npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

autoconf

v1.2.0

Published

Utility to assist with autoconfiguration of IoT devices via MQTT

Downloads

1,532

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

issacissac

Keywords

Readme

MQTT Autoconf

Synopsis

mqtt-autoconf is a tool designed to allow for secure automated provisioning of - presumably, but not necessarily - IoT devices

mqtt-autoconf acts as an MQTT server, with first-class support for MQTT over TLS, allows for flexible detection/fingerprinting of devices, and pushing configuration commands to the devices in response.

The default module bundled has first-class support for the excellent Tasmota project.

Installation

NPM: npm install -f autoconf

Docker: docker run --init -v /path/to/db:/db issacg/autoconf

Examples

Using FileDB and TasmotaClientInfo

This example contains two configured devices using the Sonoff POW module, and configuration of the final TLS-enabled MQTT server, port and credentials to be used once the device is configured.

File: ../db.json

{
    "GLOBAL": {
        "MqttHost": "10.5.3.114",
        "MqttPort": 8883,
        "MqttUser": "tasmota",
        "MqttPassword": "s3cr3t",
        "MqttFingerprint1": "58 F9 F2 CD 1F 4E CE C6 68 3E F6 66 89 A3 03 0C 61 8B A0 2E",
        "OtaUrl": "http://10.5.3.114/tasmota/tasmota.bin",
        "teleperiod": 30
    }, "2C3AE83BB54C": {
        "topic": "WaterHeater",
        "module": 6
    }, "EC4ABC0F8C3A": {
        "topic": "AirConditioner",
        "module": 6
    }
}

Configuration

Methods

mqtt-autoconf makes use of the excellent rc module, so variables can be passed as command line parameters, environment variables or provided via a configuration file named .autoconfrc

For more detailed information about how to set parameters, see the rc page.

General Options

| Parameter | Default Value | Description | |-----------|---------------|-------------| | mqtt.port | 1883 | The default port to listen to | | mqtt.tls_keyfile | None | Path to a PEM-encoded private key file. Requires also setting mqtt.tls_certfile. Setting these settings will automatically enable TLS mode (but will not automatically change the port) | | mqtt.tls_certfile | None | Path to a PEM-encoded x509 certificate (public key) file. Requires also setting mqtt.tls_keyfile. Setting these settings will automatically enable TLS mode (but will not automatically change the port) | | mqtt.tls_passphrase | None | (Optional) Passphrase needed to decrypt the private key file specifed by mqtt.tls_keyfile | | statPrefix | stat| The prefix for status responses from end devices | | cmndPrefix | cmnd| The prefix for sending commands to end devices | | dbDriver.name | ./drivers/PathDB | Name of the database driver to use. For drivers that are not built-in, just use the name of the NPM module | | dbDriver.opts | See below | Driver-specific options to pass to the database driver | | clientInfoDriver.name | ./drivers/TasmotaClientInfo | Name of the device lookup driver to use. For drivers that are not built-in, just use the name of the NPM module | | clientInfoDriver.opts | See below | Driver-specific options to pass to the device lookup driver |

Drivers

In order to promote extensibility, mqtt-autoconf uses drivers to abstract detection of end-user devices and to read the configurations to be pushed to detected devices. Each driver has its own configuration options which are documented below.

PathDB

The PathDB driver takes a root path on the filesystem and expects a single file for each device. The filename should be the name of the detected device, and the filename should end with the extension .json. This is the default-configured database driver.

If there is a file called GLOBAL.json (by default - see the global configuration option below), that will be added to the configuration to be returned to all devices IFF a device-specific configuration is also found.

The JSON files will be read at run-time, except for the global configuration which will be read once at startup.

| Parameter | Default Value | Description | |-----------|---------------|-------------| | dbpath | ../db | (Required) Path to a folder on the filesystem containing all configuration files | | global | GLOBAL | (Optional) Name of file to treat as global configuration (without the .json extension) |

FileDB

The FileDB driver expects all device configurations (and an optional global configuration) to be included in a single JSON formatted file.

If there is a section called GLOBAL (by default - see the global configuration option below), that will be added to the configuration to be returned to all devices IFF a device-specific configuration is also found.

The JSON file will be read once on startup, and currently needs a full restart to pick up changes.

| Parameter | Default Value | Description | |-----------|---------------|-------------| | dbpath | ../db | (Required) Path of the JSON file to read | | global | GLOBAL | (Optional) Name of section to treat as global configuration |

TasmotaClientInfo

The TasmotaClientInfo driver is designed to work with devices with Tasmota firmware, and will query the database driver using the MAC address of the device as the database key. This is the default-congigured device lookup driver.

This driver doesn't accept any additional configuration parameters.

Rationale

MQTT has been accepted as a popular protocol within the IoT system. However many popular firmwares require devices to either be configured via custom firmware builds, an embedded insecure webserver on-board the device, proprietary - and often commercial - remote configuration management, or a combination of the above.

In a modern world where small devices on the edge often represent a weak link in network security, all of the above solutions are potentially problematic.

Custom firmware builds require tracking of the upstream project for security patches and rebuilding of firmware when those are available. However, such builds often introduce significant changes and so, in practice, are often ignored. This leads to outdated devices at the edge which can, and are, easily targetted as a point of entry when attacking a network or application.

Many implementations are unable or unwilling to build custom firmware. This is as true in commercial ecosystems (where the firmware is closed source) as in the do-it-yourself ecosystems (where the firmware is open source, but end-users may not have the technical prowess to build on their own). As such a very popular configuration option is via an embedded webserver in the device. To support security, this webserver supports some basic form of authentication. Unfortunately, TLS-enabled embedded webservers are rarely seen, making such authentication useless, unless on a secured network. As more edge/IoT devices connect to networks, most networks shouldn't be considered secure - a breach of a single device will allow full access to the network (and often Wi-Fi credentials) and, by extension, all unsecured devices on that network.

Because of these shortcomings, there are many commercial services available - most notably AWS IoT - which allow for secure remote configuration. Because TLS-enabled MQTT clients are significantly more popularly available in firmware than TLS-enabled webservers, this is an excellent model from a security standpoint. However, this is still a proprietary service, and often costs money.

This software aims to allow for an open-source solution to enable run-time configuration (possibly version-control backed) of end devices with minimal variants of customized firmware.

License

Copyright 2019 Issac Goldstand [email protected]

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.