diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 25 |
1 files changed, 24 insertions, 1 deletions
@@ -1,7 +1,8 @@ -Contains two scripts: +Contains: - Bash script generating rrd database and generating graphs from it - Python script readding from MQTT and updating rrd database - Settings for the Python script + - Python script regenerating certificates within grace period of their expiry. DEPENDENCIES: - configparser @@ -18,6 +19,7 @@ Steps to get going: - Set up certificates (Check out Pico project for Bash script generating them) - Run Python script. - Set up cron job regenerating graphs with frequency to your liking. + - Set up SSL/TLS certificates with scripts provided. Certificate directory structure shall adhere to the schema below. (So that I don't forget:) What is still missing: @@ -25,3 +27,24 @@ What is still missing: - Python script could generate more graphs based on averages from rrd database showing long term trends. - Graph generation could be done with rrdcgi (not sure it is needed though) - Documentation is lacking detailed step by step setup guide. + - In order to prevent a rougue client from publishing to a certificate renewal channel, Access Controll List needs to be implemented. + - There should be a script generating ACL file. + - Before adding a certificate for a user ACL file shall be updated. + +Certificate directory structure: + +$ tree -d /etc/mosquitto/certs +├── CA +├── DH +├── clients +│ ├── onge +│ └── pico +├── csr_files +└── server + +The acl file shall be located at: +$ /etc/mosquitto/mosquitto.acl + +An entry shall be present in the acl file: + +$ pattern readwrite cert_reneval/%c/# |