Google Home Mini with Domoticz using IFTTT
2018-01-10
Mise à jour 2018-01-17
Voice Recognition on the Orange Pi Zero (DietPi Armbian)

Taking advantage of Christmas sales, I bought a Google Home Mini for experimentation and inspiration. Among other things, I wanted it to control my Sonoff Wi-Fi switches locally. After reading Web-based articles and posts on various forums, I thought it would work using the Philips' Hue bridge emulation easily activated in Theo Arends' Tasmota firmware. Unfortunately, Google (or is it more accurate to say Alphabet?) has removed this capability in the Home Mini.

It remains possible to use the Home Mini as a voice interface to control home automation devices if they can be controlled with HTML requests with the help of the IFTTT Web service. This free service facilitates interconnections of many web services. Thus it feasible to send properly formatted HTML requests to my home automation software in order to activate home automation devices when properly formatted voice commands are formulated. In what follows, I explain how I did this using Domoticz but the principles apply to many other home automation software.

Contents

  1. How IFTTT Works
  2. HTTPS, TLS/SSL and Domoticz
  3. Creating a dynamic domain name
  4. Updating the IP Destination Address
  5. Forwarding TCP Ports
  6. Test and Security
  7. Creating IFTTT Applets
  8. Findings

  1. How IFTTT Works
  2. IFTTT (IF This Then That) is a free web service that performs an action (then that) when a triggering event occurs (the this). Among the many possible triggers, there is Google Assistant. And among the possible actions, an HTML request can be sent with WebHooks (formally Maker).

    So the principle is simple.

    When using Domoticiz, the URL of the request will look something like:

    https://user:password@address-of-domoticz:443/json.htm?type=command&param=udevice&idx=37&nvalue=1

    Obviously for this to work, the IFTTT server that is somewhere in the United States or perhaps Canada should be able to communicate with the Raspberry Pi that hosts the Domoticz server on the local network. To easily find the home automation server on the local network, I purposefully give a fixed IP address to the WiFi interface of my Raspberry Pi: 192.168.1.22. But that address is not visible outside the local network. In fact, all computers and other devices connected to the local network that communicate with sites on the Internet go through a single IP address that is provided by my Internet Service Provider (ISP).

    We can easily ascertain this address. Several sites, including What Is My IP Address and my-ip.com displays it. Unfortunately, this address cannot be trusted because it is dynamically assigned by the ISP and may change from time to time. As a matter of fact, it seems particularly stable in my case and I could probably get away with using it for testing purposes.

    In practice, it is better to use a dynamic DNS service (DDNS or DynDNS). DNS is the domain name system which translates the name of a website such as www.google.com into an IP address (172.217.6.4 or 2607:f8b0:4009:809::2004 depending on whether you want IPv4 or IPv6). Some sites offer a service, often free, that associates a domain name with an IP address. These sites update the IP addresses in their database at regular intervals. So, we will put in the HTML request the domain name obtained from the DNS service. The DNS will translate this name into an IP address that will be updated each time the ISP assigns a different IP address to the home server.

    This is something I had done a few years ago when I started using X10 Active Home Pro. So this software was running on a very noisy Windows XP computer that was always on. I had a dynamic DNS from no-ip if my memory is correct and I was given a little piece of software for the Windows computer was that constantly updating no-ip of any change my ISP made in the given IP address it assigned to the router.

    There is yet another little complication, but already we can see what needs to be done.

    1. Obtain a dynamic domain name from a provider, preferably free of charge.
    2. Install on a computer that runs continuously on the local network the software that updates the dynamic domain name provider after any change in the ISP assigned IP address. Or, if one is lucky, do the equivalent with the router obtained from the ISP.
    3. Redirect TCP port 443 used by Domoticz to the Raspberry Pi. This is the small complication mentioned above.
    4. Get an account from IFTTT.com.
    5. Create IFTTT applets, one to activate and one to disable each home automation system device to be controlled by voice command with Google Home.

  3. HTTPS, TLS/SSL and Domoticz
  4. The use of the secure HTTP over TLS protocol (HTTPS) is necessary to avoid broadcasting the user name and password of the home server in clear text. This is what would happen if we used the HTTP protocol as I made the mistake of proposing in an earlier version of this post.

    I had never really been concerned about the security of my home automation server before. It was functioning over a local network that was not accessible from outside. So when it came to using HTML requests sent to Domoticz, I used the unsecured HTTP protocol through TCP port 8080. From now on, security must become a concern since the local network will be accessible from the Internet. It becomes important to enforce the use of a password for all access to the servers on the local network and to require that all communications be encrypted.

    Fortunately, Domoticz is accessible with the HTTPS protocol since version 2.2563 published in 2015-06-14. By default, these newer versions of the software accept encrypted connections on port 443, as I showed in Domoticz notes in Domoticz on the Orange Pi Zero, a First Look/9. Installing Domoticz and Domoticz on a Raspberry Pi - Déjà Vu All Over Again/11. Installing Domoticz. However, it is best to check that HTTPS is supported.

    pi@domo:~ $ cat /etc/init.d/domoticz.sh #! /bin/sh ### BEGIN INIT INFO # Provides: domoticz # Required-Start: $network $remote_fs $syslog # Required-Stop: $network $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Home Automation System # Description: This daemon will start the Domoticz Home Automation System ### END INIT INFO # Do NOT "set -e" PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin DESC="Domoticz Home Automation System" NAME=domoticz USERNAME=pi PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME DAEMON=/home/pi/domoticz/$NAME DAEMON_ARGS="-daemon" #DAEMON_ARGS="$DAEMON_ARGS -daemonname $NAME -pidfile $PIDFILE" DAEMON_ARGS="$DAEMON_ARGS -www 8080" DAEMON_ARGS="$DAEMON_ARGS -sslwww 443" #DAEMON_ARGS="$DAEMON_ARGS -log /tmp/domoticz.txt" #DAEMON_ARGS="$DAEMON_ARGS -syslog" ...

    If the file contains -sslwww 0 then HTPPS is not being used. In that case, it must be changed as the root superuser.

    pi@domo:~ $ sudo nano /etc/init.d/domoticz.sh

    The Domoticz server must be restarted before any change take effect.

  5. Creating a dynamic domain name
  6. I am among the lucky consumers that received a router from their ISP which supports the update of a dynamic domain name service. As a result, I chose freedns.afraid.org as a provider among those supported by Hitron's CGN3ACSMR Cable Modem. no-ip was another possibility that seems just as easy to use.

    Here are the steps to create a dynamic domain name at FreeDNS.

    1. Go to the website of freedns.afraid.org/. I recommend reading the pages For Everybody: especially the FAQ. Then click on [ Dynamic DNS ] in the menu for For Members: then click on the link Setup an account here.

      Or click here.

    2. Select the free Starter package.

    3. Create an account providing the required information: First Name, Last Name and a valid email address. You must also set a UserID (which is not used as far as I can tell) and a password.
    4. The hard part is to guess exactly which letters are shown in the CAPTCHA (I believe that there are all upper case). You must check that you accept the Terms and Conditions of the site.

      Finally, click on the Send activation email button so that an activation message will be send to the email address provided above.

    5. Wait until the email from FreeDNS arrives. It contains an activation link it, click on it.
    6. I do not remember exactly what happens then. Most likely, you will be redirected to the new account. If no, just click on a choice in the For Members: group to open the newly created account.

    7. Go to the [ Subdomains ] menu and click on one of the links to add a subdomain or click directly her.

    8. In this form, you must specify the subdomain and select the domain that will form the name of the computer hosting the Web server. In my example, I entered modomo as subdomain and chose twilightparadox.com as domain.

      This means that the Domoticz web server URL will be modomo.twilightparadox.com. As long as there is no change, the domain name system will translate this name into the IP address displayed in the Destination field. No need to change this field. As for the other fields, they are only of interest for the paying accounts.

      Read the answer to question 13 of the FAQ for choosing a domain. You will see that it is best to choose from the names displayed in the drop-down list.

      The <Subdomain>.<Domain> combination must be a unique name in the Internet. The uniqueness of the domain is assured but twilightparadox.com, which is the smallest of the public domains of the site, already contains nearly 22,000 subdomains. A little imagination may be required in the choice of the name of the subdomain.

      Enter the letters displayed in the last field and press the Save! button to save (of course!) the entry you have created.

    9. It is now necessary to recover the key necessary to update the IP address associated with the domain name created in the previous step. If necessary click on [ Dynamic DNS ] in the left menu to see the list of created entries.

      Copy the address of the Direct URL link to obtain something similar to
      http://freedns.afraid.org/dynamic/update.php?abcVNIH3VWWbH7XM234EmY3jNFDQabm92xy8.
      The key is the part after php?. Save the key somewhere, it will be needed later.

  7. Updating the IP Destination Address
  8. As mentioned, the router is updating the IP address with FreeDNS. There is a tab named >DDNSBasic Settings where the information needed for this operation is entered.

    We can see that the service provider is FreeDNS (actually default@freedns.afraid.org). I entered my username and account password at FreeDNS but according to the FreeDNS instructions, I could have put "guest" or anything else.

    The important thing is to specify the hostname which must be the domain name and the key separated by a comma:
    modomo.twilightparadox.com,abcVNIH3VWWbH7XM234EmY3jNFDQabm92xy8

    After I clicked the ENABLE (ACTIVER) button and then I pressed Save Changes (Enregistrer les modifications) button. From then on, the router displays the message [ WAITING ] ([EN ATTENTE]) that can be seen in the figure. After a while, this message was replaced by a confirmation of the success of the operation. A few seconds later, this confirmation message disappeared as well as the key.

    Now I can be confident that as soon as the ISP changes the IP assigned to my router, it will inform FreeDNS. And if I understand the meaning of the last field, the router will also send an update message at least once a week when no IP changes occur.

    If I had ot been able not delegate this task to the router, then I would have installed a script on the Raspberry Pi that hosts my home automation system that would have been regularly executed by cron. There are several examples on the FreeDNS website.

  9. Forwarding TCP Ports
  10. Now an HTML request can go to the router but how will it go to the Domoticz web server on the Raspberry Pi? That is the purpose of the TCP port assigned to the server. We know that to locate this server from another computer the address used is 192.168.1.22:8080 (for HTTP) or 192.168.1.22:443 (for HTTPS). The number after the colon, 8080 or 443, identifies the TCP port, which is the endpoint of the communication based on the TCP protocol. The HTML request will be divided into IP packets, each of which will contain the IP address and the port number. The router will be responsible for routing these packets to the Raspberry Pi.

    In our case, the router will receive an IFTTT HTML request addressed to 99.236.12.115:443 and forward it on the local network with the address 192.168.1.22:443. It is necessary that the router be aware of the correct local destination. This translation is called port forwarding. Routers take care of this function by maintaining a table. For security reasons, very few of the 65536 possible ports are forwarded. My router had a table which contained five rules that I would not show you:

    I clicked the Add Rule button (Ajouter une règle) to add the Raspberry Pi address and port 443 as the destination for all incoming IP packets (transmitted by UDP or TCP) regardless of where they come from if they use port 443.

    Only the TCP port used for secure HTTP requests should be forwarded. By default, this is port 443. Port 8080 could also be forwarded for unsafe HTTP, but this is strongly discouraged since requests made with this protocol are transmitted in clear text and this would expose the user name and password of the Domoticz server.

    Once the information is complete, click on the Apply button (Appliquer), then check that the new rule is now in the table and activated.

    That's it for the router if everything is ok. Fortunately we can easily check that this is indeed the case before proceeding to the last step.

  11. Test and Security
  12. To test this dual address conversion system, simply send HTML requests to the domain name created above just as IFTTT applets will be doing later.

    Before doing this check, it is better to ensure that a minimum of security is in place on the Domoticz server side. If you have not already done so, add an ID and password in the Security section

    You can access the System page by clicking the Settings tab and then on Settings from the drop-down menu.

    For purposes of this post, the identifier will be fifi and the password brindacier. In addition, the Domoticz index of the lamp controlled with Google Home is 17 and the dynamic domain created to reach the home automation server is modomo.twilightparadox.com. So the request is

    https://fifi:brindacier@modomo.twilightparadox.com:443/json.htm?type=command&param=udevice&idx=17&nvalue=1
    to turn on the lamp. Just change nvalue=1 to nvalue=0 to turn off the lamp. You can use the curl utility to send the query and display the result.

    michel@hp:~$ curl -k "https://fifi:brindacier@modomo.twilightparadox.com:443/json.htm?type=command&param=udevice&idx=17&nvalue=1" { "status" : "OK", "title" : "Update Device" }

    If we get the "OK" as shown above, we should see that Domoticz has turned on the lamp and that the status of the virtual lamp in the web interface of the software reflects this state.

    The curl option -k or --insecure is required. In its absence we obtain the following result.

    michel@hp:~$ curl "https://fifi:brindacier@modomo.twilightparadox.com:443/json.htm?type=command&param=udevice&idx=17&nvalue=1" curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" ... michel@hp:~$

    The SSL certificate used by Domoticz is rejected by curl because it is self-signed. Fortunately, the -k option does not prevent the encryption of the exchange, it just bypasses the verification of security certificates.

    We should check that it is impossible to contact the Domoticz server with the HTPP protocol even with the correct username and password.

    michel@hp:~$ curl "http://fifi:brindacier@modomo.twilightparadox.com:8080/json.htm?type=command&param=udevice&idx=17&nvalue=1" curl: (7) Failed to connect to fyniac.mooo.com port 8080: Connexion refusée

    We can now go on to creating IFTTT applets to allow Google Home to control devices using Domoticz.

  13. Creating IFTTT Applets
  14. We cannot do much on the IFTTT site until we have an account. This step was very fast since I proceeded through my Google account while I was already connected to it. I do not know if that makes it easy to use Google Home Assistant later.

    Programming an IFTTT applet is done visually with mouse clicks much like Blockly can be used to handle events in Domoticz. Explaining how to use this type of system is often more complicated than using it. I will try to show how to proceed in eleven images, but it seems to me that if we know two things then we can go ahead to create an applet very intuitively. The two things to know are

    I will add a tip: do the minimum, do not try to fill all the fields.

    Creating an applet in eleven steps.

    1. To create a new applet, click on My Applets and then New Applet.

    2. Click on +this to define the service provider for the trigger.

    3. Select Google Assistant as the trigger by clicking on its square found in the long list of service providers. The quickest way to find it is to enter the beginning of the name in the search box. Clicking on the square moves to the next step.

    4. Choose the first of the four triggers associated with the Google Assistant: Say a simple phrase.

    5. Now just write the vocal command to will tell Ms. Google to turn on a particular lamp. You can specify up to three commands. You have to choose these phrases with a little care. On the one hand, if you want to light more than one lamp, a command as vague as "turn on the lamp" can not work. On the other hand, there are already programmed phrases in Google Home to control commercial devices from Philips, WeMo, Belkin etc. For example, the use of the word "light" causes problems. One can choose the language (French in my case) but the number of supported languages is quite limited compared to what Google Voice. Finally, you have to create the trigger by clicking on the Create trigger button.

    6. Click on the +that to define the action.

    7. As with the trigger, a service provider must be selected. In our case it is Webhooks.

    8. There is only one action possible with this service. Click on Make a web request to continue.

    9. Add the HTML request already tested previously. There are no quotation marks. The other fields can be ignored. Click on Create action,

    10. To complete, click on the Finish button on the next screen. However, I prefer not to receive a message each time the applet is used (disable Receive notification when this Applet runs).

    11. The creation of the applet ends with its display. As can be seen, it is activated (On). It can be disabled without eliminating it. You can also modify the applet, now or later, by clicking on the cogwheel at the top right of the applet.

    We check this last step by awakening Mrs. Google and pronouncing the magic sentence: "OK Google, turn on the lamp." If it works, you have to create another applet to turn off the lamp.You will have to redo all these steps changing the vocal command to trigger the action and changing the "1" to "0" at the end of the query URL.

    Some complain about the time it takes for the light to turn on or off after a voice command. As far as I'm concerned, the delay is quite acceptable. Moreover it could be that Domoticz running on a Raspberry Pi B+ is the main cause of delays in execution. I will be in a better position to judge that when I return to using the Raspberry Pi 3 for this task.

  15. Findings
  16. Being an old curmudgeon, I am rather resistant to fads, but it is clear that this time I am part of the herd. However, I am not sure if I will continue to use the Google Home Mini to control my home automation system. I have never liked exposing my local network to the Internet. My reticence has increased lately when Google informed that four thousand miles from there was an attempt to enter the email account that I use for home automation, and that it was done with the correct password!

    Google's changes to the firmware favour cloud-based approaches, that is, commercial solutions to the detriment of do-it-yourselfers. Besides, why would Alphabet reduce Samsung's or Leviton's market for bridges to their connected hardware when it still does not offer competitive products? So I have no hope that Google Home will go back to support home automation hardware locally.

    Currently, it is still possible to use speech recognition as an interface to my home automation system without exposing my local network to the Internet. Since I cannot program the Google Home Mini this is done with another computer on the local network that uses an external voice recognition engine. This will be the subject of a future post.