Add settings.cfg.example and certificate validity checkHEADmaster

1 files changed, 24 insertions, 1 deletions

diff --git a/README.md b/README.md
index 11997c4..28ea69b 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,8 @@
-Contains two scripts:
+Contains:
     - Bash script generating rrd database and generating graphs from it
     - Python script readding from MQTT and updating rrd database
     - Settings for the Python script
+    - Python script regenerating certificates within grace period of their expiry.
 
 DEPENDENCIES:
     - configparser
@@ -18,6 +19,7 @@ Steps to get going:
     - Set up certificates (Check out Pico project for Bash script generating them)
     - Run Python script.
     - Set up cron job regenerating graphs with frequency to your liking.
+    - Set up SSL/TLS certificates with scripts provided. Certificate directory structure shall adhere to the schema below.
 
 (So that I don't forget:)
 What is still missing:
@@ -25,3 +27,24 @@ What is still missing:
     - Python script could generate more graphs based on averages from rrd database showing long term trends.
     - Graph generation could be done with rrdcgi (not sure it is needed though)
     - Documentation is lacking detailed step by step setup guide.
+    - In order to prevent a rougue client from publishing to a certificate renewal channel, Access Controll List needs to be implemented.
+    - There should be a script generating ACL file.
+    - Before adding a certificate for a user ACL file shall be updated.
+
+Certificate directory structure:
+
+$ tree -d /etc/mosquitto/certs
+├── CA
+├── DH
+├── clients
+│   ├── onge
+│   └── pico
+├── csr_files
+└── server
+
+The acl file shall be located at:
+$ /etc/mosquitto/mosquitto.acl
+
+An entry shall be present in the acl file:
+
+$ pattern readwrite cert_reneval/%c/#