Smart home in containers (ioBroker + Zigbee in Docker)

Introduction

For some time I used several standard Sonoff relays that control the light through the Google Home Mini. But in the end I wanted more. The standard functionality is not enough, I decided to gradually make the system something more flexible. I chose ioBroker.



At first, as usual, I looked, chose, checked pieces of functionality. When the basic necessities worked separately, I began to put them together. And, of course, I ran into problems.



The main difficulties:

• What exactly to choose? After all, there are many ways to implement our plan. And even in the chosen solution there are many options ...
• There are no ready-made instructions on how to put together exactly the set of solutions I have chosen and precisely in my configurations.

What I chose, why, what difficulties I encountered and how to solve them, and it will be discussed.



Looking ahead, I will describe how ioBroker launched in docker on an old laptop and threw Zigbee into it to interact with Xiaomi sensors directly, without a gateway. I don’t give standard instructions, only my “bumps”.



Since it’s not yet productive, it’s quite possible to change something. So I will be grateful for the advice and corrections :)

Wishlist and the train of my thoughts

There were Sonoff reels (wound up in eWeLink), some kind of extension cord (Tuya SmartLife), Xiaomi gateway with several sensors (Mi Home), Google Home Mini column.



eWeLink and SmartLife normally picked up on Google Home, listened to voice commands such as "Turn on the lights over the table." Mi Home did not start (there are few Xiaomi devices supported in Google Home).



I put ioBroker, picked up the Xiaomi Gateway, in principle, everything worked. Everything is beautiful, I checked the scripts, they are written (I chose Node-Red), I decided to do everything on this.



However, I am not a professional admin, I can figure out how to put it ready, but I don’t know what subtleties like libraries and components are put into (and I don’t want to delve deeply). Therefore, it bothered me a bit that ioBroker needed nodejs, some npm that I had no business with before. There are difficulties with versions (like the standard yum from the repository put too old nodejs, etc.).



Well i.e. I started everything, but the fear remained in my heart that although it works, I don’t understand how. And if, for example, something breaks during an upgrade, I won’t know how to fix it. But in addition to ioBroker, I also wanted to pile other systems on the laptop.



I’ll put, for example, an update on something that seems to work. And after some time it turns out that it works badly. We'll have to roll back the backup a month ago. Moreover, the backup is not only of this system, but of all others, because I do not understand to the end where from which system the executable files are, where are the configuration files, where is the data itself ...



It bothered me a lot, so I decided to use Docker. The code in the container. Data separately, the directory is mounted on the host. Easy to backup.



Is there a new version? Yes, even on another virtual machine it is easy to check how the new version of the container with data from this directory will work. Different systems do not interfere with each other. It’s easy to roll back the binaries of some system back. Again, it’s easy to transfer to something else (ioBroker in the container works both on Synology and on single-board). The beauty!



There will also be requirements (to make available via the Internet, but not publicly available for security), they will affect further when choosing configurations.

Installation

The host OS is not critical, I downloaded CentOS (from the old memory I remembered that for all network tasks it worked quite stably and buglessly). The current version was Cent OS 8.



Set. I made basic settings such as hostname, fail2ban (just a habit, although the host is only in LAN). Put Docker. I will not dwell on this. Example instructions .



It's time to launch ioBroker. But which network to choose? Host or Macvlan?



First, Macvlan wanted each container to get its IP address from the router. But then he decided to abandon this venture:

• With Host, of course, you need to explicitly indicate which ports to forward, make sure that they do not overlap with other containers. But
• iptables will have to be configured inside each container. Including after each restart with other parameters, upgrade / replacement. And in Host mode, it’s a single point of security management.
• I still plan to make it available not only from home WiFi. And in this case, it is more convenient to make one host accessible from the outside (and a la port-mapping on it) than to configure it for several.

Currently checked ZeroTier One. Installed it only on the host. Accessing the IP address of this host (not local, but issued by ZeroTier) and port 8082 from the mobile phone via GPRS when the ZeroTier client is running perfectly opens the vis interface.



So standard

docker run -d --name ioBroker -p 8081:8081 -p 8082:8082 -v /opt/iobroker/:/opt/iobroker/ --device=/dev/ttyACM0 --env-file /opt/ioBroker_env.list --restart=always buanet/iobroker:latest
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

Oops Something went wrong.



docker logs ioBroker



shows that in the last step there is no connection to external resources. I can’t get the name out of tune.



docker exec -it ioBroker bash



shows that ping over IP passes fine from it, but not by name.



Google, I find a bunch of links about how the docker incorrectly substitutes the DNS server, the rule /etc/docker/daemon.json, I understand dnsmasq - nothing helps.



A thought creeps in, suddenly something is blocked at the network level. But there is no telnet or curl in the container, I can’t check. Installing is also not easy - yum install does not work. You can, of course, manually specify the required hosts in / etc / hosts, but this is too time-consuming, I’ll better check other versions.



For example, I stupidly stop firewalld on the host in the hope that everything will open. But no.



I recall that port availability can still be checked with wget. And he is in the container! And can’t download anything even by IP. Even the web interface of the home router can not connect. Well, that means the problem is definitely not in the DNS, but in iptables.



As a result, everything worked after adding the docker interface to the trusted zone:

 sudo firewall-cmd --permanent --zone=trusted --change-interface=docker0 sudo firewall-cmd --reload
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

That's even interesting, is it I overlooked somewhere in the instructions?



Or would I take not CentOS 8, but something else, there would be no problem (in other OS it does not firewall by default)?



Or is it so obvious to everyone that they don’t write in the instructions, I’ve been dumb for a long time alone?

Zigbee

So, my ioBroker is in the container, and it only has a few ports published. Now it is the admin 8081 and vis 8082, then mqtt 1883 will be added and, perhaps, something to support Tuya (I saw such a driver, but have not figured it out yet).



Alas, to interact with Xiaomi devices through its gateway, multicasts are needed, and with this in this configuration of complexity. Therefore, I decided to throw in a USB stick container. Also a normal operation.



On the command line, you have already seen --device=/dev/ttyACM0



for this. The device in the container appeared. In ioBroker, I activated the standard driver “Zigbee for Xiaomi and other devices”, but it did not work.



Google suggests that you need to add a user to the dialout group to access the serial port. I go into the container, add iobroker to this group - it does not help.



I see the hints that you need to install the serialport package through npm.



I can’t, no rights. Google further.



Bluefox alone tells someone that this needs to be done from the /opt/iobroker/node_modules/iobroker.javascript/ directory - I don’t have one, and still have no installation rights (well, that is, installation starts, and then crashes).



Finally, it dawns on me that I need to explicitly specify in the command line in which directory to put.

 npm install -g serialport --production --save --prefix "/opt/iobroker"
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

It is installed, but does not help.



I'm starting to suspect that you still need to deal with access rights. Checking (from inside the container, of course):

 test -w /dev/ttyACM0 && echo success || echo failure
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

Success Those. Still, the docker threw the device correctly.

 sudo -H -u iobroker test -w /dev/ttyACM0 && echo success || echo failure
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

Goofy! Failure



bash inside the container runs under the root, But from the iobroker user there is no access to the port. Despite pre-adding it to the dialout group.



ls -l /dev/ttyACM0



gives

 crw-rw----. 1 root 18 166, 0 Nov 3 18:14 /dev/ttyACM0
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

Ha! What is 18 instead of the name of the group?



Everything is correct on the main host: crw-rw----. 1 root dialout 166, 0 Nov 3 15:15 /dev/ttyACM0



crw-rw----. 1 root dialout 166, 0 Nov 3 15:15 /dev/ttyACM0







It turns out that on the main host in / etc / group dialout:x:18



, and in the container dialout:x:20







Although I added a user to the group with that name, there’s no sense, the number is not the same. So I created another group with identifier 18, and added the user to it already:

 groupadd -g 18 serial usermod -a -G serial iobroker
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
     

I restarted everything for greater certainty. And on this my showdown ended :)



Calmly untied all the sensors from the Xiaomi gateway, tied to ioBroker.



I see them as objects in ioBroker itself:







Vis readings are read:







When the contacts on the leakage sensor are closed, data is received. And the picture is changing:







And in Node-Red, the signal comes. Accordingly, although email or something else is being sent, a voice or MP3 file is sent to the GH Mini column:







By the way, when viewing the objects a surprise awaited me:







I turned the Xiaomi Cube to another side. The latest changes are shown in green.

Flip90 has changed - this is understandable. This signal is caught for control. But, it turns out, there is still flip90_from and flip90_to - from which side he turned.



It turns out that, in theory, you can get even more control signals from the cube. For example, if you draw arrows on the edges (as if in a circle), you can track not just “turn 90”, but also in which direction (from yourself or to yourself, left or right).



For flip180 it also works. And for other gestures there is similar additional information (Top side on flip 180 °, Top side on slide, Top side on tap)



Not that it was desperately needed. But in the standard Mi Home there was no information about the faces. It seems that with the previous connection via Xiaomi Gateway, I also did not see it, I did not know that each face has a number. Previously, I only knew about the additional action of fall (free fall), which was, but they were expelled from Mi Home (apparently, they dropped it too often).

The final

All I need is working. Then you can bring beauty, write scripts, connect Tuya, launch a container with Blynk for other projects ...



And, perhaps, to redo something based on your comments :)