added script to create certs

Gatecounter service added
Gatecounter db now initialized by the gatecounter itself courtesy of SQLAlchemy

.env.template

@@ -25,5 +25,3 @@ GRAFANA_DB_NAME=
 #must match value in grafana.ini
 GRAFANA_DB_ROOT_PW=
 
-GATECOUNTER_SCRIPT=
-EMAIL_ADDRESS=

.gitignore

@@ -100,3 +100,4 @@ ENV/
 # mypy
 .mypy_cache/
 .vscode/settings.json
+certs/*

README.md

@@ -16,7 +16,7 @@ Please also, in a developer's text editor e.g. NotePad++ or Microsoft Visual Stu
 * Register for [DuckDNS](https://www.duckdns.org/) and have your subdomain name and token ready
 * Make sure ports 80 and 443 are accessible on your host machine and your machine has a connection to the Internet
 * Copy .env.template to .env with `cp .env.template .env` *DO NOT COMMIT AND PUSH .env TO A PUBLIC GIT REPOSITORY UNLESS YOU WANT TO GET HACKED!!!*
-* Edit the files .env and .configs/grafana.ini, updating configuration values with your desired configuration
+* Edit the files .env, .configs/traefik.toml, and .configs/grafana.ini, updating configuration values with your desired configuration
 * Run `docker-compose config` from this directory to doublecheck that docker-compose.yaml file contains no syntax errors and that all your options from .env were correctly filled in
 
 ## Creating Your Stack
@@ -32,7 +32,6 @@ To Stop or (re)Start a container in your stack without removing it, run `docker-
 Run the following commands to update the images your containers use and recreate/restart the containers using them
 
 ```bash
-docker-compose build
 docker-compose pull
 docker-compose up -d
 docker image prune -f

configs/traefik/traefik.toml

@@ -0,0 +1,7 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /certs/gatecounter.crt
+        keyFile: /certs/gatecounter.key
+

docker-compose.yaml

@@ -54,7 +54,7 @@ services:
       - "3306"
 
   grafana:
-    image: grafana/grafana:latest
+    image: grafana/grafana:6.4.3
     container_name: grafana #redundant, would have defaulted to the service name anyway
     restart: unless-stopped
     volumes:
@@ -71,13 +71,11 @@ services:
       - traefik.http.routers.grafana-http.middlewares=https-only #redirect all http requests to https
       - traefik.http.routers.grafana-https.entrypoints=https
       - traefik.http.routers.grafana-https.tls=true
-      - traefik.http.routers.grafana-https.tls.certResolver=gatecounter
       - traefik.http.services.grafana.loadbalancer.server.port=3000 #on this port...
     expose:
       - "3000" #makes this port accessible to other containers on the same network, but not availble directly on the host system
     depends_on: #specifies which containers must be up and running before this one can be started
       - reverse-proxy
-      - grafana-db
       - gatecounter-db
     environment:
       GF_SERVER_ROOT_URL: https://${GRAFANA_DOMAIN_NAME}
@@ -108,20 +106,6 @@ services:
     expose:
       - "3306" #this database only needs to be accessible internally to grafana
 
-  #this container makes sure a domain you register for free on https://duckdns.org always points to where this is running
-  dynamic-dns:
-    image: lsioarmhf/duckdns
-    container_name: duckdns
-    environment:
-      SUBDOMAINS: ${DUCKDNS_SUBDOMAIN:?Please provide a duckdns subdomain for your project.  Please edit .env with this value} #replace with the domain you registered.
-      TOKEN: ${DUCKDNS_TOKEN:?Please provide a duckdns token for your domain.  Please edit .env with this value} #the token duckDNS provides you for domain updates
-      TZ: ${TZ:-America/New_York}
-    labels:
-      - traefik.enable=false #tells traefik reverse proxy to ignore this container, do not proxy requests to it
-    restart: always #if this container stops for any reason, docker will restart it automatically
-    networks:
-      - default #put this service on the built-in docker bridge network
-
   reverse-proxy:
     image: traefik:latest
     container_name: traefik
@@ -133,11 +117,9 @@ services:
       - "--accesslog=true"
       - "--log=true"
       - "--log.level=INFO"
-      - "--certificatesResolvers.gatecounter.acme.email=${EMAIL_ADDRESS:?An email address to use to obtain a SSL Cert is required.   Please edit .env with this value}"
+      - "--providers.file.directory=/etc/traefik/custom/"
-      - "--certificatesResolvers.gatecounter.acme.storage=/etc/traefik/acme/acme.json"
-      - "--certificatesResolvers.gatecounter.acme.dnsChallenge=true"
-      - "--certificatesResolvers.gatecounter.acme.dnsChallenge.provider=duckdns"
     labels:
+      - "com.ouroboros.enable=true" #enables watchtower for auto updates
       - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
       - "traefik.http.middlewares.https-only.redirectscheme.permanent=true"      
     restart: unless-stopped #Docker will automatically restart this container unless you intentionally stopped it
@@ -146,12 +128,8 @@ services:
       - 443:443
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock  #allows traefik to monitor for changes and to read labels
-      - traefik-cert-gc:/etc/traefik/acme/ #volume for storing LetsEncrypt cets
+      - ./certs/:/certs/:ro
-    #The following section allows you to deifne services which must be started before this service can start
+      - ./configs/traefik:/etc/traefik/custom:ro
-    depends_on:
-      - dynamic-dns
-    environment:
-      DUCKDNS_TOKEN: ${DUCKDNS_TOKEN:?Please provide a duckdns token for your domain.  Please edit .env with this value} #allows traefik to obtain ssl certs for your domain(s) automatically enabling you to use https for security
     networks:
       - gatecounter
 
@@ -161,7 +139,6 @@ services:
 volumes:
   gatecounter-db:
   grafana-db:
-  traefik-cert-gc:
   grafana_data:
   grafana_home:
   grafana_logs:

gatecounter-scripts/PIRdbWriteGate.py

@@ -7,7 +7,7 @@ import sys
 from argparse import ArgumentParser
 from concurrent.futures import ThreadPoolExecutor, CancelledError, wait
 from datetime import datetime
-from queue import SimpleQueue
+from queue import Queue
 
 import RPi.GPIO as GPIO
 
@@ -30,11 +30,11 @@ Base = declarative_base()
 class PIR_Detection(Base):
     __tablename__ = "PIRSTATS"
 
-    timestamp = Column('timestamp', DateTime, nullable=False, primary_key=True)
+    time = Column('datetime', DateTime, nullable=False, primary_key=True)
     count = Column('count', Integer, nullable=False)
 
 
-Detection=collections.namedtuple("Detection", ['timestamp','count'])
+Detection=collections.namedtuple("Detection", ['time','count'])
 
 class PIRgate:
     def __init__(self, hostname, username, password, database):
@@ -46,7 +46,7 @@ class PIRgate:
         GPIO.setup(self.PIR_PIN, GPIO.IN)
         # End GPIO setup
         self._pool=ThreadPoolExecutor()
-        self._detection_queue=SimpleQueue()
+        self._detection_queue=Queue()
         if not hostname:
             stdout,stderr = subprocess.Popen(['docker',
                                               'inspect',
@@ -80,7 +80,7 @@ class PIRgate:
             try:
                 detection = self._detection_queue.get()
                 session = self.Session()
-                session.add(PIR_Detection(timestamp=detection.timestamp, count=detection.count))
+                session.add(PIR_Detection(time=detection.datetime, count=detection.count))
             except KeyboardInterrupt:
                 session.rollback()
                 raise

generate_certs.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+openssl req -newkey rsa:4096 \
+            -x509 \
+            -sha256 \
+            -days 36500 \
+            -nodes \
+            -out ./certs/gatecounter.crt \
+            -keyout ./certs/gatecounter.key