Setup

After my server had twice a new installation made necessary by a hardware defect of the system hard drive. The backup was already several weeks old and therefore had to be extensively reconfigured, I decided to change my complete setup on Ansible. In conjunction with Vagrant, even the possibility to automatically test updates beforehand in a VM.

In short, with the help of Ansible, I realized a 100% fully installed and configured system by “pressing a button”. In addition, it can be tested with the included Vagrant Script also “push of a button” comfortably in a VM.

The required Ansible scripts and the Vagrant script can be obtained and tested under the following url.

https://github.com/HolgerHees/smartserver

Just clone, install Vagrant and run:

vagrant up

Below is a list of all services which are deployed. All required files are either downloaded automatically or are part of the Ansible project.

OpenVPN

My access to the home network is implemented via OpenVPN. In addition, a second VPN is set up with a friend which is used to synchronize my backups, as well as a cloud “playground”.

Cron Script cloudy.sh

This script wraps all my CRON jobs and logs all calls to the systemd journal. If an error occurs, it also sends a message to the root user. Originally, the real reason for the script was the ability to allocate a reasonable mail subject which makes it easier to create better filter rules for GMail.

Cron

Several cron jobs are set up to, e.g. mirror my data partition on my Raid system, backing up databases, cleaning up databases or downloading the picture of the day (POTD).

SSH

As an SSH server OpenSSH is used. In this setup, the permitted users or IPs are explicitly configured.

Firewall

As a firewall, I use the firewalld to control which IP networks and services are allowed.

DNS

Mainly it is used to realize my mobile access. For this I use a public registered domain name, which however resolves to 127.0.0.1. My own DNS, on the other hand, “overwrites” the entry and resolves to the correct server. i.e. I have to either be directly in my network or be connected via VPN to access my domain name. In order to use my Handyapps (openhab, nextcloud etc) I must either be at home or start the VPN. The latter I have comfortably achieved by an OpenVPN Shortcut shortcut on my homescreen.

Postfix (Mail)

The mail system serves to forward all mails to the user root or postmaster to a google account. The advantage is that all further services only need to be sent to the user root.

MDADM

MDADM is for RAID monitoring and error notification.

SMARTD

SMARTD is used for hard disk hardware monitoring and error notification.

NFS Server

Used to provide a friend with a data container for his encrypted backups in the previously mentioned second VPN.

Samba Server

Samba the Windows shares for Nextcloud Files.

FTP Server

One of my outdoor cameras sends motion pictures that are stored here. They are stored for 2 days and then deleted. The FTP Server is so far drawn that only this camera is allowed to interact via FTP.

ClamAV

ClamAV is a malware and antivirus program.

PHP and a variety of modules

Some of my maintenance scripts are based on PHP. In addition, it is needed for Nextcloud.

Oracle Java

Is used for openHAB as well as Cloudsync. In addition, the Java Security Policy deployed which is necessary for a high-quality Cloudsync encryption.

Apache Maven

Maven is a build tool and is used for Cloudsync
ist ein Build Tool und wird für verwendet.

Apache Ant

Ant is a build tool and is used for Jython.

Java Jython

Jython is a Python runtime for Java. Used by the openHAB Python Rule Engine.

Apache Webserver

The Apache webserver acts as a proxy for all externally available web services. The advantage is that access management can be centralized via Apache.

Apache Web UI

A rudimentary web interface to reach all services.

MySQL

MySQL is a SQL database.

phpMyAdmin

phpMyAdmin is a web interface to manage MySQL.

InfluxDB

InfluxDB is a timeseries database. openHAB is filled with data and Grafana is used to visualize.

Elasticsearch

Elasticsearch is a NoSQL database. Used to save all messages of the system centrally and later expand them. More about this under chapters Fluentd and Kibana.

Kibana

Kibana is a web interface to conveniently search log messages in Elasticsearch.

Redis

Redis is a memory database to accelerate Nextcloud.

Nextcloud

Nextcloud is a web-based cloud solution for files, contacts, appointments, etc.

Additionally I use the news plugin as my main newsfetcher. This brings me from different sources every day from about 300 messages, which I can then read on my phone, tablet or the desktop. Being centrally noticed what I have already read.

Furthermore, I also use the Keeweb plugin which allows me a platform and cross-device password management.

Netdata

Netdata is used for server monitoring. It notifies or warns of a “not normal” server behavior. In my case, it measures and monitors every second about 2000 values ​​on my server.

Grafana

I use Grafana to visualize my InfluxDB data. They can either be accessed directly via the Web UI or embedded in the relevant places in my openHAB sitemap.

Mosquitto

Mosquitto is an MQTT broker which is required for communication with my Roomba vacuum cleaner robot.

Roomba

Service for communication with my vacuum cleaner robots. This connects to my Roomba and transfers the provided values ​​into the Mosquitto broker which in turn provides the data for openHAB.

VControld

VControld is a service to communicate with my heating. It is needed for my openHAB heating control.

Stromzähler

This script periodically reads out my electricity meter and transfers the data to openHAB via the REST interface.

openHAB

In short, openHAB serves to control my different systems (KNX, radio, USB, serial, network etc) via “bindings”. Using a rules engine, even complex control scenarios can be mapped. Data can be recorded, logged and graphically processed. The whole is visualized either via a web interface or via Android / iOS apps. In addition, there is also a REST API to the system.

It’s almost the heart of my IOT solution.

openHAB Toolbox

Small collection of scripts which I need for further functionalities. There are e.g. a weather fetcher which pulls data for later visualization in Habpanel. Furthermore, it contains CLI Script with the help of which I can generate all InfluxDB Timeseries from my MySQL data.

openHAB Wall mounted Display

A Habpanel based web UI for tablets.

Alexa Skill

Alexa Skill for my home automation.

Fluentd

Fluentd is a logfile collector that generalizes the Systemd, Apache and openHAB logs and stores them in Elasticsearch. All other services already send their data to the systemd log ins are already covered.

In addition, I monitor http status codes like 404 or 500 to generate custom log levels.

Elastalert

Elastalert is my central error monitoring. It periodically checks Elasticsearch for log messages of level ERROR or WARN, groups them and notifies me by mail.

Cloudsync

Cloudsync is my own backup solution which works similar to rsync. This, however, completely devious.

http://www.intranet-of-things.com/
http://www.intranet-der-dinge.de/