | //adminAuth: { 113 | // type: "credentials", 114 | // users: [{ 115 | // username: "admin", 116 | // password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.", 117 | // permissions: "*" 118 | // }] 119 | //}, 120 | 121 | // To password protect the node-defined HTTP endpoints (httpNodeRoot), or 122 | // the static content (httpStatic), the following properties can be used. 123 | // The pass field is a bcrypt hash of the password. 124 | // See http://nodered.org/docs/security.html#generating-the-password-hash 125 | //httpNodeAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, 126 | //httpStaticAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."}, 127 | 128 | // The following property can be used to enable HTTPS 129 | // See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener 130 | // for details on its contents. 131 | // See the comment at the top of this file on how to load the `fs` module used by 132 | // this setting. 133 | // 134 | //https: { 135 | // key: fs.readFileSync('privatekey.pem'), 136 | // cert: fs.readFileSync('certificate.pem') 137 | //}, 138 | 139 | // The following property can be used to cause insecure HTTP connections to 140 | // be redirected to HTTPS. 141 | //requireHttps: true 142 | 143 | // The following property can be used to disable the editor. The admin API 144 | // is not affected by this option. To disable both the editor and the admin 145 | // API, use either the httpRoot or httpAdminRoot properties 146 | //disableEditor: false, 147 | 148 | // The following property can be used to configure cross-origin resource sharing 149 | // in the HTTP nodes. 150 | // See https://github.com/troygoode/node-cors#configuration-options for 151 | // details on its contents. The following is a basic permissive set of options: 152 | //httpNodeCors: { 153 | // origin: "*", 154 | // methods: "GET,PUT,POST,DELETE" 155 | //}, 156 | 157 | // If you need to set an http proxy please set an environment variable 158 | // called http_proxy (or HTTP_PROXY) outside of Node-RED in the operating system. 159 | // For example - http_proxy=http://myproxy.com:8080 160 | // (Setting it here will have no effect) 161 | // You may also specify no_proxy (or NO_PROXY) to supply a comma separated 162 | // list of domains to not proxy, eg - no_proxy=.acme.co,.acme.co.uk 163 | 164 | // The following property can be used to add a custom middleware function 165 | // in front of all http in nodes. This allows custom authentication to be 166 | // applied to all http in nodes, or any other sort of common request processing. 167 | //httpNodeMiddleware: function(req,res,next) { 168 | // // Handle/reject the request, or pass it on to the http in node by calling next(); 169 | // // Optionally skip our rawBodyParser by setting this to true; 170 | // //req.skipRawBodyParser = true; 171 | // next(); 172 | //}, 173 | 174 | // The following property can be used to verify websocket connection attempts. 175 | // This allows, for example, the HTTP request headers to be checked to ensure 176 | // they include valid authentication information. 177 | //webSocketNodeVerifyClient: function(info) { 178 | // // 'info' has three properties: 179 | // // - origin : the value in the Origin header 180 | // // - req : the HTTP request 181 | // // - secure : true if req.connection.authorized or req.connection.encrypted is set 182 | // // 183 | // // The function should return true if the connection should be accepted, false otherwise. 184 | // // 185 | // // Alternatively, if this function is defined to accept a second argument, callback, 186 | // // it can be used to verify the client asynchronously. 187 | // // The callback takes three arguments: 188 | // // - result : boolean, whether to accept the connection or not 189 | // // - code : if result is false, the HTTP error status to return 190 | // // - reason: if result is false, the HTTP reason string to return 191 | //}, 192 | 193 | // Anything in this hash is globally available to all functions. 194 | // It is accessed as context.global. 195 | // eg: 196 | // functionGlobalContext: { os:require('os') } 197 | // can be accessed in a function block as: 198 | // context.global.os 199 | 200 | functionGlobalContext: { 201 | // os:require('os'), 202 | // octalbonescript:require('octalbonescript'), 203 | // jfive:require("johnny-five"), 204 | // j5board:require("johnny-five").Board({repl:false}) 205 | }, 206 | 207 | // The following property can be used to order the categories in the editor 208 | // palette. If a node's category is not in the list, the category will get 209 | // added to the end of the palette. 210 | // If not set, the following default order is used: 211 | //paletteCategories: ['subflows', 'input', 'output', 'function', 'social', 'mobile', 'storage', 'analysis', 'advanced'], 212 | 213 | // Configure the logging output 214 | logging: { 215 | // Only console logging is currently supported 216 | console: { 217 | // Level of logging to be recorded. Options are: 218 | // fatal - only those errors which make the application unusable should be recorded 219 | // error - record errors which are deemed fatal for a particular request + fatal errors 220 | // warn - record problems which are non fatal + errors + fatal errors 221 | // info - record information about the general running of the application + warn + error + fatal errors 222 | // debug - record information which is more verbose than info + info + warn + error + fatal errors 223 | // trace - record very detailed logging + debug + info + warn + error + fatal errors 224 | // off - turn off all logging (doesn't affect metrics or audit) 225 | level: "info", 226 | // Whether or not to include metric events in the log output 227 | metrics: false, 228 | // Whether or not to include audit events in the log output 229 | audit: false 230 | } 231 | } 232 | } 233 | -------------------------------------------------------------------------------- /files/grafana/config/grafana.ini: -------------------------------------------------------------------------------- 1 | ##################### Grafana Configuration Example ##################### 2 | # 3 | # Everything has defaults so you only need to uncomment things you want to 4 | # change 5 | 6 | # possible values : production, development 7 | ; app_mode = production 8 | 9 | # instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty 10 | ; instance_name = ${HOSTNAME} 11 | 12 | #################################### Paths #################################### 13 | [paths] 14 | # Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used) 15 | # 16 | ;data = /var/lib/grafana 17 | # 18 | # Directory where grafana can store logs 19 | # 20 | ;logs = /var/log/grafana 21 | # 22 | # Directory where grafana will automatically scan and look for plugins 23 | # 24 | ;plugins = /var/lib/grafana/plugins 25 | 26 | # 27 | #################################### Server #################################### 28 | [server] 29 | # Protocol (http or https) 30 | ;protocol = http 31 | 32 | # The ip address to bind to, empty will bind to all interfaces 33 | ;http_addr = 34 | 35 | # The http port to use 36 | ;http_port = 3000 37 | 38 | # The public facing domain name used to access grafana from a browser 39 | ;domain = localhost 40 | 41 | # Redirect to correct domain if host header does not match domain 42 | # Prevents DNS rebinding attacks 43 | ;enforce_domain = false 44 | 45 | # The full public facing url you use in browser, used for redirects and emails 46 | # If you use reverse proxy and sub path specify full url (with sub path) 47 | ;root_url = http://localhost:3000 48 | 49 | # Log web requests 50 | ;router_logging = false 51 | 52 | # the path relative working path 53 | ;static_root_path = public 54 | 55 | # enable gzip 56 | ;enable_gzip = false 57 | 58 | # https certs & key file 59 | ;cert_file = 60 | ;cert_key = 61 | 62 | #################################### Database #################################### 63 | [database] 64 | # You can configure the database connection by specifying type, host, name, user and password 65 | # as seperate properties or as on string using the url propertie. 66 | 67 | # Either "mysql", "postgres" or "sqlite3", it's your choice 68 | ;type = sqlite3 69 | ;host = 127.0.0.1:3306 70 | ;name = grafana 71 | ;user = root 72 | # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" 73 | ;password = 74 | 75 | # Use either URL or the previous fields to configure the database 76 | # Example: mysql://user:secret@host:port/database 77 | ;url = 78 | 79 | # For "postgres" only, either "disable", "require" or "verify-full" 80 | ;ssl_mode = disable 81 | 82 | # For "sqlite3" only, path relative to data_path setting 83 | ;path = grafana.db 84 | 85 | # Max conn setting default is 0 (mean not set) 86 | ;max_conn = 87 | ;max_idle_conn = 88 | ;max_open_conn = 89 | 90 | 91 | #################################### Session #################################### 92 | [session] 93 | # Either "memory", "file", "redis", "mysql", "postgres", default is "file" 94 | ;provider = file 95 | 96 | # Provider config options 97 | # memory: not have any config yet 98 | # file: session dir path, is relative to grafana data_path 99 | # redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana` 100 | # mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name` 101 | # postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable 102 | ;provider_config = sessions 103 | 104 | # Session cookie name 105 | ;cookie_name = grafana_sess 106 | 107 | # If you use session in https only, default is false 108 | ;cookie_secure = false 109 | 110 | # Session life time, default is 86400 111 | ;session_life_time = 86400 112 | 113 | #################################### Data proxy ########################### 114 | [dataproxy] 115 | 116 | # This enables data proxy logging, default is false 117 | ;logging = false 118 | 119 | 120 | #################################### Analytics #################################### 121 | [analytics] 122 | # Server reporting, sends usage counters to stats.grafana.org every 24 hours. 123 | # No ip addresses are being tracked, only simple counters to track 124 | # running instances, dashboard and error counts. It is very helpful to us. 125 | # Change this option to false to disable reporting. 126 | ;reporting_enabled = true 127 | 128 | # Set to false to disable all checks to https://grafana.net 129 | # for new vesions (grafana itself and plugins), check is used 130 | # in some UI views to notify that grafana or plugin update exists 131 | # This option does not cause any auto updates, nor send any information 132 | # only a GET request to http://grafana.net to get latest versions 133 | ;check_for_updates = true 134 | 135 | # Google Analytics universal tracking code, only enabled if you specify an id here 136 | ;google_analytics_ua_id = 137 | 138 | #################################### Security #################################### 139 | [security] 140 | # default admin user, created on startup 141 | ;admin_user = admin 142 | 143 | # default admin password, can be changed before first start of grafana, or in profile settings 144 | ;admin_password = admin 145 | 146 | # used for signing 147 | ;secret_key = SW2YcwTIb9zpOOhoPsMm 148 | 149 | # Auto-login remember days 150 | ;login_remember_days = 7 151 | ;cookie_username = grafana_user 152 | ;cookie_remember_name = grafana_remember 153 | 154 | # disable gravatar profile images 155 | ;disable_gravatar = false 156 | 157 | # data source proxy whitelist (ip_or_domain:port separated by spaces) 158 | ;data_source_proxy_whitelist = 159 | 160 | [snapshots] 161 | # snapshot sharing options 162 | ;external_enabled = true 163 | ;external_snapshot_url = https://snapshots-origin.raintank.io 164 | ;external_snapshot_name = Publish to snapshot.raintank.io 165 | 166 | # remove expired snapshot 167 | ;snapshot_remove_expired = true 168 | 169 | # remove snapshots after 90 days 170 | ;snapshot_TTL_days = 90 171 | 172 | #################################### Users #################################### 173 | [users] 174 | # disable user signup / registration 175 | ;allow_sign_up = true 176 | 177 | # Allow non admin users to create organizations 178 | ;allow_org_create = true 179 | 180 | # Set to true to automatically assign new users to the default organization (id 1) 181 | ;auto_assign_org = true 182 | 183 | # Default role new users will be automatically assigned (if disabled above is set to true) 184 | ;auto_assign_org_role = Viewer 185 | 186 | # Background text for the user field on the login page 187 | ;login_hint = email or username 188 | 189 | # Default UI theme ("dark" or "light") 190 | ;default_theme = dark 191 | 192 | [auth] 193 | # Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false 194 | ;disable_login_form = false 195 | 196 | #################################### Anonymous Auth ########################## 197 | [auth.anonymous] 198 | # enable anonymous access 199 | ;enabled = true 200 | 201 | # specify organization name that should be used for unauthenticated users 202 | ;org_name = Main Org. 203 | 204 | # specify role for unauthenticated users 205 | ;org_role = Viewer 206 | 207 | #################################### Github Auth ########################## 208 | [auth.github] 209 | ;enabled = false 210 | ;allow_sign_up = true 211 | ;client_id = some_id 212 | ;client_secret = some_secret 213 | ;scopes = user:email,read:org 214 | ;auth_url = https://github.com/login/oauth/authorize 215 | ;token_url = https://github.com/login/oauth/access_token 216 | ;api_url = https://api.github.com/user 217 | ;team_ids = 218 | ;allowed_organizations = 219 | 220 | #################################### Google Auth ########################## 221 | [auth.google] 222 | ;enabled = false 223 | ;allow_sign_up = true 224 | ;client_id = some_client_id 225 | ;client_secret = some_client_secret 226 | ;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email 227 | ;auth_url = https://accounts.google.com/o/oauth2/auth 228 | ;token_url = https://accounts.google.com/o/oauth2/token 229 | ;api_url = https://www.googleapis.com/oauth2/v1/userinfo 230 | ;allowed_domains = 231 | 232 | #################################### Generic OAuth ########################## 233 | [auth.generic_oauth] 234 | ;enabled = false 235 | ;name = OAuth 236 | ;allow_sign_up = true 237 | ;client_id = some_id 238 | ;client_secret = some_secret 239 | ;scopes = user:email,read:org 240 | ;auth_url = https://foo.bar/login/oauth/authorize 241 | ;token_url = https://foo.bar/login/oauth/access_token 242 | ;api_url = https://foo.bar/user 243 | ;team_ids = 244 | ;allowed_organizations = 245 | 246 | #################################### Grafana.net Auth #################### 247 | [auth.grafananet] 248 | ;enabled = false 249 | ;allow_sign_up = true 250 | ;client_id = some_id 251 | ;client_secret = some_secret 252 | ;scopes = user:email 253 | ;allowed_organizations = 254 | 255 | #################################### Auth Proxy ########################## 256 | [auth.proxy] 257 | ;enabled = false 258 | ;header_name = X-WEBAUTH-USER 259 | ;header_property = username 260 | ;auto_sign_up = true 261 | ;ldap_sync_ttl = 60 262 | ;whitelist = 192.168.1.1, 192.168.2.1 263 | 264 | #################################### Basic Auth ########################## 265 | [auth.basic] 266 | ;enabled = false 267 | 268 | #################################### Auth LDAP ########################## 269 | [auth.ldap] 270 | ;enabled = false 271 | ;config_file = /etc/grafana/ldap.toml 272 | ;allow_sign_up = true 273 | 274 | #################################### SMTP / Emailing ########################## 275 | [smtp] 276 | ;enabled = false 277 | ;host = localhost:25 278 | ;user = 279 | # If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;""" 280 | ;password = 281 | ;cert_file = 282 | ;key_file = 283 | ;skip_verify = false 284 | ;from_address = admin@grafana.localhost 285 | ;from_name = Grafana 286 | 287 | [emails] 288 | ;welcome_email_on_sign_up = false 289 | 290 | #################################### Logging ########################## 291 | [log] 292 | # Either "console", "file", "syslog". Default is console and file 293 | # Use space to separate multiple modes, e.g. "console file" 294 | ;mode = console file 295 | 296 | # Either "trace", "debug", "info", "warn", "error", "critical", default is "info" 297 | ;level = info 298 | 299 | # optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug 300 | ;filters = 301 | 302 | 303 | # For "console" mode only 304 | [log.console] 305 | ;level = 306 | 307 | # log line format, valid options are text, console and json 308 | ;format = console 309 | 310 | # For "file" mode only 311 | [log.file] 312 | ;level = 313 | 314 | # log line format, valid options are text, console and json 315 | ;format = text 316 | 317 | # This enables automated log rotate(switch of following options), default is true 318 | ;log_rotate = true 319 | 320 | # Max line number of single file, default is 1000000 321 | ;max_lines = 1000000 322 | 323 | # Max size shift of single file, default is 28 means 1 << 28, 256MB 324 | ;max_size_shift = 28 325 | 326 | # Segment log daily, default is true 327 | ;daily_rotate = true 328 | 329 | # Expired days of log file(delete after max days), default is 7 330 | ;max_days = 7 331 | 332 | [log.syslog] 333 | ;level = 334 | 335 | # log line format, valid options are text, console and json 336 | ;format = text 337 | 338 | # Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used. 339 | ;network = 340 | ;address = 341 | 342 | # Syslog facility. user, daemon and local0 through local7 are valid. 343 | ;facility = 344 | 345 | # Syslog tag. By default, the process' argv[0] is used. 346 | ;tag = 347 | 348 | 349 | #################################### AMQP Event Publisher ########################## 350 | [event_publisher] 351 | ;enabled = false 352 | ;rabbitmq_url = amqp://localhost/ 353 | ;exchange = grafana_events 354 | 355 | ;#################################### Dashboard JSON files ########################## 356 | [dashboards.json] 357 | ;enabled = false 358 | ;path = /var/lib/grafana/dashboards 359 | 360 | #################################### Alerting ############################ 361 | [alerting] 362 | # Disable alerting engine & UI features 363 | ;enabled = true 364 | # Makes it possible to turn off alert rule execution but alerting UI is visible 365 | ;execute_alerts = true 366 | 367 | #################################### Internal Grafana Metrics ########################## 368 | # Metrics available at HTTP API Url /api/metrics 369 | [metrics] 370 | # Disable / Enable internal metrics 371 | ;enabled = true 372 | 373 | # Publish interval 374 | ;interval_seconds = 10 375 | 376 | # Send internal metrics to Graphite 377 | [metrics.graphite] 378 | # Enable by setting the address setting (ex localhost:2003) 379 | ;address = 380 | ;prefix = prod.grafana.%(instance_name)s. 381 | 382 | #################################### Internal Grafana Metrics ########################## 383 | # Url used to to import dashboards directly from Grafana.net 384 | [grafana_net] 385 | ;url = https://grafana.net 386 | 387 | #################################### External image storage ########################## 388 | [external_image_storage] 389 | # Used for uploading images to public servers so they can be included in slack/email messages. 390 | # you can choose between (s3, webdav) 391 | ;provider = 392 | 393 | [external_image_storage.s3] 394 | ;bucket_url = 395 | ;access_key = 396 | ;secret_key = 397 | 398 | [external_image_storage.webdav] 399 | ;url = 400 | ;username = 401 | ;password = 402 | -------------------------------------------------------------------------------- /files/mqtt/mosquitto.conf: -------------------------------------------------------------------------------- 1 | # Config file for mosquitto 2 | # 3 | # See mosquitto.conf(5) for more information. 4 | # 5 | # Default values are shown, uncomment to change. 6 | # 7 | # Use the # character to indicate a comment, but only if it is the 8 | # very first character on the line. 9 | 10 | # ================================================================= 11 | # General configuration 12 | # ================================================================= 13 | 14 | # Time in seconds to wait before resending an outgoing QoS=1 or 15 | # QoS=2 message. 16 | #retry_interval 20 17 | 18 | # Time in seconds between updates of the $SYS tree. 19 | # Set to 0 to disable the publishing of the $SYS tree. 20 | #sys_interval 10 21 | 22 | # Time in seconds between cleaning the internal message store of 23 | # unreferenced messages. Lower values will result in lower memory 24 | # usage but more processor time, higher values will have the 25 | # opposite effect. 26 | # Setting a value of 0 means the unreferenced messages will be 27 | # disposed of as quickly as possible. 28 | #store_clean_interval 10 29 | 30 | # Write process id to a file. Default is a blank string which means 31 | # a pid file shouldn't be written. 32 | # This should be set to /var/run/mosquitto.pid if mosquitto is 33 | # being run automatically on boot with an init script and 34 | # start-stop-daemon or similar. 35 | #pid_file 36 | 37 | # When run as root, drop privileges to this user and its primary 38 | # group. 39 | # Leave blank to stay as root, but this is not recommended. 40 | # If run as a non-root user, this setting has no effect. 41 | # Note that on Windows this has no effect and so mosquitto should 42 | # be started by the user you wish it to run as. 43 | #user mosquitto 44 | 45 | # The maximum number of QoS 1 and 2 messages currently inflight per 46 | # client. 47 | # This includes messages that are partway through handshakes and 48 | # those that are being retried. Defaults to 20. Set to 0 for no 49 | # maximum. Setting to 1 will guarantee in-order delivery of QoS 1 50 | # and 2 messages. 51 | #max_inflight_messages 20 52 | 53 | # The maximum number of QoS 1 and 2 messages to hold in a queue 54 | # above those that are currently in-flight. Defaults to 100. Set 55 | # to 0 for no maximum (not recommended). 56 | # See also queue_qos0_messages. 57 | #max_queued_messages 100 58 | 59 | # Set to true to queue messages with QoS 0 when a persistent client is 60 | # disconnected. These messages are included in the limit imposed by 61 | # max_queued_messages. 62 | # Defaults to false. 63 | # This is a non-standard option for the MQTT v3.1 spec but is allowed in 64 | # v3.1.1. 65 | #queue_qos0_messages false 66 | 67 | # This option sets the maximum publish payload size that the broker will allow. 68 | # Received messages that exceed this size will not be accepted by the broker. 69 | # The default value is 0, which means that all valid MQTT messages are 70 | # accepted. MQTT imposes a maximum payload size of 268435455 bytes. 71 | #message_size_limit 0 72 | 73 | # This option controls whether a client is allowed to connect with a zero 74 | # length client id or not. This option only affects clients using MQTT v3.1.1 75 | # and later. If set to false, clients connecting with a zero length client id 76 | # are disconnected. If set to true, clients will be allocated a client id by 77 | # the broker. This means it is only useful for clients with clean session set 78 | # to true. 79 | #allow_zero_length_clientid true 80 | 81 | # If allow_zero_length_clientid is true, this option allows you to set a prefix 82 | # to automatically generated client ids to aid visibility in logs. 83 | #auto_id_prefix 84 | 85 | # This option allows persistent clients (those with clean session set to false) 86 | # to be removed if they do not reconnect within a certain time frame. 87 | # 88 | # This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1. 89 | # 90 | # Badly designed clients may set clean session to false whilst using a randomly 91 | # generated client id. This leads to persistent clients that will never 92 | # reconnect. This option allows these clients to be removed. 93 | # 94 | # The expiration period should be an integer followed by one of h d w m y for 95 | # hour, day, week, month and year respectively. For example 96 | # 97 | # persistent_client_expiration 2m 98 | # persistent_client_expiration 14d 99 | # persistent_client_expiration 1y 100 | # 101 | # The default if not set is to never expire persistent clients. 102 | #persistent_client_expiration 103 | 104 | # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# 105 | # and foo/+/baz , then MQTT expects that when the broker receives a message on 106 | # a topic that matches both subscriptions, such as foo/bar/baz, then the client 107 | # should only receive the message once. 108 | # Mosquitto keeps track of which clients a message has been sent to in order to 109 | # meet this requirement. The allow_duplicate_messages option allows this 110 | # behaviour to be disabled, which may be useful if you have a large number of 111 | # clients subscribed to the same set of topics and are very concerned about 112 | # minimising memory usage. 113 | # It can be safely set to true if you know in advance that your clients will 114 | # never have overlapping subscriptions, otherwise your clients must be able to 115 | # correctly deal with duplicate messages even when then have QoS=2. 116 | #allow_duplicate_messages false 117 | 118 | # The MQTT specification requires that the QoS of a message delivered to a 119 | # subscriber is never upgraded to match the QoS of the subscription. Enabling 120 | # this option changes this behaviour. If upgrade_outgoing_qos is set true, 121 | # messages sent to a subscriber will always match the QoS of its subscription. 122 | # This is a non-standard option explicitly disallowed by the spec. 123 | #upgrade_outgoing_qos false 124 | 125 | # ================================================================= 126 | # Default listener 127 | # ================================================================= 128 | 129 | # IP address/hostname to bind the default listener to. If not 130 | # given, the default listener will not be bound to a specific 131 | # address and so will be accessible to all network interfaces. 132 | # bind_address ip-address/host name 133 | #bind_address 134 | 135 | # Port to use for the default listener. 136 | #port 1883 137 | 138 | # The maximum number of client connections to allow. This is 139 | # a per listener setting. 140 | # Default is -1, which means unlimited connections. 141 | # Note that other process limits mean that unlimited connections 142 | # are not really possible. Typically the default maximum number of 143 | # connections possible is around 1024. 144 | #max_connections -1 145 | 146 | # Choose the protocol to use when listening. 147 | # This can be either mqtt or websockets. 148 | # Websockets support is currently disabled by default at compile time. 149 | # Certificate based TLS may be used with websockets, except that 150 | # only the cafile, certfile, keyfile and ciphers options are supported. 151 | #protocol mqtt 152 | 153 | # When a listener is using the websockets protocol, it is possible to serve 154 | # http data as well. Set http_dir to a directory which contains the files you 155 | # wish to serve. If this option is not specified, then no normal http 156 | # connections will be possible. 157 | #http_dir 158 | 159 | # Set use_username_as_clientid to true to replace the clientid that a client 160 | # connected with with its username. This allows authentication to be tied to 161 | # the clientid, which means that it is possible to prevent one client 162 | # disconnecting another by using the same clientid. 163 | # If a client connects with no username it will be disconnected as not 164 | # authorised when this option is set to true. 165 | # Do not use in conjunction with clientid_prefixes. 166 | # See also use_identity_as_username. 167 | #use_username_as_clientid 168 | 169 | # ----------------------------------------------------------------- 170 | # Certificate based SSL/TLS support 171 | # ----------------------------------------------------------------- 172 | # The following options can be used to enable SSL/TLS support for 173 | # this listener. Note that the recommended port for MQTT over TLS 174 | # is 8883, but this must be set manually. 175 | # 176 | # See also the mosquitto-tls man page. 177 | 178 | # At least one of cafile or capath must be defined. They both 179 | # define methods of accessing the PEM encoded Certificate 180 | # Authority certificates that have signed your server certificate 181 | # and that you wish to trust. 182 | # cafile defines the path to a file containing the CA certificates. 183 | # capath defines a directory that will be searched for files 184 | # containing the CA certificates. For capath to work correctly, the 185 | # certificate files must have ".crt" as the file ending and you must run 186 | # "c_rehash " each time you add/remove a certificate. 187 | #cafile 188 | #capath 189 | 190 | # Path to the PEM encoded server certificate. 191 | #certfile 192 | 193 | # Path to the PEM encoded keyfile. 194 | #keyfile 195 | 196 | # This option defines the version of the TLS protocol to use for this listener. 197 | # The default value allows v1.2, v1.1 and v1.0, if they are all supported by 198 | # the version of openssl that the broker was compiled against. For openssl >= 199 | # 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the 200 | # valid values are tlsv1. 201 | #tls_version 202 | 203 | # By default a TLS enabled listener will operate in a similar fashion to a 204 | # https enabled web server, in that the server has a certificate signed by a CA 205 | # and the client will verify that it is a trusted certificate. The overall aim 206 | # is encryption of the network traffic. By setting require_certificate to true, 207 | # the client must provide a valid certificate in order for the network 208 | # connection to proceed. This allows access to the broker to be controlled 209 | # outside of the mechanisms provided by MQTT. 210 | #require_certificate false 211 | 212 | # If require_certificate is true, you may set use_identity_as_username to true 213 | # to use the CN value from the client certificate as a username. If this is 214 | # true, the password_file option will not be used for this listener. 215 | #use_identity_as_username false 216 | 217 | # If you have require_certificate set to true, you can create a certificate 218 | # revocation list file to revoke access to particular client certificates. If 219 | # you have done this, use crlfile to point to the PEM encoded revocation file. 220 | #crlfile 221 | 222 | # If you wish to control which encryption ciphers are used, use the ciphers 223 | # option. The list of available ciphers can be optained using the "openssl 224 | # ciphers" command and should be provided in the same format as the output of 225 | # that command. 226 | # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH 227 | #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH 228 | 229 | # ----------------------------------------------------------------- 230 | # Pre-shared-key based SSL/TLS support 231 | # ----------------------------------------------------------------- 232 | # The following options can be used to enable PSK based SSL/TLS support for 233 | # this listener. Note that the recommended port for MQTT over TLS is 8883, but 234 | # this must be set manually. 235 | # 236 | # See also the mosquitto-tls man page and the "Certificate based SSL/TLS 237 | # support" section. Only one of certificate or PSK encryption support can be 238 | # enabled for any listener. 239 | 240 | # The psk_hint option enables pre-shared-key support for this listener and also 241 | # acts as an identifier for this listener. The hint is sent to clients and may 242 | # be used locally to aid authentication. The hint is a free form string that 243 | # doesn't have much meaning in itself, so feel free to be creative. 244 | # If this option is provided, see psk_file to define the pre-shared keys to be 245 | # used or create a security plugin to handle them. 246 | #psk_hint 247 | 248 | # Set use_identity_as_username to have the psk identity sent by the client used 249 | # as its username. Authentication will be carried out using the PSK rather than 250 | # the MQTT username/password and so password_file will not be used for this 251 | # listener. 252 | #use_identity_as_username false 253 | 254 | # When using PSK, the encryption ciphers used will be chosen from the list of 255 | # available PSK ciphers. If you want to control which ciphers are available, 256 | # use the "ciphers" option. The list of available ciphers can be optained 257 | # using the "openssl ciphers" command and should be provided in the same format 258 | # as the output of that command. 259 | #ciphers 260 | 261 | # ================================================================= 262 | # Extra listeners 263 | # ================================================================= 264 | 265 | # Listen on a port/ip address combination. By using this variable 266 | # multiple times, mosquitto can listen on more than one port. If 267 | # this variable is used and neither bind_address nor port given, 268 | # then the default listener will not be started. 269 | # The port number to listen on must be given. Optionally, an ip 270 | # address or host name may be supplied as a second argument. In 271 | # this case, mosquitto will attempt to bind the listener to that 272 | # address and so restrict access to the associated network and 273 | # interface. By default, mosquitto will listen on all interfaces. 274 | # Note that for a websockets listener it is not possible to bind to a host 275 | # name. 276 | # listener port-number [ip address/host name] 277 | #listener 278 | 279 | # The maximum number of client connections to allow. This is 280 | # a per listener setting. 281 | # Default is -1, which means unlimited connections. 282 | # Note that other process limits mean that unlimited connections 283 | # are not really possible. Typically the default maximum number of 284 | # connections possible is around 1024. 285 | #max_connections -1 286 | 287 | # The listener can be restricted to operating within a topic hierarchy using 288 | # the mount_point option. This is achieved be prefixing the mount_point string 289 | # to all topics for any clients connected to this listener. This prefixing only 290 | # happens internally to the broker; the client will not see the prefix. 291 | #mount_point 292 | 293 | # Choose the protocol to use when listening. 294 | # This can be either mqtt or websockets. 295 | # Certificate based TLS may be used with websockets, except that only the 296 | # cafile, certfile, keyfile and ciphers options are supported. 297 | #protocol mqtt 298 | 299 | # When a listener is using the websockets protocol, it is possible to serve 300 | # http data as well. Set http_dir to a directory which contains the files you 301 | # wish to serve. If this option is not specified, then no normal http 302 | # connections will be possible. 303 | #http_dir 304 | 305 | # Set use_username_as_clientid to true to replace the clientid that a client 306 | # connected with with its username. This allows authentication to be tied to 307 | # the clientid, which means that it is possible to prevent one client 308 | # disconnecting another by using the same clientid. 309 | # If a client connects with no username it will be disconnected as not 310 | # authorised when this option is set to true. 311 | # Do not use in conjunction with clientid_prefixes. 312 | # See also use_identity_as_username. 313 | #use_username_as_clientid 314 | 315 | # ----------------------------------------------------------------- 316 | # Certificate based SSL/TLS support 317 | # ----------------------------------------------------------------- 318 | # The following options can be used to enable certificate based SSL/TLS support 319 | # for this listener. Note that the recommended port for MQTT over TLS is 8883, 320 | # but this must be set manually. 321 | # 322 | # See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS 323 | # support" section. Only one of certificate or PSK encryption support can be 324 | # enabled for any listener. 325 | 326 | # At least one of cafile or capath must be defined to enable certificate based 327 | # TLS encryption. They both define methods of accessing the PEM encoded 328 | # Certificate Authority certificates that have signed your server certificate 329 | # and that you wish to trust. 330 | # cafile defines the path to a file containing the CA certificates. 331 | # capath defines a directory that will be searched for files 332 | # containing the CA certificates. For capath to work correctly, the 333 | # certificate files must have ".crt" as the file ending and you must run 334 | # "c_rehash " each time you add/remove a certificate. 335 | #cafile 336 | #capath 337 | 338 | # Path to the PEM encoded server certificate. 339 | #certfile 340 | 341 | # Path to the PEM encoded keyfile. 342 | #keyfile 343 | 344 | # By default an TLS enabled listener will operate in a similar fashion to a 345 | # https enabled web server, in that the server has a certificate signed by a CA 346 | # and the client will verify that it is a trusted certificate. The overall aim 347 | # is encryption of the network traffic. By setting require_certificate to true, 348 | # the client must provide a valid certificate in order for the network 349 | # connection to proceed. This allows access to the broker to be controlled 350 | # outside of the mechanisms provided by MQTT. 351 | #require_certificate false 352 | 353 | # If require_certificate is true, you may set use_identity_as_username to true 354 | # to use the CN value from the client certificate as a username. If this is 355 | # true, the password_file option will not be used for this listener. 356 | #use_identity_as_username false 357 | 358 | # If you have require_certificate set to true, you can create a certificate 359 | # revocation list file to revoke access to particular client certificates. If 360 | # you have done this, use crlfile to point to the PEM encoded revocation file. 361 | #crlfile 362 | 363 | # If you wish to control which encryption ciphers are used, use the ciphers 364 | # option. The list of available ciphers can be optained using the "openssl 365 | # ciphers" command and should be provided in the same format as the output of 366 | # that command. 367 | #ciphers 368 | 369 | # ----------------------------------------------------------------- 370 | # Pre-shared-key based SSL/TLS support 371 | # ----------------------------------------------------------------- 372 | # The following options can be used to enable PSK based SSL/TLS support for 373 | # this listener. Note that the recommended port for MQTT over TLS is 8883, but 374 | # this must be set manually. 375 | # 376 | # See also the mosquitto-tls man page and the "Certificate based SSL/TLS 377 | # support" section. Only one of certificate or PSK encryption support can be 378 | # enabled for any listener. 379 | 380 | # The psk_hint option enables pre-shared-key support for this listener and also 381 | # acts as an identifier for this listener. The hint is sent to clients and may 382 | # be used locally to aid authentication. The hint is a free form string that 383 | # doesn't have much meaning in itself, so feel free to be creative. 384 | # If this option is provided, see psk_file to define the pre-shared keys to be 385 | # used or create a security plugin to handle them. 386 | #psk_hint 387 | 388 | # Set use_identity_as_username to have the psk identity sent by the client used 389 | # as its username. Authentication will be carried out using the PSK rather than 390 | # the MQTT username/password and so password_file will not be used for this 391 | # listener. 392 | #use_identity_as_username false 393 | 394 | # When using PSK, the encryption ciphers used will be chosen from the list of 395 | # available PSK ciphers. If you want to control which ciphers are available, 396 | # use the "ciphers" option. The list of available ciphers can be optained 397 | # using the "openssl ciphers" command and should be provided in the same format 398 | # as the output of that command. 399 | #ciphers 400 | 401 | # ================================================================= 402 | # Persistence 403 | # ================================================================= 404 | 405 | # If persistence is enabled, save the in-memory database to disk 406 | # every autosave_interval seconds. If set to 0, the persistence 407 | # database will only be written when mosquitto exits. See also 408 | # autosave_on_changes. 409 | # Note that writing of the persistence database can be forced by 410 | # sending mosquitto a SIGUSR1 signal. 411 | #autosave_interval 1800 412 | 413 | # If true, mosquitto will count the number of subscription changes, retained 414 | # messages received and queued messages and if the total exceeds 415 | # autosave_interval then the in-memory database will be saved to disk. 416 | # If false, mosquitto will save the in-memory database to disk by treating 417 | # autosave_interval as a time in seconds. 418 | #autosave_on_changes false 419 | 420 | # Save persistent message data to disk (true/false). 421 | # This saves information about all messages, including 422 | # subscriptions, currently in-flight messages and retained 423 | # messages. 424 | # retained_persistence is a synonym for this option. 425 | #persistence false 426 | 427 | # The filename to use for the persistent database, not including 428 | # the path. 429 | #persistence_file mosquitto.db 430 | 431 | # Location for persistent database. Must include trailing / 432 | # Default is an empty string (current directory). 433 | # Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or 434 | # similar. 435 | #persistence_location 436 | 437 | # ================================================================= 438 | # Logging 439 | # ================================================================= 440 | 441 | # Places to log to. Use multiple log_dest lines for multiple 442 | # logging destinations. 443 | # Possible destinations are: stdout stderr syslog topic file 444 | # 445 | # stdout and stderr log to the console on the named output. 446 | # 447 | # syslog uses the userspace syslog facility which usually ends up 448 | # in /var/log/messages or similar. 449 | # 450 | # topic logs to the broker topic '$SYS/broker/log/', 451 | # where severity is one of D, E, W, N, I, M which are debug, error, 452 | # warning, notice, information and message. Message type severity is used by 453 | # the subscribe/unsubscribe log_types and publishes log messages to 454 | # $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. 455 | # 456 | # The file destination requires an additional parameter which is the file to be 457 | # logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be 458 | # closed and reopened when the broker receives a HUP signal. Only a single file 459 | # destination may be configured. 460 | # 461 | # Note that if the broker is running as a Windows service it will default to 462 | # "log_dest none" and neither stdout nor stderr logging is available. 463 | # Use "log_dest none" if you wish to disable logging. 464 | #log_dest stderr 465 | 466 | # If using syslog logging (not on Windows), messages will be logged to the 467 | # "daemon" facility by default. Use the log_facility option to choose which of 468 | # local0 to local7 to log to instead. The option value should be an integer 469 | # value, e.g. "log_facility 5" to use local5. 470 | #log_facility 471 | 472 | # Types of messages to log. Use multiple log_type lines for logging 473 | # multiple types of messages. 474 | # Possible types are: debug, error, warning, notice, information, 475 | # none, subscribe, unsubscribe, websockets, all. 476 | # Note that debug type messages are for decoding the incoming/outgoing 477 | # network packets. They are not logged in "topics". 478 | #log_type error 479 | #log_type warning 480 | #log_type notice 481 | #log_type information 482 | 483 | # Change the websockets logging level. This is a global option, it is not 484 | # possible to set per listener. This is an integer that is interpreted by 485 | # libwebsockets as a bit mask for its lws_log_levels enum. See the 486 | # libwebsockets documentation for more details. "log_type websockets" must also 487 | # be enabled. 488 | #websockets_log_level 0 489 | 490 | # If set to true, client connection and disconnection messages will be included 491 | # in the log. 492 | #connection_messages true 493 | 494 | # If set to true, add a timestamp value to each log message. 495 | #log_timestamp true 496 | 497 | # ================================================================= 498 | # Security 499 | # ================================================================= 500 | 501 | # If set, only clients that have a matching prefix on their 502 | # clientid will be allowed to connect to the broker. By default, 503 | # all clients may connect. 504 | # For example, setting "secure-" here would mean a client "secure- 505 | # client" could connect but another with clientid "mqtt" couldn't. 506 | #clientid_prefixes 507 | 508 | # Boolean value that determines whether clients that connect 509 | # without providing a username are allowed to connect. If set to 510 | # false then a password file should be created (see the 511 | # password_file option) to control authenticated client access. 512 | # Defaults to true. 513 | #allow_anonymous true 514 | 515 | # In addition to the clientid_prefixes, allow_anonymous and TLS 516 | # authentication options, username based authentication is also 517 | # possible. The default support is described in "Default 518 | # authentication and topic access control" below. The auth_plugin 519 | # allows another authentication method to be used. 520 | # Specify the path to the loadable plugin and see the 521 | # "Authentication and topic access plugin options" section below. 522 | #auth_plugin 523 | 524 | # If auth_plugin_deny_special_chars is true, the default, then before an ACL 525 | # check is made, the username/client id of the client needing the check is 526 | # searched for the presence of either a '+' or '#' character. If either of 527 | # these characters is found in either the username or client id, then the ACL 528 | # check is denied before it is sent to the plugin.o 529 | # 530 | # This check prevents the case where a malicious user could circumvent an ACL 531 | # check by using one of these characters as their username or client id. This 532 | # is the same issue as was reported with mosquitto itself as CVE-2017-7650. 533 | # 534 | # If you are entirely sure that the plugin you are using is not vulnerable to 535 | # this attack (i.e. if you never use usernames or client ids in topics) then 536 | # you can disable this extra check and have all ACL checks delivered to your 537 | # plugin by setting auth_plugin_deny_special_chars to false. 538 | #auth_plugin_deny_special_chars true 539 | 540 | # ----------------------------------------------------------------- 541 | # Default authentication and topic access control 542 | # ----------------------------------------------------------------- 543 | 544 | # Control access to the broker using a password file. This file can be 545 | # generated using the mosquitto_passwd utility. If TLS support is not compiled 546 | # into mosquitto (it is recommended that TLS support should be included) then 547 | # plain text passwords are used, in which case the file should be a text file 548 | # with lines in the format: 549 | # username:password 550 | # The password (and colon) may be omitted if desired, although this 551 | # offers very little in the way of security. 552 | # 553 | # See the TLS client require_certificate and use_identity_as_username options 554 | # for alternative authentication options. 555 | #password_file 556 | 557 | # Access may also be controlled using a pre-shared-key file. This requires 558 | # TLS-PSK support and a listener configured to use it. The file should be text 559 | # lines in the format: 560 | # identity:key 561 | # The key should be in hexadecimal format without a leading "0x". 562 | #psk_file 563 | 564 | # Control access to topics on the broker using an access control list 565 | # file. If this parameter is defined then only the topics listed will 566 | # have access. 567 | # If the first character of a line of the ACL file is a # it is treated as a 568 | # comment. 569 | # Topic access is added with lines of the format: 570 | # 571 | # topic [read|write|readwrite] 572 | # 573 | # The access type is controlled using "read", "write" or "readwrite". This 574 | # parameter is optional (unless contains a space character) - if not 575 | # given then the access is read/write. can contain the + or # 576 | # wildcards as in subscriptions. 577 | # 578 | # The first set of topics are applied to anonymous clients, assuming 579 | # allow_anonymous is true. User specific topic ACLs are added after a 580 | # user line as follows: 581 | # 582 | # user 583 | # 584 | # The username referred to here is the same as in password_file. It is 585 | # not the clientid. 586 | # 587 | # 588 | # If is also possible to define ACLs based on pattern substitution within the 589 | # topic. The patterns available for substition are: 590 | # 591 | # %c to match the client id of the client 592 | # %u to match the username of the client 593 | # 594 | # The substitution pattern must be the only text for that level of hierarchy. 595 | # 596 | # The form is the same as for the topic keyword, but using pattern as the 597 | # keyword. 598 | # Pattern ACLs apply to all users even if the "user" keyword has previously 599 | # been given. 600 | # 601 | # If using bridges with usernames and ACLs, connection messages can be allowed 602 | # with the following pattern: 603 | # pattern write $SYS/broker/connection/%c/state 604 | # 605 | # pattern [read|write|readwrite] 606 | # 607 | # Example: 608 | # 609 | # pattern write sensor/%u/data 610 | # 611 | #acl_file 612 | 613 | # ----------------------------------------------------------------- 614 | # Authentication and topic access plugin options 615 | # ----------------------------------------------------------------- 616 | 617 | # If the auth_plugin option above is used, define options to pass to the 618 | # plugin here as described by the plugin instructions. All options named 619 | # using the format auth_opt_* will be passed to the plugin, for example: 620 | # 621 | # auth_opt_db_host 622 | # auth_opt_db_port 623 | # auth_opt_db_username 624 | # auth_opt_db_password 625 | 626 | 627 | # ================================================================= 628 | # Bridges 629 | # ================================================================= 630 | 631 | # A bridge is a way of connecting multiple MQTT brokers together. 632 | # Create a new bridge using the "connection" option as described below. Set 633 | # options for the bridges using the remaining parameters. You must specify the 634 | # address and at least one topic to subscribe to. 635 | # Each connection must have a unique name. 636 | # The address line may have multiple host address and ports specified. See 637 | # below in the round_robin description for more details on bridge behaviour if 638 | # multiple addresses are used. 639 | # The direction that the topic will be shared can be chosen by 640 | # specifying out, in or both, where the default value is out. 641 | # The QoS level of the bridged communication can be specified with the next 642 | # topic option. The default QoS level is 0, to change the QoS the topic 643 | # direction must also be given. 644 | # The local and remote prefix options allow a topic to be remapped when it is 645 | # bridged to/from the remote broker. This provides the ability to place a topic 646 | # tree in an appropriate location. 647 | # For more details see the mosquitto.conf man page. 648 | # Multiple topics can be specified per connection, but be careful 649 | # not to create any loops. 650 | # If you are using bridges with cleansession set to false (the default), then 651 | # you may get unexpected behaviour from incoming topics if you change what 652 | # topics you are subscribing to. This is because the remote broker keeps the 653 | # subscription for the old topic. If you have this problem, connect your bridge 654 | # with cleansession set to true, then reconnect with cleansession set to false 655 | # as normal. 656 | #connection 657 | #address [:] [[:]] 658 | #topic [[[out | in | both] qos-level] local-prefix remote-prefix] 659 | 660 | # Set the version of the MQTT protocol to use with for this bridge. Can be one 661 | # of mqttv31 or mqttv311. Defaults to mqttv31. 662 | #bridge_protocol_version mqttv31 663 | 664 | # If a bridge has topics that have "out" direction, the default behaviour is to 665 | # send an unsubscribe request to the remote broker on that topic. This means 666 | # that changing a topic direction from "in" to "out" will not keep receiving 667 | # incoming messages. Sending these unsubscribe requests is not always 668 | # desirable, setting bridge_attempt_unsubscribe to false will disable sending 669 | # the unsubscribe request. 670 | #bridge_attempt_unsubscribe true 671 | 672 | # If the bridge has more than one address given in the address/addresses 673 | # configuration, the round_robin option defines the behaviour of the bridge on 674 | # a failure of the bridge connection. If round_robin is false, the default 675 | # value, then the first address is treated as the main bridge connection. If 676 | # the connection fails, the other secondary addresses will be attempted in 677 | # turn. Whilst connected to a secondary bridge, the bridge will periodically 678 | # attempt to reconnect to the main bridge until successful. 679 | # If round_robin is true, then all addresses are treated as equals. If a 680 | # connection fails, the next address will be tried and if successful will 681 | # remain connected until it fails 682 | #round_robin false 683 | 684 | # Set the client id to use on the remote end of this bridge connection. If not 685 | # defined, this defaults to 'name.hostname' where name is the connection name 686 | # and hostname is the hostname of this computer. 687 | # This replaces the old "clientid" option to avoid confusion. "clientid" 688 | # remains valid for the time being. 689 | #remote_clientid 690 | 691 | # Set the clientid to use on the local broker. If not defined, this defaults to 692 | # 'local.'. If you are bridging a broker to itself, it is important 693 | # that local_clientid and clientid do not match. 694 | #local_clientid 695 | 696 | # Set the clean session variable for this bridge. 697 | # When set to true, when the bridge disconnects for any reason, all 698 | # messages and subscriptions will be cleaned up on the remote 699 | # broker. Note that with cleansession set to true, there may be a 700 | # significant amount of retained messages sent when the bridge 701 | # reconnects after losing its connection. 702 | # When set to false, the subscriptions and messages are kept on the 703 | # remote broker, and delivered when the bridge reconnects. 704 | #cleansession false 705 | 706 | # If set to true, publish notification messages to the local and remote brokers 707 | # giving information about the state of the bridge connection. Retained 708 | # messages are published to the topic $SYS/broker/connection//state 709 | # unless the notification_topic option is used. 710 | # If the message is 1 then the connection is active, or 0 if the connection has 711 | # failed. 712 | #notifications true 713 | 714 | # Choose the topic on which notification messages for this bridge are 715 | # published. If not set, messages are published on the topic 716 | # $SYS/broker/connection//state 717 | #notification_topic 718 | 719 | # Set the keepalive interval for this bridge connection, in 720 | # seconds. 721 | #keepalive_interval 60 722 | 723 | # Set the start type of the bridge. This controls how the bridge starts and 724 | # can be one of three types: automatic, lazy and once. Note that RSMB provides 725 | # a fourth start type "manual" which isn't currently supported by mosquitto. 726 | # 727 | # "automatic" is the default start type and means that the bridge connection 728 | # will be started automatically when the broker starts and also restarted 729 | # after a short delay (30 seconds) if the connection fails. 730 | # 731 | # Bridges using the "lazy" start type will be started automatically when the 732 | # number of queued messages exceeds the number set with the "threshold" 733 | # parameter. It will be stopped automatically after the time set by the 734 | # "idle_timeout" parameter. Use this start type if you wish the connection to 735 | # only be active when it is needed. 736 | # 737 | # A bridge using the "once" start type will be started automatically when the 738 | # broker starts but will not be restarted if the connection fails. 739 | #start_type automatic 740 | 741 | # Set the amount of time a bridge using the automatic start type will wait 742 | # until attempting to reconnect. Defaults to 30 seconds. 743 | #restart_timeout 30 744 | 745 | # Set the amount of time a bridge using the lazy start type must be idle before 746 | # it will be stopped. Defaults to 60 seconds. 747 | #idle_timeout 60 748 | 749 | # Set the number of messages that need to be queued for a bridge with lazy 750 | # start type to be restarted. Defaults to 10 messages. 751 | # Must be less than max_queued_messages. 752 | #threshold 10 753 | 754 | # If try_private is set to true, the bridge will attempt to indicate to the 755 | # remote broker that it is a bridge not an ordinary client. If successful, this 756 | # means that loop detection will be more effective and that retained messages 757 | # will be propagated correctly. Not all brokers support this feature so it may 758 | # be necessary to set try_private to false if your bridge does not connect 759 | # properly. 760 | #try_private true 761 | 762 | # Set the username to use when connecting to a broker that requires 763 | # authentication. 764 | # This replaces the old "username" option to avoid confusion. "username" 765 | # remains valid for the time being. 766 | #remote_username 767 | 768 | # Set the password to use when connecting to a broker that requires 769 | # authentication. This option is only used if remote_username is also set. 770 | # This replaces the old "password" option to avoid confusion. "password" 771 | # remains valid for the time being. 772 | #remote_password 773 | 774 | # ----------------------------------------------------------------- 775 | # Certificate based SSL/TLS support 776 | # ----------------------------------------------------------------- 777 | # Either bridge_cafile or bridge_capath must be defined to enable TLS support 778 | # for this bridge. 779 | # bridge_cafile defines the path to a file containing the 780 | # Certificate Authority certificates that have signed the remote broker 781 | # certificate. 782 | # bridge_capath defines a directory that will be searched for files containing 783 | # the CA certificates. For bridge_capath to work correctly, the certificate 784 | # files must have ".crt" as the file ending and you must run "c_rehash " each time you add/remove a certificate. 786 | #bridge_cafile 787 | #bridge_capath 788 | 789 | # Path to the PEM encoded client certificate, if required by the remote broker. 790 | #bridge_certfile 791 | 792 | # Path to the PEM encoded client private key, if required by the remote broker. 793 | #bridge_keyfile 794 | 795 | # When using certificate based encryption, bridge_insecure disables 796 | # verification of the server hostname in the server certificate. This can be 797 | # useful when testing initial server configurations, but makes it possible for 798 | # a malicious third party to impersonate your server through DNS spoofing, for 799 | # example. Use this option in testing only. If you need to resort to using this 800 | # option in a production environment, your setup is at fault and there is no 801 | # point using encryption. 802 | #bridge_insecure false 803 | 804 | # ----------------------------------------------------------------- 805 | # PSK based SSL/TLS support 806 | # ----------------------------------------------------------------- 807 | # Pre-shared-key encryption provides an alternative to certificate based 808 | # encryption. A bridge can be configured to use PSK with the bridge_identity 809 | # and bridge_psk options. These are the client PSK identity, and pre-shared-key 810 | # in hexadecimal format with no "0x". Only one of certificate and PSK based 811 | # encryption can be used on one 812 | # bridge at once. 813 | #bridge_identity 814 | #bridge_psk 815 | 816 | 817 | # ================================================================= 818 | # External config files 819 | # ================================================================= 820 | 821 | # External configuration files may be included by using the 822 | # include_dir option. This defines a directory that will be searched 823 | # for config files. All files that end in '.conf' will be loaded as 824 | # a configuration file. It is best to have this as the last option 825 | # in the main file. This option will only be processed from the main 826 | # configuration file. The directory specified must not contain the 827 | # main configuration file. 828 | #include_dir 829 | 830 | # ================================================================= 831 | # rsmb options - unlikely to ever be supported 832 | # ================================================================= 833 | 834 | #ffdc_output 835 | #max_log_entries 836 | #trace_level 837 | #trace_output 838 | --------------------------------------------------------------------------------