Anth's Computer Cave

AAIMI Home Automation Tutorial Hub

Use the buttons below to read all of the AAIMI Home Automation tutorials.

AAIMI Home Automation 0.9 advanced configuration and usage

13th February, 2018

You've now installed and configured AAIMI Home Automation with default settings and added your housemates, devices and cameras. You've most-likely explored the web-based GUI and checked out your home data in the Python GUI.

In this article I'll cover some of the advanced settings and features. This will be an ongoing article with content added as I find time, so check back now and again.


Network

One of the major components of AAIMI Home Automation is a web server, so first we'll cover some communication options and considerations.

You can choose to access the system only over your LAN (Local Area Network), or allow valid users to connect remotely to view and control the home. This is decided by the settings on your home's router.

No incoming access

By default, home routers will not allow incoming connections to your home network. This is a sensible defense against the various automated bots that scan the web searching for who knows what.

You'll have no access to the main control GUI when you are away from home. You can still get notices like intruder alerts, fire alerts and general home reports while you are away if you enable outgoing email in AAIMI's settings.

You won't be able to realistically use the GPS option for AAIMI's occupancy and location awareness.

Full access

To get the full potential from your system you'll need to open a port on your router to allow incoming connections to your Raspberry Pi. There are a few safety considerations.

Remove any default passwords from your router and The Raspberry Pi. You should fully remove the 'pi' user from the Raspberry Pi and create a strong password for your own user account. Research how to change the admin user on your router and once again use a strong router passord.

Your LAN devices (non-mobile devices like PCs) connect to the Raspberry Pi over the LAN IP address. Your mobile devices (any device you may use to connect when away from home) connect through your home's public IP address.

If you enable outgoing email in the configuration window you'll receive an email from AAIMI any time your home IP address changes with a link to the control GUI.

Full access (HTTPS domain)

For added security you can purchase a domain name for your system, and enable HTTPS for that domain. This stops other people capturing the data traveling between you and your Raspberry Pi.

Using a HTTPS domain also allows you to fully utilize GPS for AAIMI's occupancy awareness. Many browsers will no longer allow location to non-HTTPS websites.

Choose a non-descriptive domain name (don't use 'jacksmithshome.com'), and pay a few bucks more for domain privacy so your home address is not associated with the domain name in whois records.

To enable easy connection to your home you can use a free DNS service to link your home IP address to the domain.

An Internet-facing server should be isolated from the rest of your LAN, so the Raspberry Pi should be connected to, or configured as, a DMZ zone on your home router. This means all of your devices will connect to the Pi over the Internet, not the LAN.

VPN

Another option would be a VPN server running either on the main Raspberry Pi or another dedicated Pi, but I haven't tried that. I might look at it soon.


Multi-speed soft-touch appliance

You can see an example of a modded multi-speed appliance here.

You can add a multi-speed heater on line 549 of aaimi_room_control.py

# Add a heating appliance
heater1 = "lounge_heater"
heater1 = APPLIANCE("lounge_heater", "Lounge", "heater", 7, "speed", 10, aux_pin1_speeds=3)
apps["lounge_heater"] = heater1

Change "lounge_heater" to your appliance name, "Lounge" to your room name. The 7 is the GPIO pin number for the relay that simulates the heater's power button. The 10 is the relay that simulates the speed adjustment. The "aux_pin1_speeds" is the number of speed levels the appliance has.

When you define your thermostat to switch the heater in the AAIMI configuration window, choose 'appliance' as heater type.

Your heater should now switch on and stay on any time the room temperature is below 15 degrees.


Server Dog

AAIMI Server Dog is the module that monitors your AAIMI system for automated login attempts and other network-related issues. We're using the latest not-even-released-yet version 0.2, and the support articles aren't written yet, but there are only a few things you need to know to configure the Dog for our purposes.

If you go to the Logs tab and select Logins you'll see a list of all the devices that have logged in, or attempted to log in to your AAIMI server.

The readout from AAIMI Server Dog. Picture: Anthony Hartup

Before this can be really helpful we need to filter these logins, because all the legitimate attempts are included in the list.

Navigate to aaimihome/aaimi and open the aaimi_server_dog.py file for editing.

First we'll add our IP details. Ignore the public_ip variable(AAIMI will detect that) and go to the my_ips list on line 22.

The python list for excluding IP addresses from AAIMI monitoring. Picture: Anthony Hartup.

The localhost partial IP address is already in the list to exclude internal connections from monitoring, as is the IPV6 locahost IP. You need to add the first two sections of your LAN IP address, or the network IP the server is on, to the end of the list. For instance, if your LAN IP address for your server is 192.168.0.12, enter "192,168". You'll also need to add the first two sections of the IP your phones and other devices will connect with remotely. This excludes these IP ranges from the main monitoring functions.

We're using partial IP addresses instead of full addresses because your WAN devices like phones, etc, will receive a new IP regularly. In most cases the first two sections will remain the same and only the last two will change, meaning you shouldn't need to update the IP list each time. This means others with that IP range are filtered from results as well, but IP addresses are just one of the factors in the calculations and the other factors should still trigger. You can enter full IPs if you are really locking things down, but using partial IPs is a compromise between ease of use and the level of detection.

Next we go to line 17 and add the server's authorized users to the allowed_names list in quotes, separated by commas

The python list for excluding usernames from AAIMI monitoring. Picture: Anthony Hartup.

This includes anybody with an AAIMI login for your home.

AAIMI Server will run automatically each day, and you can also manually run the program with the refresh button in the Logs tab.

Anyone trying to access the system without a valid username or password, or using a non-whitelisted IP range will appear in the results. All of these visitors will be automated bots. The list will include any domain information associated with the visiting IP addresses, and whether the addresses appear on a bot blacklist.

Don't worry, these bots aren't getting in, they're bouncing straight off. Many of these are the web-crawlers we all rely on to power search-engines like Google and help us find things on the web. They'll knock once, then move on as soon as they discover the server is password protected. The rest of the bots are more sinister, often trying several hundred attempts at various default usernames. They also move on when they run out of names.

You should expect to see one or two dozen of these in the list each day, that's normal for any web-facing server. If you are on a domain you may see twice as many. If you see persistant ongoing attempts from certain IPs you may wish to block the IP range from your server.


Email

To run AAIMI's incoming email system you'll need to enable incoming email in the AAIMI configuration window. This feature is mainly there for people using IP-filtering so they can whitelist their phone IP when it changes.

In the aaimihome/aaimi folder, open the aaimi_email.py for editing.

On line 17 replace 'YourSytem' with the dedicated gmail account for your system.

On line 18 relace 'yourEmail' with your email address, and 'YourName' with your AAIMI username.

You'll need to start the email program before starting aaimi_room_control.py.

In a terminal, type: python email_read.py and press Enter.

Enter the system's dedicated Gmail password when prompted.

On the first loop AAIMI will log into Gmail and count the existing emails. You should see "in" printed to the screen if login was successful, then a number representing the amount of emails in the inbox.

AAIMI will ignore any emails it finds in this loop and merely set the email_count variable to the number of emails.

From then on, if the number of emails in the inbox changes from the email_count variable, AAIMI will authenticate the sender of the new email and read the contents.

If the content of the email is in the correct format, and the passkey matches the passkey for the sender, AAIMI will load the commands from the email into line for aaimi_room_control.py.


IP filtering

If you are using IP filtering you can choose between two levels, Full and Partial. Choosing Full will allow only that exact IP. Your phone's IP will often change, meaning each time you'll will need to update the devices setting with AAIMI. The first range of your phone's IP will change less-often than the full IP, so choosing Partial (recommended) will allow the IP range rather than the exact address.

To determine your phones public IP, switch the wi-fi off so your phone is using its own data over 3G or 4G. Next, visit this page on your phone and click the button below.

_____________________________________________


Comments

Leave a comment on this article