Owntracks Update to E-Book: Home Assistant – Open Source Home Automation Platform for IoT (Internet of Things) & more

In 2017 I wrote “Home Assistant – Open Source Home Automation Platform for IoT (Internet of Things) & more” and “Mosquitto – MQTT BROKER FOR IoT (Internet of Things)” which both sold really well and people especially liked the secure MQTT setup. The eBooks are available at DigitalBooks24

 

Since 2017 a lot of Thing happened and I though it is time to get some update out.The servers already was updated to FreeBSD 12.2 and all the installed software was upgraded to the last version. Home Assistant is version 2021.1.5 running on Python 3.7.

Things I wanted to have

Because all mobile Phones are degoogeled using LineageOS (https://kmj.at/Am%20Android%20Tablet%20oder%20Smartphone%20mit%20LineageOS%20f%C3%BCr%20Sicherheit%20und%20Privatsph%C3%A4re%20sorgen%20%28Teil%206%29/) without gapps and a very secure setup, Nexttrack makes it possible to report without any depencies to Google services and libraries. I do not even have a Google account.

The Todo’s

First of all, I setup Nexttrack via F-Droid on two devices to have some test equipment for the next steps. The Home Assistant main screen currently looks like this:

The Nextrack screen on mobile was default:

Now the MQTT servers needs a recheck to have something the Nexttrack clients can report to. But first we should look for a MQTT.fx alternate. MQTT.fx was a cool tool for debugging MQTT stuff, but now is not more available as Open Source it looks like. So I checkout

will and more infos later here.

Authentication

In the book i used client certificated to authenticate the devices to the public broker. I decided to got to TLS1.2 using the CA created with XCA and passwords. That way communication is encrypted, but new devices are easier to add.

It is a must to import the CA.crt (CA Cert of the public MQTT Broker) into the devices. Just mail it to you and add it.

We should remove the old devices from the pwfile on the public broker and create new passwords for the new devices:

mosquitto_passwd /usr/local/etc/mosquitto/pwfile username

Furthermore there is need to redo the aclfile on the public broker. Details about the topics can be found here:

As an example, suppose Jane (username jjolie) should be able to publish to her OwnTracks MQTT topics and Fred (username fred) should be allowed to see Jane’s location, we could configure something like this:

user jjolie
topic owntracks/jjolie/#

user fred
topic read owntracks/jjolie/5s
topic owntracks/fred/nexus/#

But do not delete the Bridge config as described in the book!

Connect the first clients

Now we are ready to configure Nexttrack on the first device. I love to use the tablet with keyboard for testing. This makes things easier then typing on the small phone screen.

  • Set MQTT, Hostname and Port in Nexttrack
  • Set username, password, device id (name the topic) and tracker id (I use K1 and K2)

After both devices publish to the broker, they are both visible on both devices on the map too. This works really nice.

Setup Owntracks Recorder

To be able to record the trips it looks like Owntracks recorder would be a nice thing.

We run on FreeBSD and there isn no package on their links, but it is available as ot-recorder in the FreeBSD packages. So a

pkg install ot-recorder

and

#OT Recorder
otrecorder_enable="YES"

in /etc/rc.conf on the LAN broker which also holds Home Assistant, is enough to get it installed.

We add a user for otrecorder and the fitting ACL’s:

###########################################################
# configurations ot-recorder
###########################################################
#
user otrecorder
topic read $SYS/#
topic read owntracks/#
#

in aclfile. Do not delete other stuff! Finally create the ot-recorder.conf which is realls easy. Add hostname, port, username and password. Then start ot-recorder.

NOTES TO MYSELF

to have working TLS on localhost change from localhost to FQDN of the host and set require_certificate false to avoid need for client certs on LAN broker. BOTH IS REQUIRED OTHERWISE WE FAIL!

There is a bug in the current package /var/run/ot-recorder is created but should be named /var/run/otrecorder as named in the rc script. a

ln -s ot-recorder otrecorder 

solves out problem. After we have ot-recorder running we should place it behind the reversed proxy which is already running for Home Assistant.

################################################################################
# OWNTRACKS Recorder
################################################################################

# WebSocket URL endpoint
# a2enmod proxy_wstunnel
ProxyPass        /owntracks/ws        ws://127.0.0.1:8083/ws keepalive=on retry=60
ProxyPassReverse /owntracks/ws        ws://127.0.0.1:8083/ws keepalive=on

# Static files
ProxyPass /owntracks                  http://127.0.0.1:8083/
ProxyPassReverse /owntracks           http://127.0.0.1:8083/

Owntracks shows you lot of interesting pages:

Find lot of details here https://github.com/owntracks/recorder . Everything Google free, using Open Street Maps!

The “Last” view is updated via Websocks ass soon as a device repostrs changes via the MQTT Bridge. Nice to follow things.

I finally chenged /usr/local/www/ot-recorder/index.html to fit my personal preferences:

--- index.html.01.KMJ	2021-04-10 15:27:21.456933000 +0200
+++ index.html.03.KMJ	2021-04-10 15:51:43.333785000 +0200
@@ -80,12 +80,12 @@
 				d['f30d'] = f30d;
 
 	var line = "<tr><td>{{ username }} / {{ device }}</td>" +
-	"<td><a href='map/index.html?from={{f12h}}&to={{f0}}&format=geojson&{{udev}}'>12h</a></td>" +
-	"<td><a href='map/index.html?from={{f7d}}&to={{f0}}&format=geojson&{{udev}}'>7d</a></td>" +
+	"<td><a target='_blank' href='map/index.html?from={{f12h}}&to={{f0}}&format=linestring&{{udev}}'>12h</a></td>" +
+	"<td><a target='_blank' href='map/index.html?from={{f7d}}&to={{f0}}&format=linestring&{{udev}}'>7d</a></td>" +
 
-	"<td><a href='map/index.html?from={{f12h}}&to={{f0}}&format=linestring&{{udev}}'>12h</a></td>" +
-	"<td><a href='map/index.html?from={{f7d}}&to={{f0}}&format=linestring&{{udev}}'>7d</a></td>" +
-	"<td><a href='map/index.html?from={{f30d}}&to={{f0}}&format=linestring&{{udev}}'>30d</a></td>" +
+	"<td><a target='_blank' href='map/index.html?from={{f12h}}&to={{f0}}&format=linestring&{{udev}}'>12h</a></td>" +
+	"<td><a target='_blank' href='map/index.html?from={{f7d}}&to={{f0}}&format=linestring&{{udev}}'>7d</a></td>" +
+	"<td><a target='_blank' href='map/index.html?from={{f30d}}&to={{f0}}&format=linestring&{{udev}}'>30d</a></td>" +
 	"</tr>";

Changing Home Assistant

As final thing to do I want to change the Home Assistant views and also open it inside the home WLAN to be password free. The configuration has changed a little bit over the years, I added Bitcoin displays and local Weather stuff, but the basics are still the same as written in the book.

We want to have the devices visible in the map of HA. Some docu is found here https://www.home-assistant.io/integrations/owntracks.

NOTE: Devices that are currently at home won’t show on the map. This was hard to find :-)

To disable Auth based on IPs there is a good docu here:

https://www.home-assistant.io/docs/authentication/providers/

e.g.

Trusted Users Examples

homeassistant:
  auth_providers:
    - type: blog
      trusted_networks:
        - 192.168.0.0/24
        - 192.168.10.0/24
        - fd00::/8
      trusted_users:
        192.168.0.1: user1_id
        192.168.0.0/24:
          - user1_id
          - user2_id
        "fd00::/8":
          - user1_id
          - group: system-users

Now it already looks pretty nice

For now we are done. This will be continued with setting events on entering zones and other stuff. Have fun with your privacy respecting, self hosted setup!

Join my public room in the Matrix

If you like this blog entry feel free to join my public room by entering

/join #kmj:matrix.ctseuro.com

anywhere in the Element Messenger (https://element.io) box to send a message!

Or follow this Link: https://matrix.to/#/#kmj:matrix.ctseuro.com

Help or answering questions ONLY in this room! Commercial support is available in English or German at https://ctssupport.at