From 73cf64a39c458bc11ea2059d6bbac8daa929f7c1 Mon Sep 17 00:00:00 2001 From: Alexey Skobkin Date: Thu, 7 Nov 2024 23:35:30 +0300 Subject: [PATCH] mosquitto. draft (closes #94). --- README.md | 1 + mosquitto/.env.dist | 16 ++++++++++++++++ mosquitto/README.md | 26 ++++++++++++++++++++++++++ mosquitto/config/.gitignore | 3 +++ mosquitto/config/conf.d/go-auth.conf | 19 +++++++++++++++++++ mosquitto/config/files/acls.dist | 12 ++++++++++++ mosquitto/config/files/passwords.dist | 2 ++ mosquitto/config/mosquitto.conf.dist | 18 ++++++++++++++++++ mosquitto/data/.gitignore | 2 ++ mosquitto/docker-compose.yml | 19 +++++++++++++++++++ mosquitto/logs/.gitignore | 2 ++ 11 files changed, 120 insertions(+) create mode 100644 mosquitto/.env.dist create mode 100644 mosquitto/README.md create mode 100644 mosquitto/config/.gitignore create mode 100644 mosquitto/config/conf.d/go-auth.conf create mode 100644 mosquitto/config/files/acls.dist create mode 100644 mosquitto/config/files/passwords.dist create mode 100644 mosquitto/config/mosquitto.conf.dist create mode 100644 mosquitto/data/.gitignore create mode 100644 mosquitto/docker-compose.yml create mode 100644 mosquitto/logs/.gitignore diff --git a/README.md b/README.md index 13abe14..273dadd 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ Not every stack is tested to fully work. | magneticod | ✅ | `boramalper/magneticod` | DHT indexing daemon. | [Website](https://www.boramalper.org/labs/magnetico/), [Github](https://github.com/boramalper/magnetico) | | Matrix Telegram Bridge | ✅ | `dock.mau.dev/mautrix/telegram` | Telegram bridge for Matrix server | [Gitlab](https://mau.dev/mautrix/telegram/) | | Metube | ✅ | `alexta69/metube` | Web GUI for yt-dlp. | [Github](https://github.com/alexta69/metube) | +| Mosquitto | ✅ | `iegomez/mosquitto-go-auth` | Simple and fast MQTT server with Go Auth plugin. | [Plugin Github](https://github.com/iegomez/mosquitto-go-auth), [Mosquitto website](https://mosquitto.org) | | Murmur (Mumble server) | ✅ | `registry.gitlab.com/skobkin/docker-murmur` | Mumble VoIP server (custom build) | [Website](https://www.mumble.info), [Github](https://github.com/mumble-voip/mumble) | | Ollama | ✅ | `ollama/ollama` | Toolkit for easily running LLM's locally. | [Website](https://ollama.com), [Github](https://github.com/ollama/ollama) | | Open Streaming Platform | ✅ | `deamos/openstreamingplatform` | Live streaming platform. | [Website](https://openstreamingplatform.com), [Gitlab](https://gitlab.com/osp-group/flask-nginx-rtmp-manager) | diff --git a/mosquitto/.env.dist b/mosquitto/.env.dist new file mode 100644 index 0000000..43330bd --- /dev/null +++ b/mosquitto/.env.dist @@ -0,0 +1,16 @@ +# Image version for Mosquitto with Go auth plugin +IMAGE_VERSION=latest + +# External address binding for Mosquitto ports +BIND_ADDR=127.0.0.1 +BIND_PORT_MQTT=1883 +BIND_PORT_WS=1884 + +# Paths for configuration and data persistence +CONFIG_DIR=./config +DATA_DIR=./data +LOG_DIR=./logs + +# Logging options +LOG_MAX_SIZE=5m +LOG_MAX_FILE=5 diff --git a/mosquitto/README.md b/mosquitto/README.md new file mode 100644 index 0000000..a634e91 --- /dev/null +++ b/mosquitto/README.md @@ -0,0 +1,26 @@ +# Usage + +## Configuration + +```shell +cp config/files/acls.dist config/files/acls +cp config/files/passwords.dist config/files/passwords +cp config/files/passwords.dist config/files/passwords +cp config/mosquitto.conf.dist config/mosquitto.conf +``` + +Edit configuration to suit your needs. + +## Passwords + +To generate password hashes, you can use `pw` tool located at the `/mosquitto/pw` inside the container. + +```shell +docker compose exec mosquitto sh +/mosquitto/pw --help +/mosquitto/pw -p MyPasswordString +``` + +## ACL's + +Refer to the [documentation](https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#acl-file). diff --git a/mosquitto/config/.gitignore b/mosquitto/config/.gitignore new file mode 100644 index 0000000..006ca55 --- /dev/null +++ b/mosquitto/config/.gitignore @@ -0,0 +1,3 @@ +mosquitto.conf +files/passwords +files/acls \ No newline at end of file diff --git a/mosquitto/config/conf.d/go-auth.conf b/mosquitto/config/conf.d/go-auth.conf new file mode 100644 index 0000000..21d4409 --- /dev/null +++ b/mosquitto/config/conf.d/go-auth.conf @@ -0,0 +1,19 @@ +# Path to the Go auth plugin shared object +auth_plugin /mosquitto/go-auth.so + +# Configure the authentication backends (adjust as needed) +auth_opt_backends files + +# Specify the paths for passwords and ACLs +# https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#files +# Hashes may be generated using the `/mosquitto/pw` utility +auth_opt_files_password_path /etc/mosquitto/files/passwords +auth_opt_files_acl_path /etc/mosquitto/files/acls + +# Plugin-specific options (examples) +# https://github.com/iegomez/mosquitto-go-auth?tab=readme-ov-file#configuration +# auth_opt_postgres_host=db +# auth_opt_postgres_port=5432 +# auth_opt_postgres_user=user +# auth_opt_postgres_password=password +# auth_opt_postgres_dbname=mqtt diff --git a/mosquitto/config/files/acls.dist b/mosquitto/config/files/acls.dist new file mode 100644 index 0000000..dd734b1 --- /dev/null +++ b/mosquitto/config/files/acls.dist @@ -0,0 +1,12 @@ +user test1 +topic write test/topic/1 +topic read test/topic/2 + +user test2 +topic read test/topic/+ + +user test3 +topic read test/# + +pattern read test/%u +pattern read test/%c diff --git a/mosquitto/config/files/passwords.dist b/mosquitto/config/files/passwords.dist new file mode 100644 index 0000000..7746244 --- /dev/null +++ b/mosquitto/config/files/passwords.dist @@ -0,0 +1,2 @@ +test1:PBKDF2$sha512$100000$2WQHK5rjNN+oOT+TZAsWAw==$TDf4Y6J+9BdnjucFQ0ZUWlTwzncTjOOeE00W4Qm8lfPQyPCZACCjgfdK353jdGFwJjAf6vPAYaba9+z4GWK7Gg== +test2:PBKDF2$sha512$100000$o513B9FfaKTL6xalU+UUwA==$mAUtjVg1aHkDpudOnLKUQs8ddGtKKyu+xi07tftd5umPKQKnJeXf1X7RpoL/Gj/ZRdpuBu5GWZ+NZ2rYyAsi1g== diff --git a/mosquitto/config/mosquitto.conf.dist b/mosquitto/config/mosquitto.conf.dist new file mode 100644 index 0000000..84bad85 --- /dev/null +++ b/mosquitto/config/mosquitto.conf.dist @@ -0,0 +1,18 @@ +# Mosquitto configuration +persistence true +persistence_location /data/ +log_dest file /logs/mosquitto.log + +# Default listener for unencrypted connections +listener 1883 +allow_anonymous false + +# Optional TLS listener +listener 1884 +# Uncomment and configure the following for TLS +# cafile /etc/mosquitto/ca_certificates/ca.crt +# certfile /etc/mosquitto/certs/server.crt +# keyfile /etc/mosquitto/certs/server.key + +# Include directory for additional configuration files +include_dir /etc/mosquitto/conf.d diff --git a/mosquitto/data/.gitignore b/mosquitto/data/.gitignore new file mode 100644 index 0000000..a68d087 --- /dev/null +++ b/mosquitto/data/.gitignore @@ -0,0 +1,2 @@ +/* +!/.gitignore diff --git a/mosquitto/docker-compose.yml b/mosquitto/docker-compose.yml new file mode 100644 index 0000000..24d1952 --- /dev/null +++ b/mosquitto/docker-compose.yml @@ -0,0 +1,19 @@ +services: + mosquitto: + image: "iegomez/mosquitto-go-auth:${IMAGE_VERSION:-latest}" + container_name: mosquitto + hostname: mosquitto + volumes: + - "${CONFIG_DIR:-./config}:/etc/mosquitto" + - "${DATA_DIR:-./data}:/data" + - "${LOG_DIR:-./logs}:/logs" + ports: + - "${BIND_ADDR:-127.0.0.1}:${BIND_PORT_MQTT:-1883}:1883" + - "${BIND_ADDR:-127.0.0.1}:${BIND_PORT_WS:-1884}:1884" + env_file: .env + restart: unless-stopped + logging: + driver: "json-file" + options: + max-size: "${LOG_MAX_SIZE:-5m}" + max-file: "${LOG_MAX_FILE:-5}" diff --git a/mosquitto/logs/.gitignore b/mosquitto/logs/.gitignore new file mode 100644 index 0000000..a68d087 --- /dev/null +++ b/mosquitto/logs/.gitignore @@ -0,0 +1,2 @@ +/* +!/.gitignore -- 2.43.5