diff --git a/iot/files/mosquitto.conf b/iot/files/mosquitto.conf new file mode 100644 index 0000000..cd7abf4 --- /dev/null +++ b/iot/files/mosquitto.conf @@ -0,0 +1,40 @@ +# Use a persistence location outside the container +persistence true +persistence_location /mosquitto/data + +# Set the maximum number of clients and messages +max_connections 1000 +max_inflight_messages 1000 + +# Set the maximum size of incoming messages +max_queued_messages 10000 +max_packet_size 1000 + +# Enable MQTT logging +log_dest file /mosquitto/log/mosquitto.log +log_type error +log_type warning +log_type notice +log_type information + +# Disable anonymous access +allow_anonymous false + +# Set a username and password for client authentication +password_file /mosquitto/config/passwd + +# Uncomment the following lines if you want to enable TLS/SSL encryption +# cafile /mosquitto/config/ca.crt +# certfile /mosquitto/config/server.crt +# keyfile /mosquitto/config/server.key +# require_certificate true + +# Uncomment the following lines if you want to enable WebSocket support +listener 9001 +protocol websockets + +# Uncomment the following lines if you want to enable MQTT over TLS/SSL +# listener 8883 +# cafile /mosquitto/config/ca.crt +# certfile /mosquitto/config/server.crt +# keyfile /mosquitto/config/server.key \ No newline at end of file diff --git a/iot/files/nginx.conf.j2 b/iot/files/nginx.conf.j2 new file mode 100644 index 0000000..050269b --- /dev/null +++ b/iot/files/nginx.conf.j2 @@ -0,0 +1,44 @@ +server { + + listen 80; + server_name {{ http_host }}; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + location /mqtt/ { + proxy_pass http://localhost:9001/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + } + + location /node-red/ { + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://localhost:1880/; + } + + location /dashboard/ { + proxy_set_header Host $http_host; + proxy_pass http://localhost:3005/; + } + + location /dashboard/api/live/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_pass http://localhost:3005/; + } + +} + diff --git a/iot/files/passwd b/iot/files/passwd new file mode 100644 index 0000000..7f6e1b5 --- /dev/null +++ b/iot/files/passwd @@ -0,0 +1,2 @@ +esp8266:esp8266 +nodered:nodered \ No newline at end of file diff --git a/iot/playbook.yml b/iot/playbook.yml new file mode 100755 index 0000000..0b73f52 --- /dev/null +++ b/iot/playbook.yml @@ -0,0 +1,234 @@ +################################################# +# DO Community Playbooks: Docker +################################################# +--- +- hosts: all + become: true + vars_files: + - vars/default.yml + + tasks: + - getent: + database: passwd + key: "{{ mqtt_user }}" + split: ":" + + # - name: "{{ getent_passwd[user][1] }} : {{ getent_passwd[user][2] }}" + # docker_image: + # name: "{{ mqtt_imag }}" + # source: pull + # force_source: yes + + - name: Pull Mosquitto image + docker_image: + name: "{{ mqtt_image }}" + source: pull + force_source: yes + + - name: Ensure Mosquitto Directory exists + file: + path: "{{ mqtt_directory }}" + state: directory + group: 0 # "{{ mqtt_user }}" + owner: 0 # "{{ mqtt_user }}" + mode: 0755 + + - name: Ensure Mosquitto Config Directory exists + file: + path: "{{ mqtt_directory }}/config" + state: directory + group: 0 # "{{ mqtt_user }}" + owner: 0 # "{{ mqtt_user }}" + mode: 0755 + + - name: Copy the Mosquitto conf file + template: + src: "files/mosquitto.conf" + dest: "{{ mqtt_directory }}/config/mosquitto.conf" + group: 1883 # "{{ mqtt_user }}" + owner: 1883 # "{{ mqtt_user }}" + mode: 0646 + + # - name: Check if Mosquitto passwd file exists + # stat: path="{{ mqtt_directory }}/config/passwd" + # register: status + + - name: Ensure Mosquitto passwd file exists + template: + src: "files/passwd" + dest: "{{ mqtt_directory }}/config/passwd" + group: 1883 # "{{ mqtt_user }}" + owner: 1883 # "{{ mqtt_user }}" + mode: 0646 + + - name: Encrypt the docker file + command: docker exec -i mosquitto mosquitto_passwd -U /mosquitto/config/passwd + + - name: Ensure Mosquitto Log Directory exists + file: + path: "{{ mqtt_directory }}/log" + state: directory + group: 0 # "{{ mqtt_user }}" + owner: 0 # "{{ mqtt_user }}" + mode: 0755 + + - name: Ensure Mosquitto log file exists + file: + path: "{{ mqtt_directory }}/log/mosquitto.log" + state: touch + group: 0 # "{{ mqtt_user }}" + owner: 0 # "{{ mqtt_user }}" + mode: 0646 + + - name: Create Mosquitto container + docker_container: + name: "{{ mqtt_container }}" + image: "{{ mqtt_image }}" + state: started + restart_policy: "unless-stopped" + # user: 0:0 # "{{ getent_passwd[mqtt_user][1] }}:{{ getent_passwd[mqtt_user][2] }}" + published_ports: + - 127.0.0.1:9001:9001 + - 1883:1883 + volumes: + - "{{ mqtt_directory }}/config:/mosquitto/config" + - "{{ mqtt_directory }}/data:/mosquitto/data" + - "{{ mqtt_directory }}/log:/mosquitto/log" + + - getent: + database: passwd + key: "{{ user }}" + split: ":" + + - name: Pull InfluxDB image + docker_image: + name: "{{ influx_image }}" + source: pull + force_source: yes + + - name: Ensure Influx Directory exists + file: + path: "{{ influx_directory }}" + state: directory + group: "{{ user }}" + owner: "{{ user }}" + mode: 0755 + + - name: Ensure Influx Data Directory exists + file: + path: "{{ influx_directory }}/data" + state: directory + group: "{{ user }}" + owner: "{{ user }}" + mode: 0755 + + - name: Ensure Influx Config Directory exists + file: + path: "{{ influx_directory }}/config" + state: directory + group: "{{ user }}" + owner: "{{ user }}" + mode: 0755 + + - name: Create InfluxDB container + docker_container: + name: "{{ influx_container }}" + image: "{{ influx_image }}" + state: started + restart_policy: "unless-stopped" + user: "{{ getent_passwd[user][1] }}:{{ getent_passwd[user][2] }}" + published_ports: + - 127.0.0.1:8086:8086 + volumes: + - "{{ influx_directory }}/data:/var/lib/influxdb2" + - "{{ influx_directory }}/config:/etc/influxdb2" + + - name: Pull Node Red image + docker_image: + name: "{{ nodered_image }}" + source: pull + force_source: yes + + - name: Ensure Node Red Directory exists + file: + path: "{{ nodered_directory }}" + state: directory + group: "{{ user }}" + owner: "{{ user }}" + mode: 0755 + + - name: Create Node Red container + docker_container: + name: "{{ nodered_container }}" + image: "{{ nodered_image }}" + state: started + restart_policy: "unless-stopped" + user: "{{ getent_passwd[user][1] }}:{{ getent_passwd[user][2] }}" + env: + TZ: "Asia/Kolkata" + links: + - "{{ mqtt_container }}:mqtt" + - "{{ influx_container }}:influx" + published_ports: + - 127.0.0.1:1880:1880 + volumes: + - "{{ nodered_directory }}:/data" + + - name: Pull Grafana image + docker_image: + name: "{{ grafana_image }}" + source: pull + force_source: yes + + - name: Ensure Grafana Directory exists + file: + path: "{{ grafana_directory }}" + state: directory + group: "{{ user }}" + owner: "{{ user }}" + mode: 0755 + + - name: Create Grafana container + docker_container: + name: "{{ grafana_container }}" + image: "{{ grafana_image }}" + state: started + restart_policy: "unless-stopped" + user: "{{ getent_passwd[user][1] }}:{{ getent_passwd[user][2] }}" + env: + GF_SERVER_ROOT_URL: "https://{{ http_host }}/dashboard" + GF_INSTALL_PLUGINS: "grafana-clock-panel, grafana-simple-json-datasource, natel-discrete-panel, briangann-gauge-panel, vonage-status-panel, neocat-cal-heatmap-panel, natel-plotly-panel" + links: + - "{{ influx_container }}:influx" + published_ports: + - 127.0.0.1:3005:3000 + volumes: + - "{{ grafana_directory }}:/var/lib/grafana" + + - name: Check if Nginx conf file exists + stat: path="/etc/nginx/sites-available/{{ http_conf }}" + register: status + + - name: No need to reload Nginx + debug: msg= {{ "No need to reload Nginx as sites-available entries have already been created" }} + + - name: Set Nginx conf file + when: status.stat.exists == false + template: + src: "files/nginx.conf.j2" + dest: "/etc/nginx/sites-available/{{ http_conf }}" + + - name: Enable new site + when: status.stat.exists == false + file: + src: "/etc/nginx/sites-available/{{ http_conf }}" + dest: "/etc/nginx/sites-enabled/{{ http_conf }}" + state: link + notify: Reload Nginx + + handlers: + - name: Reload Nginx + service: + name: nginx + state: reloaded + diff --git a/iot/readme.md b/iot/readme.md new file mode 100644 index 0000000..3566e3e --- /dev/null +++ b/iot/readme.md @@ -0,0 +1,6 @@ +# Mosquitto +Permissions are all fucked up. +Need to check the user and set the files permission to it + + +/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -L 8086:localhost:8086 beacon \ No newline at end of file diff --git a/iot/vars/default.yml b/iot/vars/default.yml new file mode 100644 index 0000000..36e9d7f --- /dev/null +++ b/iot/vars/default.yml @@ -0,0 +1,24 @@ +--- +host_directory: /var/lib/iot + +mqtt_container: mosquitto +mqtt_image: eclipse-mosquitto:latest +mqtt_directory: "{{ host_directory }}/mosquitto" + +nodered_container: nodered +nodered_image: nodered/node-red:latest +nodered_directory: "{{ host_directory }}/nodered" + +influx_container: influxdb +influx_image: influxdb:latest +influx_directory: "{{ host_directory }}/influx" + +grafana_container: grafana +grafana_image: grafana/grafana-enterprise:latest +grafana_directory: "{{ host_directory }}/grafana" + +http_host: "iot.tanshu.com" +http_conf: "iot.tanshu.com.conf" + +user: 'www-data' +mqtt_user: 'root' \ No newline at end of file