diff --git a/sulu-builder/Makefile b/sulu-builder/Makefile
index e2ea538bb6f56e1d6d58f3ee5a24e82b81fa39eb..dd3b3343d65541084339e5516b9a4a29ad06eb45 100644
--- a/sulu-builder/Makefile
+++ b/sulu-builder/Makefile
@@ -152,7 +152,26 @@ define Package/${PKG_NAME}/install
ifeq ($(CONFIG_PACKAGE_skopeo)$(CONFIG_PACKAGE_umoci),yy)
$(CP) $(PKG_BUILD_DIR)/build/src/config/widgets/lcm-store.json $(1)/sulu/config/widgets/
endif
- $(CP) ./files/* $(1)/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
+
+ $(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
+ $(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
+ $(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
+ $(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
+
+ $(INSTALL_DIR) $(1)/etc/nginx/conf.d
+ $(INSTALL_DATA) ./files/etc/nginx/conf.d/sulu.conf $(1)/etc/nginx/conf.d/
+
+ $(INSTALL_DIR) $(1)/etc/sulu
+ $(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
+ $(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
+
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
endef
$(eval $(call BuildPackage,${PKG_NAME}))
diff --git a/sulu-builder/files/etc/config/sulu b/sulu-builder/files/etc/config/sulu
new file mode 100644
index 0000000000000000000000000000000000000000..c9ede9412dc5ab6f0f71371a2132cc3fdc7dd116
--- /dev/null
+++ b/sulu-builder/files/etc/config/sulu
@@ -0,0 +1,6 @@
+config global 'global'
+ option enabled '1'
+ option enable_system_credentials '1'
+ option role_based_access '1'
+ list user 'admin'
+ list user 'user'
diff --git a/sulu-builder/files/etc/init.d/sulu b/sulu-builder/files/etc/init.d/sulu
index e339542d1cb4da855f234de2963bc5e4f9786d62..6006b7de0776450fbeba8a5cf5b4f8bc35c4a1f8 100755
--- a/sulu-builder/files/etc/init.d/sulu
+++ b/sulu-builder/files/etc/init.d/sulu
@@ -1,19 +1,41 @@
#!/bin/sh /etc/rc.common
+USE_PROCD=1
+
START=99
-STOP=10
+STOP=01
-USE_PROCD=1
+. /lib/functions.sh
+. /etc/sulu/sulu.sh
log() {
echo "${@}"|logger -t sulu.init -p debug
}
+validate_sulu_global_section()
+{
+ uci_validate_section sulu global global \
+ 'enabled:bool:1' \
+ 'enable_system_credentials:bool:1' \
+ 'role_based_access:bool:0'
+}
+
start_service() {
+ local enabled enable_system_credentials role_based_access
+
+ config_load sulu
procd_open_instance sulu
+
+ validate_sulu_global_section || return 0;
# append sulu connection injection
- procd_close_instance
+ if [ "${enabled}" -eq "0" ]; then
+ procd_close_instance
+ return 0
+ fi
+ configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
+ update_nginx_config "${enabled}"
+ procd_close_instance
}
reload_service() {
@@ -23,5 +45,5 @@ reload_service() {
service_triggers()
{
- procd_add_config_trigger "config.change" "obuspa" /etc/init.d/sulu reload
+ procd_add_reload_trigger "sulu"
}
diff --git a/sulu-builder/files/etc/mosquitto/conf.d/sulu.conf b/sulu-builder/files/etc/mosquitto/conf.d/sulu.conf
index dcded9bcbca9f3e0abed506ef5cc524df4c0bb9a..150f43eb735491a1c2c3568f30232fcc211dfe29 100644
--- a/sulu-builder/files/etc/mosquitto/conf.d/sulu.conf
+++ b/sulu-builder/files/etc/mosquitto/conf.d/sulu.conf
@@ -1,5 +1,4 @@
listener 9001
protocol websockets
-plugin /usr/lib/mosquitto_auth_shadow.so
require_certificate false
allow_anonymous false
diff --git a/sulu-builder/files/etc/mosquitto/sulu.password b/sulu-builder/files/etc/mosquitto/sulu.password
new file mode 100644
index 0000000000000000000000000000000000000000..f0e1a126738765e7b99dc530f058770857834eba
--- /dev/null
+++ b/sulu-builder/files/etc/mosquitto/sulu.password
@@ -0,0 +1 @@
+admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==
diff --git a/sulu-builder/files/etc/nginx/conf.d/sulu.conf b/sulu-builder/files/etc/nginx/conf.d/sulu.conf
new file mode 100644
index 0000000000000000000000000000000000000000..025139c8b5a7b9c01d985dad7a1914d3e7c769cf
--- /dev/null
+++ b/sulu-builder/files/etc/nginx/conf.d/sulu.conf
@@ -0,0 +1,25 @@
+server {
+ listen 8080;
+ listen [::]:8080;
+ server_name _sulu;
+ root /sulu;
+ location /config/ {
+ autoindex on;
+
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain; charset=utf-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ if ($request_method = 'GET') {
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+ add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+ }
+ }
+}
diff --git a/sulu-builder/files/etc/nginx/conf.d/sulu.locations b/sulu-builder/files/etc/nginx/conf.d/sulu.locations
deleted file mode 100644
index 97b207a4e428ed37a215901272b45bf03aaec88b..0000000000000000000000000000000000000000
--- a/sulu-builder/files/etc/nginx/conf.d/sulu.locations
+++ /dev/null
@@ -1,18 +0,0 @@
-location /config/ {
- autoindex on;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain; charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- if ($request_method = 'GET') {
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
- }
-}
diff --git a/sulu-builder/files/etc/sulu/roles.json b/sulu-builder/files/etc/sulu/roles.json
new file mode 100644
index 0000000000000000000000000000000000000000..0893750f7142f8da4e485b22f216578e5211c8e3
--- /dev/null
+++ b/sulu-builder/files/etc/sulu/roles.json
@@ -0,0 +1,95 @@
+{
+ "roles": [
+ {
+ "name": "admin",
+ "permission": [
+ {
+ "object": "Device.",
+ "perm": [
+ "PERMIT_ALL"
+ ]
+ }
+ ]
+ },
+ {
+ "name": "user",
+ "permission": [
+ {
+ "object": "Device.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO"
+ ]
+ },
+ {
+ "object": "Device.LocalAgent.Subscription.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_ADD",
+ "PERMIT_SET",
+ "PERMIT_DEL"
+ ]
+ },
+ {
+ "object": "Device.WiFi.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_OPER",
+ "PERMIT_SUBS_VAL_CHANGE",
+ "PERMIT_SUBS_OBJ_ADD",
+ "PERMIT_SUBS_OBJ_DEL",
+ "PERMIT_SUBS_EVT_OPER_COMP"
+ ]
+ },
+ {
+ "object": "Device.DNS.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_OPER",
+ "PERMIT_SUBS_VAL_CHANGE",
+ "PERMIT_SUBS_OBJ_ADD",
+ "PERMIT_SUBS_OBJ_DEL",
+ "PERMIT_SUBS_EVT_OPER_COMP"
+ ]
+ },
+ {
+ "object": "Device.IP.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_OPER",
+ "PERMIT_SUBS_VAL_CHANGE",
+ "PERMIT_SUBS_OBJ_ADD",
+ "PERMIT_SUBS_OBJ_DEL",
+ "PERMIT_SUBS_EVT_OPER_COMP"
+ ]
+ }
+ ]
+ },
+ {
+ "name": "undefined-1"
+ },
+ {
+ "name": "undefined-2"
+ },
+ {
+ "name": "undefined-3"
+ },
+ {
+ "name": "undefined-4"
+ }
+ ]
+}
diff --git a/sulu-builder/files/etc/sulu/sulu.sh b/sulu-builder/files/etc/sulu/sulu.sh
new file mode 100644
index 0000000000000000000000000000000000000000..6f888c23cc3c08163c25fcdc3dc42e6aa2f23259
--- /dev/null
+++ b/sulu-builder/files/etc/sulu/sulu.sh
@@ -0,0 +1,378 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+SULU_CONFIG="/sulu/config/connectionConfig.json"
+ACL_FILE="/tmp/sulu/mqtt.acl"
+MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
+_RESTART_SERVICES="0"
+
+mkdir -p /tmp/sulu/
+
+function slog()
+{
+ echo "$*" |logger -t sulu.init -p debug
+}
+
+function _get_agent_id()
+{
+ local oui serial endpointid
+
+ endpointid="$(uci_get obuspa localagent EndpointID)"
+ if [ -z "${endpointid}" ]; then
+ oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+ serial="$(db -q get device.deviceinfo.SerialNumber)"
+ echo "${oui}-${serial}"
+ else
+ echo "$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
+ fi
+}
+
+function _get_endpoint_id()
+{
+ local oui serial endpointid
+
+ endpointid="$(uci_get obuspa localagent EndpointID)"
+ if [ -z "${endpointid}" ]; then
+ oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+ serial="$(db -q get device.deviceinfo.SerialNumber)"
+ echo "os::${oui}-${serial}"
+ else
+ echo "${endpointid}"
+ fi
+}
+
+function _get_sulu_users()
+{
+ echo "$(uci -q get sulu.global.user)"
+}
+
+function generate_sulu_conn_config()
+{
+ local rbac users
+
+ rbac="${1}"
+ users="$(_get_sulu_users)"
+
+ json_init;
+ if [ "${rbac}" -eq "1" ]; then
+ json_add_string 'currentConnection' 'rbac';
+ else
+ json_add_string 'currentConnection' 'main';
+ fi
+ json_add_object 'connections';
+ json_add_object 'rbac';
+ json_add_string 'toId' "$(_get_endpoint_id)";
+ json_add_int 'port' 9001;
+ json_add_string 'protocol' 'ws';
+ json_add_array 'auth';
+ json_close_array;
+
+ json_add_object 'overrides';
+ for f in ${users}; do
+ json_add_object "${f}";
+ json_add_string 'fromId' "self::sulu-${f}";
+ json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint";
+ json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller";
+ json_close_object;
+ done
+ json_close_object;
+ json_close_object;
+
+ # add the default connection
+ json_add_object 'main';
+ json_add_string 'fromId' 'proto::interop-usp-controller';
+ json_add_string 'toId' "$(_get_endpoint_id)";
+ json_add_int 'port' 9001;
+ json_add_string 'protocol' 'ws';
+ json_add_string 'publishEndpoint' "/usp/endpoint";
+ json_add_string 'subscribeEndpoint' "/usp/controller";
+ json_add_array 'auth';
+ json_close_array;
+ json_close_object;
+ json_close_object;
+
+ json_dump > ${SULU_CONFIG}
+}
+
+function set_sulu_connection_mode()
+{
+ local rbac profile config
+
+ rbac="${1}"
+
+ profile="$(jq '.currentConnection' ${SULU_CONFIG})"
+ if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
+ config="$(jq '.currentConnection = "rbac"' ${SULU_CONFIG})"
+ echo "${config}" > ${SULU_CONFIG}
+ elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
+ config="$(jq '.currentConnection = "main"' ${SULU_CONFIG})"
+ echo "${config}" > ${SULU_CONFIG}
+ fi
+}
+function _update_obuspa_config()
+{
+ local restart
+
+ restart=0
+ if ! uci_get obuspa localmqtt >/dev/null 2>&1; then
+ uci_add obuspa mqtt localmqtt
+ uci_set obuspa localmqtt BrokerAddress "127.0.0.1"
+ uci_set obuspa localmqtt BrokerPort "1883"
+ uci_set obuspa localmqtt TransportProtocol "TCP/IP"
+ restart=1
+ fi
+
+ if ! uci_get obuspa agent_mtp >/dev/null 2>&1; then
+ uci_add obuspa mtp agent_mtp
+ uci_set obuspa agent_mtp Protocol "MQTT"
+ uci_set obuspa agent_mtp ResponseTopicConfigured "/usp/endpoint"
+ uci_set obuspa agent_mtp mqtt "localmqtt"
+ restart=1
+ fi
+
+ if ! uci_get obuspa localcontroller >/dev/null 2>&1; then
+ uci_add obuspa controller localcontroller
+ uci_set obuspa localcontroller EndpointID "proto::interop-usp-controller"
+ uci_set obuspa localcontroller Protocol "MQTT"
+ uci_set obuspa localcontroller Topic "/usp/controller"
+ uci_set obuspa localcontroller mqtt "localmqtt"
+ uci_set obuspa localcontroller assigned_role_name "full_access"
+ restart=1
+ fi
+ return "${restart}"
+}
+
+function _remove_obuspa_config()
+{
+ local restart
+
+ restart=0
+ if [ "$(uci_get obuspa localmqtt)" == "mqtt" ]; then
+ uci_remove obuspa localmqtt
+ restart=1
+ fi
+ if [ "$(uci_get obuspa agent_mtp)" == "mtp" ]; then
+ uci_remove obuspa agent_mtp
+ restart=1
+ fi
+ if [ "$(uci_get obuspa localcontroller)" == "controller" ]; then
+ uci_remove obuspa localcontroller
+ restart=1
+ fi
+ return "${restart}"
+}
+
+function _update_obuspa_config_rbac() {
+ local agent users restart
+
+ agent="$(_get_agent_id)"
+ users="$(_get_sulu_users)"
+ restart=0
+
+ for f in ${users}; do
+ local sec
+
+ # Add mqtt
+ sec="mqtt_sulu_${f}"
+ if ! uci_get obuspa mqtt ${sec} >/dev/null 2>&1; then
+ uci_add obuspa mqtt ${sec}
+ uci_set obuspa ${sec} BrokerAddress "127.0.0.1"
+ uci_set obuspa ${sec} BrokerPort "1883"
+ uci_set obuspa ${sec} TransportProtocol "TCP/IP"
+ restart=1
+ fi
+
+ # Add mtp
+ sec="mtp_sulu_${f}"
+ if ! uci_get obuspa mtp ${sec} >/dev/null 2>&1; then
+ uci_add obuspa mtp ${sec}
+ uci_set obuspa ${sec} Protocol "MQTT"
+ uci_set obuspa ${sec} ResponseTopicConfigured "/usp/${agent}/${f}/endpoint"
+ uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
+ restart=1
+ fi
+
+ # Add controller
+ sec="controller_sulu_${f}"
+ if ! uci_get obuspa controller ${sec} >/dev/null 2>&1; then
+ uci_add obuspa controller ${sec}
+ uci_set obuspa ${sec} EndpointID "self::sulu-${f}"
+ uci_set obuspa ${sec} Protocol "MQTT"
+ uci_set obuspa ${sec} Topic "/usp/${agent}/${f}/controller"
+ uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
+ uci_set obuspa ${sec} assigned_role_name "$f"
+ restart=1
+ fi
+ done
+ if [ -f "/etc/sulu/roles.json" ]; then
+ uci_set obuspa global role_file "/etc/sulu/roles.json"
+ fi
+ return "${restart}"
+}
+
+function _remove_sulu_sec()
+{
+ local sec
+
+ if [[ "${1}" == *"_sulu_"* ]]; then
+ uci_remove obuspa ${1}
+ return 1
+ fi
+ return 0
+}
+
+function _remove_obuspa_config_rbac()
+{
+ local restart
+
+ restart=0
+ config_foreach _remove_sulu_sec mqtt
+ restart="$(( restart + $? ))"
+ config_foreach _remove_sulu_sec mtp
+ restart="$(( restart + $? ))"
+ config_foreach _remove_sulu_sec controller
+ restart="$(( restart + $? ))"
+ uci_set obuspa global role_file ""
+
+ return "${restart}"
+}
+
+function _create_acl() {
+ local agentid rbac users
+
+ rbac="${1:-0}"
+
+ [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
+
+ if [ "${rbac}" -eq "0" ]; then
+ return 0;
+ fi
+
+ agentid="$(_get_agent_id)"
+ users="$(_get_sulu_users)"
+ for f in ${users}; do
+ echo "user ${f}" >> ${ACL_FILE}
+ echo "topic read /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+ echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+ echo "topic read /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+ echo "" >> ${ACL_FILE}
+ done
+}
+
+function update_mosquitto_broker_config()
+{
+ local system_cred rbac restart
+
+ system_cred="${1}"
+ rbac="${2}"
+ restart=0
+
+ if [ "${system_cred}" -eq "1" ]; then
+ if grep -q "password_file " ${MB_SULU_CONF}; then
+ sed -i '/password_file /d' ${MB_SULU_CONF}
+ restart=1
+ fi
+ if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
+ echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
+ restart=1
+ fi
+ else
+ if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
+ sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
+ restart=1
+ fi
+ if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
+ echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
+ restart=1
+ fi
+ fi
+
+ if [ "${rbac}" -eq "1" ]; then
+ _create_acl "${rbac}"
+ if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
+ echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
+ restart=1
+ fi
+ else
+ if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
+ sed -i '/acl_file /d' ${MB_SULU_CONF}
+ restart=1
+ fi
+ fi
+
+ if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
+ slog "Restarting mqtt broker..."
+ /etc/init.d/mosquitto restart &
+ fi
+}
+
+function update_obuspa_config()
+{
+ local rbac restart
+
+ rbac="${1}"
+ restart=0
+
+ uci_load obuspa
+ if [ "${rbac}" -eq "1" ]; then
+ _remove_obuspa_config
+ restart="$(( restart + $? ))"
+ _update_obuspa_config_rbac
+ restart="$(( restart + $? ))"
+ else
+ _remove_obuspa_config_rbac
+ restart="$(( restart + $? ))"
+ _update_obuspa_config
+ restart="$(( restart + $? ))"
+ fi
+ uci_commit obuspa
+
+ if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then
+ slog "Restarting obuspa..."
+ ubus call uci commit '{"config":"obuspa"}'
+ fi
+}
+
+function update_nginx_config()
+{
+ local enabled restart
+
+ restart=0
+ enabled="${1:-0}"
+ if [ "${enabled}" -eq "1" ]; then
+ if [ ! -f "/etc/nginx/conf.d/sulu.conf" ]; then
+ cp /etc/sulu/nginx.conf /etc/nginx/conf.d/sulu.conf
+ restart=1
+ fi
+ else
+ if [ -f "/etc/nginx/conf.d/sulu.conf" ]; then
+ rm -f /etc/nginx/conf.d/sulu.conf
+ restart=1
+ fi
+ fi
+ if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
+ slog "Restarting nginx..."
+ ubus call uci commit '{"config":"nginx"}'
+ fi
+}
+
+function configure_sulu()
+{
+ local sys_cred rbac restart
+
+ sys_cred="${1}"
+ rbac="${2}"
+ restart="${3:-0}"
+
+ if [ -z "${sys_cred}" -o -z "${rbac}" ]; then
+ slog "Invalid inputs"
+ return 0
+ fi
+
+ _RESTART_SERVICES="${restart}"
+
+ update_mosquitto_broker_config "${sys_cred}" "${rbac}"
+ set_sulu_connection_mode "${rbac}"
+ update_obuspa_config "${rbac}"
+}
diff --git a/sulu-builder/files/etc/uci-defaults/90-sulu-set-nginx-conf b/sulu-builder/files/etc/uci-defaults/90-sulu-set-nginx-conf
deleted file mode 100644
index 7b74aabaf3c474a55c19a455377feba17430c879..0000000000000000000000000000000000000000
--- a/sulu-builder/files/etc/uci-defaults/90-sulu-set-nginx-conf
+++ /dev/null
@@ -1,10 +0,0 @@
-mkdir -p /tmp/sulu
-
-uci -q get nginx._sulu && exit 0
-
-uci -q set nginx._sulu=server
-uci -q add_list nginx._sulu.listen='8080'
-uci -q add_list nginx._sulu.listen='[::]:8080'
-uci -q set nginx._sulu.root='/sulu'
-uci -q set nginx._sulu.server_name='_sulu'
-uci -q add_list nginx._sulu.include='conf.d/sulu.locations'
diff --git a/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config b/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config
new file mode 100644
index 0000000000000000000000000000000000000000..8db027ef985ac2c0dca86f71552c4aa86d96d72a
--- /dev/null
+++ b/sulu-builder/files/etc/uci-defaults/99-fix-sulu-config
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. /etc/sulu/sulu.sh
+
+config_load sulu
+config_get enable_system_credentials global enable_system_credentials 1
+config_get role_based_access global role_based_access 0
+config_get enabled global enabled 0
+
+configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
+update_nginx_config "${enabled}"
+generate_sulu_conn_config "${role_based_access}"
diff --git a/sulu/Makefile b/sulu/Makefile
index a11877783024acbfe6d6e3d97e2797f02e008038..dff40ae6f872321828a0473276ffbde80b3ef1c4 100644
--- a/sulu/Makefile
+++ b/sulu/Makefile
@@ -35,11 +35,7 @@ define Package/sulu/description
endef
define Package/sulu/install
- $(INSTALL_DIR) $(1)/sulu
- $(INSTALL_DIR) $(1)/sulu/config
$(INSTALL_DIR) $(1)/sulu/config/widgets
- $(INSTALL_DIR) $(1)/etc/nginx/
- $(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
$(CP) $(PKG_BUILD_DIR)/dist/* $(1)/sulu
$(CP) $(PKG_BUILD_DIR)/config/*.json $(1)/sulu/config
$(CP) $(PKG_BUILD_DIR)/config/widgets/diagnostics.json $(1)/sulu/config/widgets/
@@ -47,7 +43,26 @@ define Package/sulu/install
ifeq ($(CONFIG_PACKAGE_skopeo)$(CONFIG_PACKAGE_umoci),yy)
$(CP) $(PKG_BUILD_DIR)/config/widgets/lcm-store.json $(1)/sulu/config/widgets/
endif
- $(CP) ./files/* $(1)/
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_BIN) ./files/etc/config/sulu $(1)/etc/config/sulu
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/etc/init.d/sulu $(1)/etc/init.d/sulu
+
+ $(INSTALL_DIR) $(1)/etc/mosquitto/conf.d/
+ $(INSTALL_DATA) ./files/etc/mosquitto/conf.d/obuspa.conf $(1)/etc/mosquitto/conf.d/
+ $(INSTALL_DATA) ./files/etc/mosquitto/conf.d/sulu.conf $(1)/etc/mosquitto/conf.d/
+ $(INSTALL_DATA) ./files/etc/mosquitto/sulu.password $(1)/etc/mosquitto/sulu.password
+
+ $(INSTALL_DIR) $(1)/etc/nginx/conf.d
+ $(INSTALL_DATA) ./files/etc/nginx/conf.d/sulu.conf $(1)/etc/nginx/conf.d/
+
+ $(INSTALL_DIR) $(1)/etc/sulu
+ $(INSTALL_DATA) ./files/etc/sulu/roles.json $(1)/etc/sulu/
+ $(INSTALL_BIN) ./files/etc/sulu/sulu.sh $(1)/etc/sulu/
+
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_BIN) ./files/etc/uci-defaults/99-fix-sulu-config $(1)/etc/uci-defaults/
endef
$(eval $(call BuildPackage,sulu))
diff --git a/sulu/files/etc/config/sulu b/sulu/files/etc/config/sulu
new file mode 100644
index 0000000000000000000000000000000000000000..c9ede9412dc5ab6f0f71371a2132cc3fdc7dd116
--- /dev/null
+++ b/sulu/files/etc/config/sulu
@@ -0,0 +1,6 @@
+config global 'global'
+ option enabled '1'
+ option enable_system_credentials '1'
+ option role_based_access '1'
+ list user 'admin'
+ list user 'user'
diff --git a/sulu/files/etc/init.d/sulu b/sulu/files/etc/init.d/sulu
index e339542d1cb4da855f234de2963bc5e4f9786d62..6006b7de0776450fbeba8a5cf5b4f8bc35c4a1f8 100755
--- a/sulu/files/etc/init.d/sulu
+++ b/sulu/files/etc/init.d/sulu
@@ -1,19 +1,41 @@
#!/bin/sh /etc/rc.common
+USE_PROCD=1
+
START=99
-STOP=10
+STOP=01
-USE_PROCD=1
+. /lib/functions.sh
+. /etc/sulu/sulu.sh
log() {
echo "${@}"|logger -t sulu.init -p debug
}
+validate_sulu_global_section()
+{
+ uci_validate_section sulu global global \
+ 'enabled:bool:1' \
+ 'enable_system_credentials:bool:1' \
+ 'role_based_access:bool:0'
+}
+
start_service() {
+ local enabled enable_system_credentials role_based_access
+
+ config_load sulu
procd_open_instance sulu
+
+ validate_sulu_global_section || return 0;
# append sulu connection injection
- procd_close_instance
+ if [ "${enabled}" -eq "0" ]; then
+ procd_close_instance
+ return 0
+ fi
+ configure_sulu "${enable_system_credentials}" "${role_based_access}" 1
+ update_nginx_config "${enabled}"
+ procd_close_instance
}
reload_service() {
@@ -23,5 +45,5 @@ reload_service() {
service_triggers()
{
- procd_add_config_trigger "config.change" "obuspa" /etc/init.d/sulu reload
+ procd_add_reload_trigger "sulu"
}
diff --git a/sulu/files/etc/mosquitto/conf.d/sulu.conf b/sulu/files/etc/mosquitto/conf.d/sulu.conf
index dcded9bcbca9f3e0abed506ef5cc524df4c0bb9a..150f43eb735491a1c2c3568f30232fcc211dfe29 100644
--- a/sulu/files/etc/mosquitto/conf.d/sulu.conf
+++ b/sulu/files/etc/mosquitto/conf.d/sulu.conf
@@ -1,5 +1,4 @@
listener 9001
protocol websockets
-plugin /usr/lib/mosquitto_auth_shadow.so
require_certificate false
allow_anonymous false
diff --git a/sulu/files/etc/mosquitto/sulu.password b/sulu/files/etc/mosquitto/sulu.password
new file mode 100644
index 0000000000000000000000000000000000000000..f0e1a126738765e7b99dc530f058770857834eba
--- /dev/null
+++ b/sulu/files/etc/mosquitto/sulu.password
@@ -0,0 +1 @@
+admin:$6$OmM9kU/lYct3KJ9j$iP0WK4ezEtRm8+EAggNp7WbJFoWO0p7IUdI0v/hr1WcVHyfFAC30Pb8Csn7GqwwqI2dcmnDOAITnimo2VNe6ug==
diff --git a/sulu/files/etc/nginx/conf.d/sulu.conf b/sulu/files/etc/nginx/conf.d/sulu.conf
new file mode 100644
index 0000000000000000000000000000000000000000..025139c8b5a7b9c01d985dad7a1914d3e7c769cf
--- /dev/null
+++ b/sulu/files/etc/nginx/conf.d/sulu.conf
@@ -0,0 +1,25 @@
+server {
+ listen 8080;
+ listen [::]:8080;
+ server_name _sulu;
+ root /sulu;
+ location /config/ {
+ autoindex on;
+
+ if ($request_method = 'OPTIONS') {
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ add_header 'Access-Control-Max-Age' 1728000;
+ add_header 'Content-Type' 'text/plain; charset=utf-8';
+ add_header 'Content-Length' 0;
+ return 204;
+ }
+ if ($request_method = 'GET') {
+ add_header 'Access-Control-Allow-Origin' '*' always;
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
+ add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
+ add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
+ }
+ }
+}
diff --git a/sulu/files/etc/nginx/conf.d/sulu.locations b/sulu/files/etc/nginx/conf.d/sulu.locations
deleted file mode 100644
index 97b207a4e428ed37a215901272b45bf03aaec88b..0000000000000000000000000000000000000000
--- a/sulu/files/etc/nginx/conf.d/sulu.locations
+++ /dev/null
@@ -1,18 +0,0 @@
-location /config/ {
- autoindex on;
- if ($request_method = 'OPTIONS') {
- add_header 'Access-Control-Allow-Origin' '*';
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
- add_header 'Access-Control-Max-Age' 1728000;
- add_header 'Content-Type' 'text/plain; charset=utf-8';
- add_header 'Content-Length' 0;
- return 204;
- }
- if ($request_method = 'GET') {
- add_header 'Access-Control-Allow-Origin' '*' always;
- add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
- add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
- add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
- }
-}
diff --git a/sulu/files/etc/sulu/roles.json b/sulu/files/etc/sulu/roles.json
new file mode 100644
index 0000000000000000000000000000000000000000..0893750f7142f8da4e485b22f216578e5211c8e3
--- /dev/null
+++ b/sulu/files/etc/sulu/roles.json
@@ -0,0 +1,95 @@
+{
+ "roles": [
+ {
+ "name": "admin",
+ "permission": [
+ {
+ "object": "Device.",
+ "perm": [
+ "PERMIT_ALL"
+ ]
+ }
+ ]
+ },
+ {
+ "name": "user",
+ "permission": [
+ {
+ "object": "Device.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO"
+ ]
+ },
+ {
+ "object": "Device.LocalAgent.Subscription.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_ADD",
+ "PERMIT_SET",
+ "PERMIT_DEL"
+ ]
+ },
+ {
+ "object": "Device.WiFi.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_OPER",
+ "PERMIT_SUBS_VAL_CHANGE",
+ "PERMIT_SUBS_OBJ_ADD",
+ "PERMIT_SUBS_OBJ_DEL",
+ "PERMIT_SUBS_EVT_OPER_COMP"
+ ]
+ },
+ {
+ "object": "Device.DNS.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_OPER",
+ "PERMIT_SUBS_VAL_CHANGE",
+ "PERMIT_SUBS_OBJ_ADD",
+ "PERMIT_SUBS_OBJ_DEL",
+ "PERMIT_SUBS_EVT_OPER_COMP"
+ ]
+ },
+ {
+ "object": "Device.IP.",
+ "perm": [
+ "PERMIT_GET",
+ "PERMIT_GET_INST",
+ "PERMIT_OBJ_INFO",
+ "PERMIT_CMD_INFO",
+ "PERMIT_OPER",
+ "PERMIT_SUBS_VAL_CHANGE",
+ "PERMIT_SUBS_OBJ_ADD",
+ "PERMIT_SUBS_OBJ_DEL",
+ "PERMIT_SUBS_EVT_OPER_COMP"
+ ]
+ }
+ ]
+ },
+ {
+ "name": "undefined-1"
+ },
+ {
+ "name": "undefined-2"
+ },
+ {
+ "name": "undefined-3"
+ },
+ {
+ "name": "undefined-4"
+ }
+ ]
+}
diff --git a/sulu/files/etc/sulu/sulu.sh b/sulu/files/etc/sulu/sulu.sh
new file mode 100644
index 0000000000000000000000000000000000000000..6f888c23cc3c08163c25fcdc3dc42e6aa2f23259
--- /dev/null
+++ b/sulu/files/etc/sulu/sulu.sh
@@ -0,0 +1,378 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+SULU_CONFIG="/sulu/config/connectionConfig.json"
+ACL_FILE="/tmp/sulu/mqtt.acl"
+MB_SULU_CONF="/etc/mosquitto/conf.d/sulu.conf"
+_RESTART_SERVICES="0"
+
+mkdir -p /tmp/sulu/
+
+function slog()
+{
+ echo "$*" |logger -t sulu.init -p debug
+}
+
+function _get_agent_id()
+{
+ local oui serial endpointid
+
+ endpointid="$(uci_get obuspa localagent EndpointID)"
+ if [ -z "${endpointid}" ]; then
+ oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+ serial="$(db -q get device.deviceinfo.SerialNumber)"
+ echo "${oui}-${serial}"
+ else
+ echo "$(echo "${endpointid/::/,}"|cut -d "," -f 2)"
+ fi
+}
+
+function _get_endpoint_id()
+{
+ local oui serial endpointid
+
+ endpointid="$(uci_get obuspa localagent EndpointID)"
+ if [ -z "${endpointid}" ]; then
+ oui="$(db -q get device.deviceinfo.ManufacturerOUI)"
+ serial="$(db -q get device.deviceinfo.SerialNumber)"
+ echo "os::${oui}-${serial}"
+ else
+ echo "${endpointid}"
+ fi
+}
+
+function _get_sulu_users()
+{
+ echo "$(uci -q get sulu.global.user)"
+}
+
+function generate_sulu_conn_config()
+{
+ local rbac users
+
+ rbac="${1}"
+ users="$(_get_sulu_users)"
+
+ json_init;
+ if [ "${rbac}" -eq "1" ]; then
+ json_add_string 'currentConnection' 'rbac';
+ else
+ json_add_string 'currentConnection' 'main';
+ fi
+ json_add_object 'connections';
+ json_add_object 'rbac';
+ json_add_string 'toId' "$(_get_endpoint_id)";
+ json_add_int 'port' 9001;
+ json_add_string 'protocol' 'ws';
+ json_add_array 'auth';
+ json_close_array;
+
+ json_add_object 'overrides';
+ for f in ${users}; do
+ json_add_object "${f}";
+ json_add_string 'fromId' "self::sulu-${f}";
+ json_add_string 'publishEndpoint' "/usp/$(_get_agent_id)/${f}/endpoint";
+ json_add_string 'subscribeEndpoint' "/usp/$(_get_agent_id)/${f}/controller";
+ json_close_object;
+ done
+ json_close_object;
+ json_close_object;
+
+ # add the default connection
+ json_add_object 'main';
+ json_add_string 'fromId' 'proto::interop-usp-controller';
+ json_add_string 'toId' "$(_get_endpoint_id)";
+ json_add_int 'port' 9001;
+ json_add_string 'protocol' 'ws';
+ json_add_string 'publishEndpoint' "/usp/endpoint";
+ json_add_string 'subscribeEndpoint' "/usp/controller";
+ json_add_array 'auth';
+ json_close_array;
+ json_close_object;
+ json_close_object;
+
+ json_dump > ${SULU_CONFIG}
+}
+
+function set_sulu_connection_mode()
+{
+ local rbac profile config
+
+ rbac="${1}"
+
+ profile="$(jq '.currentConnection' ${SULU_CONFIG})"
+ if [ "$rbac" -eq "1" -a "${profile}" == "\"main\"" ]; then
+ config="$(jq '.currentConnection = "rbac"' ${SULU_CONFIG})"
+ echo "${config}" > ${SULU_CONFIG}
+ elif [ "$rbac" -eq "0" -a "${profile}" == "\"rbac\"" ]; then
+ config="$(jq '.currentConnection = "main"' ${SULU_CONFIG})"
+ echo "${config}" > ${SULU_CONFIG}
+ fi
+}
+function _update_obuspa_config()
+{
+ local restart
+
+ restart=0
+ if ! uci_get obuspa localmqtt >/dev/null 2>&1; then
+ uci_add obuspa mqtt localmqtt
+ uci_set obuspa localmqtt BrokerAddress "127.0.0.1"
+ uci_set obuspa localmqtt BrokerPort "1883"
+ uci_set obuspa localmqtt TransportProtocol "TCP/IP"
+ restart=1
+ fi
+
+ if ! uci_get obuspa agent_mtp >/dev/null 2>&1; then
+ uci_add obuspa mtp agent_mtp
+ uci_set obuspa agent_mtp Protocol "MQTT"
+ uci_set obuspa agent_mtp ResponseTopicConfigured "/usp/endpoint"
+ uci_set obuspa agent_mtp mqtt "localmqtt"
+ restart=1
+ fi
+
+ if ! uci_get obuspa localcontroller >/dev/null 2>&1; then
+ uci_add obuspa controller localcontroller
+ uci_set obuspa localcontroller EndpointID "proto::interop-usp-controller"
+ uci_set obuspa localcontroller Protocol "MQTT"
+ uci_set obuspa localcontroller Topic "/usp/controller"
+ uci_set obuspa localcontroller mqtt "localmqtt"
+ uci_set obuspa localcontroller assigned_role_name "full_access"
+ restart=1
+ fi
+ return "${restart}"
+}
+
+function _remove_obuspa_config()
+{
+ local restart
+
+ restart=0
+ if [ "$(uci_get obuspa localmqtt)" == "mqtt" ]; then
+ uci_remove obuspa localmqtt
+ restart=1
+ fi
+ if [ "$(uci_get obuspa agent_mtp)" == "mtp" ]; then
+ uci_remove obuspa agent_mtp
+ restart=1
+ fi
+ if [ "$(uci_get obuspa localcontroller)" == "controller" ]; then
+ uci_remove obuspa localcontroller
+ restart=1
+ fi
+ return "${restart}"
+}
+
+function _update_obuspa_config_rbac() {
+ local agent users restart
+
+ agent="$(_get_agent_id)"
+ users="$(_get_sulu_users)"
+ restart=0
+
+ for f in ${users}; do
+ local sec
+
+ # Add mqtt
+ sec="mqtt_sulu_${f}"
+ if ! uci_get obuspa mqtt ${sec} >/dev/null 2>&1; then
+ uci_add obuspa mqtt ${sec}
+ uci_set obuspa ${sec} BrokerAddress "127.0.0.1"
+ uci_set obuspa ${sec} BrokerPort "1883"
+ uci_set obuspa ${sec} TransportProtocol "TCP/IP"
+ restart=1
+ fi
+
+ # Add mtp
+ sec="mtp_sulu_${f}"
+ if ! uci_get obuspa mtp ${sec} >/dev/null 2>&1; then
+ uci_add obuspa mtp ${sec}
+ uci_set obuspa ${sec} Protocol "MQTT"
+ uci_set obuspa ${sec} ResponseTopicConfigured "/usp/${agent}/${f}/endpoint"
+ uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
+ restart=1
+ fi
+
+ # Add controller
+ sec="controller_sulu_${f}"
+ if ! uci_get obuspa controller ${sec} >/dev/null 2>&1; then
+ uci_add obuspa controller ${sec}
+ uci_set obuspa ${sec} EndpointID "self::sulu-${f}"
+ uci_set obuspa ${sec} Protocol "MQTT"
+ uci_set obuspa ${sec} Topic "/usp/${agent}/${f}/controller"
+ uci_set obuspa ${sec} mqtt "mqtt_sulu_$f"
+ uci_set obuspa ${sec} assigned_role_name "$f"
+ restart=1
+ fi
+ done
+ if [ -f "/etc/sulu/roles.json" ]; then
+ uci_set obuspa global role_file "/etc/sulu/roles.json"
+ fi
+ return "${restart}"
+}
+
+function _remove_sulu_sec()
+{
+ local sec
+
+ if [[ "${1}" == *"_sulu_"* ]]; then
+ uci_remove obuspa ${1}
+ return 1
+ fi
+ return 0
+}
+
+function _remove_obuspa_config_rbac()
+{
+ local restart
+
+ restart=0
+ config_foreach _remove_sulu_sec mqtt
+ restart="$(( restart + $? ))"
+ config_foreach _remove_sulu_sec mtp
+ restart="$(( restart + $? ))"
+ config_foreach _remove_sulu_sec controller
+ restart="$(( restart + $? ))"
+ uci_set obuspa global role_file ""
+
+ return "${restart}"
+}
+
+function _create_acl() {
+ local agentid rbac users
+
+ rbac="${1:-0}"
+
+ [ -f "${ACL_FILE}" ] && rm -f "${ACL_FILE}"
+
+ if [ "${rbac}" -eq "0" ]; then
+ return 0;
+ fi
+
+ agentid="$(_get_agent_id)"
+ users="$(_get_sulu_users)"
+ for f in ${users}; do
+ echo "user ${f}" >> ${ACL_FILE}
+ echo "topic read /usp/${agentid}/${f}/controller/reply-to/#" >> ${ACL_FILE}
+ echo "topic write /usp/${agentid}/${f}/endpoint/#" >> ${ACL_FILE}
+ echo "topic read /usp/${agentid}/${f}/controller/#" >> ${ACL_FILE}
+ echo "" >> ${ACL_FILE}
+ done
+}
+
+function update_mosquitto_broker_config()
+{
+ local system_cred rbac restart
+
+ system_cred="${1}"
+ rbac="${2}"
+ restart=0
+
+ if [ "${system_cred}" -eq "1" ]; then
+ if grep -q "password_file " ${MB_SULU_CONF}; then
+ sed -i '/password_file /d' ${MB_SULU_CONF}
+ restart=1
+ fi
+ if ! grep -q "plugin .*mosquitto_auth_shadow.so" ${MB_SULU_CONF}; then
+ echo "plugin /usr/lib/mosquitto_auth_shadow.so" >> ${MB_SULU_CONF}
+ restart=1
+ fi
+ else
+ if grep -q 'plugin .*mosquitto_auth_shadow.so' ${MB_SULU_CONF}; then
+ sed -i '/plugin .*mosquitto_auth_shadow.so/d' ${MB_SULU_CONF}
+ restart=1
+ fi
+ if ! grep -q "password_file /etc/mosquitto/sulu.password" ${MB_SULU_CONF}; then
+ echo "password_file /etc/mosquitto/sulu.password" >> ${MB_SULU_CONF}
+ restart=1
+ fi
+ fi
+
+ if [ "${rbac}" -eq "1" ]; then
+ _create_acl "${rbac}"
+ if ! grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
+ echo "acl_file ${ACL_FILE}" >> ${MB_SULU_CONF}
+ restart=1
+ fi
+ else
+ if grep -q "acl_file ${ACL_FILE}" ${MB_SULU_CONF}; then
+ sed -i '/acl_file /d' ${MB_SULU_CONF}
+ restart=1
+ fi
+ fi
+
+ if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
+ slog "Restarting mqtt broker..."
+ /etc/init.d/mosquitto restart &
+ fi
+}
+
+function update_obuspa_config()
+{
+ local rbac restart
+
+ rbac="${1}"
+ restart=0
+
+ uci_load obuspa
+ if [ "${rbac}" -eq "1" ]; then
+ _remove_obuspa_config
+ restart="$(( restart + $? ))"
+ _update_obuspa_config_rbac
+ restart="$(( restart + $? ))"
+ else
+ _remove_obuspa_config_rbac
+ restart="$(( restart + $? ))"
+ _update_obuspa_config
+ restart="$(( restart + $? ))"
+ fi
+ uci_commit obuspa
+
+ if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -gt "0" ]; then
+ slog "Restarting obuspa..."
+ ubus call uci commit '{"config":"obuspa"}'
+ fi
+}
+
+function update_nginx_config()
+{
+ local enabled restart
+
+ restart=0
+ enabled="${1:-0}"
+ if [ "${enabled}" -eq "1" ]; then
+ if [ ! -f "/etc/nginx/conf.d/sulu.conf" ]; then
+ cp /etc/sulu/nginx.conf /etc/nginx/conf.d/sulu.conf
+ restart=1
+ fi
+ else
+ if [ -f "/etc/nginx/conf.d/sulu.conf" ]; then
+ rm -f /etc/nginx/conf.d/sulu.conf
+ restart=1
+ fi
+ fi
+ if [ "${_RESTART_SERVICES}" -eq "1" -a "${restart}" -eq "1" ]; then
+ slog "Restarting nginx..."
+ ubus call uci commit '{"config":"nginx"}'
+ fi
+}
+
+function configure_sulu()
+{
+ local sys_cred rbac restart
+
+ sys_cred="${1}"
+ rbac="${2}"
+ restart="${3:-0}"
+
+ if [ -z "${sys_cred}" -o -z "${rbac}" ]; then
+ slog "Invalid inputs"
+ return 0
+ fi
+
+ _RESTART_SERVICES="${restart}"
+
+ update_mosquitto_broker_config "${sys_cred}" "${rbac}"
+ set_sulu_connection_mode "${rbac}"
+ update_obuspa_config "${rbac}"
+}
diff --git a/sulu/files/etc/uci-defaults/90-sulu-set-nginx-conf b/sulu/files/etc/uci-defaults/90-sulu-set-nginx-conf
deleted file mode 100644
index 7b74aabaf3c474a55c19a455377feba17430c879..0000000000000000000000000000000000000000
--- a/sulu/files/etc/uci-defaults/90-sulu-set-nginx-conf
+++ /dev/null
@@ -1,10 +0,0 @@
-mkdir -p /tmp/sulu
-
-uci -q get nginx._sulu && exit 0
-
-uci -q set nginx._sulu=server
-uci -q add_list nginx._sulu.listen='8080'
-uci -q add_list nginx._sulu.listen='[::]:8080'
-uci -q set nginx._sulu.root='/sulu'
-uci -q set nginx._sulu.server_name='_sulu'
-uci -q add_list nginx._sulu.include='conf.d/sulu.locations'
diff --git a/sulu/files/etc/uci-defaults/99-fix-sulu-config b/sulu/files/etc/uci-defaults/99-fix-sulu-config
new file mode 100644
index 0000000000000000000000000000000000000000..8db027ef985ac2c0dca86f71552c4aa86d96d72a
--- /dev/null
+++ b/sulu/files/etc/uci-defaults/99-fix-sulu-config
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+. /etc/sulu/sulu.sh
+
+config_load sulu
+config_get enable_system_credentials global enable_system_credentials 1
+config_get role_based_access global role_based_access 0
+config_get enabled global enabled 0
+
+configure_sulu "${enable_system_credentials}" "${role_based_access}" 0
+update_nginx_config "${enabled}"
+generate_sulu_conn_config "${role_based_access}"