update to PIT script and README

improvements to PIRdbWriteGate.py
gatecounter db initialized by python script
updated .env.template
python scripts now run by gatecounter service
gatecounter service build from Dockerfile

.env.template

@@ -25,3 +25,5 @@ GRAFANA_DB_NAME=
 #must match value in grafana.ini
 GRAFANA_DB_ROOT_PW=
 
+GATECOUNTER_SCRIPT=
+EMAIL_ADDRESS=

.gitignore

@@ -100,4 +100,3 @@ ENV/
 # mypy
 .mypy_cache/
 .vscode/settings.json
-certs/*

README.md

@@ -16,7 +16,7 @@ Please also, in a developer's text editor e.g. NotePad++ or Microsoft Visual Stu
 * Register for [DuckDNS](https://www.duckdns.org/) and have your subdomain name and token ready
 * Make sure ports 80 and 443 are accessible on your host machine and your machine has a connection to the Internet
 * Copy .env.template to .env with `cp .env.template .env` *DO NOT COMMIT AND PUSH .env TO A PUBLIC GIT REPOSITORY UNLESS YOU WANT TO GET HACKED!!!*
-* Edit the files .env, .configs/traefik.toml, and .configs/grafana.ini, updating configuration values with your desired configuration
+* Edit the files .env and .configs/grafana.ini, updating configuration values with your desired configuration
 * Run `docker-compose config` from this directory to doublecheck that docker-compose.yaml file contains no syntax errors and that all your options from .env were correctly filled in
 
 ## Creating Your Stack
@@ -32,6 +32,7 @@ To Stop or (re)Start a container in your stack without removing it, run `docker-
 Run the following commands to update the images your containers use and recreate/restart the containers using them
 
 ```bash
+docker-compose build
 docker-compose pull
 docker-compose up -d
 docker image prune -f

configs/traefik/traefik.toml

@@ -1,7 +0,0 @@
-tls:
-  stores:
-    default:
-      defaultCertificate:
-        certFile: /certs/gatecounter.crt
-        keyFile: /certs/gatecounter.key
-

docker-compose.yaml

@@ -54,7 +54,7 @@ services:
       - "3306"
 
   grafana:
-    image: grafana/grafana:6.4.3
+    image: grafana/grafana:latest
     container_name: grafana #redundant, would have defaulted to the service name anyway
     restart: unless-stopped
     volumes:
@@ -71,11 +71,13 @@ services:
       - traefik.http.routers.grafana-http.middlewares=https-only #redirect all http requests to https
       - traefik.http.routers.grafana-https.entrypoints=https
       - traefik.http.routers.grafana-https.tls=true
+      - traefik.http.routers.grafana-https.tls.certResolver=gatecounter
       - traefik.http.services.grafana.loadbalancer.server.port=3000 #on this port...
     expose:
       - "3000" #makes this port accessible to other containers on the same network, but not availble directly on the host system
     depends_on: #specifies which containers must be up and running before this one can be started
       - reverse-proxy
+      - grafana-db
       - gatecounter-db
     environment:
       GF_SERVER_ROOT_URL: https://${GRAFANA_DOMAIN_NAME}
@@ -106,6 +108,20 @@ services:
     expose:
       - "3306" #this database only needs to be accessible internally to grafana
 
+  #this container makes sure a domain you register for free on https://duckdns.org always points to where this is running
+  dynamic-dns:
+    image: lsioarmhf/duckdns
+    container_name: duckdns
+    environment:
+      SUBDOMAINS: ${DUCKDNS_SUBDOMAIN:?Please provide a duckdns subdomain for your project.  Please edit .env with this value} #replace with the domain you registered.
+      TOKEN: ${DUCKDNS_TOKEN:?Please provide a duckdns token for your domain.  Please edit .env with this value} #the token duckDNS provides you for domain updates
+      TZ: ${TZ:-America/New_York}
+    labels:
+      - traefik.enable=false #tells traefik reverse proxy to ignore this container, do not proxy requests to it
+    restart: always #if this container stops for any reason, docker will restart it automatically
+    networks:
+      - default #put this service on the built-in docker bridge network
+
   reverse-proxy:
     image: traefik:latest
     container_name: traefik
@@ -117,9 +133,11 @@ services:
       - "--accesslog=true"
       - "--log=true"
       - "--log.level=INFO"
-      - "--providers.file.directory=/etc/traefik/custom/"
+      - "--certificatesResolvers.gatecounter.acme.email=${EMAIL_ADDRESS:?An email address to use to obtain a SSL Cert is required.   Please edit .env with this value}"
+      - "--certificatesResolvers.gatecounter.acme.storage=/etc/traefik/acme/acme.json"
+      - "--certificatesResolvers.gatecounter.acme.dnsChallenge=true"
+      - "--certificatesResolvers.gatecounter.acme.dnsChallenge.provider=duckdns"
     labels:
-      - "com.ouroboros.enable=true" #enables watchtower for auto updates
       - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
       - "traefik.http.middlewares.https-only.redirectscheme.permanent=true"      
     restart: unless-stopped #Docker will automatically restart this container unless you intentionally stopped it
@@ -128,8 +146,12 @@ services:
       - 443:443
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock  #allows traefik to monitor for changes and to read labels
-      - ./certs/:/certs/:ro
-      - ./configs/traefik:/etc/traefik/custom:ro
+      - traefik-cert-gc:/etc/traefik/acme/ #volume for storing LetsEncrypt cets
+    #The following section allows you to deifne services which must be started before this service can start
+    depends_on:
+      - dynamic-dns
+    environment:
+      DUCKDNS_TOKEN: ${DUCKDNS_TOKEN:?Please provide a duckdns token for your domain.  Please edit .env with this value} #allows traefik to obtain ssl certs for your domain(s) automatically enabling you to use https for security
     networks:
       - gatecounter
 
@@ -139,6 +161,7 @@ services:
 volumes:
   gatecounter-db:
   grafana-db:
+  traefik-cert-gc:
   grafana_data:
   grafana_home:
   grafana_logs:

gatecounter-scripts/PIRdbWriteGate.py

@@ -7,7 +7,7 @@ import sys
 from argparse import ArgumentParser
 from concurrent.futures import ThreadPoolExecutor, CancelledError, wait
 from datetime import datetime
-from queue import Queue
+from queue import SimpleQueue
 
 import RPi.GPIO as GPIO
 
@@ -30,11 +30,11 @@ Base = declarative_base()
 class PIR_Detection(Base):
     __tablename__ = "PIRSTATS"
 
-    time = Column('datetime', DateTime, nullable=False, primary_key=True)
+    timestamp = Column('timestamp', DateTime, nullable=False, primary_key=True)
     count = Column('count', Integer, nullable=False)
 
 
-Detection=collections.namedtuple("Detection", ['time','count'])
+Detection=collections.namedtuple("Detection", ['timestamp','count'])
 
 class PIRgate:
     def __init__(self, hostname, username, password, database):
@@ -46,7 +46,7 @@ class PIRgate:
         GPIO.setup(self.PIR_PIN, GPIO.IN)
         # End GPIO setup
         self._pool=ThreadPoolExecutor()
-        self._detection_queue=Queue()
+        self._detection_queue=SimpleQueue()
         if not hostname:
             stdout,stderr = subprocess.Popen(['docker',
                                               'inspect',
@@ -80,7 +80,7 @@ class PIRgate:
             try:
                 detection = self._detection_queue.get()
                 session = self.Session()
-                session.add(PIR_Detection(time=detection.datetime, count=detection.count))
+                session.add(PIR_Detection(timestamp=detection.timestamp, count=detection.count))
             except KeyboardInterrupt:
                 session.rollback()
                 raise

generate_certs.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-openssl req -newkey rsa:4096 \
-            -x509 \
-            -sha256 \
-            -days 36500 \
-            -nodes \
-            -out ./certs/gatecounter.crt \
-            -keyout ./certs/gatecounter.key