IoT server installation and setup

After my server had twice a new installation made necessary by a hardware defect of the system hard drive. The backup was already several weeks old and therefore had to be extensively reconfigured, I decided to change my complete setup on Ansible. In conjunction with Vagrant, even the possibility to automatically test updates beforehand in a VM.

In short, it is automated smarthome server setup, which gives you access to a 100% pre-installed and configured system virtually at the touch of a button. In conjunction with Vagrant even gives the opportunity to test the whole in a virtual machine.

The required Ansible scripts and the Vagrant script can be obtained and tested under the following url.

Just clone, install Vagrant and run:

vagrant up

How it works

Vagrant will create a virtual machine if it does not exists or will start a already existing virtual machine. At the end it will run the ansible script inside to install and configure the system. Later you can also run the ansible script by yourself to apply updates if you made changes to the configuration. If anything goes wrong in case of an error (Most of the cases are network issues where an external server are not reachable) ansible can continue at any point. Just rerun the script. In my case, I use Vagrant to test everything and call ansible directly on my production machine.

One thing you should keep in mind. You must be more strict if you make changes to your system. You should never configure your system directly. All changes should happen inside the ansible configurations and ansible applies them to the server. There are 2 place where you should take a look. The first one is the config folder. It contains variables for usernames, password, file pathes, ports etc. The second one is the role folder. It contains ansible roles which contains the logic how to setup and install individual parts.

Below is a list of all services which are deployed. All required files are either downloaded automatically or are part of the Ansible project.


My access to the home network is implemented via OpenVPN. In addition, a second VPN is set up with a friend which is used to synchronize my backups, as well as a cloud “playground”.

Cron Script

This script wraps all my CRON jobs and logs all calls to the systemd journal. If an error occurs, it also sends a message to the root user. Originally, the real reason for the script was the ability to allocate a reasonable mail subject which makes it easier to create better filter rules for GMail.


Several cron jobs are set up to, e.g. mirror my data partition on my Raid system, backing up databases, cleaning up databases or downloading the picture of the day (POTD).


As an SSH server OpenSSH is used. In this setup, the permitted users or IPs are explicitly configured.


As a firewall, I use the firewalld to control which IP networks and services are allowed.


Mainly it is used to realize my mobile access. For this I use a public registered domain name, which however resolves to My own DNS, on the other hand, “overwrites” the entry and resolves to the correct server. i.e. I have to either be directly in my network or be connected via VPN to access my domain name. In order to use my Handyapps (openhab, nextcloud etc) I must either be at home or start the VPN. The latter I have comfortably achieved by an OpenVPN Shortcut shortcut on my homescreen.

Postfix (Mail)

The mail system serves to forward all mails to the user root or postmaster to a google account. The advantage is that all further services only need to be sent to the user root.


MDADM is for RAID monitoring and error notification.


SMARTD is used for hard disk hardware monitoring and error notification.

NFS Server

Used to provide a friend with a data container for his encrypted backups in the previously mentioned second VPN.

Samba Server

Samba the Windows shares for Nextcloud Files.

FTP Server

One of my outdoor cameras sends motion pictures that are stored here. They are stored for 2 days and then deleted. The FTP Server is so far drawn that only this camera is allowed to interact via FTP.


ClamAV is a malware and antivirus program.

PHP and a variety of modules

Some of my maintenance scripts are based on PHP. In addition, it is needed for Nextcloud.

Oracle Java

Is used for openHAB as well as Cloudsync. In addition, the Java Security Policy deployed which is necessary for a high-quality Cloudsync encryption.

Apache Maven

Maven is a build tool and is used for Cloudsync
ist ein Build Tool und wird für verwendet.

Apache Ant

Ant is a build tool and is used for Jython.

Java Jython

Jython is a Python runtime for Java. Used by the openHAB Python Rule Engine.

Apache Webserver

The Apache webserver acts as a proxy for all externally available web services. The advantage is that access management can be centralized via Apache.

Apache Web UI

A rudimentary web interface to reach all services.


MySQL is a SQL database.


phpMyAdmin is a web interface to manage MySQL.


InfluxDB is a timeseries database. openHAB is filled with data and Grafana is used to visualize.


Elasticsearch is a NoSQL database. Used to save all messages of the system centrally and later expand them. More about this under chapters Fluentd and Kibana.


Kibana is a web interface to conveniently search log messages in Elasticsearch.


Redis is a memory database to accelerate Nextcloud.


Nextcloud is a web-based cloud solution for files, contacts, appointments, etc.

Additionally I use the news plugin as my main newsfetcher. This brings me from different sources every day from about 300 messages, which I can then read on my phone, tablet or the desktop. Being centrally noticed what I have already read.

Furthermore, I also use the Keeweb plugin which allows me a platform and cross-device password management.


Netdata is used for server monitoring. It notifies or warns of a “not normal” server behavior. In my case, it measures and monitors every second about 2000 values ​​on my server.


I use Grafana to visualize my InfluxDB data. They can either be accessed directly via the Web UI or embedded in the relevant places in my openHAB sitemap.


Mosquitto is an MQTT broker which is required for communication with my Roomba vacuum cleaner robot.


Service for communication with my vacuum cleaner robots. This connects to my Roomba and transfers the provided values ​​into the Mosquitto broker which in turn provides the data for openHAB.


VControld is a service to communicate with my heating. It is needed for my openHAB heating control.


This script periodically reads out my electricity meter and transfers the data to openHAB via the REST interface.


In short, openHAB serves to control my different systems (KNX, radio, USB, serial, network etc) via “bindings”. Using a rules engine, even complex control scenarios can be mapped. Data can be recorded, logged and graphically processed. The whole is visualized either via a web interface or via Android / iOS apps. In addition, there is also a REST API to the system.

It’s almost the heart of my IOT solution.

openHAB Toolbox

Small collection of scripts which I need for further functionalities. There are e.g. a weather fetcher which pulls data for later visualization in Habpanel. Furthermore, it contains CLI Script with the help of which I can generate all InfluxDB Timeseries from my MySQL data.

openHAB Wall mounted Display

A Habpanel based web UI for tablets.

Alexa Skill

Alexa Skill for my home automation.


Fluentd is a logfile collector that generalizes the Systemd, Apache and openHAB logs and stores them in Elasticsearch. All other services already send their data to the systemd log ins are already covered.

In addition, I monitor http status codes like 404 or 500 to generate custom log levels.


Elastalert is my central error monitoring. It periodically checks Elasticsearch for log messages of level ERROR or WARN, groups them and notifies me by mail.


Cloudsync is my own backup solution which works similar to rsync. This, however, completely devious.

You like this page?
You can support me by visiting my advertising partners. Just click on the banner below.