Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
smartpublicbuilding
openhab-pb-stack
Commits
83e693d6
Commit
83e693d6
authored
Jan 16, 2019
by
Dobli
Browse files
added initial template copy
parent
e9ce2462
Changes
8
Show whitespace changes
Inline
Side-by-side
.gitignore
0 → 100644
View file @
83e693d6
custom_configs/
README.md
View file @
83e693d6
...
...
@@ -83,14 +83,41 @@ The openhab-pb stack consists of multiple configuration files that need to be av
**mosquitto**
-
*mosquitto.conf*
: basic configuration of mosquitto
-
copy from template folder
-
disables anonymous access
-
enables usage of password file
-
*mosquitto_passwords*
: List of users/passwords that gain access to mosquitto
-
generated with
`mosquitto_passwd`
-
Uses SHA512 crypt -> maybe generated using pythons crypt library
**nodered**
-
*nodered_package.json*
: packages to be installed when node red is setup
-
copy from template folder
-
contains entry for openhab package
-
*nodered_settings*
: basic node red config
-
*nodered_settings.js*
: basic node red config
-
copy from template folder
-
contains
`httpNodeAuth`
for users
**ssh**
-
*sshd_config*
: basic ssh config
-
copy from template folder
-
*sftp_users.conf*
: file containing users for sftp container
-
generated, grants access to configuration files
-
*known_hosts*
: make backup (volumerize) hosts know internal ssh servers
-
generated using ssh-keygen
-
*id_rsa/id_rsa.pub*
: key pair for passwordless ssh between containers
-
generated using ssh-keygen
-
*ssh_host_x_key*
: hostkey for ssh, X is cryptosystem
-
generated using ssh-keygen
**traefik**
-
*traefik.toml*
: basic traefik configuration
-
copy from template folder
-
entryPoints.http.auth.basic contains users generated with htpasswd
**volumerize**
-
*backup_config_X.json*
: backup/volumerize config for each building, X is replaced by building name
\ No newline at end of file
building_manager.py
View file @
83e693d6
...
...
@@ -13,8 +13,10 @@ logging.basicConfig(level=logging.WARNING)
# Directories for config generation
CUSTOM_DIR
=
'custom_configs'
TEMPLATE_DIR
=
'template_configs'
CONFIG_DIRS
=
[
'influxdb'
,
'mosquitto'
,
'nodered'
,
'ssh'
,
'treafik'
,
'volumerize'
CONFIG_DIRS
=
[
'mosquitto'
,
'nodered'
,
'ssh'
,
'traefik'
,
'volumerize'
]
TEMPLATE_FILES
=
[
'mosquitto/mosquitto.conf'
,
'nodered/nodered_package.json'
,
'nodered/nodered_settings.js'
,
'ssh/sshd_config'
,
'traefik/traefik.toml'
]
# Default Swarm port
...
...
@@ -47,10 +49,11 @@ def copy_template_config(base_dir, config_path):
:base_dir: path that contains template and custom folders
:config_path: relative path of config to copy from template
"""
custom_path
=
base_dir
+
'/'
+
CUSTOM_DIR
template_path
=
base_dir
+
'/'
+
TEMPLATE_DIR
print
(
f
'Copy
{
config_path
}
from
{
custom_path
to
}
{
template_path
}
'
)
pass
custom_path
=
base_dir
+
'/'
+
CUSTOM_DIR
+
"/"
+
config_path
template_path
=
base_dir
+
'/'
+
TEMPLATE_DIR
+
"/"
+
config_path
logging
.
info
(
f
'Copy
{
config_path
}
from
{
custom_path
}
to
{
template_path
}
'
)
copy2
(
template_path
,
custom_path
)
# }}}
...
...
@@ -224,8 +227,13 @@ def init_config_dirs_command(args):
if
base_dir
is
None
:
base_dir
=
os
.
getcwd
()
# generate basic config folder
generate_config_folders
(
base_dir
)
# copy template configs
for
template_file
in
TEMPLATE_FILES
:
copy_template_config
(
base_dir
,
template_file
)
def
assign_building_command
(
args
):
"""Assigns the role of a building to a node
...
...
template_configs/mosquitto/mosquitto.conf
0 → 100644
View file @
83e693d6
allow_anonymous
false
password_file
/
mosquitto
/
config
/
passwd
template_configs/nodered/nodered_package.json
0 → 100644
View file @
83e693d6
{
"name"
:
"node-red-project"
,
"description"
:
"A Node-RED Project"
,
"version"
:
"0.1.0"
,
"dependencies"
:
{
"node-red-contrib-openhab2"
:
"~1.1.3"
}
}
template_configs/nodered/nodered_settings.js
0 → 100644
View file @
83e693d6
/**
* Copyright JS Foundation and other contributors, http://js.foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
// The `https` setting requires the `fs` module. Uncomment the following
// to make it available:
//var fs = require("fs");
module
.
exports
=
{
// the tcp port that the Node-RED web server is listening on
uiPort
:
process
.
env
.
PORT
||
1880
,
// By default, the Node-RED UI accepts connections on all IPv4 interfaces.
// To listen on all IPv6 addresses, set uiHost to "::",
// The following property can be used to listen on a specific interface. For
// example, the following would only allow connections from the local machine.
//uiHost: "127.0.0.1",
// Retry time in milliseconds for MQTT connections
mqttReconnectTime
:
15000
,
// Retry time in milliseconds for Serial port connections
serialReconnectTime
:
15000
,
// Retry time in milliseconds for TCP socket connections
//socketReconnectTime: 10000,
// Timeout in milliseconds for TCP server socket connections
// defaults to no timeout
//socketTimeout: 120000,
// Timeout in milliseconds for HTTP request connections
// defaults to 120 seconds
//httpRequestTimeout: 120000,
// The maximum length, in characters, of any message sent to the debug sidebar tab
debugMaxLength
:
1000
,
// The maximum number of messages nodes will buffer internally as part of their
// operation. This applies across a range of nodes that operate on message sequences.
// defaults to no limit. A value of 0 also means no limit is applied.
//nodeMaxMessageBufferLength: 0,
// To disable the option for using local files for storing keys and certificates in the TLS configuration
// node, set this to true
//tlsConfigDisableLocalFiles: true,
// Colourise the console output of the debug node
//debugUseColors: true,
// The file containing the flows. If not set, it defaults to flows_<hostname>.json
//flowFile: 'flows.json',
// To enabled pretty-printing of the flow within the flow file, set the following
// property to true:
//flowFilePretty: true,
// By default, credentials are encrypted in storage using a generated key. To
// specify your own secret, set the following property.
// If you want to disable encryption of credentials, set this property to false.
// Note: once you set this property, do not change it - doing so will prevent
// node-red from being able to decrypt your existing credentials and they will be
// lost.
//credentialSecret: "a-secret-key",
// By default, all user data is stored in the Node-RED install directory. To
// use a different location, the following property can be used
//userDir: '/home/nol/.node-red/',
// Node-RED scans the `nodes` directory in the install directory to find nodes.
// The following property can be used to specify an additional directory to scan.
//nodesDir: '/home/nol/.node-red/nodes',
// By default, the Node-RED UI is available at http://localhost:1880/
// The following property can be used to specify a different root path.
// If set to false, this is disabled.
//httpAdminRoot: '/admin',
// Some nodes, such as HTTP In, can be used to listen for incoming http requests.
// By default, these are served relative to '/'. The following property
// can be used to specifiy a different root path. If set to false, this is
// disabled.
//httpNodeRoot: '/red-nodes',
// The following property can be used in place of 'httpAdminRoot' and 'httpNodeRoot',
// to apply the same root to both parts.
//httpRoot: '/red',
// When httpAdminRoot is used to move the UI to a different root path, the
// following property can be used to identify a directory of static content
// that should be served at http://localhost:1880/.
//httpStatic: '/home/nol/node-red-static/',
// The maximum size of HTTP request that will be accepted by the runtime api.
// Default: 5mb
//apiMaxLength: '5mb',
// If you installed the optional node-red-dashboard you can set it's path
// relative to httpRoot
//ui: { path: "ui" },
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
//adminAuth: {
// type: "credentials",
// users: [{
// username: "admin",
// password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
// permissions: "*"
// }]
//},
// To password protect the node-defined HTTP endpoints (httpNodeRoot), or
// the static content (httpStatic), the following properties can be used.
// The pass field is a bcrypt hash of the password.
// See http://nodered.org/docs/security.html#generating-the-password-hash
//httpNodeAuth:{
// user:"user",
// pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."
//},
//httpStaticAuth: {user:"user",pass:"$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN."},
// The following property can be used to enable HTTPS
// See http://nodejs.org/api/https.html#https_https_createserver_options_requestlistener
// for details on its contents.
// See the comment at the top of this file on how to load the `fs` module used by
// this setting.
//
//https: {
// key: fs.readFileSync('privatekey.pem'),
// cert: fs.readFileSync('certificate.pem')
//},
// The following property can be used to cause insecure HTTP connections to
// be redirected to HTTPS.
//requireHttps: true
// The following property can be used to disable the editor. The admin API
// is not affected by this option. To disable both the editor and the admin
// API, use either the httpRoot or httpAdminRoot properties
//disableEditor: false,
// The following property can be used to configure cross-origin resource sharing
// in the HTTP nodes.
// See https://github.com/troygoode/node-cors#configuration-options for
// details on its contents. The following is a basic permissive set of options:
//httpNodeCors: {
// origin: "*",
// methods: "GET,PUT,POST,DELETE"
//},
// If you need to set an http proxy please set an environment variable
// called http_proxy (or HTTP_PROXY) outside of Node-RED in the operating system.
// For example - http_proxy=http://myproxy.com:8080
// (Setting it here will have no effect)
// You may also specify no_proxy (or NO_PROXY) to supply a comma separated
// list of domains to not proxy, eg - no_proxy=.acme.co,.acme.co.uk
// The following property can be used to add a custom middleware function
// in front of all http in nodes. This allows custom authentication to be
// applied to all http in nodes, or any other sort of common request processing.
//httpNodeMiddleware: function(req,res,next) {
// // Handle/reject the request, or pass it on to the http in node by calling next();
// // Optionally skip our rawBodyParser by setting this to true;
// //req.skipRawBodyParser = true;
// next();
//},
// The following property can be used to verify websocket connection attempts.
// This allows, for example, the HTTP request headers to be checked to ensure
// they include valid authentication information.
//webSocketNodeVerifyClient: function(info) {
// // 'info' has three properties:
// // - origin : the value in the Origin header
// // - req : the HTTP request
// // - secure : true if req.connection.authorized or req.connection.encrypted is set
// //
// // The function should return true if the connection should be accepted, false otherwise.
// //
// // Alternatively, if this function is defined to accept a second argument, callback,
// // it can be used to verify the client asynchronously.
// // The callback takes three arguments:
// // - result : boolean, whether to accept the connection or not
// // - code : if result is false, the HTTP error status to return
// // - reason: if result is false, the HTTP reason string to return
//},
// Anything in this hash is globally available to all functions.
// It is accessed as context.global.
// eg:
// functionGlobalContext: { os:require('os') }
// can be accessed in a function block as:
// context.global.os
functionGlobalContext
:
{
// os:require('os'),
// jfive:require("johnny-five"),
// j5board:require("johnny-five").Board({repl:false})
},
// The following property can be used to order the categories in the editor
// palette. If a node's category is not in the list, the category will get
// added to the end of the palette.
// If not set, the following default order is used:
//paletteCategories: ['subflows', 'input', 'output', 'function', 'social', 'mobile', 'storage', 'analysis', 'advanced'],
// Configure the logging output
logging
:
{
// Only console logging is currently supported
console
:
{
// Level of logging to be recorded. Options are:
// fatal - only those errors which make the application unusable should be recorded
// error - record errors which are deemed fatal for a particular request + fatal errors
// warn - record problems which are non fatal + errors + fatal errors
// info - record information about the general running of the application + warn + error + fatal errors
// debug - record information which is more verbose than info + info + warn + error + fatal errors
// trace - record very detailed logging + debug + info + warn + error + fatal errors
// off - turn off all logging (doesn't affect metrics or audit)
level
:
"
info
"
,
// Whether or not to include metric events in the log output
metrics
:
false
,
// Whether or not to include audit events in the log output
audit
:
false
}
},
// Customising the editor
editorTheme
:
{
projects
:
{
// To enable the Projects feature, set this value to true
enabled
:
false
}
}
}
template_configs/ssh/sshd_config
0 → 100644
View file @
83e693d6
# Secure defaults
# See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
# Faster connection
# See: https://github.com/atmoz/sftp/issues/11
UseDNS no
# Limited access
PermitRootLogin no
X11Forwarding no
AllowTcpForwarding no
# Force sftp and chroot jail
Subsystem sftp internal-sftp
#ForceCommand internal-sftp
#ChrootDirectory %h
# Enable this for more logs
#LogLevel VERBOSE
template_configs/traefik/traefik.toml
0 → 100644
View file @
83e693d6
################################################################
# entryPoints configuration
################################################################
# defaultEntryPoints = ["http"]
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.foo]
# address = ":8082"
# [entryPoints.bar]
# address = ":8083"
################################################################
# API and dashboard configuration
################################################################
#[api]
# entryPoint = "bar"
################################################################
# Docker configuration backend
################################################################
debug
=
true
defaultEntryPoints
=
["http"]
[entryPoints]
[entryPoints.http]
address
=
":80"
[entryPoints.http.auth.basic]
users
=
["ohuser:$apr1$ffMQdoZd$1uEyKkwOKH3QS9ovOAzYj1"]
# [retry]
# [docker]
# endpoint = "unix:///var/run/docker.sock"
# exposedByDefault = true
# watch = true
# swarmmode = true
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment