Differences

This shows you the differences between two versions of the page.

--- services:svxreflector [2023/03/16 07:28] – f4hof
+++ services:svxreflector [2023/03/16 16:24] (current) – f4hof
@@ Line 301: / Line 301: @@
 ==== Mosquitto ====
-<code - bash>
+Remplacer ''admin-user'' par le nom d'utilisateur de votre administrateur pour le plugin de sécurité dynamique.
-apt install mosquitto
+<code bash>
+apt install mosquitto
+mosquitto_ctrl dynsec init /var/lib/mosquitto/dynamic-security.json admin-user
+chown mosquitto:mosquitto /var/lib/mosquitto/dynamic-security.json
 </code>
-<pre>listener 1883
+<code - /etc/mosquitto/conf.d/general.conf>listener 1883
 allow_anonymous false
 per_listener_settings false
 plugin /usr/lib/x86_64-linux-gnu/mosquitto_dynamic_security.so
-plugin_opt_config_file /var/lib/mosquitto/dynamic-security.json</pre>
+plugin_opt_config_file /var/lib/mosquitto/dynamic-security.json</code>
+FIXME TODO
+<code bash>
+systemctl restart mosquitto.service
+ufw allow from any to any port 1883
+mosquitto_ctrl dynsec createRole repeater
+mosquitto_ctrl dynsec addRoleACL repeater subscribePattern repeaters/%u allow 0
+mosquitto_ctrl dynsec addRoleACL repeater publishClientSend repeaters/%u/ack allow 0
+mosquitto_ctrl dynsec createRole masterController
+mosquitto_ctrl dynsec addRoleACL masterController publishClientSend repeaters/+ allow 0
+mosquitto_ctrl dynsec addRoleACL masterController subscribePattern repeaters/+/ack allow 0
+mosquitto_ctrl dynsec createGroup gr_admin
+mosquitto_ctrl dynsec createGroup gr_master_controllers
+mosquitto_ctrl dynsec createGroup gr_repeaters
+mosquitto_ctrl dynsec addGroupRole gr_admin admin
+mosquitto_ctrl dynsec addGroupRole gr_repeaters repeater
+mosquitto_ctrl dynsec addGroupRole gr_master_controllers masterController
+</code>
+Where acltype is one of publishClientSend, publishClientReceive, subscribeLiteral, subscribePattern, unsubscribeLiteral, and unsubscribePattern.
+https://mosquitto.org/documentation/dynamic-security/#creating-and-modifying-roles