/
/
/
This repo is destined for my server automations and setup.
1---
2# ============================================================================
3# Entrance IoT Gateway Playbook
4# ============================================================================
5#
6# Deploys Zigbee (Sonoff) and Matter over Thread (Home Assistant ZBT-1) gateway
7# for entrance area IoT devices including smart locks, sensors, and energy monitoring
8#
9# PREREQUISITES:
10# - Fresh Debian 11 or 12 installation
11# - SSH access with sudo privileges for ansible_user
12# - Internet connectivity for package downloads
13# - Static IP address recommended
14# - Sonoff Zigbee dongle and ZBT-1 Thread adapter connected via USB
15#
16# ============================================================================
17
18- name: "Entrance IoT Gateway Complete Setup"
19 hosts: entrance_servers
20 become: true
21 gather_facts: true
22
23 pre_tasks:
24 - name: Verify entrance server requirements
25 assert:
26 that:
27 - ansible_distribution in ["Debian", "Ubuntu"]
28 - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 20)
29 - ansible_memtotal_mb >= 512 # Minimum 512MB RAM
30 - ansible_processor_vcpus >= 1 # Minimum 1 CPU core
31 fail_msg: |
32 Entrance gateway system requirements not met:
33 - Requires Debian 11+ or Ubuntu 20.04+
34 - Minimum 512MB RAM (found {{ ansible_memtotal_mb }}MB)
35 - Minimum 1 CPU core (found {{ ansible_processor_vcpus }})
36 success_msg: "Entrance gateway system requirements validated successfully"
37 tags: always
38
39 - name: Verify server is in entrance_servers group
40 fail:
41 msg: "This server must be in the [entrance_servers] inventory group. Check your inventory/hosts file."
42 when: "'entrance_servers' not in group_names"
43 tags: always
44
45 - name: Display entrance deployment information
46 debug:
47 msg: |
48 ============================================================================
49 Entrance IoT Gateway Installation Starting
50 ============================================================================
51 Target Host: {{ inventory_hostname }}
52 Target IP: {{ ansible_default_ipv4.address }}
53 OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
54 Architecture: {{ ansible_architecture }}
55 User: {{ ha_edge_user }}
56 Services to Deploy:
57 - Zigbee2MQTT (Sonoff ZBDongle-E): {{ 'Enabled' if enable_z2m else 'Disabled' }}
58 - OpenThread Border Router (ZBT-1): {{ 'Enabled' if enable_otbr else 'Disabled' }}
59 - DSMR Reader (Energy Monitoring): {{ 'Enabled' if enable_dsmr else 'Disabled' }}
60 ============================================================================
61 tags: always
62
63 # ============================================================================
64 # ROLE EXECUTION ORDER (CRITICAL FOR PROPER INSTALLATION)
65 # ============================================================================
66
67 roles:
68 # 1. SYSTEM SETUP - Basic system configuration and packages
69 - role: system
70 tags: [system, setup]
71
72 # 2. DOCKER INSTALLATION - Install Docker using geerlingguy.docker
73 - role: geerlingguy.docker
74 tags: [docker, setup]
75
76 # 3. USER MANAGEMENT - Create entrance gateway user with proper groups
77 - role: user
78 tags: [user, setup]
79
80 # 4. DOCKER FRAMEWORK - Setup Docker directory structure
81 - role: docker-framework
82 tags: [docker, framework]
83
84 # 5. SECURITY HARDENING - Apply security settings
85 - role: geerlingguy.security
86 tags: [security, hardening]
87
88 # 6. ENTRANCE GATEWAY - Complete IoT gateway installation
89 - role: entrance
90 tags: [entrance, gateway, iot]
91
92 # ============================================================================
93 # POST-INSTALLATION TASKS
94 # ============================================================================
95
96 post_tasks:
97 - name: Verify core services are running
98 systemd:
99 name: "{{ item }}"
100 state: started
101 enabled: yes
102 loop:
103 - docker
104 - NetworkManager
105 tags: ['verification']
106
107 - name: Verify UDEV rules are applied
108 command: udevadm control --reload-rules && udevadm trigger
109 changed_when: false
110 tags: ['verification', 'udev']
111
112 - name: Check for active USB devices
113 command: lsusb
114 register: usb_devices
115 changed_when: false
116 tags: ['verification', 'hardware']
117
118 - name: Verify Docker containers are running
119 command: docker ps --format "table {{.Names}}\t{{.Status}}"
120 register: docker_status
121 changed_when: false
122 tags: ['verification', 'docker']
123
124 - name: Display deployment completion summary
125 debug:
126 msg: |
127 ============================================================================
128 Entrance IoT Gateway Installation Complete!
129 ============================================================================
130
131 ð Entrance Gateway Access:
132 Host: {{ inventory_hostname }}
133 IP Address: {{ ansible_default_ipv4.address }}
134 SSH Access: ssh {{ ha_edge_user }}@{{ ansible_default_ipv4.address }}
135
136 ð Services Deployed:
137 {% if enable_z2m %}
138 - Zigbee2MQTT: Running on {{ ansible_default_ipv4.address }}:8080
139 * Zigbee Coordinator: {{ z2m_serial_symlink }}
140 * PAN ID: {{ z2m_pan_id }}
141 * Channel: {{ z2m_channel }}
142 * Adapter: {{ z2m_adapter }}
143 {% endif %}
144 {% if enable_otbr %}
145 - OpenThread Border Router: Running
146 * Thread Radio: {{ otbr_rcp_symlink }}
147 * Border Routing: {{ 'Enabled' if otbr_enable_border_routing else 'Disabled' }}
148 * Backbone Router: {{ 'Enabled' if otbr_enable_backbone_router else 'Disabled' }}
149 * NAT64: {{ 'Enabled' if otbr_nat64 else 'Disabled' }}
150 {% endif %}
151 {% if enable_dsmr %}
152 - DSMR Reader: Running on {{ ansible_default_ipv4.address }}:{{ dsmr_web_port }}
153 * P1 Meter: {{ dsmr_serial_symlink }}
154 * MQTT Prefix: {{ dsmr_mqtt_prefix }}
155 {% endif %}
156
157 ð§ System Information:
158 OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
159 Architecture: {{ ansible_architecture }}
160 User: {{ ha_edge_user }}
161 Docker Version: {{ docker_version.stdout | default('Unknown') }}
162 Timezone: {{ ha_edge_timezone }}
163
164 ð Hardware Status:
165 USB Devices Detected:
166 {{ usb_devices.stdout | default('None detected') | indent(14) }}
167
168 Docker Containers:
169 {{ docker_status.stdout | default('None running') | indent(14) }}
170
171 ð Next Steps:
172 1. Configure MQTT credentials in vault for Zigbee2MQTT and DSMR Reader
173 2. Pair Zigbee devices via Zigbee2MQTT web interface
174 3. Configure Thread network settings if needed
175 4. Set up energy monitoring in Home Assistant
176 5. Configure firewall rules for service access
177
178 ð¡ Useful Commands:
179 - Check container status: docker ps
180 - View Zigbee2MQTT logs: docker logs -f zigbee2mqtt
181 - View OTBR logs: docker logs -f otbr
182 - View DSMR logs: docker logs -f dsmr-reader
183 - Check UDEV rules: udevadm info /dev/ttyZigbee
184 - Monitor MQTT: mosquitto_sub -h {{ mqtt_host }} -t "#" -v
185
186 â ï¸ Important Notes:
187 - Ensure Zigbee and Thread adapters are properly connected
188 - Configure MQTT broker credentials before starting services
189 - Set proper PAN ID and channel for Zigbee network
190 - Thread network may require additional configuration
191 - Monitor logs for device pairing and connectivity issues
192
193 ============================================================================
194 tags: always
195
196 - name: Save installation details to file
197 copy:
198 content: |
199 Entrance IoT Gateway Installation Details
200 ========================================
201
202 Installation Date: {{ ansible_date_time.iso8601 }}
203 Host: {{ inventory_hostname }}
204 IP Address: {{ ansible_default_ipv4.address }}
205 OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
206 Architecture: {{ ansible_architecture }}
207
208 User Configuration:
209 - Username: {{ ha_edge_user }}
210 - Groups: {{ ha_edge_groups | join(', ') }}
211 - Sudo Access: Passwordless
212
213 Service Configuration:
214 {% if enable_z2m %}
215 - Zigbee2MQTT:
216 * Data Directory: {{ z2m_data_dir }}
217 * Serial Device: {{ z2m_serial_symlink }}
218 * PAN ID: {{ z2m_pan_id }}
219 * Channel: {{ z2m_channel }}
220 * Adapter: {{ z2m_adapter }}
221 * MQTT Host: {{ mqtt_host }}:{{ mqtt_port }}
222 {% endif %}
223 {% if enable_otbr %}
224 - OpenThread Border Router:
225 * RCP Device: {{ otbr_rcp_symlink }}
226 * Border Routing: {{ otbr_enable_border_routing }}
227 * Backbone Router: {{ otbr_enable_backbone_router }}
228 * NAT64: {{ otbr_nat64 }}
229 {% endif %}
230 {% if enable_dsmr %}
231 - DSMR Reader:
232 * Serial Device: {{ dsmr_serial_symlink }}
233 * Web Port: {{ dsmr_web_port }}
234 * MQTT Prefix: {{ dsmr_mqtt_prefix }}
235 * Database Host: {{ dsmr_pg_host }}
236 {% endif %}
237
238 UDEV Rules:
239 {% for rule in udev_rules %}
240 - {{ rule.name }}: Vendor {{ rule.id_vendor }}, Product {{ rule.id_product }}
241 {% endfor %}
242
243 Docker Configuration:
244 - Compose Root: {{ compose_root }}
245 - Users with Access: {{ docker_users | join(', ') }}
246
247 Security:
248 - SSH Port: {{ security_ssh_port }}
249 - Root Login: Disabled
250 - Password Authentication: Disabled
251 - Fail2ban: {{ security_fail2ban_enabled | default('Enabled') }}
252 - Auto Updates: {{ security_autoupdate_enabled }}
253
254 Useful Commands:
255 - Check service status: docker ps
256 - View service logs: docker logs -f [container-name]
257 - Check USB devices: lsusb
258 - Verify UDEV rules: udevadm info [device-path]
259 - Monitor MQTT: mosquitto_sub -h {{ mqtt_host }} -t "#" -v
260
261 dest: "/home/{{ ha_edge_user }}/entrance-gateway-installation-details.txt"
262 owner: "{{ ha_edge_user }}"
263 group: "{{ ha_edge_user }}"
264 mode: "0644"
265 tags: [entrance, documentation]
266