Home Automation with Docker and Postgres on RaspberryPI and AzureVM.

In the basics my environment has the following configuration

Local

• Raspberry PI 3b+ with 16GB SD
• Philips HUE
• Tado Gateway
• Wireless Zigbee CC2531 Sniffer Bare Board
• FTDI FT232RL USB To TTL Serial IC Adapter Converter Module

Devices:

• Philips HUE Lightbulbs
• Tado Thermostat
• Tado Smart Radiator
• IKEA Tradfri Lightbulbs
• IKEA Trafri Motion Sensor
• XIAOMI Door/ Window Sensor
• NEO Coolcam Smart Plug 16A
• Wemos D1 Pro

RPI with Raspbian Buster::

• Docker
• Hass.io
• DSMR-Reader
• Portainer
• Strongswan

Azure

VM: Ubuntu 18.04 size B2s, standard, 2vCPU, 4GB mem

• Docker
• Portainer
• Postgres
• PostgresAdmin
• HADockerMon

Setup Azure IPsec

https://docs.microsoft.com/en-en/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

For setting up the VPN on the Raspberry I used the following steps:

Update first

$ apt update && sudo apt upgrade -y

$ apt install strongswan -y

Set kernel parameters

$ cat >> /etc/sysctl.conf << EOF

net.ipv4.ip_forward = 1

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.all.send_redirects = 0 EOF

$ sysctl -p /etc/sysctl.conf

Generate preshared key

$ openssl rand -base64 64

We will setup our VPN Gateway in Site A (Paris), first to setup the /etc/ipsec.secrets file:

$ cat /etc/ipsec.secrets # source destination [ExternalIP] [RemoteExternalIP] : PSK "xxxxx"

Now to setup our VPN configuration in /etc/ipsec.conf:

cat /etc/ipsec.conf

# basic configuration

config setup charondebug="all"

uniqueids=yes

strictcrlpolicy=no

# connection to azure

conn home-to-azure

authby=secret left=%defaultroute

leftid=ExternalIP

leftsubnet=localsubnet/24

right=azureExternalIP

rightsubnet=azureLocalsubnet/24

ike=aes256-sha2_256-modp1024!

esp=aes256-sha2_256!

keyingtries=0

ikelifetime=1h

lifetime=8h

dpddelay=30

dpdtimeout=120

dpdaction=restart

auto=start

Firewall settings

sudo iptables -t nat -A POSTROUTING -s AzureLocalSubnet/24 -d localSubnet/24 -j MASQUERADE

Start the service (on boot)

$ sudo ipsec restart

$ sudo systemctl enable strongswan

Status

$ sudo ipsec status

Used Hass.io components & cards

Cards

• https://github.com/custom-cards/button-card
• https://github.com/kalkih/mini-graph-card
• https://github.com/thomasloven/lovelace-card-mod
• https://github.com/nervetattoo/simple-thermostat
• https://github.com/benct/lovelace-multiple-entity-row
• https://github.com/maykar/lovelace-swipe-navigation

Components

• https://github.com/hassio-addons/addon-node-red
• https://github.com/Koenkk/zigbee2mqtt
• https://www.home-assistant.io/docs/mqtt/broker/
• https://github.com/philhawthorne/ha-dockermon

Icons: http://materialdesignicons.com/

Screenshots