An open API service indexing awesome lists of open source software.

https://github.com/alokkusingh/iot-home-stack

IoT Home Stack
https://github.com/alokkusingh/iot-home-stack

Last synced: 5 months ago
JSON representation

IoT Home Stack

Awesome Lists containing this project

README

          

# iot-home-stack
IoT Home Stack

## Telemetry Service
Home Stack Telemetry Service, which is a microservice that collects data from various sensors by listening MQTT Topics and processes it and transmits command to a sensor by publishing to a MQTT Topic.
### MQTT Subscription Topics
- `home/alok/status/<>`
- `home/alok/telemetry/temperature/<>`
- `home/alok/telemetry/humidity/<>`
### MQTT Publish Topics
- `home/alok/command/<>`
### General MQTT Configurations
- Clean State = False
- QoS = TBD
## Mirco Controllers
### ESP32-GeneralPurpose-1
General purpose ESP32 microcontroller for various sensors and actuators.
- Device ID: `esp32-general-purpose-1`
- MQTT Subscription Topic:
- `home/alok/command/esp32-general-purpose-1`
- MQTT Publish Topic:
- `home/alok/telemetry/temperature/esp32-general-purpose-1`
- `home/alok/telemetry/humidity/esp32-general-purpose-1`
#### Sensors
- DHT11 Temperature and Humidity Sensor
- Light Sensor: Photosensitive Resistor Module
### ESP32-CAM-1
#### Sensors
- Camera Module
- Motion Sensor: HC-SR501 PIR
## MQTT Broker
Mosquitto running on Kubernetes
### Miscellaneous Security Configuration
```text
#Possible values are tlsv1.3, tlsv1.2 and tlsv1.1. If left unset, the default allows TLS v1.3 and v1.2
#tls_version

# Path to the PEM encoded server certificate.
certfile /etc/tls/tls.crt
# Path to the PEM encoded keyfile.
keyfile /etc/tls/tls.key

allow_anonymous false

require_certificate true
# cafile and capath define methods of accessing the PEM encoded
# Certificate Authority certificates that will be considered trusted when
# checking incoming client certificates.
# cafile defines the path to a file containing the CA certificates.
cafile /etc/ca/mqtt-signer-ca.crt

#If require_certificate is true, you may set use_identity_as_username to true to use the CN value from the client certificate as a username.
#If this is true, the password_file option will not be used for this listener.
#This takes priority over use_subject_as_username if both are set to true.
use_identity_as_username true

acl_file /etc/acl/acl.conf
```
### ACL (Access Control List)
```text
# Allow user "home-telemetry-svc" to subscribe to all topics
user home-telemetry-svc
topic read $SYS/#
topic read #
topic write home/alok/command/esp32-general-purpose-1

# Allow user "esp32-general-purpose-1" to publish to "sensors/temperature" and "sensors/humidity"
user esp32-general-purpose-1
topic write home/alok/status/esp32-general-purpose-1
topic write home/alok/telemetry/temperature/esp32-general-purpose-1
topic write home/alok/telemetry/humidity/esp32-general-purpose-1
topic read home/alok/command/esp32-general-purpose-1
```
## MQTT Topics
### Sensor Topics
- `home/alok/status/esp32-general-purpose-1`
- `home/alok/telemetry/temperature/esp32-general-purpose-1`
- `home/alok/telemetry/humidity/esp32-general-purpose-1`
### Controller Topics
- `home/alok/command/esp32-general-purpose-1`
## MQTT Payloads
### Temperature Payload
```json
{
"deviceId": "esp32-general-purpose-1",
"epochTime": 1696156800,
"temperature": 25.5,
"unit": "Celsius"
}
```
### Humidity Payload
```json
{
"deviceId": "esp32-general-purpose-1",
"epochTime": 1696156800,
"humidity": 60,
"unit": "%"
}
```
### Device Status Payload
#### Online Status
```json
{
"deviceId": "esp32-general-purpose-1",
"epochTime": 1696156800,
"status": "online",
"ipAddress": "192.168.1.6"
}
```
#### Offline Status
```json
{
"deviceId": "esp32-general-purpose-1",
"epochTime": 1696156800,
"status": "offline",
"lastSeen": "2023-10-01T12:00:00Z"
}
```
### Command Payload
```json
{
"deviceId": "esp32-general-purpose-1",
"command": "turn_on_fan"
}
```
## mTLS (Mutual TLS)

### Root Certificate
```shell
openssl genrsa -des3 -out secret/mqtt-signer-ca.key 2048
```
```shell
openssl req -x509 -new -nodes -key secret/mqtt-signer-ca.key -sha256 -days 365 -out secret/mqtt-signer-ca.crt -subj /C=IN/ST=KA/L=Bengaluru/O=Home/CN=alok-signer
```
### Broker Domain Certificate
```shell
openssl genrsa -out secret/server.key 2048
```
```shell
#openssl req -new -sha256 -out secret/server.csr -key secret/server.key -subj /C=IN/ST=KA/L=Bengaluru/O=Home/CN=192.168.1.201
openssl req -new -out secret/server.csr -key secret/server.key -config secret/openssl-domian-csr.conf
```
```shell
openssl x509 -req -in secret/server.csr -CA secret/mqtt-signer-ca.crt -CAkey secret/mqtt-signer-ca.key -CAcreateserial -out secret/server.crt -days 360 -sha256 -copy_extensions copy
```
### Client Certificate - home-telemetry-service
```shell
openssl genrsa -out secret/mqtt.client.home-telemetry-svc.key 2048
```
```shell
openssl req -new -sha256 -key secret/mqtt.client.home-telemetry-svc.key -subj /C=IN/ST=KA/L=Bengaluru/O=Home/CN=home-telemetry-svc -out secret/mqtt.client.home-telemetry-svc.csr
```
```shell
openssl x509 -req -in secret/mqtt.client.home-telemetry-svc.csr -CA secret/mqtt-signer-ca.crt -CAkey secret/mqtt-signer-ca.key -CAcreateserial -out secret/mqtt.client.home-telemetry-svc.crt -days 365 -sha256
```
```shell
openssl pkcs12 -export -in secret/mqtt.client.home-telemetry-svc.crt -inkey secret/mqtt.client.home-telemetry-svc.key -out secret/mqtt.client.home-telemetry-svc.p12 -name "home-telemetry-svc"
```
```shell
keytool -importkeystore -destkeystore secret/mqtt.client.home-telemetry-svc.jks -deststoretype JKS -srckeystore secret/mqtt.client.home-telemetry-svc.p12 -srcstoretype PKCS12 -alias "home-telemetry-svc"
```
### Client Certificate - home-telemetry-test-service
```shell
openssl genrsa -out secret/mqtt.client.home-telemetry-test-svc.key 2048
```
```shell
openssl req -new -sha256 -key secret/mqtt.client.home-telemetry-test-svc.key -subj /C=IN/ST=KA/L=Bengaluru/O=Home/CN=home-telemetry-test-svc -out secret/mqtt.client.home-telemetry-test-svc.csr
```
```shell
openssl x509 -req -in secret/mqtt.client.home-telemetry-test-svc.csr -CA secret/mqtt-signer-ca.crt -CAkey secret/mqtt-signer-ca.key -CAcreateserial -out secret/mqtt.client.home-telemetry-test-svc.crt -days 365 -sha256
```
```shell
openssl pkcs12 -export -in secret/mqtt.client.home-telemetry-test-svc.crt -inkey secret/mqtt.client.home-telemetry-test-svc.key -out secret/mqtt.client.home-telemetry-test-svc.p12 -name "home-telemetry-test-svc"
```
### Client Certificate - mqtt-fx
```shell
openssl genrsa -out secret/mqtt.client.mqtt-fx.key 2048
```
```shell
openssl req -new -sha256 -key secret/mqtt.client.mqtt-fx.key -subj /C=IN/ST=KA/L=Bengaluru/O=Home/CN=mqtt-fx -out secret/mqtt.client.mqtt-fx.csr
```
```shell
openssl x509 -req -in secret/mqtt.client.mqtt-fx.csr -CA secret/mqtt-signer-ca.crt -CAkey secret/mqtt-signer-ca.key -CAcreateserial -out secret/mqtt.client.mqtt-fx.crt -days 365 -sha256
```
### Client Certificate - esp32-general-purpose-1
```shell
openssl genrsa -out secret/mqtt.client.esp32-general-purpose-1.key 2048
```
```shell
openssl req -new -sha256 -key secret/mqtt.client.esp32-general-purpose-1.key -subj /C=IN/ST=KA/L=Bengaluru/O=Home/CN=esp32-general-purpose-1 -out secret/mqtt.client.esp32-general-purpose-1.csr
```
```shell
openssl x509 -req -in secret/mqtt.client.esp32-general-purpose-1.csr -CA secret/mqtt-signer-ca.crt -CAkey secret/mqtt-signer-ca.key -CAcreateserial -out secret/mqtt.client.esp32-general-purpose-1.crt -days 365 -sha256
```
## Miscellaneous
```shell
mosquitto_pub --cafile secret/mqtt-signer-ca.crt --cert secret/mqtt.client.esp32-general-purpose-1.crt --key secret/mqtt.client.esp32-general-purpose-1.key -h khbr -p 31883 -q 1 -t foo/bar -i esp32-general-purpose-1 --tls-version tlsv1.3 -m "Hello" -d
```
```shell
mosquitto_pub --cafile secret/mqtt-signer-ca.crt --cert secret/mqtt.client.esp32-general-purpose-1.crt --key secret/mqtt.client.esp32-general-purpose-1.key -h 192.168.1.201 -p 31883 -q 1 -t home/alok/telemetry/temperature/esp32-general-purpose-1 -i esp32-general-purpose-1 --tls-version tlsv1.2 -m "Hello" -d --will-topic home/alok/status/esp32-general-purpose-1 --will-payload "offline" --will-qos 1
```
```shell
mosquitto_sub --cafile secret/mqtt-signer-ca.crt --cert secret/mqtt.client.esp32-general-purpose-1.crt --key secret/mqtt.client.esp32-general-purpose-1.key -h khbr -p 31883 -q 1 -t foo/bar -i esp32-general-purpose-1 --tls-version tlsv1.2 -d
```
```shell
openssl s_client -connect khbr:31883 -showcerts -CAfile secret/mqtt-signer-ca.crt
```
```shell
openssl req -noout -text -in secret/server.csr
```
```shell
openssl x509 -noout -text -in secret/server.crt
```