From d851ec6effdf48b1628ae2aec65718f77c2f0481 Mon Sep 17 00:00:00 2001 From: ludeeus Date: Sun, 24 Mar 2019 14:39:25 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A8=20Rewrite=20to=20use=20bashio?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rootfs/etc/cont-init.d/10-requirements.sh | 130 ++++++++++++++---- mqtt/rootfs/etc/cont-init.d/20-mqtt_broker.sh | 62 +++++---- mqtt/rootfs/etc/cont-init.d/21-mqtt_web.sh | 10 +- mqtt/rootfs/etc/cont-init.d/40-nginx.sh | 14 +- mqtt/rootfs/etc/services.d/mosquitto/run | 12 +- mqtt/rootfs/etc/services.d/nginx/run | 14 +- 6 files changed, 153 insertions(+), 89 deletions(-) diff --git a/mqtt/rootfs/etc/cont-init.d/10-requirements.sh b/mqtt/rootfs/etc/cont-init.d/10-requirements.sh index 5c7ec68..3bc7b8c 100644 --- a/mqtt/rootfs/etc/cont-init.d/10-requirements.sh +++ b/mqtt/rootfs/etc/cont-init.d/10-requirements.sh @@ -1,43 +1,115 @@ -#!/usr/bin/with-contenv bash +#!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: MQTT Server & Web client # This files check if all user configuration requirements are met # ============================================================================== -# shellcheck disable=SC1091 -source /usr/lib/hassio-addons/base.sh - -# Checks for broker -if hass.config.true 'broker.enabled' \ - && hass.config.false 'broker.allow_anonymous' \ - && ! ( \ - hass.config.exists 'leave_front_door_open' \ - && hass.config.true 'leave_front_door_open' \ - ); then - if ! hass.config.has_value 'mqttusers[0].username'; then - hass.die 'Missing username for MQTT User' - fi - if ! hass.config.has_value 'mqttusers[0].password'; then - hass.die 'Missing password for MQTT User' - fi + +# Ensure not both web & mqtt are disabled +if bashio::config.false 'web.enable' && bashio::config.false 'broker.enable'; then + bashio::exit.nok 'Both Web & MQTT are disabled. Aborting.' fi -# Check SSL requirements, if enabled -if hass.config.true 'broker.enable_ws_ssl' \ - || hass.config.true 'broker.enable_mqtt_ssl' \ - || (hass.config.true 'web.enabled' && hass.config.true 'web.ssl'); then - if ! hass.config.has_value 'certfile'; then - hass.die 'SSL is enabled, but no certfile was specified' +# Notify user if web is disabled +if bashio::config.false 'web.enable'; then + bashio::log.notice 'The Web client has been disabled!' +fi + +# Notify user if mqtt is disabled +if bashio::config.false 'broker.enable'; then + bashio::log.notice 'The MQTT Broker has been disabled!' +fi + +# Checks for the web client +if bashio::config.true 'web.enable'; then + + if ! bashio::config.true 'leave_front_door_open'; then + bashio::config.require.username 'web.username'; + bashio::config.require.password 'web.password'; fi - if ! hass.config.has_value 'keyfile'; then - hass.die 'SSL is enabled, but no keyfile was specified' + # We need a username to go with the password + if bashio::config.is_empty 'web.username' \ + && bashio::config.has_value 'web.password'; + then + bashio::log.fatal + bashio::log.fatal 'You have set a Web client password using the' + bashio::log.fatal '"web.password" option, but the "web.username" option' + bashio::log.fatal 'is left empty. Login without a username but with a' + bashio::log.fatal 'password is not possible.' + bashio::log.fatal + bashio::log.fatal 'Please set a username in the "web.username" option.' + bashio::log.fatal + bashio::exit.nok fi - if ! hass.file_exists "/ssl/$(hass.config.get 'certfile')"; then - hass.die 'The configured certfile is not found' + # We need a password to go with the username + if bashio::config.has_value 'web.username' \ + && bashio::config.is_empty 'web.password'; + then + bashio::log.fatal + bashio::log.fatal 'You have set a Web client username using the' + bashio::log.fatal '"web.username" option, but the "web.password" option' + bashio::log.fatal 'is left empty. Login without a password but with a' + bashio::log.fatal 'username is not possible.' + bashio::log.fatal + bashio::log.fatal 'Please set a password in the "web.password" option.' + bashio::log.fatal + bashio::exit.nok fi - if ! hass.file_exists "/ssl/$(hass.config.get 'keyfile')"; then - hass.die 'The configured keyfile is not found' + # Require a secure password + if bashio::config.has_value 'web.password' \ + && ! bashio::config.true 'i_like_to_be_pwned'; then + bashio::config.require.safe_password 'web.password' fi + + bashio::config.require.ssl 'web.ssl' 'certfile' 'keyfile' fi + +# Checks for the mqtt broker +if bashio::config.true 'broker.enable'; then + + if ! bashio::config.true 'leave_front_door_open'; then + bashio::config.require.username 'broker.username'; + bashio::config.require.password 'broker.password'; + fi + + # We need a username to go with the password + if bashio::config.is_empty 'mqttusers[0].username' \ + && bashio::config.has_value 'broker.password'; + then + bashio::log.fatal + bashio::log.fatal 'You have set a password using the' + bashio::log.fatal '"mqttusers" option, but the username for it' + bashio::log.fatal 'is left empty. Login without a username but with a' + bashio::log.fatal 'password is not possible.' + bashio::log.fatal + bashio::log.fatal 'Please set a username in the "mqttusers" option.' + bashio::log.fatal + bashio::exit.nok + fi + + # We need a password to go with the username + if bashio::config.has_value 'broker.username' \ + && bashio::config.is_empty 'broker.password'; + then + bashio::log.fatal + bashio::log.fatal 'You have set a password using the' + bashio::log.fatal '"mqttusers" option, but the password for it' + bashio::log.fatal 'is left empty. Login without a password but with a' + bashio::log.fatal 'username is not possible.' + bashio::log.fatal + bashio::log.fatal 'Please set a password in the "mqttusers" option.' + bashio::log.fatal + bashio::exit.nok + fi + + # Require a secure password + if bashio::config.has_value 'mqttusers[0].password' \ + && ! bashio::config.true 'i_like_to_be_pwned'; then + bashio::config.require.safe_password 'mqttusers[0].password' + fi + + bashio::config.require.ssl 'broker.enable_ws_ssl' 'certfile' 'keyfile' + bashio::config.require.ssl 'broker.enable_ssl' 'certfile' 'keyfile' +fi \ No newline at end of file diff --git a/mqtt/rootfs/etc/cont-init.d/20-mqtt_broker.sh b/mqtt/rootfs/etc/cont-init.d/20-mqtt_broker.sh index f661d1b..d0c6877 100644 --- a/mqtt/rootfs/etc/cont-init.d/20-mqtt_broker.sh +++ b/mqtt/rootfs/etc/cont-init.d/20-mqtt_broker.sh @@ -1,13 +1,11 @@ -#!/usr/bin/with-contenv bash +#!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: MQTT Server & Web client # Configures Hivemq for use with MQTT Server & Web client # ============================================================================== -# shellcheck disable=SC1091 -source /usr/lib/hassio-addons/base.sh # Only run this if the broker part of the add-on are enabled. -if hass.config.true 'broker.enabled'; then +if bashio::config.true 'broker.enabled'; then # Set config file readonly CONFIG='/opt/mosquitto.conf' @@ -16,60 +14,64 @@ if hass.config.true 'broker.enabled'; then readonly ACL_FILE='/opt/acl' readonly PERSISTENCE_LOCATION='/data/mosquitto/' - if ! hass.directory_exists "$PERSISTENCE_LOCATION"; then + if ! bashio::fs.directory_exists "$PERSISTENCE_LOCATION"; then mkdir -p "$PERSISTENCE_LOCATION" fi chown mosquitto:mosquitto -R "$PERSISTENCE_LOCATION" # Remove config file if it exist - if hass.file_exists "$CONFIG"; then + if bashio::fs.file_exists "$CONFIG"; then rm "$CONFIG" fi - if hass.config.true 'broker.enabled'; then - hass.log.info 'Adding configuration for MQTT Server...' + if bashio::config.true 'broker.enabled'; then + bashio::log.info 'Adding configuration for MQTT Server...' # Create config file touch "$CONFIG" # Set default config { echo "log_dest stdout"; \ + echo "log_type websockets"; \ + echo "websockets_log_level 255"; \ echo "persistence true"; \ echo "persistence_location $PERSISTENCE_LOCATION"; } >> "$CONFIG" # Set websocket configurtation - if hass.config.true 'broker.enable_ws'; then - hass.log.info 'Setting configuration for websockets...' + if bashio::config.true 'broker.enable_ws'; then + bashio::log.info 'Setting configuration for websockets...' echo "listener 1884" >> "$CONFIG" echo "protocol websockets" >> "$CONFIG" + echo "socket_domain ipv4" >> "$CONFIG" fi # Set websocket SSL configurtation - if hass.config.true 'broker.enable_ws_ssl'; then + if bashio::config.true 'broker.enable_ws_ssl'; then { echo "listener 4884"; \ echo "protocol websockets"; \ - echo "cafile /ssl/$(hass.config.get 'certfile')"; \ - echo "certfile /ssl/$(hass.config.get 'certfile')"; \ - echo "keyfile /ssl/$(hass.config.get 'keyfile')"; } >> "$CONFIG" + echo "socket_domain ipv4"; \ + echo "cafile /ssl/$(bashio::config 'certfile')"; \ + echo "certfile /ssl/$(bashio::config 'certfile')"; \ + echo "keyfile /ssl/$(bashio::config 'keyfile')"; } >> "$CONFIG" fi # Set MQTT configurtation - if hass.config.true 'broker.enable_mqtt'; then - hass.log.info 'Setting configuration for mqtt...' + if bashio::config.true 'broker.enable_mqtt'; then + bashio::log.info 'Setting configuration for mqtt...' echo "listener 1883" >> "$CONFIG" echo "protocol mqtt" >> "$CONFIG" fi # Set MQTT SSL configurtation - if hass.config.true 'broker.enable_mqtt_ssl'; then + if bashio::config.true 'broker.enable_mqtt_ssl'; then { echo "listener 4883"; \ echo "protocol mqtt"; \ - echo "cafile /ssl/$(hass.config.get 'certfile')"; \ - echo "certfile /ssl/$(hass.config.get 'certfile')"; \ - echo "keyfile /ssl/$(hass.config.get 'keyfile')"; } >> "$CONFIG" + echo "cafile /ssl/$(bashio::config 'certfile')"; \ + echo "certfile /ssl/$(bashio::config 'certfile')"; \ + echo "keyfile /ssl/$(bashio::config 'keyfile')"; } >> "$CONFIG" fi # Allow anonymous auth? - if hass.config.true 'broker.allow_anonymous'; then + if bashio::config.true 'broker.allow_anonymous'; then echo "allow_anonymous true" >> "$CONFIG" else echo "allow_anonymous false" >> "$CONFIG" @@ -79,18 +81,18 @@ if hass.config.true 'broker.enabled'; then touch "$ACL_FILE" # Set username and password for the broker - if ! hass.config.true 'leave_front_door_open'; then + if ! bashio::config.true 'leave_front_door_open'; then touch "$PWFILE" echo "acl_file $ACL_FILE" >> "$CONFIG" echo "password_file $PWFILE" >> "$CONFIG" - for key in $(hass.config.get 'mqttusers | keys[]'); do - username=$(hass.config.get "mqttusers[${key}].username") - password=$(hass.config.get "mqttusers[${key}].password") + for key in $(bashio::config 'mqttusers | keys[]'); do + username=$(bashio::config "mqttusers[${key}].username") + password=$(bashio::config "mqttusers[${key}].password") mosquitto_passwd -b "$PWFILE" "$username" "$password" echo "user $username" >> "$ACL_FILE" - for entry in $(hass.config.get "mqttusers[${key}].topics"); do + for entry in $(bashio::config "mqttusers[${key}].topics"); do topic="$entry" - if hass.config.true "mqttusers[${key}].readonly"; then + if bashio::config.true "mqttusers[${key}].readonly"; then echo "topic read $topic" >> "$ACL_FILE" else echo "topic readwrite $topic" >> "$ACL_FILE" @@ -99,14 +101,14 @@ if hass.config.true 'broker.enabled'; then done else # Remove pefile if it should not be used - if hass.file_exists "$PWFILE"; then + if bashio::fs.file_exists "$PWFILE"; then rm "$PWFILE" fi fi fi # Add custom mosquitto.config to config if one exist - if hass.file_exists "$CUSTOM_CONFIG"; then - hass.log.info "Adding custom entries to configuration." + if bashio::fs.file_exists "$CUSTOM_CONFIG"; then + bashio::log.info "Adding custom entries to configuration." # shellcheck disable=SC2002 cat "$CUSTOM_CONFIG" | tee -a "$CONFIG" > /dev/null fi diff --git a/mqtt/rootfs/etc/cont-init.d/21-mqtt_web.sh b/mqtt/rootfs/etc/cont-init.d/21-mqtt_web.sh index 293d845..1e8c6ff 100644 --- a/mqtt/rootfs/etc/cont-init.d/21-mqtt_web.sh +++ b/mqtt/rootfs/etc/cont-init.d/21-mqtt_web.sh @@ -1,18 +1,16 @@ -#!/usr/bin/with-contenv bash +#!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: MQTT Server & Web client # Configures Hivemq for use with MQTT Server & Web client # ============================================================================== -# shellcheck disable=SC1091 -source /usr/lib/hassio-addons/base.sh # Only run this if the web part of the add-on are enabled. -if hass.config.true 'web.enabled'; then +if bashio::config.true 'web.enabled'; then readonly CONFIG='/app/config.js' # Remove config file if it exist - if hass.file_exists "$CONFIG"; then + if bashio::fs.file_exists "$CONFIG"; then rm "$CONFIG" fi @@ -21,7 +19,7 @@ if hass.config.true 'web.enabled'; then echo "websocketserver = '""';" >> "$CONFIG" # Set default WS port and enable SSL for broker connection - if hass.config.true 'broker.enable_ws_ssl'; then + if bashio::config.true 'broker.enable_ws_ssl'; then sed -i 's/%%SSL_VALUE%%/checked="checked"/' /app/index.html echo 'websocketport = 4884;' >> "$CONFIG" else diff --git a/mqtt/rootfs/etc/cont-init.d/40-nginx.sh b/mqtt/rootfs/etc/cont-init.d/40-nginx.sh index 2d15641..e5d97a7 100644 --- a/mqtt/rootfs/etc/cont-init.d/40-nginx.sh +++ b/mqtt/rootfs/etc/cont-init.d/40-nginx.sh @@ -1,18 +1,16 @@ -#!/usr/bin/with-contenv bash +#!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: MQTT Server & Web client # Configures NGINX for use with MQTT Server & Web client # ============================================================================== -# shellcheck disable=SC1091 -source /usr/lib/hassio-addons/base.sh declare certfile declare keyfile # Only run this if the web part of the add-on are enabled. -if hass.config.true 'web.enabled'; then +if bashio::config.true 'web.enabled'; then # Remove LUA auth if leave_front_door_open == True - if hass.config.true 'leave_front_door_open'; then + if bashio::config.true 'leave_front_door_open'; then sed -i "/access_by_lua_file/d" /etc/nginx/nginx.conf sed -i "/access_by_lua_file/d" /etc/nginx/nginx-ssl.conf sed -i "/load_module/d" /etc/nginx/nginx.conf @@ -21,9 +19,9 @@ if hass.config.true 'web.enabled'; then sed -i "/lua_shared_dict/d" /etc/nginx/nginx-ssl.conf fi # Enable SSL - if hass.config.true 'web.ssl'; then - certfile=$(hass.config.get 'certfile') - keyfile=$(hass.config.get 'keyfile') + if bashio::config.true 'web.ssl'; then + certfile=$(bashio::config 'certfile') + keyfile=$(bashio::config 'keyfile') sed -i "s/%%certfile%%/${certfile}/g" /etc/nginx/nginx-ssl.conf sed -i "s/%%keyfile%%/${keyfile}/g" /etc/nginx/nginx-ssl.conf fi diff --git a/mqtt/rootfs/etc/services.d/mosquitto/run b/mqtt/rootfs/etc/services.d/mosquitto/run index 23c2735..2f95fc9 100644 --- a/mqtt/rootfs/etc/services.d/mosquitto/run +++ b/mqtt/rootfs/etc/services.d/mosquitto/run @@ -1,25 +1,23 @@ -#!/usr/bin/with-contenv bash +#!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: MQTT Server & Web client # Runs the MQTT Server # ============================================================================== -# shellcheck disable=SC1091 -source /usr/lib/hassio-addons/base.sh declare -a options -if hass.config.false 'broker.enabled'; then +if bashio::config.false 'broker.enabled'; then while true; do - hass.log.debug 'MQTT Server are not enabled...' + bashio::log.debug 'MQTT Server are not enabled...' exec sleep 86400 done fi options+=(-c /opt/mosquitto.conf) -if hass.debug; then +if bashio::debug; then options+=(-v) fi -hass.log.info "Starting mosquitto MQTT Server..." +bashio::log.info "Starting mosquitto MQTT Server..." exec mosquitto "${options[@]}" \ No newline at end of file diff --git a/mqtt/rootfs/etc/services.d/nginx/run b/mqtt/rootfs/etc/services.d/nginx/run index 68cd41e..aae81e8 100644 --- a/mqtt/rootfs/etc/services.d/nginx/run +++ b/mqtt/rootfs/etc/services.d/nginx/run @@ -1,25 +1,21 @@ -#!/usr/bin/with-contenv bash +#!/usr/bin/with-contenv bashio # ============================================================================== # Community Hass.io Add-ons: MQTT Server & Web client # Runs the NGINX daemon # ============================================================================== -# shellcheck disable=SC1091 -source /usr/lib/hassio-addons/base.sh - -if hass.config.false 'web.enabled'; then +if bashio::config.false 'web.enabled'; then while true; do - hass.log.debug 'Web are not enabled...' exec sleep 86400 done fi # Disable HA Authentication if front door is open -if hass.config.true 'leave_front_door_open'; then +if bashio::config.true 'leave_front_door_open'; then export DISABLE_HA_AUTHENTICATION=true fi -hass.log.info "Starting NGINX for the MQTT client..." -if hass.config.true 'web.ssl'; then +bashio::log.info "Starting NGINX for the MQTT client..." +if bashio::config.true 'web.ssl'; then options='/etc/nginx/nginx-ssl.conf' else options='/etc/nginx/nginx.conf'