62 lines
1.8 KiB
YAML
62 lines
1.8 KiB
YAML
services:
|
|
mosquitto:
|
|
image: eclipse-mosquitto:2
|
|
container_name: ${CONTAINER_NAME:-mosquitto}
|
|
restart: unless-stopped
|
|
|
|
environment:
|
|
TZ: ${TZ:-Europe/Berlin}
|
|
MQTT_USER: ${MQTT_USER:-mqttuser}
|
|
MQTT_PORT: ${MQTT_PORT:-1883}
|
|
|
|
volumes:
|
|
# Dein einziges Root-Volume
|
|
- ${VOLUME_ROOT:-./mosquitto}/config:/mosquitto/config
|
|
- ${VOLUME_ROOT:-./mosquitto}/data:/mosquitto/data
|
|
- ${VOLUME_ROOT:-./mosquitto}/log:/mosquitto/log
|
|
|
|
# Host-Zertifikate (read-only), z.B. für Bridges
|
|
- /etc/ssl/certs:/etc/ssl/certs:ro
|
|
|
|
ports:
|
|
- "${MQTT_PORT:-1883}:1883"
|
|
|
|
dns:
|
|
- ${DNS_SERVER}
|
|
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
CONF=/mosquitto/config/mosquitto.conf
|
|
PASSWD=/mosquitto/config/passwd
|
|
|
|
echo "=== Preparing directories ==="
|
|
mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log
|
|
|
|
echo "=== Checking mosquitto.conf ==="
|
|
if [ ! -f "$CONF" ]; then
|
|
echo "Generating mosquitto.conf..."
|
|
printf '%s\n' \
|
|
"listener ${MQTT_PORT:-1883}" \
|
|
"allow_anonymous false" \
|
|
"password_file /mosquitto/config/passwd" \
|
|
> "$CONF"
|
|
else
|
|
echo "Existing mosquitto.conf found."
|
|
fi
|
|
|
|
echo "=== Checking user ==="
|
|
if [ ! -f "$PASSWD" ]; then
|
|
echo "Generating random password for user: $MQTT_USER"
|
|
RANDOM_PASS=$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)
|
|
echo "Generated password (save this!):"
|
|
echo "$RANDOM_PASS"
|
|
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"
|
|
else
|
|
echo "Password file exists — skipping user creation."
|
|
fi
|
|
|
|
echo "=== Starting Mosquitto ==="
|
|
mosquitto -c "$CONF"
|