login as: smarthome
Linux SmartHomeNG 4.14.52-v7+ #1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Aug 14 18:12:49 2018 from 10.0.0.172

SmartHome Raspi running for: 0 days, 00h02m26s

 [smarthome@SmartHomeNG ~]$ setup_all
WELCOME TO THE RASPBERRY PI SMARTHOME NG IMAGE SETUP

This script is used to setup the most important parts of the installation.
Do you want to expand the file-system on your SD card to use all available space?
Otherwise only 4GB will be available no matter how big your card really is.

1) Expand
2) Skip
#? 1

Welcome to fdisk (util-linux 2.29.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): Disk /dev/mmcblk0: 14,9 GiB, 15962472448 bytes, 31176704 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xdf3934f7

Device         Boot Start     End Sectors  Size Id Type
/dev/mmcblk0p1       8192   96663   88472 43,2M  c W95 FAT32 (LBA)
/dev/mmcblk0p2      98304 7675903 7577600  3,6G 83 Linux

Command (m for help): Partition number (1,2, default 2):
Partition 2 has been deleted.

Command (m for help): Partition type
   p   primary (1 primary, 0 extended, 3 free)
   e   extended (container for logical partitions)
Select (default p): Partition number (2-4, default 2): First sector (2048-31176703, default 2048): Last sector, +sectors or +size{K,M,G,T,P} (98304-31176703, default 31176703):
Created a new partition 2 of type 'Linux' and of size 14,8 GiB.
Partition #2 contains a ext4 signature.

Command (m for help):
Disk /dev/mmcblk0: 14,9 GiB, 15962472448 bytes, 31176704 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xdf3934f7

Device         Boot Start      End  Sectors  Size Id Type
/dev/mmcblk0p1       8192    96663    88472 43,2M  c W95 FAT32 (LBA)
/dev/mmcblk0p2      98304 31176703 31078400 14,8G 83 Linux

Command (m for help): The partition table has been altered.
Calling ioctl() to re-read partition table.
Re-reading the partition table failed.: Das Gerät oder die Ressource ist belegt

The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8).


Do you want to update your language setting or install new locales?
1) Update
2) Skip
#? 2
Skipping
KNXD: KNX Bus Connection. (currently enabled)
1) Enable
2) Disable
3) Skip
#? 1
Synchronizing state of knxd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable knxd


KNXD Service is enabled. Currently 0.12.16 is installed.
There is a newer version of knxd available: 0.14.25. Do you want to upgrade?
WARNING: Some IP routers/interfaces might have problems with the newer version!
1) Upgrade
2) Keep
3) Skip
#? 2
Skipping knxd Upgrade

If errors occured while down/upgrading you might want to try a reboot after changing the config files to your needs.
Please change the config to your needs: /etc/knxd.conf. Please read https://github.com/knxd/knxd/wiki

SSH: Connect to your Raspi via network. Use a client like vssh, mobaXterm, putty, etc. (currently enabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

It is highly recommended to secure your SSH connection with certificates instead of passwords.
Do you want to enable certificates and set them up?
1) Enable
2) Disable
3) Skip
#? 1

SSH Keys were already generated on first boot. Do you want to create new ones anyhow?
1) Create
2) Keep
3) Skip
#? 2
Keeping existing SSH keys

It is recommended to disable password login AFTER successfully testing your ssh certificate connection.
Create a new ssh session using the certificate instead of the user/password. Use smarthome or root as User and NO password.

How do you want to configure password login?
1) Enable
2) Disable
3) Skip
#? 3
Skipping
#?
1) Enable
2) Disable
3) Skip
#? 2
Password Login is set to Disable.

SSHD Service is enabled. Config file is /etc/ssh/sshd_config

Samba: Access your folders via Windows Explorer, Apple Finder, etc.. (currently enabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

Samba Service is enabled. Config file is /etc/samba/smb.conf

nginx: Webserver, necessary for SmartVisu, Backend, etc. (currently enabled)
1) Enable
2) Disable
3) Skip
#?
1) Enable
2) Disable
3) Skip
#? 1
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx

nginx Service is enabled.
 The server is setup the following way to easily access your websites:
http://<YOURIP>/smartVISU -> smartVISU 2.8
http://<YOURIP>/smartVISU2.9 -> smartVISU 2.9
http://<YOURIP>/backend-> SmarthomeNG Backend (if plugin is enabled in smarthome config)
http://<YOURIP>/phpmyadmin -> Admin Tool to manage SQL database. Login is root/smarthome
http://<YOURIP>/shnet -> SmarthomeNG Network Plugin. Port is configured to 8888. Change in /etc/nginx/sites-available/default
http://<YOURIP>/monit -> If you enable monit (later) you can see the status of your services
http://<YOURIP>/monitgraph -> If you enable monit (later) you can see graphs of your computer resources per service
http://<YOURIP>/grafana -> If you enable influxdb and grafana (later) you can use time series databases


You can setup nginx as a Reverse Proxy to securely access the listed websites from outside your home network.
To work correctly you need to forward port 443 in your router to the internal IP of this Raspberry Pi (192.168.0.67).
Furthermore you need to activate a Dynamic DNS service on your Router or other network device!
1) Enable
2) Disable
3) Skip
#? 1
awk: Fatal: Die Datei „/etc/ssl/easy-rsa/vars“ kann nicht zum Lesen geöffnet werden (Datei oder Verzeichnis nicht gefunden)
Setting up variables for OpenVPN. Please provide the relevant information...
Please define the countrycode of your server (2 letter code like AT, DE, CH): de
Please define the city of your server (string): wb
Please define your email (name@domain.tld): matthias.anders@gmx.de
Please define your common=domain name (xxx.domain.tld):
Please define your common=domain name (xxx.domain.tld): test.de

You have setup the variables for key generation like this:
set_var EASYRSA_REQ_COUNTRY     "DE"
set_var EASYRSA_REQ_CITY        "Wb"
set_var EASYRSA_REQ_EMAIL       "matthias.anders@gmx.de"
set_var EASYRSA_REQ_CN          "test.de"
set_var EASYRSA_BATCH           "yes"

Do you want to re-run the configuration?
1) Re-Run
2) Move-on
#? 2

Initializing server certification process. Later you have to provide a password to protect your certificates (export password).
Generating a 2048 bit RSA private key
............+++
.................................+++
writing new private key to '/etc/ssl/easy-rsa/pki/private/ca.key.zDisaa9zxW'
-----
Using configuration from ./openssl-easyrsa.cnf
Generating a 2048 bit RSA private key
.......+++
...............+++
writing new private key to '/etc/ssl/easy-rsa/pki/private/server.key.YrhZwnHLbi'
-----
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'server'
Certificate is to be certified until Sep 16 12:34:53 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated
Enter Export Password:
Verifying - Enter Export Password:
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........................................................................................................................................................................................+............................................................................................................................+.+........................................................................................................................................................................................................................................................................................................................................................+..........................................................................................................................................................................+..............................+....................................................................................................................................................+..............+...................................................................+......................+........+...........................................................................................................................................+............................................................................................................................................................+................................................................................+.................................................................................................................................................................................................................................................................+..............................++*++*

Make sure the process was writing at least 5 lines with ... and +. Otherwise Ctrl-C and restart setup_nginx.sh.

Server certificates were generated: ca.crt, ca.key, ca.pem, ca.crl (for revoking certificates), dh.pem, server.crt, server.key.
Creating ta.key (for openvpn).
Creating a random file (for freeradius).

Now you have to create a certificate for each client.

Please define the name of your client (string like MacBook, iPhone, etc.). Hit Enter to create no (more) client certificates.

Creating client certificates finished. Copying all relevant server files for openvpn/nginx to /etc/ssl/ca/
Folder content of /etc/ssl/ca/
/etc/ssl/ca//ca.pem  /etc/ssl/ca//dh.pem  /etc/ssl/ca//ta.key

/etc/ssl/ca//certs:
ca.crt  server.crt

/etc/ssl/ca//private:
ca.crl  ca.key  server.key

Client certificates and ca.crt are copied to /home/smarthome. Make sure to transfer them securely to your clients.
They are saved as pkcs12 with suffix pfx. You can change the suffix to p12 if needed.
If you need seperate crt and key files have a look at the folder /etc/ssl/easy-rsa/pki

Folder content of /home/smarthome:
ca.crt  openvpn_client_example.conf  smarthomeng.private  ta.key
Finished certificate setup.

Changing nginx config based on domain test.de
sed: /etc/nginx/sites-available/default.conf kann nicht gelesen werden: Datei oder Verzeichnis nicht gefunden

You have to put your private key password in the lua script to make reverse proxy work correctly.
Either do it manually by changing first line in /etc/nginx/scripts/hass_access.lua.
Or provide the password here and let me insert it automatically (Hit enter to skip): pass


Creating Letsencrypt certificate
IMPORTANT: You HAVE to forward port 80 to your Raspi on your router now before you advance.
Did you forward port 80 to this Raspberry Pi (IP: 192.168.0.67)?
1) Yes
2) No
3) Skip
#? 1
Going on with creating the SSL certificate

Please provide your mail address in the next step.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):matthias.anders@gmx.de

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: a
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for test.de
Using the webroot path /var/www/letsencrypt for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. test.de (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://test.de/.well-known/acme-challenge/jwwo19cAE7gVKHUfaqKHbNXRWT4p-_FDHcrlUomiB5o: "<!doctype html>
<!--[if lt IE 7]><html lang="de" class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>   <html lang="

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to matthias.anders@gmx.de.
 - The following errors were reported by the server:

   Domain: test.de
   Type:   unauthorized
   Detail: Invalid response from
   http://test.de/.well-known/acme-challenge/jwwo19cAE7gVKHUfaqKHbNXRWT4p-_FDHcrlUomiB5o:
   "<!doctype html>
   <!--[if lt IE 7]><html lang="de" class="no-js lt-ie9 lt-ie8
   lt-ie7"> <![endif]-->
   <!--[if IE 7]>   <html lang="

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Now change the port forwarding from 80 to 443 on your router! Restarting nginx now.

Copy certificates to your client.
If you also want to use OpenVPN, just import the copied conf file to your favourite OpenVPN client (Tunnelblick, OpenVPN, etc.)
Start and enable openvpn (later in the setup process)
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
/opt/setup/setup_nginx.sh: Zeile 319: tl: Kommando nicht gefunden.
/opt/setup/setup_nginx.sh: Zeile 320: Syntaxfehler beim unerwarteten Wort `fi'
/opt/setup/setup_nginx.sh: Zeile 320: `fi'

NFS: Similar to Samba but maybe preferrable (currently disabled)
1) Enable
2) Disable
3) Skip
#? 1
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /lib/systemd/system/nfs-server.service.

NFS Service is enabled. Config file is /etc/exports

LIRC: Integrate infrared receive/send. Extra IR hardware needed. (currently disabled)
1) Enable
2) Disable
3) Skip
#? 1
Created symlink /etc/systemd/system/multi-user.target.wants/lircd.service → /lib/systemd/system/lircd.service.

LIRC Service is enabled. Config file is /etc/lirc/lirc_options.conf

MONIT: Monitor your services and automatically restart them on errors (currently disabled)
1) Enable
2) Disable
3) Skip
#? 2
monit.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable monit

MONIT Service is disabled. Config file is /etc/monit/monitrc

EXIM4: allows you to send mails from your Raspberry Pi. This is useful for monit and logcheck and the mail plugin of SmarthomeNG. (currently disabled)
Do you want to enable the service automatically on startup?
1) Enable
2) Disable
3) Skip
#? 3
Skipping

EXIM4 Service is disabled.

LOGCHECK: Test your logfiles for errors every hour and send a mail automatically if there are problems (currently disabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

LOGCHECK Service is disabled. Config file is /etc/logcheck/logcheck.logfiles

MYSQL: Database alternative to sqlite. Recommended to use in conjunction with the database plugin (currently disabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

MYSQL Service is disabled. Config file is /etc/mysql/debian.cnf
/opt/setup/setup_sql.sh: Zeile 44: ackupconfig: Kommando nicht gefunden.
/opt/setup/setup_sql.sh: Zeile 46: Syntaxfehler beim unerwarteten Wort `fi'
/opt/setup/setup_sql.sh: Zeile 46: `fi'

MOSQUITTO: Broker for network communication protocol MQTT.
You can use it with the corresponding smarthomeNG plugin to exchange item values between multiple smarthome instances or between different devices. (currently disabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

MOSQUITTO Service is disabled. Config file is /etc/mosquitto/mosquitto.conf

1WIRE: Server for 1-Wire System. (currently disabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

1WIRE Service is disabled. Config file is /etc/owfs.conf

SQUEEZELITE: Headless Player for Logitech Squeezebox. (currently disabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

SQUEEZELITE Service is disabled. Config file is /usr/local/bin/squeezelite.sh

WATCHDOG: Auto restart system on overload (currently disabled)
1) Enable
2) Disable
3) Skip
#? 1
Synchronizing state of watchdog.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable watchdog

WATCHDOG Service is enabled. Config file is /etc/watchdog.conf. Be careful with it ;)

OPENVPN: Connect to your Pi from outside securely (currently disabled)
1) Enable
2) Disable
3) Skip
#? 3
Skipping

OPENVPN Service is disabled. Config file is /etc/openvpn/server.conf

You need a Rasperry Pi 3 or better. Not installing Homebridge
You need a Rasperry Pi 3 or better. Not installing InfluxDB

SMARTHOME IMAGE setup is done. You can rerun this script at any time.
You might want to reboot your Raspberry Pi now running sudo reboot

#KNXD_OPTS=/etc/knxd.ini
START_KNXD=YES
KNXD_OPTS="-e 1.1.245 -E 1.1.246:8 --no-tunnel-client-queuing -B single -b ipt:10.0.0.101 -c -DTRS"
# You might want to remove the -DTRS in the end.

ls /etc/knxd*
-rwxr-xr-x 1 smarthome smarthome 189 Aug 14 14:15 /etc/knxd.conf*
-rwxr-xr-x 1 smarthome smarthome 246 Aug 14 14:14 /etc/knxd.ini*
-rwxr-xr-x 1 smarthome smarthome 279 Aug 14 14:15 /etc/knxd_IPServer.ini*
-rwxr-xr-x 1 smarthome smarthome 222 Aug 14 14:15 /etc/knxd_Serial.ini*