Untitled

#	OrangePi 3 LTS
login:		root
Password:	Bot7Nang

Login:		pi
Password:	Garda3See

# in case no pi User
adduser pi
usermod -aG sudo pi
visudo
#	Nessecary for /dev/ttyACM0 in zigbee2mqtt setup
sudo usermod -a -G dialout pi

stty rows 43 columns 132

sudo orangepi-config
#	configure Network (LAN) / static IP
#	Personal
	Timezone	Europe / Berlin

#	Hostname
	FH01

#	System
	Boot Environment	> Verbosity 15
	Avahi	-> Announce System in Network

#	get last updates
sudo apt update && sudo apt dist-upgrade -y

# Scargill Script
wget https://bitbucket.org/api/2.0/snippets/scargill/kAR5qG/master/files/script.sh

bash ./script.sh

							 x    [ ] quiet       Quiet(er) install - untick for lots of info        x
                             x    [*] prereq      Install general pre-requisites                     x
                             x    [*] mosquitto   Install Mosquitto                                  x
                             x    [*] apache      Install Apache/PHP/SQLITE + PHPLITEADMIN           x
                             x    [ ] nginx       Install Nginx/PHP/SQLITE + PHPLITEADMIN            x
                             x    [*] nodenew     Install NodeJS and NodeRed (NEW)                   x
                             x    [ ] nodejs      Install NodeJS                                     x
                             x    [ ] nodered     Install Node-Red                                   x
                             x    [*] webmin      Install Webmin                                     x
                             x    [ ] java        Update Java                                        x
                             x    [ ] hwsupport   Enable support for Serial, I2C, GPIO, etc          x
                             x    [ ] phone       Install on Android Smartphone - see blog           x
                             x    [ ] odroid      Install ODROID C2-specific GPIO                    x
                             x    [ ] generich3   Install GENERIC H3 GPIO (not Raspberry Pi)         x
                             x    [*] phpsysinfo  Install PHPSYSYINFO                                x
                             x    [*] modpass     Mod USER and ADMIN passwords (password123)         x
                             x    [*] addindex    Add an index page and some CSS                     x
                             x    [ ] passwords   Update ROOT and PI user passwords                  x
                             x    [ ] rpiclone    Install RPI-Clone                                  x
                             x    [ ] log2ram     Install Log2RAM default 40Meg                      x
                             x    [*] grafana     Install Grafana and InfluxDB

#	Passwords for NodeRed / NodeRed UI
Login:		user
Password:	User8Password

Login:		admin
Password:	Admin8Password

#	Grafana Login
Login:		admin
Password:	Grafana8Password

#	added new user to Mosquitto
cd /etc/mosquitto
sudo mosquitto_passwd -b passwords moskito Mosquitto8Password

#	Test MQTT Broker
mosquitto_sub -u moskito -P Mosquitto8Password -v -t '#'&
mosquitto_pub -u moskito -P Mosquitto8Password -t /home/test -m Hallo

#	Output
/home/test Hallo

#	Add addtl. Nodes
cd ~
cd .node-red
npm install node-red-contrib-fake-wemo &
npm install node-red-contrib-sunpos &
npm install node-red-contrib-fritz &
npm install node-red-contrib-light-scheduler &
npm install node-red-contrib-schedex &
npm install node-red-node-twitter

#	Install Zigbee2mqtt

https://www.zigbee2mqtt.io/getting_started/running_zigbee2mqtt.html

ls -l /dev/ttyACM0
ls -l /dev/serial/by-id
#	-> lrwxrwxrwx 1 root root 13 May  4 16:41 usb-Texas_Instruments_TI_CC2531_USB_CDC___0X00124B000BE8B284-if00 -> ../../ttyACM0

cd ~
tee zigbee2mqtt-install

--------------
# Install Node.js and required dependencies
# In Debian/Raspbian bullseye and up (11 and up), NodeJS v12.X is packaged, this is the safest method of installing NodeJS (from official repositories) for Zigbee2MQTT. Older i386 hardware can work with [unofficial-builds.nodejs.org](https://unofficial-builds.nodejs.org/download/release/v12.16.3/ e.g. Version 12.16.3 should work.
# Check https://github.com/nodesource/distributions/blob/master/README.md if you want to install a specific version from NodeJS repositories instead.
sudo apt-get install -y nodejs npm git make g++ gcc

# Verify that the correct nodejs and npm (automatically installed with nodejs)
# version has been installed
node --version  # Should output v10.X, v12.X, v14.X, v15.X or V16.X
npm --version  # Should output 6.X or 7.X

# Clone Zigbee2MQTT repository
git clone https://github.com/Koenkk/zigbee2mqtt.git
sudo mv zigbee2mqtt /opt/zigbee2mqtt

# Install dependencies (as user "pi")
cd /opt/zigbee2mqtt
npm ci
-------------------------------

bash ./zigbee2mqtt-install


/opt/zigbee2mqtt/data/configuration.yaml

-----------------
# Home Assistant integration (MQTT discovery)
homeassistant: false

# allow new devices to join
permit_join: false

# MQTT settings
mqtt:
  # MQTT base topic for zigbee2mqtt MQTT messages
  base_topic: /home/zigbee
  # MQTT server URL
  server: 'mqtt://localhost'
  # MQTT server authentication, uncomment if required:
  user: moskito
  password: Mosquitto8Password

# Serial settings
serial:
  # Location of CC2531 USB sniffer
  port: /dev/ttyACM0
-----------------

#	Starting Zigbee2MQTT
cd /opt/zigbee2mqtt
npm start

#	further command see documentation at above URL

----------------
#	Update zigbee2mqtt
https://domoticacloudhost.com/update-zigbee2mqtt/

cd /opt/zigbee2mqtt/
git pull

rm -rf node_modules && npm install

---------------
------------------------------------
# Visualisierung Map

sudo apt-get install graphviz imagemagick

File ~/map
==================
#!/bin/bash
# additional dependencies: graphviz imagemagick

# put temporal files in ram filesystem
file="/home/pi/zigbee/networkmap"
fechahora=$(date '+%F-%H:%M')
#~ echo $fechahora

mosquitto_sub -u moskito -P lokus123 -t /home/zigbee/bridge/networkmap/graphviz -C 1 >${file}.dot &
mosquitto_pub -u moskito -P lokus123 -t /home/zigbee/bridge/networkmap -m graphviz

# wait until mosquitto_sub ends
wait

# generate graphic with graphviz (change to short texts with sed)
cat ${file}.dot| circo -Tsvg > ${file}${fechahora}.svg
===============

chmod +x map


# Auf PC laufen lassen
scp [email protected]:/home/pi/zigbee/* D:\OneDrive\OrangePi\Zigbee

---------------
#	Setup InfluxDB
https://www.sensorsiot.org/node-red-infuxdb-grafana-installation/

influx
create database FH01
use FH01
create user "pi" with password 'Influx8Password' with all privileges
show field keys
select * from Werte where Room = 'Outside'
------------------------------------------------------------------------------
#	just in case there is a problem with InfluxDB
#	Repair influxdb
https://docs.influxdata.com/influxdb/v1.8/administration/rebuild-tsi-index/

influx_inspect buildtsi -datadir ./data -waldir ./wal
ls -al
chown -R influxdb *
chgrp -R influxdb *
service influxdb start

# Backup InfluxDB
-----------------

https://docs.influxdata.com/influxdb/v1.8/administration/backup_and_restore/

influxd backup -portable -database FH01 -host localhost:8088 ~/mysnapshot/FH01

# for remote backup, change /etc/influxdb/influxdb.conf

# activate RPC port !
#bind-address = "127.0.0.1:8088"
bind-address = ":8088"

#	Backup from local Windows (D:\Onedrive ... is just an example)
#	IP address has to be changed, also local path on Windows computer
scp [email protected]:/home/pi/mysnapshot/FH01/* D:\OneDrive\OrangePi\Influx-Backup\FH01

#	Configureed Datasource in Grafana
URL:		http://localhost:8086
Database:	FH01
User:		pi
Password:	Influx8Password

--------------------------------------------------------
# SSL Config for Apache2 Server

https://www.tecchannel.de/a/owncloud-9-unter-ubuntu-server-16-04-lts-installieren,3277807,2

sudo a2enmod ssl
sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Nun editieren Sie die Datei /etc/apache2/sites-available/default-ssl.conf. Dort finden Sie eine Zeile, die mit SSLEngine on beginnt. Fügen Sie darunter die beiden eben angelegten Zertifikate ein:

sudo vi /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

sudo a2ensite default-ssl.conf

Für den weiteren Verlauf dieses Artikels ändern Sie außerdem die Zeile
DocumentRoot /var/www/html

sudo a2enmod headers

Editieren Sie die Datei /etc/apache2/sites-available/default-ssl.conf abermals und fügen zum Beispiel unter der Zeile mit ServerAdmin diese Sektion ein:

<IfModule mod_headers.c>Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"</IfModule>

sudo service apache2 restart
-----------------------------
# Password and https for NodeRed

# settings.js

cd ~/.node-red
vi settings.js

    adminAuth: {
                type: "credentials",
                        users: [{
                                username: "admin",
                                password: "$2a$08$EVg5KlhlBKwZEJIMFL260uy2z/48Fu5HRsiWUPb4BkT7kkAZhMKbm",
                                permissions: "*" }]
    },
    httpNodeAuth: {
            user:"user",
            pass:"$2a$08$qstd3YKjwXYMii3nOKqKQe7OkZGfjOx5hlCygvlz2b52j.ZVftre."
    },
    editorTheme: { projects: { enabled: false }
    },

    // By default, credentials are encrypted in storage using a generated key. To
    // specify your own secret, set the following property.
    // If you want to disable encryption of credentials, set this property to false.
    // Note: once you set this property, do not change it - doing so will prevent
    // node-red from being able to decrypt your existing credentials and they will be
    // lost.
    //credentialSecret: "a-secret-key",

    https: {
        key: fs.readFileSync('/home/pi/.node-red/privkey.pem'),
        cert: fs.readFileSync('/home/pi/.node-red/cert.pem')
    },
    requireHttps: true
}
------------------------------------
# Webmin SSL

https://www.webmin.com/ssl.html

If Webmin is already installed, turn on SSL
In the Webmin Configuration module (under the Webmin category) an icon for SSL Encryption should appear. Click on it, and change the SSL option from Disabled to Enabled.

--------------------
#	https for Grafana

https://www.turbogeek.co.uk/grafana-how-to-configure-ssl-https-in-grafana/

sudo openssl genrsa -out grafana.key 2048
sudo openssl req -new -key grafana.key -out grafana.csr

Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Saxonia
Locality Name (eg, city) []:Zwenkau
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Fraunholz Ltd.
Organizational Unit Name (eg, section) []:Home
Common Name (e.g. server FQDN or YOUR name) []:FH01
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Challenge8Password
An optional company name []:Fraunholz

sudo openssl x509 -req -days 365 -in grafana.csr -signkey grafana.key -out grafana.crt
-> Signature ok
	subject=C = DE, ST = Saxonia, L = Zwenkau, O = Fraunholz Ltd., OU = Home, CN = FH01, emailAddress = [email protected]
	Getting Private key

sudo chown grafana:grafana grafana.crt
sudo chown grafana:grafana grafana.key
sudo chmod 400 grafana.key grafana.crt

sudo vi /etc/grafana/grafana.ini

cert_key = /etc/grafana/grafana.key
cert_file = /etc/grafana/grafana.crt

sudo service grafana-server restart
sudo service grafana-server status
-----------------------------------------------------