/
/
/
This repo is destined for my server automations and setup.
1---
2# ============================================================================
3# Entrance IoT Gateway Playbook
4# ============================================================================
5#
6# Deploys Zigbee (Sonoff) and Matter over Thread (Home Assistant ZBT-1) gateway
7# for entrance area IoT devices including smart locks, sensors, and energy monitoring
8#
9# PREREQUISITES:
10# - Fresh Debian 11 or 12 installation
11# - SSH access with sudo privileges for ansible_user
12# - Internet connectivity for package downloads
13# - Static IP address recommended
14# - Sonoff Zigbee dongle and ZBT-1 Thread adapter connected via USB
15#
16# ============================================================================
17
18- name: "Entrance IoT Gateway Complete Setup"
19 hosts: entrance_servers
20 become: true
21 gather_facts: true
22
23 pre_tasks:
24 - name: Verify entrance server requirements
25 assert:
26 that:
27 - ansible_distribution in ["Debian", "Ubuntu"]
28 - (ansible_distribution == "Debian" and ansible_distribution_major_version | int >= 11) or (ansible_distribution == "Ubuntu" and ansible_distribution_major_version | int >= 20)
29 - ansible_memtotal_mb >= 512 # Minimum 512MB RAM
30 - ansible_processor_vcpus >= 1 # Minimum 1 CPU core
31 fail_msg: |
32 Entrance gateway system requirements not met:
33 - Requires Debian 11+ or Ubuntu 20.04+
34 - Minimum 512MB RAM (found {{ ansible_memtotal_mb }}MB)
35 - Minimum 1 CPU core (found {{ ansible_processor_vcpus }})
36 success_msg: "Entrance gateway system requirements validated successfully"
37 tags: always
38
39 - name: Verify server is in entrance_servers group
40 fail:
41 msg: "This server must be in the [entrance_servers] inventory group. Check your inventory/hosts file."
42 when: "'entrance_servers' not in group_names"
43 tags: always
44
45 - name: Display entrance deployment information
46 debug:
47 msg: |
48 ============================================================================
49 Entrance IoT Gateway Installation Starting
50 ============================================================================
51 Target Host: {{ inventory_hostname }}
52 Target IP: {{ ansible_default_ipv4.address }}
53 OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
54 Architecture: {{ ansible_architecture }}
55 User: {{ ha_edge_user }}
56 Services to Deploy:
57 - Zigbee2MQTT (Sonoff ZBDongle-E): {{ 'Enabled' if enable_z2m else 'Disabled' }}
58 - OpenThread Border Router (ZBT-1): {{ 'Enabled' if enable_otbr else 'Disabled' }}
59 - DSMR Reader (Energy Monitoring): {{ 'Enabled' if enable_dsmr else 'Disabled' }}
60 ============================================================================
61 tags: always
62
63 # ============================================================================
64 # ROLE EXECUTION ORDER (CRITICAL FOR PROPER INSTALLATION)
65 # ============================================================================
66
67 roles:
68 # 1. SYSTEM SETUP - Basic system configuration and packages
69 - role: system
70 tags: [system, setup]
71
72 # 2. DOCKER INSTALLATION - Install Docker using geerlingguy.docker
73 - role: geerlingguy.docker
74 tags: [docker, setup]
75
76 # 3. USER MANAGEMENT - Create entrance gateway user with proper groups
77 - role: user
78 tags: [user, setup]
79
80 # 4. DOCKER FRAMEWORK - Setup Docker directory structure
81 - role: docker-framework
82 tags: [docker, framework]
83
84 # 5. SECURITY HARDENING - Apply security settings
85 - role: geerlingguy.security
86 tags: [security, hardening]
87
88 # 6. ENTRANCE GATEWAY - Complete IoT gateway installation
89 - role: entrance
90 tags: [entrance, gateway, iot]
91
92 # 7. MONITORING - System monitoring
93 - role: monitoring
94 tags: [monitoring, glances]
95
96 # ============================================================================
97 # POST-INSTALLATION TASKS
98 # ============================================================================
99
100 post_tasks:
101 - name: Verify core services are running
102 systemd:
103 name: "{{ item }}"
104 state: started
105 enabled: yes
106 loop:
107 - docker
108 - NetworkManager
109 tags: ['verification']
110
111 - name: Verify UDEV rules are applied
112 command: udevadm control --reload-rules && udevadm trigger
113 changed_when: false
114 tags: ['verification', 'udev']
115
116 - name: Check for active USB devices
117 command: lsusb
118 register: usb_devices
119 changed_when: false
120 tags: ['verification', 'hardware']
121
122 - name: Verify Docker containers are running
123 command: docker ps --format "table {{.Names}}\t{{.Status}}"
124 register: docker_status
125 changed_when: false
126 tags: ['verification', 'docker']
127
128 - name: Display deployment completion summary
129 debug:
130 msg: |
131 ============================================================================
132 Entrance IoT Gateway Installation Complete!
133 ============================================================================
134
135 ð Entrance Gateway Access:
136 Host: {{ inventory_hostname }}
137 IP Address: {{ ansible_default_ipv4.address }}
138 SSH Access: ssh {{ ha_edge_user }}@{{ ansible_default_ipv4.address }}
139
140 ð Services Deployed:
141 {% if enable_z2m %}
142 - Zigbee2MQTT: Running on {{ ansible_default_ipv4.address }}:8080
143 * Zigbee Coordinator: {{ z2m_serial_symlink }}
144 * PAN ID: {{ z2m_pan_id }}
145 * Channel: {{ z2m_channel }}
146 * Adapter: {{ z2m_adapter }}
147 {% endif %}
148 {% if enable_otbr %}
149 - OpenThread Border Router: Running
150 * Thread Radio: {{ otbr_rcp_symlink }}
151 * Border Routing: {{ 'Enabled' if otbr_enable_border_routing else 'Disabled' }}
152 * Backbone Router: {{ 'Enabled' if otbr_enable_backbone_router else 'Disabled' }}
153 * NAT64: {{ 'Enabled' if otbr_nat64 else 'Disabled' }}
154 {% endif %}
155 {% if enable_dsmr %}
156 - DSMR Reader: Running on {{ ansible_default_ipv4.address }}:{{ dsmr_web_port }}
157 * P1 Meter: {{ dsmr_serial_symlink }}
158 * MQTT Prefix: {{ dsmr_mqtt_prefix }}
159 {% endif %}
160
161 ð§ System Information:
162 OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
163 Architecture: {{ ansible_architecture }}
164 User: {{ ha_edge_user }}
165 Docker Version: {{ docker_version.stdout | default('Unknown') if docker_version is defined else 'Unknown' }}
166 Timezone: {{ ha_edge_timezone | default('UTC') }}
167
168 ð Hardware Status:
169 USB Devices Detected:
170 {{ usb_devices.stdout | default('Skipped') | indent(14) }}
171
172 Docker Containers:
173 {{ docker_status.stdout | default('Skipped') | indent(14) }}
174
175 ð Next Steps:
176 1. Configure MQTT credentials in vault for Zigbee2MQTT and DSMR Reader
177 2. Pair Zigbee devices via Zigbee2MQTT web interface
178 3. Configure Thread network settings if needed
179 4. Set up energy monitoring in Home Assistant
180 5. Configure firewall rules for service access
181
182 ð¡ Useful Commands:
183 - Check container status: docker ps
184 - View Zigbee2MQTT logs: docker logs -f zigbee2mqtt
185 - View OTBR logs: docker logs -f otbr
186 - View DSMR logs: docker logs -f dsmr-reader
187 - Check UDEV rules: udevadm info /dev/ttyZigbee
188 - Monitor MQTT: mosquitto_sub -h {{ mqtt_host }} -t "#" -v
189
190 â ï¸ Important Notes:
191 - Ensure Zigbee and Thread adapters are properly connected
192 - Configure MQTT broker credentials before starting services
193 - Set proper PAN ID and channel for Zigbee network
194 - Thread network may require additional configuration
195 - Monitor logs for device pairing and connectivity issues
196
197 ============================================================================
198 tags: always
199
200 - name: Save installation details to file
201 copy:
202 content: |
203 Entrance IoT Gateway Installation Details
204 ========================================
205
206 Installation Date: {{ ansible_date_time.iso8601 }}
207 Host: {{ inventory_hostname }}
208 IP Address: {{ ansible_default_ipv4.address }}
209 OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
210 Architecture: {{ ansible_architecture }}
211
212 User Configuration:
213 - Username: {{ ha_edge_user }}
214 - Groups: {{ ha_edge_groups | join(', ') }}
215 - Sudo Access: Passwordless
216
217 Service Configuration:
218 {% if enable_z2m %}
219 - Zigbee2MQTT:
220 * Data Directory: {{ z2m_compose_dir }}/config
221 * Serial Device: {{ z2m_serial_symlink }}
222 * PAN ID: {{ z2m_pan_id }}
223 * Channel: {{ z2m_channel }}
224 * Adapter: {{ z2m_adapter }}
225 * MQTT Host: {{ mqtt_host }}:{{ mqtt_port }}
226 {% endif %}
227 {% if enable_otbr %}
228 - OpenThread Border Router:
229 * RCP Device: {{ otbr_rcp_symlink }}
230 * Border Routing: {{ otbr_enable_border_routing }}
231 * Backbone Router: {{ otbr_enable_backbone_router }}
232 * NAT64: {{ otbr_nat64 }}
233 {% endif %}
234 {% if enable_dsmr %}
235 - DSMR Reader:
236 * Serial Device: {{ dsmr_serial_symlink }}
237 * Web Port: {{ dsmr_web_port }}
238 * MQTT Prefix: {{ dsmr_mqtt_prefix }}
239 * Database Host: {{ dsmr_pg_host }}
240 {% endif %}
241
242 UDEV Rules:
243 {% for rule in udev_rules %}
244 - {{ rule.name }}: Vendor {{ rule.id_vendor }}, Product {{ rule.id_product }}
245 {% endfor %}
246
247 Docker Configuration:
248 - Compose Root: {{ compose_root }}
249 - Users with Access: {{ docker_users | join(', ') }}
250
251 Security:
252 - SSH Port: {{ security_ssh_port }}
253 - Root Login: Disabled
254 - Password Authentication: Disabled
255 - Fail2ban: {{ security_fail2ban_enabled | default('Enabled') }}
256 - Auto Updates: {{ security_autoupdate_enabled }}
257
258 Useful Commands:
259 - Check service status: docker ps
260 - View service logs: docker logs -f [container-name]
261 - Check USB devices: lsusb
262 - Verify UDEV rules: udevadm info [device-path]
263 - Monitor MQTT: mosquitto_sub -h {{ mqtt_host }} -t "#" -v
264
265 dest: "/home/{{ ha_edge_user }}/entrance-gateway-installation-details.txt"
266 owner: "{{ ha_edge_user }}"
267 group: "{{ ha_edge_user }}"
268 mode: "0644"
269 tags: [entrance, documentation]
270