Add: IOT using Mosquitto // Node red // InfluxDB // Grafana

File and folder permissions are a bitch.
Also, will only leave access to grafana and remove the rest to be accessed using ssh tunnels

iot/files/mosquitto.conf

@@ -0,0 +1,40 @@
+# Use a persistence location outside the container
+persistence true
+persistence_location /mosquitto/data
+
+# Set the maximum number of clients and messages
+max_connections 1000
+max_inflight_messages 1000
+
+# Set the maximum size of incoming messages
+max_queued_messages 10000
+max_packet_size 1000
+
+# Enable MQTT logging
+log_dest file /mosquitto/log/mosquitto.log
+log_type error
+log_type warning
+log_type notice
+log_type information
+
+# Disable anonymous access
+allow_anonymous false
+
+# Set a username and password for client authentication
+password_file /mosquitto/config/passwd
+
+# Uncomment the following lines if you want to enable TLS/SSL encryption
+# cafile /mosquitto/config/ca.crt
+# certfile /mosquitto/config/server.crt
+# keyfile /mosquitto/config/server.key
+# require_certificate true
+
+# Uncomment the following lines if you want to enable WebSocket support
+listener 9001
+protocol websockets
+
+# Uncomment the following lines if you want to enable MQTT over TLS/SSL
+# listener 8883
+# cafile /mosquitto/config/ca.crt
+# certfile /mosquitto/config/server.crt
+# keyfile /mosquitto/config/server.key

iot/files/nginx.conf.j2

@@ -0,0 +1,44 @@
+server {
+
+  listen 80;
+  server_name {{ http_host }};
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+  }
+    
+  location /mqtt/ {
+    proxy_pass http://localhost:9001/;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Host $host;
+  }
+
+  location /node-red/ {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_pass http://localhost:1880/;
+  }
+
+  location /dashboard/ {
+    proxy_set_header Host $http_host;
+    proxy_pass http://localhost:3005/;
+  }
+
+  location /dashboard/api/live/ {
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $http_host;
+    proxy_pass http://localhost:3005/;
+  }
+
+}
+

iot/files/passwd

@@ -0,0 +1,2 @@
+esp8266:esp8266
+nodered:nodered

iot/playbook.yml

@@ -0,0 +1,234 @@
+#################################################
+# DO Community Playbooks: Docker
+#################################################
+---
+- hosts: all
+  become: true
+  vars_files:
+    - vars/default.yml
+
+  tasks:
+    - getent:
+        database: passwd
+        key: "{{ mqtt_user }}"
+        split: ":"
+
+    # - name: "{{ getent_passwd[user][1] }} : {{ getent_passwd[user][2] }}"
+    #   docker_image:
+    #     name: "{{ mqtt_imag }}"
+    #     source: pull
+    #     force_source: yes
+
+    - name: Pull Mosquitto image
+      docker_image:
+        name: "{{ mqtt_image }}"
+        source: pull
+        force_source: yes
+
+    - name: Ensure Mosquitto Directory exists
+      file:
+          path: "{{ mqtt_directory }}"
+          state: directory
+          group: 0 # "{{ mqtt_user }}"
+          owner: 0 # "{{ mqtt_user }}"
+          mode: 0755
+
+    - name: Ensure Mosquitto Config Directory exists
+      file:
+          path: "{{ mqtt_directory }}/config"
+          state: directory
+          group: 0 # "{{ mqtt_user }}"
+          owner: 0 # "{{ mqtt_user }}"
+          mode: 0755
+
+    - name: Copy the Mosquitto conf file
+      template:
+        src: "files/mosquitto.conf"
+        dest: "{{ mqtt_directory }}/config/mosquitto.conf"
+        group: 1883 # "{{ mqtt_user }}"
+        owner: 1883 # "{{ mqtt_user }}"
+        mode: 0646
+
+    # - name: Check if Mosquitto passwd file exists
+    #   stat: path="{{ mqtt_directory }}/config/passwd"
+    #   register: status
+
+    - name: Ensure Mosquitto passwd file exists
+      template:
+          src: "files/passwd"
+          dest: "{{ mqtt_directory }}/config/passwd"
+          group: 1883 # "{{ mqtt_user }}"
+          owner: 1883 # "{{ mqtt_user }}"
+          mode: 0646
+
+    - name: Encrypt the docker file
+      command: docker exec -i mosquitto mosquitto_passwd -U /mosquitto/config/passwd
+
+    - name: Ensure Mosquitto Log Directory exists
+      file:
+          path: "{{ mqtt_directory }}/log"
+          state: directory
+          group: 0 # "{{ mqtt_user }}"
+          owner: 0 # "{{ mqtt_user }}"
+          mode: 0755
+
+    - name: Ensure Mosquitto log file exists
+      file:
+          path: "{{ mqtt_directory }}/log/mosquitto.log"
+          state: touch
+          group: 0 # "{{ mqtt_user }}"
+          owner: 0 # "{{ mqtt_user }}"
+          mode: 0646
+
+    - name: Create Mosquitto container
+      docker_container:
+        name: "{{ mqtt_container }}"
+        image: "{{ mqtt_image }}"
+        state: started
+        restart_policy: "unless-stopped"
+        # user: 0:0 # "{{ getent_passwd[mqtt_user][1] }}:{{ getent_passwd[mqtt_user][2] }}"
+        published_ports:
+          - 127.0.0.1:9001:9001
+          - 1883:1883
+        volumes:
+          - "{{ mqtt_directory }}/config:/mosquitto/config"
+          - "{{ mqtt_directory }}/data:/mosquitto/data"
+          - "{{ mqtt_directory }}/log:/mosquitto/log"
+
+    - getent:
+        database: passwd
+        key: "{{ user }}"
+        split: ":"
+
+    - name: Pull InfluxDB image
+      docker_image:
+        name: "{{ influx_image }}"
+        source: pull
+        force_source: yes
+
+    - name: Ensure Influx Directory exists
+      file:
+          path: "{{ influx_directory }}"
+          state: directory
+          group: "{{ user }}"
+          owner: "{{ user }}"
+          mode: 0755
+
+    - name: Ensure Influx Data Directory exists
+      file:
+          path: "{{ influx_directory }}/data"
+          state: directory
+          group: "{{ user }}"
+          owner: "{{ user }}"
+          mode: 0755
+
+    - name: Ensure Influx Config Directory exists
+      file:
+          path: "{{ influx_directory }}/config"
+          state: directory
+          group: "{{ user }}"
+          owner: "{{ user }}"
+          mode: 0755
+
+    - name: Create InfluxDB container
+      docker_container:
+        name: "{{ influx_container }}"
+        image: "{{ influx_image }}"
+        state: started
+        restart_policy: "unless-stopped"
+        user: "{{ getent_passwd[user][1] }}:{{ getent_passwd[user][2] }}"
+        published_ports:
+          - 127.0.0.1:8086:8086
+        volumes:
+          - "{{ influx_directory }}/data:/var/lib/influxdb2"
+          - "{{ influx_directory }}/config:/etc/influxdb2"
+
+    - name: Pull Node Red image
+      docker_image:
+        name: "{{ nodered_image }}"
+        source: pull
+        force_source: yes
+
+    - name: Ensure Node Red Directory exists
+      file:
+          path: "{{ nodered_directory }}"
+          state: directory
+          group: "{{ user }}"
+          owner: "{{ user }}"
+          mode: 0755
+
+    - name: Create Node Red container
+      docker_container:
+        name: "{{ nodered_container }}"
+        image: "{{ nodered_image }}"
+        state: started
+        restart_policy: "unless-stopped"
+        user: "{{ getent_passwd[user][1] }}:{{ getent_passwd[user][2] }}"
+        env:
+          TZ: "Asia/Kolkata"
+        links:
+          - "{{ mqtt_container }}:mqtt"
+          - "{{ influx_container }}:influx"
+        published_ports:
+          - 127.0.0.1:1880:1880
+        volumes:
+          - "{{ nodered_directory }}:/data"
+
+    - name: Pull Grafana image
+      docker_image:
+        name: "{{ grafana_image }}"
+        source: pull
+        force_source: yes
+
+    - name: Ensure Grafana Directory exists
+      file:
+          path: "{{ grafana_directory }}"
+          state: directory
+          group: "{{ user }}"
+          owner: "{{ user }}"
+          mode: 0755
+
+    - name: Create Grafana container
+      docker_container:
+        name: "{{ grafana_container }}"
+        image: "{{ grafana_image }}"
+        state: started
+        restart_policy: "unless-stopped"
+        user: "{{ getent_passwd[user][1] }}:{{ getent_passwd[user][2] }}"
+        env:
+          GF_SERVER_ROOT_URL: "https://{{ http_host }}/dashboard"
+          GF_INSTALL_PLUGINS: "grafana-clock-panel, grafana-simple-json-datasource, natel-discrete-panel, briangann-gauge-panel, vonage-status-panel, neocat-cal-heatmap-panel, natel-plotly-panel"
+        links:
+          - "{{ influx_container }}:influx"
+        published_ports:
+          - 127.0.0.1:3005:3000
+        volumes:
+          - "{{ grafana_directory }}:/var/lib/grafana"
+
+    - name: Check if Nginx conf file exists
+      stat: path="/etc/nginx/sites-available/{{ http_conf }}"
+      register: status
+
+    - name: No need to reload Nginx
+      debug: msg= {{ "No need to reload Nginx as sites-available entries have already been created" }}
+
+    - name: Set Nginx conf file
+      when: status.stat.exists == false
+      template:
+        src: "files/nginx.conf.j2"
+        dest: "/etc/nginx/sites-available/{{ http_conf }}"
+
+    - name: Enable new site
+      when: status.stat.exists == false
+      file:
+        src: "/etc/nginx/sites-available/{{ http_conf }}"
+        dest: "/etc/nginx/sites-enabled/{{ http_conf }}"
+        state: link
+      notify: Reload Nginx
+
+  handlers:
+    - name: Reload Nginx
+      service:
+        name: nginx
+        state: reloaded
+

iot/readme.md

@@ -0,0 +1,6 @@
+# Mosquitto
+Permissions are all fucked up.
+Need to check the user and set the files permission to it
+
+
+/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -L 8086:localhost:8086 beacon

iot/vars/default.yml

@@ -0,0 +1,24 @@
+---
+host_directory: /var/lib/iot
+
+mqtt_container: mosquitto
+mqtt_image: eclipse-mosquitto:latest
+mqtt_directory: "{{ host_directory }}/mosquitto"
+
+nodered_container: nodered
+nodered_image: nodered/node-red:latest
+nodered_directory: "{{ host_directory }}/nodered"
+
+influx_container: influxdb
+influx_image: influxdb:latest
+influx_directory: "{{ host_directory }}/influx"
+
+grafana_container: grafana
+grafana_image: grafana/grafana-enterprise:latest
+grafana_directory: "{{ host_directory }}/grafana"
+
+http_host: "iot.tanshu.com"
+http_conf: "iot.tanshu.com.conf"
+
+user: 'www-data'
+mqtt_user: 'root'