ser2net and Zigbee coordinator USB dongle

Peter Leave a comment

Use ser2net on a Raspberry Pi if you would like to have your Zigbee coordinator in a central location, away from your Home Assistant machine. Can be especially useful if you have a PoE switch, and can use a PoE to MicroUSB adapter with Ethernet pass-through.

/etc/ser2net.conf:

5678:raw:0:/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_$UUID-if00-port0:115200 NONE 1STOPBIT -XONXOFF NOBREAK

Home Assistant would then point at socket://x.x.x.x:5678 if using ZHA (Zigbee Home Automation) integration.

Network ACLs should be established to restrict access to ser2net to prevent abuse of the Zigbee controller.

DNS-based firewall rules on OpenWrt 22.03 using IP sets and fw4

Peter

I wanted to be able to use DNS-based firewall rules like on pfsense, opnsense and Sophos UTM for certain use cases. OpenWRT does not have this functionality built in. I came up with the following solution.

This allows you to list DNS names, for example in /etc/ipset-dns/dst_host_search_engines.list:

google.com
www.google.com
yahoo.com
www.yahoo.com
bing.com
www.bing.com

With a corresponding IP set entry in /etc/system/firewall:

config ipset
        option name 'dst_host_search_engines'
        option match 'dst_ip'
        option enabled '1'
        option timeout '0'

And an example firewall rule you could use with OpenWRT in /etc/config/firewall:

config rule
        option name 'Allow-Search-Engines'
        option family 'ipv4'
        list proto 'all'
        option ipset 'dst_host_search_engines'
        option family 'ipv4'
        option target 'ACCEPT'
        option src 'lan'

And the entirety of the script, which will query the hosts listed based on their IP address family, and set a timeout based on the TTL of the DNS entries.

/etc/ipset-dns.sh (don't forget to set executable bit):

#!/bin/sh

for filename in /etc/ipset-dns/*.list; do
        ipset=$(basename $filename | cut -d '.' -f1)
        stdout=$(nft list set inet fw4 $ipset 2>&1)
        if [ $? -gt 0 ]; then
                echo $stdout | sed 's/^Error/Warning/'
                continue
        fi

        nft_type=$(echo $stdout | grep -oE 'type \w+' | awk '{ print $2 }')
        type=
        if [[ "$nft_type" == "ipv4_addr" ]]; then
                type=A
        elif [[ "$nft_type" == "ipv6_addr" ]]; then
                type=AAAA
        else
                echo "Warning: invalid type $nft_type for $ipset"
                continue
        fi


        dig $type -f $filename +noall +answer | while read _ ttl _ _ ip; do
                ttl=$(( ttl + 500 ))
                nft add element inet fw4 $ipset { ${ip} timeout ${ttl}s };
        done
done

And the following crontab entry for the root user, in /etc/crontabs/root so that the script runs at boot and every 5 minutes (modify to suit, but make sure to update the 500 second addition on the TTL):

@reboot /etc/ipset-dns.sh
5 * * * * /etc/ipset-dns.sh

UEFI enabled libvirt virtual machines on Ubuntu

Peter

Required steps

  • Install the ovmf package
  • Restart libvirt-bin
  • Create /var/lib/libvirt/qemu/nvram to store NVRAM from a UEFI-enabled virtual machine (VM)

libvirt XML definition example for UEFI enabled VM

libvirt edit $VM_NAME and amend the XML definition.

  <os>
    <type arch='x86_64' machine='pc-q35-2.11'>hvm</type>
    <loader readonly='yes' secure='no' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>
    <nvram template='/usr/share/OVMF/OVMF_VARS.fd'/>
    <boot dev='hd'/>
  </os>

WEMOS LOLIN32 ESP32 Lite pinout example for CJMCU-811

Peter

Low cost ESP32 development board such as WEMOS ESP32 LOLIN32 Lite paired with a CO2 / VOC sensor CJMCU-811. The WEMOS LOLIN32 development board does not have all the same GPIO as other similar ESP32 boards.

Pinout

LOLIN32CJMCU-811
V3.3VCC
22 (GPIO22)SCL
19 (GPIO19)SDA
GNDWAK
Pinout example for LOLIN32 paired with CJMCU-811

ESPHome example

i2c:
  sda: GPIO15
  scl: GPIO2

sensor:
  - platform: ccs811
    eco2:
      name: "CCS811 eCO2 Value"
    tvoc:
      name: "CCS811 Total Volatile Organic Compound"
    address: 0x5A
    baseline: 0x9AB9
    update_interval: 60s

MOES IR Control Tuya (SRW-001) flashing (ESPHome, etc)

Peter

The device MOES IR Control Hub, which uses Tuya ESP8266 is no longer vulnerable to the vulnerability that tuya-convert exploits. You will need to open the device to flash it.

They are currently shipped with an TYWE3S which is an ESP8266 (as of June, 2021). You can see the pin outs for the TYWE3S at the Tasmota site.

Use a thin utility knife to open, I would recommend starting at the USB port area. There are two tabs on either side, and a few spread throughout. Once you have the device open and have connections setup you are ready to flash.

How to flash?

  1. Tie GPI0 to GND to start flash mode (when RST or power on the device, you will know you are in flash mode because the blue status LED does not come on)
  2. RX, TX, GND to your USB TTL (remember RX and TX are reversed for the USB TTL side)
  3. GND on TYWE3S is connected to the same ground plane as the rest of the board (i.e. GND on your USB TTL)
  4. Then power up via MicroUSB
  5. Flash via esptool (rev 1ca08af instead of master due to Issue #635 in esptool)
  6. Unplug everything and power up normally, and configure ESPHome as you normally would.