From af3f61ed24d6200c476a7085cf8093329186aa44 Mon Sep 17 00:00:00 2001
From: "azykov@mail.ru" <azykov@mail.ru>
Date: Thu, 23 Apr 2026 10:15:43 +0300
Subject: [PATCH] bunkerm

---
 bunkerm/compose.yaml                      | 21 +++++++++++++++++++++
 bunkerm/config/mosquitto/mosquitto.conf   | 18 ++++++++++++++++++
 bunkerm/config/mosquitto/mosquitto_passwd |  0
 caddy/config/Caddyfile                    | 12 ++++++++++++
 4 files changed, 51 insertions(+)
 create mode 100644 bunkerm/compose.yaml
 create mode 100644 bunkerm/config/mosquitto/mosquitto.conf
 create mode 100644 bunkerm/config/mosquitto/mosquitto_passwd

diff --git a/bunkerm/compose.yaml b/bunkerm/compose.yaml
new file mode 100644
index 0000000..2b3af83
--- /dev/null
+++ b/bunkerm/compose.yaml
@@ -0,0 +1,21 @@
+services:
+  bunkerm:
+    image: bunkeriot/bunkerm:latest
+    container_name: bunkerm
+    restart: always
+    ports:
+      - "1883:1900"
+    volumes:
+      - /docker/data/bunkerm/mosquitto_data:/var/lib/mosquitto
+      - ./config/mosquitto:/etc/mosquitto
+      - /docker/data/bunkerm/data:/data
+      - /docker/data/bunkerm/history:/var/lib/history
+    environment:
+      - HISTORY_MAX_MESSAGES=50000
+      - HISTORY_MAX_AGE_DAYS=7
+    networks:
+      - caddy_default
+networks:
+  caddy_default:
+    external: true
+
diff --git a/bunkerm/config/mosquitto/mosquitto.conf b/bunkerm/config/mosquitto/mosquitto.conf
new file mode 100644
index 0000000..5a7a60f
--- /dev/null
+++ b/bunkerm/config/mosquitto/mosquitto.conf
@@ -0,0 +1,18 @@
+# MQTT listener on port 1900
+listener 1900
+per_listener_settings false
+allow_anonymous false
+
+# HTTP listener for Dynamic Security Plugin on port 8080
+listener 8080
+#password_file /etc/mosquitto/passwd
+password_file /etc/mosquitto/mosquitto_passwd
+# Dynamic Security Plugin configuration
+plugin /usr/lib/mosquitto_dynamic_security.so
+plugin_opt_config_file /var/lib/mosquitto/dynamic-security.json
+log_dest file /var/log/mosquitto/mosquitto.log
+log_type all
+log_timestamp true
+persistence true
+persistence_location /var/lib/mosquitto/
+persistence_file mosquitto.db
\ No newline at end of file
diff --git a/bunkerm/config/mosquitto/mosquitto_passwd b/bunkerm/config/mosquitto/mosquitto_passwd
new file mode 100644
index 0000000..e69de29
diff --git a/caddy/config/Caddyfile b/caddy/config/Caddyfile
index 334bb1c..1aaa2bf 100644
--- a/caddy/config/Caddyfile
+++ b/caddy/config/Caddyfile
@@ -119,6 +119,18 @@ photo.aggtaa.com {
   }
 }
 
+mqtt.aggtaa.com {
+  forward_auth auth:9091 {
+    uri /api/authz/forward-auth
+    copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+  }
+
+  reverse_proxy bunkerm:2000
+  log {
+    output file /var/log/caddy/mqtt.aggtaa.com.log
+  }
+}
+
 quest.aggtaa.com {
 
   reverse_proxy tidyquest:3000