Compare commits

..

10 Commits

13 changed files with 436 additions and 8 deletions

164
README.md
View File

@ -67,6 +67,7 @@ see https://linuxize.com/post/how-to-add-swap-space-on-ubuntu-20-04/
# ufw allow ssh # ufw allow ssh
# ufw allow http # ufw allow http
# ufw allow https # ufw allow https
# ufw allow 1883 # MQTT
# ufw enable # ufw enable
``` ```
@ -186,7 +187,7 @@ Group=joerg
ExecStartPre=/usr/bin/docker-compose pull --quiet --ignore-pull-failures ExecStartPre=/usr/bin/docker-compose pull --quiet --ignore-pull-failures
ExecStartPre=/usr/bin/docker-compose build --pull ExecStartPre=/usr/bin/docker-compose build --pull
ExecStart=/usr/bin/docker-compose up --remove-orphans ExecStart=/usr/bin/docker-compose up --remove-orphans --no-color
ExecStop=/usr/bin/docker-compose down --remove-orphans ExecStop=/usr/bin/docker-compose down --remove-orphans
@ -204,6 +205,70 @@ WantedBy=multi-user.target
# systemctl enable --now docker-compose@nbit_websites # systemctl enable --now docker-compose@nbit_websites
``` ```
## Logging
```bash
root@moby:~# cat /etc/docker/daemon.json
{
"log-driver": "syslog",
"log-opts": {
"syslog-address": "unixgram:///dev/log",
"tag": "docker/{{.Name}}"
}
}
```
```bash
root@moby:~# grep -C 3 PreserveFQDN /etc/rsyslog.conf
$IncludeConfig /etc/rsyslog.d/*.conf
# see https://www.commandprompt.com/blog/docker-logging-with-rsyslog/
$PreserveFQDN on
```
```bash
root@moby:~# cat /etc/rsyslog.d/10-docker.conf
$FileCreateMode 0644
$template DockerDaemonLogFileName, "/var/log/docker/docker.log"
$template DockerContainerLogFileName, "/var/log/docker/%SYSLOGTAG:R,ERE,1,FIELD:docker/(.*)\[--end:secpath-replace%.log"
if $programname == 'dockerd'
then {
?DockerDaemonLogFileName
stop
}
if $programname == 'containerd'
then {
?DockerDaemonLogFileName
stop
}
if $programname == 'docker'
then {
if $syslogtag contains 'docker/'
then {
?DockerContainerLogFileName
stop
}
}
$FileCreateMode 0600
```
```bash
root@moby:~# cat /etc/logrotate.d/rsyslog-docker
/var/log/docker/*.log
{
daily
rotate 10
minsize 200M
missingok
notifempty
compress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
```
## Wordpress behind Traefik ## Wordpress behind Traefik
@ -250,3 +315,100 @@ for dnsserver in ns1.nbit.ch ns2.nbit.ch ; do
sleep 10 sleep 10
done done
``` ```
### DNS Slave Server
Dieser Server dient auch als DNS Slave Server (ns2.nbit.ch)
```bash
# ufw allow domain
# apt install bind9
add Zones to /etc/bind/named.conf.local:
zone "nbit.ch" IN {
type slave;
file "nbit.ch.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
zone "linux-freelancer.ch" IN {
type slave;
file "linux-freelancer.ch.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
zone "mini-beieli.ch" IN {
type slave;
file "mini-beieli.ch.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
zone "wo-bisch.ch" IN {
type slave;
file "wo-bischch.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
zone "ch-wirth.ch" IN {
type slave;
file "ch-wirth.ch.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
zone "cmoag.com" IN {
type slave;
file "cmoag.com.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
zone "acmoag.com" IN {
type slave;
file "acmoag.com.zone";
allow-notify { 94.130.184.127; 2a01:4f8:c2c:12ed::1; };
masters {
94.130.184.127; 2a01:4f8:c2c:12ed::1;
};
allow-transfer {
127.0.0.1;
};
};
```

10
nbit-mqtt/README.md Normal file
View File

@ -0,0 +1,10 @@
MQTT Broker for shelly, mqtt.nbit.ch, no TLS, Port 1883
Setup, see https://www.laub-home.de/wiki/Eclipse_Mosquitto_Secure_MQTT_Broker_Docker_Installation#Mosquitto_via_Docker_Compose
Create User:
$ docker-compose exec mosquitto mosquitto_passwd -c /mosquitto/config/mosquitto.passwd mqtt
Idea for Python Script:
https://schroederdennis.de/monitoring/tasmota-mqtt-daten-mit-grafana-visualisieren-python-influxdb-script/

View File

@ -0,0 +1,42 @@
version: '3.7'
services:
mosquitto:
image: eclipse-mosquitto:latest
restart: always
volumes:
- /home/joerg/nbit-mqtt/config:/mosquitto/config
- /home/joerg/nbit-mqtt/data:/mosquitto/data
- /home/joerg/nbit-mqtt/log:/mosquitto/log
environment:
TZ: Europe/Zurich
network_mode: host
tty: true
mqtt2log:
build: mqtt2log-build
tty: true
volumes:
- /home/joerg/nbit-mqtt/data-shellies:/data
mqtt2prometheus:
image: ghcr.io/hikhvar/mqtt2prometheus:latest
command:
- /mqtt2prometheus
- -log-level
- debug
- -config
- /config.yaml
ports:
- 9641:9641
volumes:
- type: bind
source: ./mqtt2prometheus-config.yaml
target: /config.yaml
prometheus:
image: prom/prometheus:latest
volumes:
- type: bind
source: ./prometheus.yml
target: /etc/prometheus/prometheus.yml

View File

@ -0,0 +1,5 @@
FROM python:3.10
ADD . /code
WORKDIR /code
RUN pip install --root-user-action ignore -r requirements.txt
CMD ["python", "mqtt2log.py"]

View File

@ -0,0 +1,65 @@
import re
import json
from typing import NamedTuple
from datetime import datetime
import paho.mqtt.client as mqtt
MQTT_ADDRESS = 'mqtt.nbit.ch'
MQTT_USER = 'mqtt'
MQTT_PASSWORD = 'mqtt7355@'
MQTT_TOPIC = 'shellies/events/rpc'
MQTT_CLIENT_ID = 'MQTT_Logfile_Bridge'
def on_connect(client, userdata, flags, rc):
""" The callback for when the client receives a CONNACK response from the server."""
print('Connected with result code ' + str(rc))
client.subscribe(MQTT_TOPIC)
def _parse_mqtt_message(topic, payload):
print("_parse_mqtt_message")
payload = json.loads(payload)
src = payload.get('src','N/A')
if 'params' in payload.keys():
ts = payload['params'].get('ts',-1)
if 'switch:0' in payload['params'].keys():
if 'aenergy' in payload['params']['switch:0'].keys():
if 'total' in payload['params']['switch:0']['aenergy'].keys():
return "E,%.0f,%s,%.3f" % (ts,src,payload['params']['switch:0']['aenergy']['total'])
if 'apower' in payload['params']['switch:0'].keys():
return "P,%.0f,%s,%.1f" % (ts,src,payload['params']['switch:0']['apower'])
else:
return None
def write2file(msg):
now = datetime.now() # current date and time
filename = "/data/" + now.strftime("%Y%m%d") + ".log"
f = open(filename, "a")
f.write(msg + "\n")
f.close()
def on_message(client, userdata, msg):
"""The callback for when a PUBLISH message is received from the server."""
#print(msg.topic + ' ' + str(msg.payload))
result = _parse_mqtt_message(msg.topic, msg.payload.decode('utf-8'))
if result is None:
print("Couldn't parse sensor data!")
print(msg.payload.decode('utf-8'))
return
else:
write2file(result)
return
def main():
mqtt_client = mqtt.Client(MQTT_CLIENT_ID)
mqtt_client.username_pw_set(MQTT_USER, MQTT_PASSWORD)
mqtt_client.on_connect = on_connect
mqtt_client.on_message = on_message
mqtt_client.connect(MQTT_ADDRESS, 1883)
mqtt_client.loop_forever()
if __name__ == '__main__':
print('MQTT to Logfile bridge')
main()

View File

@ -0,0 +1 @@
paho-mqtt

View File

@ -0,0 +1,33 @@
mqtt:
server: tcp://mqtt.nbit.ch:1883
user: mqtt
password: mqtt7355@
topic_path: shellies/events/rpc
device_id_regex: "(.*/)?(?P<deviceid>.*)"
qos: 0
cache:
timeout: 24h
json_parsing:
separator: .
metrics:
# The name of the metric in prometheus
- prom_name: aenergy_total
# The name of the metric in a MQTT JSON message
mqtt_name: params.switch:0.aenergy.total
# The prometheus help text for this metric
help: total energy
# The prometheus type for this metric. Valid values are: "gauge" and "counter"
type: gauge
# A map of string to string for constant labels. This labels will be attached to every prometheus metric
const_labels:
sensor_type: shelly
- prom_name: apower
# The name of the metric in a MQTT JSON message
mqtt_name: params.switch:0.apower
# The prometheus help text for this metric
help: current power
# The prometheus type for this metric. Valid values are: "gauge" and "counter"
type: gauge
# A map of string to string for constant labels. This labels will be attached to every prometheus metric
const_labels:
sensor_type: shelly

19
nbit-mqtt/prometheus.yml Normal file
View File

@ -0,0 +1,19 @@
global:
scrape_interval: 5m
scrape_timeout: 10s
evaluation_interval: 15s
scrape_configs:
- job_name: mqtt2prometheus
honor_timestamps: true
scrape_interval: 5m
scrape_timeout: 10s
metrics_path: /metrics
scheme: http
static_configs:
- targets:
- mqtt2prometheus:9641
remote_write:
- basic_auth:
password: eyJrIjoiOWJlNzM1ODYzY2JjZmE5MTA5YTcyNzJlNTk3MjllY2U3YjViMDk1NSIsIm4iOiJzdGFjay00NDQyODktZWFzeXN0YXJ0LXByb20tcHVibGlzaGVyIiwiaWQiOjcxNzI1MX0=
username: 589349
url: https://prometheus-prod-01-eu-west-0.grafana.net/api/prom/push

View File

@ -3,7 +3,7 @@ version: "3.5"
services: services:
traefik: traefik:
image: "traefik:v2.4" image: "traefik:v2.9"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
- "--api.insecure=true" - "--api.insecure=true"
@ -19,10 +19,8 @@ services:
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--providers.file.directory=/configuration/" - "--providers.file.directory=/configuration/"
- "--providers.file.watch=true" - "--providers.file.watch=true"
ports: - "--accesslog=true"
- "80:80" network_mode: host
- "443:443"
- "8080:8080"
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
- "data-volume:/letsencrypt" - "data-volume:/letsencrypt"

View File

@ -0,0 +1,62 @@
version: '3.7'
services:
influxdb:
image: influxdb:latest
volumes:
- influxdb2:/var/lib/influxdb2
restart: always
expose:
- 8086
redis:
image: redis:latest
restart: always
expose:
- 5432
volumes:
- cache:/data
telegraf:
image: telegraf:latest
restart: always
volumes:
- lorahandlerdata:/data
- ./telegraf.conf:/etc/telegraf/telegraf.conf
lorahandler:
image: wo-bisch-lorahandler:latest
restart: always
volumes:
- lorahandlerdata:/data
environment:
- REDIS_CONNECTION_STRING=redis:6379
labels:
- traefik.enable=true
- traefik.http.routers.wobischdevlorahandler.rule=Host(`dev2.wo-bisch.ch`) && PathPrefix(`/lorahandler`)
- traefik.http.routers.wobischdevlorahandler.entrypoints=websecure
web:
image: wo-bisch-web:latest
restart: always
environment:
- REDIS_CONNECTION_STRING=redis:6379
- INFLUX_URL=http://influxdb:8086/api/v2/query?org=wobischorg
- INFLUX_RO_TOKEN=TQvQxxLLAj1kTKWuEqcx7BA-KfE6WtJUeDlPa_Dnvms6Zqf6uh6lMbpXtzcsCjKO_x3PrpxxGDR5E6YnDB5PFg==
- STRIPE_KEY=sk_test_51Icq29K2XyHQRTs20aEeyUHH3WgE6nBkAKUFuXsQtbnZNIP5fap5zTLTaA0XvhIcRHkqt3vJ2nui6df8R9VDuDDh00nhzmWdHr
- STRIPE_PK=pk_test_51Icq29K2XyHQRTs2DeltUIWrbFb5evfJVGaQzMv4r50g8Q7HAUkSFr7BBGv0aP1damXIhM6fZ4Yf9Wz0qW6TpTVi00dWcW7J1O
labels:
- traefik.enable=true
- traefik.http.routers.wobischdev.rule=Host(`dev2.wo-bisch.ch`)
- traefik.http.routers.wobischdev.entrypoints=websecure
- traefik.http.routers.wobischdev.tls.certresolver=myresolver
- traefik.http.routers.wobischdev.tls.domains[0].main=dev2.wo-bisch.ch
volumes:
influxdb2:
cache:
lorahandlerdata:
networks:
default:
external: true
name: proxy_default

View File

@ -0,0 +1,31 @@
[global_tags]
# Configuration for telegraf agent
[agent]
interval = "10s"
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 100000
collection_jitter = "0s"
flush_interval = "10s"
flush_jitter = "0s"
precision = ""
debug = false
quiet = false
logfile = ""
hostname = ""
omit_hostname = false
[[inputs.tail]]
files = ["/data/wo-bisch-lorahandler.log"]
from_beginning = false
pipe = false
tagexclude = ["path","host"]
data_format = "influx"
# Configuration for sending metrics to InfluxDB 2.0
[[outputs.influxdb_v2]]
urls = ["http://influxdb:8086"]
token = "PWuleFEPB2YSduUkzkcW94V_-KFDK5Fi3MAeaA999Qe51OsGlJJSrcZ41pUAppCwF-z3rUNnyFQQJs8fCSTFzg=="
organization = "wobischorg"
bucket = "wobischbucket"

View File

@ -1,7 +1,7 @@
version: '3.7' version: '3.7'
services: services:
db_wp_acmoag: db_wp_acmoag:
image: mysql:8.0.19 image: mysql:8.0
cap_add: cap_add:
- SYS_NICE # CAP_SYS_NICE - SYS_NICE # CAP_SYS_NICE
command: '--default-authentication-plugin=mysql_native_password' command: '--default-authentication-plugin=mysql_native_password'

View File

@ -1,7 +1,7 @@
version: '3.7' version: '3.7'
services: services:
db: db:
image: mysql:8.0.19 image: mysql:8.0
cap_add: cap_add:
- SYS_NICE # CAP_SYS_NICE - SYS_NICE # CAP_SYS_NICE
command: '--default-authentication-plugin=mysql_native_password' command: '--default-authentication-plugin=mysql_native_password'