FEAT : authn mqtt + ssl WIP

.gitignore

@@ -1,2 +1,4 @@
 __pycache__
 venv/
+ssl/
+password.*

config/seeed-studio.yaml

@@ -100,6 +100,8 @@ mqtt:
   broker: "pc-raymond.home"
   id: mqtt1
   log_topic: null
+  username: admin
+  password: !secret mqtt
   birth_message:
     topic: rbo
     payload: 'Nouvelle connexion MQTT...'

mqtt/compose.yml

@@ -2,8 +2,8 @@ services:
   mqtt:
     image: eclipse-mosquitto:2.0
     restart: unless-stopped
-    # volumes:
+    volumes:
-    #   - /grab/data/mosquitto:/mosquitto
+      - ./config:/mosquitto/config
     ports:
       - 1883:1883
-    command: "mosquitto -c /mosquitto-no-auth.conf"
+      - 8883:8883

mqtt/config/acl.conf

@@ -0,0 +1,2 @@
+user admin
+topic readwrite #

mqtt/config/mosquitto.conf

@@ -0,0 +1,13 @@
+listener 1883
+protocol mqtt
+
+listener 8883
+protocol mqtt
+cafile /mosquitto/config/ssl/mosquitto.crt
+certfile /mosquitto/config/ssl/mosquitto.crt
+keyfile /mosquitto/config/ssl/mosquitto.key
+
+allow_anonymous false
+password_file /mosquitto/config/password.txt
+
+acl_file /mosquitto/config/acl.conf

notes.md

@@ -18,3 +18,29 @@ Numéro de lot : 2502
 Propriétaire : Shandong Saien Electronic Technology Co., Ltd.
 Adresse : n° 1193, route Gangyuan, ville de Jinan, province du Shandong
 ```
+
+## Soft
+
+### conf mosquitto
+
+### Génération clés SSL
+
+```
+openssl req -x509 -newkey rsa:2048 -keyout mosquitto.key -out mosquitto.crt \
+  -days 36500 -nodes \
+  -subj "/CN=pc-raymond.home"
+```
+
+NB :  Clé valable 100 ans
+
+### Génération couple user/passw
+
+docker run -it --rm -v /tmp:/mosquitto/config eclipse-mosquitto mosquitto_passwd -c /mosquitto/config/password.txt admin
+
+### lire topic
+
+```
+docker run --add-host host.docker.internal:host-gateway -it eclipse-mosquitto mosquitto_sub \
+-u <username> -P <password> \
+-h host.docker.internal -p 1883 -t "rbo2"
+```