From 535e9a0e213d032680da0d6fd94629296b7ac5f7 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 16:55:58 +0100 Subject: [PATCH] Set mqtt permission --- doc/PRE_INSTALL.md | 4 +++- doc/PRE_INSTALL_fr.md | 4 +++- manifest.toml | 17 +++++++++++++---- scripts/install | 8 ++------ scripts/remove | 2 -- scripts/upgrade | 14 +++----------- 6 files changed, 24 insertions(+), 25 deletions(-) diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md index aca87ed..ef94d9d 100644 --- a/doc/PRE_INSTALL.md +++ b/doc/PRE_INSTALL.md @@ -1,4 +1,6 @@ ## Mosquitto Broker -During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. It's an optional setting: during install if you set the same domain as your main app domain, it won't be installed. +During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite. +It's an optional setting: during install if you set, for the MQTT domain, the same domain as your main app domain or enter an empty domain, the broker won't be installed. + diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md index 3a91d2a..16c2e80 100644 --- a/doc/PRE_INSTALL_fr.md +++ b/doc/PRE_INSTALL_fr.md @@ -1,4 +1,6 @@ ## Broker MQTT Mosquitto -À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. +À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. +Il est optionnel et si vous indiquez lors de l'installation un domaine vide ou le même domaine que le domaine principal pour le domaine MQTT, le broker ne sera pas installé. + diff --git a/manifest.toml b/manifest.toml index b6b38db..c61c673 100644 --- a/manifest.toml +++ b/manifest.toml @@ -43,11 +43,15 @@ ram.runtime = "50M" type = "group" default = "all_users" +# [install.init_mqtt_domain_permission] +# type="group" +# default="visitor" + [install.mqtt_domain] ask.fr = "Domaine MQTT" ask.en = "MQTT domain" - help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations" - help.en = "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info" + help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal ou à vide si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations" + help.en = "MQTT server domain. Set blank or the main domain if you don't wish to use it. See the doc for more info" type = "domain" optional = true @@ -75,12 +79,17 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" - main.auth_header=false + main.auth_header = false - api.url = "/_api/__APP_" + api.url = "__DOMAIN__/api_/__APP__" api.show_tile = false api.allowed = "visitors" + #Permission will be removed by the install script if not needed + mqtt.url = "__MQTT_DOMAIN__/" + mqtt.show_tile = false + mqtt.allowed = "visitors" + [resources.ports] main.default = 8080 #to be checked if it can become conditionnal diff --git a/scripts/install b/scripts/install index 51ea914..4755042 100755 --- a/scripts/install +++ b/scripts/install @@ -160,8 +160,6 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -#Not required in 2023.1 anymore -#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" #================================================= # SETUP SSOWAT @@ -169,10 +167,8 @@ ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed logi ynh_script_progression --message="Configuring permissions..." -#API & MQTT should stay publicly accessible. -#ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" -[[ "$domain" != "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" - +#If no MQTT have been set, we delete the mqtt permission. +[[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 699fc6c..357cb48 100755 --- a/scripts/remove +++ b/scripts/remove @@ -23,8 +23,6 @@ if [ "$domain" != "$mqtt_domain" ]; then ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" yunohost tools regen-conf postfix ynh_secure_remove --file="/var/log/mosquitto" - - fi ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 diff --git a/scripts/upgrade b/scripts/upgrade index 8e0ff75..4ec90c2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -61,15 +61,6 @@ if [[ -z "${mqtt_domain+x}" ]]; then ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain" fi -# Create the permission "domoticz_MQTT" only if it doesn't exist. -if [ "$domain" != "$mqtt_domain" ]; then - if ! ynh_permission_exists --permission="domoticz_MQTT" - then - # API Authorization with dedicated URL - ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" - fi -fi - #remove unwanted log folder if [ -d "/var/log/$app/$app" ]; then ynh_secure_remove "/var/log/$app/$app" @@ -131,6 +122,9 @@ if [ "$domain" != "$mqtt_domain" ]; then ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" fi +else + #If no MQTT have been set, we delete the mqtt permission. + [[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt" fi #================================================= @@ -190,8 +184,6 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -#not required in 2023.1 anymore -#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" #================================================= # INTEGRATE SERVICE IN YUNOHOST