Raspberry Pi 4 Configuration Overview

The Raspberry Pi 4 runs a fairly sophisticated home automation and bushfire defense monitoring system with all services running from an SSD mounted at /srv in its directory structure . The system consists of three main components working together: Home Assistant and Mosquitto MQTT broker in Docker containers, plus Tailscale for secure remote access. This configuration supports the local ARMAC bushfire defense system at Fairhaven, Victoria.

Docker Container Architecture

Both Home Assistant and Mosquitto run via Docker Compose, defined in /srv/docker-compose.yml. The compose file uses version 3.9 and defines two services that provide the core functionality of the system.

Home Assistant Container

Home Assistant runs the official ghcr.io/home-assistant/home-assistant:stable image with network mode set to host. This configuration is crucial as it allows Home Assistant to discover and communicate with local network devices without NAT translation, enabling protocols like mDNS discovery and direct communication with IoT devices. The container mounts /srv/homeassistant to /config inside the container, storing all configuration files, databases, and custom components on the persistent SSD. The system timezone is synchronized by mounting /etc/localtime as read-only.

The Home Assistant configuration is organized using packages, with the main configuration.yaml including additional YAML files from a packages directory. This modular structure keeps the fire monitoring configuration separate from other home automation functions. Home Assistant is configured for the Australian environment with metric units, Melbourne timezone, and coordinates set to those of the local site.

Mosquitto MQTT Broker

Mosquitto runs the latest eclipse-mosquitto image with two ports exposed: port 1883 for standard MQTT protocol and port 9001 for websocket connections (though websockets are currently commented out in the configuration). The broker's persistent data is organized across three mounted volumes:

/srv/mosquitto/config - contains mosquitto.conf and any additional configuration
/srv/mosquitto/data - stores persistent message data
/srv/mosquitto/log - contains all broker logs

The mosquitto.conf is intentionally minimal and permissive for the local network environment. It enables anonymous connections (no authentication required), activates message persistence to survive restarts, and logs all activity including connection messages with timestamps. This configuration is appropriate for a closed local network where all external access is mediated through Tailscale.

Both containers use restart: unless-stopped, ensuring automatic recovery from crashes or system reboots while allowing manual shutdown when needed.

Network Architecture and Security

Tailscale runs natively on the Rainbow Pi 4 host operating system (not containerized as tailscaled) and provides the exclusive method for external access to the system. This is a critical security design decision - no ports are exposed to the public internet. All remote connections to Home Assistant from external platforms, mobile devices, or remote monitoring systems traverse the Tailscale VPN network.

Tailscale creates a secure, encrypted WireGuard-based mesh network that appears as a local network to the applications. Remote users connect as if they were on the local LAN, but all traffic is encrypted end-to-end through Tailscale's coordination servers. This eliminates the need for port forwarding, dynamic DNS, or exposing Home Assistant to internet scanning and attacks.

The MQTT broker facilitates local communications between Home Assistant and the ARMAC system components, including pump controls, motorized valves, peripheral devices, and sensors. Home Assistant subscribes and publishes to various MQTT topics to control relays and monitor system state. For example, the pump control uses topics like home/relay/pump for state and home/pump/inTopic for commands, with simple "1"/"0" payloads for on/off control.

ARMAC Fire Threat Monitoring System

The system includes three sophisticated Python scripts that power the Current Fire Threats page in Home Assistant. These scripts run as Home Assistant command-line sensors, executing every 5 minutes (300 second scan interval) and outputting JSON data that updates the fire threat monitoring dashboard.

VicEmergency Events Monitor (`vic_events_compact.py`)

This script fetches the official Victorian emergency GeoJSON feed from emergency.vic.gov.au and filters it for bushfire-related events (bushFire, grassFire, forestFire) within a configurable radius of the home location. It uses caching (2-minute cache validity) to avoid hammering the government API while maintaining relatively fresh data. The script handles complex geometry including polygons and multi-polygons for fire perimeters, calculates distances from home to various fire features (points, edges, perimeters), and returns the 120 nearest events to avoid overwhelming Home Assistant's attribute size limits.

FFMVic Burnt Area Tracker (`ffm_burnt_area_front.py`)

This script queries the Forest Fire Management Victoria (FFMVic) ArcGIS MapServer for current burnt area polygons (SUBTYPE=2). It implements sophisticated matching logic to associate burnt area polygons with specific VicEmergency incidents using name matching (with prefix token comparison) and proximity fallback. The script computes the nearest boundary point of the burnt area polygon to both the home location and the VicEmergency incident anchor point. This provides accurate distance and bearing information for the actual fire front, which is more reliable than VicEmergency's incident points that may be offset from the actual fire location. The script uses local equirectangular projection for efficient distance calculations without external geometry libraries.

DEA Hotspot Cluster Analyzer (`dea_hotspot_cluster_front.py`)

This script fetches thermal hotspot data from the Digital Earth Australia (DEA) recent hotspots feed, which provides satellite-detected heat signatures from the last ~72 hours. It implements a custom clustering algorithm to identify "significant" hotspot clusters based on density rules (connected components within a specified distance threshold and minimum cluster size). The script filters hotspots by both spatial radius and temporal window (typically last 8 hours), then selects the best cluster based on proximity to the VicEmergency anchor point. It returns the nearest hotspot point in that cluster to home as a conservative "active heat boundary" proxy, useful when burnt area polygons are stale or erratic during rapidly developing fires.

Integration with Home Assistant

All three scripts are configured as command-line sensors in the jf_fire_wind_fairhaven.yaml package file. They receive parameters dynamically from Home Assistant input helpers (home coordinates, relevance radius, query parameters) and return structured JSON with extensive attributes. Template sensors process this data to calculate derived values and trigger automations.

The fire monitoring system also integrates Bureau of Meteorology wind data from Aireys Inlet to assess fire behavior and direction. MQTT switches control the physical ARMAC infrastructure - pumps, sprinklers via motorized valves, and peripheral equipment - allowing automated or manual activation of bushfire defense measures.

This monitoring setup provides multiple data sources (official incidents, burnt area mapping, real-time thermal detection) for accurate and timely assessment of approaching fire threats. The use is explained in the User Guide. The detailed operational logic is documented separately in ARMAC Appendix 19.