install-mosquitto.sh

#!/bin/bash
# install-mosquitto.sh - Install and configure Mosquitto MQTT broker on Pi Zero 2 W
# Target: Raspberry Pi Zero 2 W (10.60.1.101)
# Author: Pip (CUB-231)

set -e

echo "=== Installing Mosquitto MQTT Broker ==="

# Update package list
echo "[1/6] Updating package list..."
apt-get update

# Install Mosquitto and clients
echo "[2/6] Installing Mosquitto packages..."
apt-get install -y mosquitto mosquitto-clients python3-paho-mqtt

# Create necessary directories
echo "[3/6] Creating configuration directories..."
mkdir -p /etc/mosquitto/conf.d
mkdir -p /var/lib/mosquitto/data
mkdir -p /etc/mosquitto/acl

# Set proper permissions for data directory
chown mosquitto:mosquitto /var/lib/mosquitto/data
chmod 755 /var/lib/mosquitto/data

# Create Mosquitto configuration
echo "[4/6] Creating mosquitto.conf..."
cat > /etc/mosquitto/conf.d/mosquitto.conf << 'EOF'
# Mosquitto Configuration for Pi Zero 2 W Hub
# Auto-generated by install-mosquitto.sh (CUB-231)

# Persistence
persistence true
persistence_location /var/lib/mosquitto/data/
persistence_file mosquitto.db

# Listening
listener 1883

# Authentication
allow_anonymous false

# ACL (Access Control List) configuration
acl_file /etc/mosquitto/acl/acl.conf

# Logging
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
EOF

# Create ACL configuration
echo "[5/6] Creating ACL configuration..."
cat > /etc/mosquitto/acl/acl.conf << 'EOF'
# Mosquitto ACL Configuration
# Topic access control for MQTT users
# Format: topic [read|write] <username>

# Pi Zero 2 W Hub - Read all topics, write to hub-specific topics
pattern read /
pattern write hub/+/set

# Pi clients - Read sensor data, write commands
pattern read sensors/+/data
pattern write devices/+/commands

# Mobile clients - Read home status, write control commands
pattern read home/+/status
pattern write home/+/control

# Admin - Full access
user admin
topic # rw
EOF

# Create users (run interactively with -p for password)
echo "[6/6] Creating initial users..."
echo "Creating 'hub' user for internal services..."
mosquitto_passwd -b /etc/mosquitto/passwd hub "$(openssl rand -base64 16 | tr -d 'O0Il' | cut -c1-16)" 2>/dev/null || echo "User 'hub' setup required"

# Set proper permissions
chown -R mosquitto:mosquitto /etc/mosquitto
chown -R mosquitto:mosquitto /var/lib/mosquitto
chmod 644 /etc/mosquitto/conf.d/mosquitto.conf
chmod 644 /etc/mosquitto/acl/acl.conf
chmod 600 /etc/mosquitto/passwd

echo ""
echo "=== Mosquitto Installation Complete ==="
echo ""
echo "Next steps:"
echo "1. Set password for admin user: mosquitto_passwd -c /etc/mosquitto/passwd <username>"
echo "2. Start the service: systemctl start mosquitto"
echo "3. Enable auto-start: systemctl enable mosquitto"
echo "4. Test connection: mosquitto_sub -h localhost -t test -u <user> -P <pass>"
echo ""
CUB-231: Mosquitto MQTT broker setup on Pi Zero 2 W hub 2026-05-23 13:31:58 +00:00			`#!/bin/bash`
			`# install-mosquitto.sh - Install and configure Mosquitto MQTT broker on Pi Zero 2 W`
			`# Target: Raspberry Pi Zero 2 W (10.60.1.101)`
			`# Author: Pip (CUB-231)`

			`set -e`

			`echo "=== Installing Mosquitto MQTT Broker ==="`

			`# Update package list`
			`echo "[1/6] Updating package list..."`
			`apt-get update`

			`# Install Mosquitto and clients`
			`echo "[2/6] Installing Mosquitto packages..."`
			`apt-get install -y mosquitto mosquitto-clients python3-paho-mqtt`

			`# Create necessary directories`
			`echo "[3/6] Creating configuration directories..."`
			`mkdir -p /etc/mosquitto/conf.d`
			`mkdir -p /var/lib/mosquitto/data`
			`mkdir -p /etc/mosquitto/acl`

			`# Set proper permissions for data directory`
			`chown mosquitto:mosquitto /var/lib/mosquitto/data`
			`chmod 755 /var/lib/mosquitto/data`

			`# Create Mosquitto configuration`
			`echo "[4/6] Creating mosquitto.conf..."`
			`cat > /etc/mosquitto/conf.d/mosquitto.conf << 'EOF'`
			`# Mosquitto Configuration for Pi Zero 2 W Hub`
			`# Auto-generated by install-mosquitto.sh (CUB-231)`

			`# Persistence`
			`persistence true`
			`persistence_location /var/lib/mosquitto/data/`
			`persistence_file mosquitto.db`

			`# Listening`
			`listener 1883`

			`# Authentication`
			`allow_anonymous false`

			`# ACL (Access Control List) configuration`
			`acl_file /etc/mosquitto/acl/acl.conf`

			`# Logging`
			`log_dest file /var/log/mosquitto/mosquitto.log`
			`log_type all`
			`EOF`

			`# Create ACL configuration`
			`echo "[5/6] Creating ACL configuration..."`
			`cat > /etc/mosquitto/acl/acl.conf << 'EOF'`
			`# Mosquitto ACL Configuration`
			`# Topic access control for MQTT users`
			`# Format: topic [read\|write] <username>`

			`# Pi Zero 2 W Hub - Read all topics, write to hub-specific topics`
			`pattern read /`
			`pattern write hub/+/set`

			`# Pi clients - Read sensor data, write commands`
			`pattern read sensors/+/data`
			`pattern write devices/+/commands`

			`# Mobile clients - Read home status, write control commands`
			`pattern read home/+/status`
			`pattern write home/+/control`

			`# Admin - Full access`
			`user admin`
			`topic # rw`
			`EOF`

			`# Create users (run interactively with -p for password)`
			`echo "[6/6] Creating initial users..."`
			`echo "Creating 'hub' user for internal services..."`
			`mosquitto_passwd -b /etc/mosquitto/passwd hub "$(openssl rand -base64 16 \| tr -d 'O0Il' \| cut -c1-16)" 2>/dev/null \|\| echo "User 'hub' setup required"`

			`# Set proper permissions`
			`chown -R mosquitto:mosquitto /etc/mosquitto`
			`chown -R mosquitto:mosquitto /var/lib/mosquitto`
			`chmod 644 /etc/mosquitto/conf.d/mosquitto.conf`
			`chmod 644 /etc/mosquitto/acl/acl.conf`
			`chmod 600 /etc/mosquitto/passwd`

			`echo ""`
			`echo "=== Mosquitto Installation Complete ==="`
			`echo ""`
			`echo "Next steps:"`
			`echo "1. Set password for admin user: mosquitto_passwd -c /etc/mosquitto/passwd <username>"`
			`echo "2. Start the service: systemctl start mosquitto"`
			`echo "3. Enable auto-start: systemctl enable mosquitto"`
			`echo "4. Test connection: mosquitto_sub -h localhost -t test -u <user> -P <pass>"`
			`echo ""`