diff --git a/README.md b/README.md index a239d3a..69195f9 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,10 @@ It supports the following environment variables: - `MQTT_HOST` (optional, default = 'localhost') - `MQTT_QOS` (optional, default = 0) - `MQTT_PORT` (optional, default = 1883) +- `MQTT_TLS_ENABLED` (required if using TLS) - set to `true` to enable +- `MQTT_TLS_CA_CERT` (required if using TLS) - path to the ca certs +- `MQTT_TLS_CERT` (required if using TLS) - path to the private cert +- `MQTT_TLS_KEY` (required if using TLS) - path to the private key - `HOME_ASSISTANT` (optional, default = false) - `HOME_ASSISTANT_PREFIX` (optional, default = 'homeassistant') - `STORAGE_POLL_INTERVAL` (optional, default = 3600) - how often to fetch storage data (in seconds) diff --git a/src/amcrest2mqtt.py b/src/amcrest2mqtt.py index fc48d73..82fc6ee 100644 --- a/src/amcrest2mqtt.py +++ b/src/amcrest2mqtt.py @@ -7,6 +7,7 @@ import sys from json import dumps import signal from threading import Timer +import ssl is_exiting = False mqtt_client = None @@ -23,6 +24,10 @@ mqtt_qos = int(os.getenv("MQTT_QOS") or 0) mqtt_port = int(os.getenv("MQTT_PORT") or 1883) mqtt_username = os.getenv("MQTT_USERNAME") mqtt_password = os.getenv("MQTT_PASSWORD") # can be None +mqtt_tls_enabled = os.getenv("MQTT_TLS_ENABLED") == "true" +mqtt_tls_ca_cert = os.getenv("MQTT_TLS_CA_CERT") +mqtt_tls_cert = os.getenv("MQTT_TLS_CERT") +mqtt_tls_key = os.getenv("MQTT_TLS_KEY") home_assistant = os.getenv("HOME_ASSISTANT") == "true" home_assistant_prefix = os.getenv("HOME_ASSISTANT_PREFIX") or "homeassistant" @@ -169,8 +174,27 @@ mqtt_client = mqtt.Client( client_id=f"amcrest2mqtt_{serial_number}", clean_session=False ) mqtt_client.on_disconnect = on_mqtt_disconnect -mqtt_client.username_pw_set(mqtt_username, password=mqtt_password) mqtt_client.will_set(topics["status"], payload="offline", qos=mqtt_qos, retain=True) +if mqtt_tls_enabled: + log(f"Setting up MQTT for TLS") + if mqtt_tls_ca_cert is None: + log("Missing var: MQTT_TLS_CA_CERT", level="ERROR") + sys.exit(1) + if mqtt_tls_cert is None: + log("Missing var: MQTT_TLS_CERT", level="ERROR") + sys.exit(1) + if mqtt_tls_cert is None: + log("Missing var: MQTT_TLS_KEY", level="ERROR") + sys.exit(1) + mqtt_client.tls_set( + ca_certs=mqtt_tls_ca_cert, + certfile=mqtt_tls_cert, + keyfile=mqtt_tls_key, + cert_reqs=ssl.CERT_REQUIRED, + tls_version=ssl.PROTOCOL_TLS, + ) +else: + mqtt_client.username_pw_set(mqtt_username, password=mqtt_password) try: mqtt_client.connect(mqtt_host, port=mqtt_port)