In order to get OTA updates to work for Dwalin v2 (ESP32 based) and Ori (ESP8266) in a secure manner, an https server needs to be available somewhere. In order to reduce dependencies on network infrastructure, I want this to be a server in the house. For development so far I've been running a copy of "Ubuntu under Windows" from the Microsoft store on my development/gaming machine. Unfortunately this isn't really the same as a VM of Ubuntu - it's more of "part of the userspace but not the kernel and so not quite all of what you are used to" situation. I've been using a mix of Cygwin, MSYS32 and Microsoft's Ubuntu on the Windows machine for a while and none of them are really like just using an Ubuntu machine so I decided this is the time just get a dedicated machine.

So I picked up a refurbished HP Elite 8300 SFF off Amazon (I'm guessing these are from 'off lease returns' from businesses) and built that with a full install of Ubuntu 18.10. Named machine erebor.

Arduino IDE installed on erebor

XPRA on that gives me a nice desktop using RDP from my Windows machine.

I want to use a Let's Encrypt certificate (rather than just a self-signed one) for securing the OTA - however because I'm at home behind Comcast NAT, I can't use the http-01 authentication mechanism - I'll need to use dns-01. That in turn means I needed to move my nameserver from my registrar (namecheap) over to one that plays nicely with available tools to script updates to TXT records (Hurricane Electric). 

I want to be able to reach Erebor from the outside in some way, so I set up an OpenVPN tunnel to each of the two cloud VMs (one on AWS and one on Azure) that I have - so I can reach those from outside and SSH over the OpenVPN tunnel back to Erebor. This is essentially the same mode that things like 'LogMeIn' work but managed by me, not by a company that will decide to eliminate features ona whim (yes, I'm still sore that LogMeIn removed a functional-for-my-purposes HTML5 mode from my paid account with them). 

Work yet to do:

• Complete Let'sEncrypt configuration on erebor
• Configure Mosquitto on erebor
• Configure MQTT on Dwalin v2 and Ori
• Complete configuration of OTA on Ori
• Rework configuration of OTA on Dwalin v2 (it was functional pointed at the 'Ubuntu under Windows' setup)
• Setup development environment for ESP-IDF targetting ESP32 for Dwalin v2 on erebor
• Link ESP-IDF and Arduino storage to git
• Setup apache on erebor to properly handle OTA requests from both types of OTA (ESP-IDF does it differently from how Arduino OTA does) - OR recode Dwalin v2 to be able to use OTA the same way so I only need one type of setup in apache on erebor.

Then I will be done with the yak shaving (is one ever really done?) and can get back to setting up firmware on Dwalin and Ori.