The Decider


The Coreconduit: Garden Controller System was the first version of the hydroMazing project .  The author of the Instructable drones on and on about healthy plants requiring attention and boredom until,

“…I’ve programmed into the Arduino a function I called, “TheDecider” that makes decisions based on maintaining optimum environmental conditions for growing plants. I added 2.4Ghz Wireless Radio Transceiver modules and a modular receiver system so that data is transmitted to within 1000 feet.”

TheDecider” was originally hardcoded with specific values that were fixed in place until I changed them in the Arduino sketch, recompiled, and uploaded.  There are two types of decisions that TheDecider executes, timed-based, and sensor-based rules.  The time-based rules simply compare the current time to the last time the appliance was turned-on or off.  The sensor-based rules use a minimum value threshold and a maximum value threshold that are compared to the current sensor reading and then execute the corresponding action for the appliance.  For example, if the temperature is below 55° then turn-off the ventilation fans; if the temperature is above 80° then turn-on the ventilation fans.  Each appliance has corresponding rules for sensor reading thresholds, time-based automation, and a combination of both, priority depending on the order of the rules.

Today’s hydroMazing uses the Raspberry Pi to provide an interface to the rules and the notifications.  The Pi communicates with the Arduino Nano microcontroller wirelessly sending updates and receiving data. TheDecider is a rules engine that executes the checks sent to it from the Pi.  The settings are stored in the EEPROM of the Arduino Nano allowing it to operate without further communications with the Pi.  hydroMazing doesn’t require an Internet connection to operate with the exception of receiving emails or text-alerts.  The Raspberry Pi can be configured to operate only within your WiFi network and be allowed to send emails and text-alerts.  Or, you can configure your router to allow access from outside and even assign a domain name, such as  See my Instructables for steps to a secure Pi.


What is a Smart Garden?


The hydroMazing controller is designed to operate ventilation fans for air circulation, water pumps, occasionally a humidifier, heaters, or any other appliance that is necessary to maintain an ideal environment for plants to grow.  Typically, we DIY’ers would hook-up some relays to a microcontroller to achieve control.  However, with hydroMazing, the system uses remote controlled wireless AC outlets, ensuring safer control than traditional relays.  hydroMazing uses low-cost open-hardware modules and the ubiquitous microcontroller, the Atmega328, on an Arduino Nano*, offering the flexibility of customization and expansion. The sensor choices are endless, but I’ve narrowed it down to a few important and relatively inexpensive modules.  A temperature and relative-humidity sensor, moisture sensors for soil, liquid temperature probe for hydroponics, a simple photocell.  There are many other optional additions including the float switch or switches and flow-rate sensors.

The wirelessly controlled outlets proved to be a etekcity_outletsreliable method of controlling the fans using the Arduino to send the signals depending on the temperature sensor’s readings.  It didn’t take long for the source-code to evolve into a beast.  The Arduino family of microcontrollers is limited in how many instructions it can run and hitting the program size limit doesn’t take very long when you want to control more than a few blinking LEDs.  I have found that the size limitation has forced me to write better, more efficient code than I initially do.  Even with creative variable handling and custom libraries, eventually, there is a need for another microcontroller or to move to a larger one.

Wireless Monitoring w/o Internet

There are several ways that the microcontrollers can communicate with each other.  The least expensive wireless method I could find is the nRF24L01 wireless radio transceiver. The module is a low-power, lightweight variety of bluetooth giving hydroMazing the ability to communicate with a monitoring unit.fpzexmwi7vqs7mr-medium

I decided to add another Arduino Uno with an Liquid Crystal Display shield so that I could display what the sensors were reading, the state of appliances, and alerts with notifications.



I made my own open and adaptable platform that can be custom tailored to a wide variety of gardening needs and conditions; yet, also a self-contained wireless system.  The open-architecture of the system allows for ease of integrating Internet connectivity and web services.

Internet Monitoring

Enter the Raspberry Pi connected with an nRF24L01 module.

I was able to modify much of  my Arduino Source code to listen for incoming transmissions and then write that data out to a few files.  First, a log file that captures all communications between the Pi and the hydroMazing Monitor.  Next, I have the program write out the current state of all sensor objects and a file for all of the appliance objects.  When an alert occurs the progrhydromazing-liveam will create a file containing that alert.

I then added a PHP script to read in the data object’s from their respective files and display live on the Pi’s Apache server.


Next, I wrote a Python script to read the directory for the alerts file and if it exists, read the file, parse out the pertinent information and then email or through SMS text the user.  In addition to sending an email or text alert, the python script moves the alert file into position for the PHP script to read and display.

Using the log files that are created, I am able to import the data into a database.  Once the hydroMazing’s data is recorded into a database residing on the Raspberry Pi we can start performing analytics and generate some reports.

Monitoring and controlling the system is mostly done for us, but when the hydroMazing needs to alert us to a problem it can now by using the Raspberry Pi.



With the hydroMazing smart gardening system, you can grow healthy, happy plants anywhere!

Contact us today for more information!

Keep Fingers Out of your Pi

In my previous article , I explain how to setup the Raspberry Pi to be a web server.   I also demonstrate searching log files for “footprints” from the IP requests that have been made to your web server.  Now, I would like to discuss protecting your web server from becoming a victim to a potentially malicious attack.

Keep your Pi updated!

sudo rpi-update

The command will automatically update the Raspberry Pi’s firmware and then ask for a reboot.  If your Pi is already up-to-date, then you can continue with:

sudo apt-get update
sudo apt-get upgrade

Now, you’ve got the latest and greatest firmware and software!!


Pi Passwords

Ideally, we would disable the default pi account,  at the very least, set the default password for your pi account.  Another major in-security is that most users have SSH (Secure Socket sHell) and VNC (Virtual Networking Computer) enabled so that they can remote into their machines.  I don’t recommend allowing access outside of your network when running a publicly exposed web server.

Apache Web Server

If you are serving web content world-wide then you’ll eventually want to adopt some sort of blacklist, or exclusion list, where you can keep specific IP addresses from accessing your server.  However, if you want to tighten-down your security and only allow a select few access then you’ll need to make some changes.

cd /etc/apache2
sudo cp apache2.conf apache2.conf.bak
sudo vi apache2.conf OR sudo nano apache2.conf

Travel down the file until you reach this section that allows everyone access to your web server from the outside:

<Directory /var/www/>
 Options Indexes FollowSymLinks
 AllowOverride None
 Require all granted

The AllowOverride directive is set to None meaning we will not be using an .htaccess file to override these settings.  The next directive, Require is set to all granted, meaning allow anyone access.

UPDATE:  I have found a significant number of bot requests in my log files, snooping for those of Us using phpmyadmin, be sure to limit access:

<Directory /usr/share/phpmyadmin/>
Order Deny, Allow
Deny from All
# localhost
Allow from
# Local-Area Network
Allow from 192.168.x.x

Next, we can add a directory that we want to protect:

<Directory /var/www/html/hydroMazing/>
 Options Indexes FollowSymLinks
 AllowOverride All

The AllowOverride directive is set to All meaning we will be using an .htaccess file to override these settings.  We will provide the Require directive in our .htaccess file inside the directory we specified, in this case, “/var/www/html/hydroMazing/”   One last setting of importance before we save:

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
AccessFileName .htaccess

You could change the name of the .htaccess file here to something harder to guess.  Keep the dot at the beginning because it means hidden file.   Use your imagination 😉  Now you can use an .htaccess file as your whitelist, or inclusion list:

To create a .htaccess ( or whatever you’ve named it ) file:

cd /var/www/html/mydirectory/

sudo vi .htaccess OR sudo nano .htaccess
# Allow access to localhost 
Require ip

# Allow access to my cell phone
Require ip

Second entry is an example, change it to your IP address, or the IP address that your web server logged.  See my previous article for instructions on checking your log files.  Save and close the file.  You can add additional access as desired.


Build a Wallimg_20160814_195916221

Install the open-source firewall builder

Pop open a terminal from your Raspberry Pi’s desktop and type the following:

sudo apt-get install fwbuilder

After the installation has completed, you will have a new option under the Menu/Internet option from your desktop for the firewall builder GUI.

Add a new firewall and name it the same as your server.


Select the “web server” template to load default rules.

Note that the default rules restrict your server from accessing the outside Internet.  In order to allow access, you’ll need to add a rule.  The easiest way to add a rule is to copy an existing rule that is similar to your needs.


Compile and Install

We can build our firewall through this interface, but we won’t be able to install it because we won’t have sufficient permissions to write to the file system.  Enter the following at a terminal window’s command line assuming you named your server the same as your DDNS name:

sudo mkdir /etc/fw
sudo touch /etc/fw/
sudo chmod 777 /etc/fw/

Now, you should be able to use the firewall builder program to compile and install the firewall.   You can either restart the apache web server or simply reboot.

Anything incorrect, missing, or not working?  Please let me know.