added env constants to docker.

AugustHA-Iterator · AugustHA-Iterator · commit fa7e9872dfd0 · 2023-05-16T15:26:58.000+02:00
diff --git a/.gitignore b/.gitignore
@@ -2,4 +2,5 @@
 ca.crt
 ca.key
 server.crt
-server.key
+server.key
+server.csr
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -98,6 +98,7 @@ services:
       MQTT_BROKER_HOSTNAME: # Change this to the public ip/hostname of the mqtt broker
       ENCRYPTION_SYMMETRIC_KEY: # Change this to the symmetric key generated
       CA_KEY_PASSWORD: # Change this to the password of the generated CA certificate key
+      MQTT_SUPER_USER_PASSWORD: # Change this to the password for the internal super user.
     volumes:
       - ./configuration/mosquitto-broker-os2iot/ca.crt:/tmp/os2iot/backend/dist/resources/ca.crt
       - ./configuration/mosquitto-broker-os2iot/ca.key:/tmp/os2iot/backend/dist/resources/ca.key
diff --git a/helm/charts/mosquitto-os2iot/templates/configmap.yaml b/helm/charts/mosquitto-os2iot/templates/configmap.yaml
@@ -23,7 +23,7 @@ data:
     auth_opt_pg_superquery SELECT COUNT(*) FROM iot_device WHERE (mqttusername = $1 AND permissions = 'superUser')
     auth_opt_pg_aclquery SELECT mqttTopicName FROM iot_device WHERE (mqttUsername = $1 AND permissions = 'write') OR (9 = $2 AND mqttUsername = $1)
 
-    auth_opt_pg_sslmode disable
+    auth_opt_pg_sslmode verify-ca
     auth_opt_hasher pbkdf2
 
     auth_opt_hasher_salt_size 16
@@ -45,9 +45,12 @@ data:
     auth_opt_pg_user {{ .Values.deployment.env.DATABASE_USERNAME }}
     auth_opt_pg_password {{ .Values.deployment.env.DATABASE_PASSWORD }}
     auth_opt_pg_dbname {{ .Values.deployment.env.DATABASE_NAME }}
+    auth_opt_pg_userquery SELECT mqttPassword FROM iot_device WHERE mqttUsername = $1 limit 1
     auth_opt_pg_superquery SELECT COUNT(*) FROM iot_device WHERE (mqttusername = $1 AND permissions = 'superUser')
     auth_opt_pg_aclquery SELECT mqttTopicName FROM iot_device WHERE (mqttUsername = $1 AND permissions = 'write') OR (9 = $2 AND mqttUsername = $1)
 
+    auth_opt_pg_sslmode verify-ca
+
     cafile /etc/mosquitto/ca_certificates/ca.crt
     keyfile /etc/mosquitto/certs/server.key
     certfile /etc/mosquitto/certs/server.crt
diff --git a/helm/charts/os2iot-backend/templates/deployment.yaml b/helm/charts/os2iot-backend/templates/deployment.yaml
@@ -81,6 +81,14 @@ spec:
               value: some-login-pass
             - name: EMAIL_FROM
               value: some-from-email@somehost.dk
+            - name: MQTT_SUPER_USER_PASSWORD 
+              value: some-super-user-password
+            - name: MQTT_BROKER_HOSTNAME
+              value: some-mqtt-broker-hostname
+            - name: ENCRYPTION_SYMMETRIC_KEY
+              value: some-encryption-symmetric-key
+            - name: CA_KEY_PASSWORD
+              value: some-ca-key-password
            volumeMounts:
             - name: secret-ca-crt
               mountPath: /tmp/os2iot/backend/dist/resources
