added eclipse-mosquitto broker with cedalo management center

apps/eclipse-mosquitto/config.json

@@ -0,0 +1,34 @@
+{
+  "$schema": "../schema.json",
+  "name": "Eclipse Mosquitto",
+  "port": 8288,
+  "available": true,
+  "exposable": true,
+  "id": "eclipse-mosquitto",
+  "tipi_version": 1,
+  "version": "2.0.18",
+  "categories": [
+    "utilities", 
+    "automation"
+  ],
+  "description": "Eclipse Mosquitto is an open source message broker that implements the MQTT protocol.",
+  "short_desc": "open source message broker",
+  "author": "Eclipse Foundation",
+  "source": "https://github.com/eclipse/mosquitto/",
+  "website": "https://mosquitto.org/",
+  "form_fields": [
+    {
+      "type": "password",
+      "label": "MQTT Broker Admin Password",
+      "max": 50,
+      "min": 6,
+      "required": true,
+      "env_variable": "MQTT_ADMIN_PASSWORD"
+    }
+  ],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
+}
+

apps/eclipse-mosquitto/data/config/mosquitto.conf

@@ -0,0 +1,27 @@
+#    Copyright 2022 Shantanoo "Shan" Desai <shantanoo.desai@gmail.com>
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# Mosquitto v2.0 Configuration File
+
+# Default Port
+listener 1883
+
+# Dynamic Security Plugin
+plugin /usr/lib/mosquitto_dynamic_security.so 
+
+# Path to the Dynamic Security JSON file
+# WILL BE GENERATED THROUGH INIT CONTAINER
+plugin_opt_config_file /mosquitto/config/dynamic-security.json
+
+# Ever User / Client should follow the given RBAC rules
+per_listener_settings false

apps/eclipse-mosquitto/data/scripts/dynsec-setup.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+#    Copyright 2022 Shantanoo "Shan" Desai <shantanoo.desai@gmail.com>
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+# Setup Script to be executed in a Docker Init Container
+
+# Set Default Admin Credentials for Dynamic Security Plugin Configuration
+DEFAULT_DYNSEC_ADMIN=admin
+DEFAULT_DYNSEC_PASSWORD=securePassword
+DYNSEC_FILE_PATH=/mosquitto/config/dynamic-security.json
+
+# Set values if provided via Environment Variables in the Docker Init Container
+MQTT_DYNSEC_ADMIN_USER=${MQTT_DYNSEC_ADMIN_USER:-DEFAULT_DYNSEC_ADMIN}
+MQTT_DYNSEC_ADMIN_PASSWORD=${MQTT_DYNSEC_ADMIN_PASSWORD:-DEFAULT_DYNSEC_PASSWORD}
+
+echo "Admin/Pass: ${MQTT_DYNSEC_ADMIN_USER}/${MQTT_DYNSEC_ADMIN_PASSWORD}" ## DEBUG
+
+# Set the Admin Credentials for RBAC control via Dyamic Security Plugin
+mosquitto_ctrl dynsec init ${DYNSEC_FILE_PATH} ${MQTT_DYNSEC_ADMIN_USER} ${MQTT_DYNSEC_ADMIN_PASSWORD}
+
+chmod 700 ${DYNSEC_FILE_PATH}
+chown 1883:1883 ${DYNSEC_FILE_PATH}
+
+exec "$@"

apps/eclipse-mosquitto/docker-compose.yml

@@ -0,0 +1,68 @@
+version: '3.7'
+
+services:
+  mosquitto-management-center:
+    image: cedalo/management-center:dev
+    container_name: mosquitto-management-center
+    environment:
+      - TZ=${TZ}
+      - CEDALO_MC_BROKER_ID=mosquitto-broker
+      - CEDALO_MC_BROKER_NAME=mosquitto-broker-2
+      - CEDALO_MC_BROKER_URL=mqtt://mosquitto-broker:1883
+      - CEDALO_MC_BROKER_USERNAME=admin
+      - CEDALO_MC_BROKER_PASSWORD=${MQTT_ADMIN_PASSWORD}
+      - CEDALO_MC_USERNAME=admin
+      - CEDALO_MC_PASSWORD=admin
+    ports:
+      - ${APP_PORT}:8088
+    expose:
+      - 8088
+    depends_on:
+      - mosquitto-broker
+    networks:
+      - tipi_main_network
+    restart: unless-stopped
+    labels:
+      # Main
+      traefik.enable: true
+      traefik.http.middlewares.mosquitto-web-redirect.redirectscheme.scheme: https
+      traefik.http.services.mosquitto.loadbalancer.server.port: 8088
+      # Web
+      traefik.http.routers.mosquitto-insecure.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.mosquitto-insecure.entrypoints: web
+      traefik.http.routers.mosquitto-insecure.service: mosquitto-web
+      traefik.http.routers.mosquitto-insecure.middlewares: mosquitto-web-redirect
+      # Websecure
+      traefik.http.routers.mosquitto.rule: Host(`${APP_DOMAIN}`)
+      traefik.http.routers.mosquitto.entrypoints: websecure
+      traefik.http.routers.mosquitto.service: mosquitto-web
+      traefik.http.routers.mosquitto.tls.certresolver: myresolver
+      # Local domain
+      traefik.http.routers.mosquitto-local-insecure.rule: Host(`mosquitto.${LOCAL_DOMAIN}`)
+      traefik.http.routers.mosquitto-local-insecure.entrypoints: web
+      traefik.http.routers.mosquitto-local-insecure.service: mosquitto-web
+      traefik.http.routers.mosquitto-local-insecure.middlewares: mosquitto-web-redirect
+      # Local domain secure
+      traefik.http.routers.mosquitto-local.rule: Host(`mosquitto.${LOCAL_DOMAIN}`)
+      traefik.http.routers.mosquitto-local.entrypoints: websecure
+      traefik.http.routers.mosquitto-local.service: mosquitto-web
+      traefik.http.routers.mosquitto-local.tls: true
+  mosquitto-broker:
+    image: eclipse-mosquitto:2.0.18
+    container_name: mosquitto-broker
+    environment:
+      - TZ=${TZ}
+      - MQTT_DYNSEC_ADMIN_USER=admin
+      - MQTT_DYNSEC_ADMIN_PASSWORD=${MQTT_ADMIN_PASSWORD}
+    ports:
+      - 1883:1883
+    command: ["/dynsec-setup.sh",  "/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]
+    expose:
+      - 1883
+    volumes:
+      - ${APP_DATA_DIR}/data/data:/mosquitto/data
+      - ${APP_DATA_DIR}/data/config:/mosquitto/config
+      - ${APP_DATA_DIR}/data/scripts/dynsec-setup.sh:/dynsec-setup.sh
+    restart: unless-stopped
+    networks:
+      - tipi_main_network

apps/eclipse-mosquitto/metadata/description.md

@@ -0,0 +1,59 @@
+# Eclipse Mosquitto MQTT Broker with UI
+
+this app consists of two images providing an mqtt broker and an UI for managing access to the broker.
+The configuration is adapted from the github repo: [shantanoo-desai/mqtt-rbac-docker-init](https://github.com/shantanoo-desai/mqtt-rbac-docker-init)
+
+## Eclipse Mosquitto
+
+[Eclipse Mosquitto](https://mosquitto.org/) is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
+
+Mosquitto is part of the [Eclipse Foundation](https://eclipse.org/), and is an [iot.eclipse.org project](https://iot.eclipse.org/). The development is driven by Cedalo.
+
+The broker is configured by default that it listens to the port **1883** for tcp connections.
+To also use websocket connection you can enable it by edit the `/runtipi/app-date/eclipse-mosquitto/data/config/moscquitto.conf` with the following content:
+
+```
+listener 9001
+protocol websockets
+```
+
+## Cedalo Management Center
+
+[Caledo Management Center](https://github.com/cedalo/management-center) allows to easily manage, monitor and inspect instances of Eclipse Mosquitto. There are some pro features that can only be activated by getting a license from cedalo.
+
+![caledo_mgm_center.png](caledo_mgm_center.png)
+
+By default the following features are provided:
+
+- A system dashboard to view key figures, showing broker traffic, license and client infos.
+- Table of clients, which have connected to the broker, for inspection purposes.
+- A topic tree, displaying those topics that have been addressed, while the MMC is running.
+- Management of broker security allowing to modify clients, group and roles.
+- A terminal to execute commands related to the dynamic security API
+- Management Center infos and settings
+
+The access to the broker is handled by the [dynamic-security plugin](https://mosquitto.org/documentation/dynamic-security/) in the mosquitto broker. The configuration is stored in the file `/runtipi/app-date/eclipse-mosquitto/data/config/dynamic-security.json`. This file is generated during the first launch of the the mosquitto image.
+
+
+
+## Links
+
+### See the following links for more information on MQTT:
+
+- Community page: [http://mqtt.org/](http://mqtt.org/)
+- MQTT v3.1.1 standard: [https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html](https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/mqtt-v3.1.1.html)
+- MQTT v5.0 standard: [https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html](https://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html)
+
+### Mosquitto project information is available at the following locations:
+
+- Main homepage: [https://mosquitto.org/](https://mosquitto.org/)
+- Find existing bugs or submit a new bug: [https://github.com/eclipse/mosquitto/issues](https://github.com/eclipse/mosquitto/issues)
+- Source code repository: [https://github.com/eclipse/mosquitto](https://github.com/eclipse/mosquitto)
+
+There is also a public test server available at [https://test.mosquitto.org/](https://test.mosquitto.org/)
+
+### More information about the management center is available at the following locations:
+
+- Main homepage: [https://cedalo.com/mqtt-broker-pro-mosquitto/](https://cedalo.com/mqtt-broker-pro-mosquitto/)
+- Documentation: [https://docs.cedalo.com/mosquitto/management-center/introduction](https://docs.cedalo.com/mosquitto/management-center/introduction)
+- Source code repository: [https://github.com/cedalo/management-center](https://github.com/cedalo/management-center)