Support for MQTT over TLS

[koenvervloesem]

I see that MQTT over TLS support has been added in Rhasspy 2.4 in synesthesiam/rhasspy#201. Is it much work to add this support in Rhasspy 2.5? I suppose that every Hermes-enabled service should be adapted?

[synesthesiam]

This won't be a lot of work, luckily. Every Hermes service uses the same shared library to parse command-line arguments and set up its MQTT connection :)

[synesthesiam]

@koenvervloesem, do you know of a good tutorial to set up TLS in mosquitto?

[koenvervloesem]

No, but I can write one :-) I wrote this for my book, so I can rework the material to fit in Rhasspy's documentation. If you put a TODO placeholder in the documentation, I'll add this when I find some time.

Maybe we should add a Security section in the documentation. This could have the following topics eventually:

• MQTT TLS and authentication configuration in Rhasspy
• TLS configuration for Mosquitto
• Configuration of accounts and access control lists in Mosquitto
• Isolating Rhasspy apps in Docker/podman containers

We'll have to document this anyway if we want to work on a secure architecture for Rhasspy apps.

[Romkabouter]

Ho @koenvervloesem , this is already supported in 2.5.11 correct?