chirpstack
diff --git a/‎README.md
Lines changed: 11 additions & 2 deletions b/‎README.md
Lines changed: 11 additions & 2 deletions
diff --git a/‎group_vars/chirpstack.example.yml
Lines changed: 6 additions & 1 deletion b/‎group_vars/chirpstack.example.yml
Lines changed: 6 additions & 1 deletion
diff --git a/‎host_vars/vagrant.yml
Lines changed: 5 additions & 0 deletions b/‎host_vars/vagrant.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/tasks/main.yml
Lines changed: 51 additions & 0 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/tasks/main.yml
Lines changed: 51 additions & 0 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_2.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_2.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_3.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_3.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_4.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-as923_4.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_0.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_0.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_1.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_1.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_2.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_2.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_3.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_3.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_4.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_4.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_5.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_5.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_6.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_6.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_7.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-au915_7.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_0.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_0.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_1.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_1.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_10.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_10.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_11.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_11.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_2.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_2.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_3.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_3.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_4.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_4.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_5.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_5.toml
Lines changed: 3 additions & 3 deletions
diff --git a/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_6.toml
Lines changed: 3 additions & 3 deletions b/‎roles/chirpstack-gateway-bridge-basicstation/templates/chirpstack-gateway-bridge-basicstation-cn470_6.toml
Lines changed: 3 additions & 3 deletions
@@ -18,13 +18,15 @@ It will:
 
 ## Vagrant (local environment using VirtualBox)
 
+### Ports
+
 The included `Vagrantfile` will setup a Debian Bullseye (11.x) virtual
 machine with the latest ChirpStack components installed. It will also forward
 the following ports to your host system:
 
-* `8080`: ChirpStack UI and gRPC API
+* `4443`: ChirpStack UI and gRPC API (with TLS, e.g. [https://localhost:4443/](https://localhost:4443))
 * `1700`: ChirpStack Gateway Bridge UDP listener (configured for EU868 region by default)
-* `3001`: ChirpStack Gateway Bridge Basics Station listener (configured for EU868 region by default)
+* `3001`: ChirpStack Gateway Bridge Basics Station listener (configured for EU868 region by default, with TLS, client-certificate files can be generated in the ChirpStack UI)
 * `8883`: Mosquitto MQTT (with TLS, client-certificate files can be generated in the ChirpStack UI)
 
 Note: when using Vagrant, there is no need to install Ansible (this will be
@@ -90,6 +92,13 @@ bare-metal, AWS, ...
 Don't have a DigitalOcean account yet? Use
 [this](https://m.do.co/c/6cd86e9f1cb8) link and get $10 in credits for free :-)
 
+### Ports
+
+* `443`: ChirpStack UI and gRPC API (with TLS, e.g. https://subdomain.example.com/)
+* `1700`: ChirpStack Gateway Bridge UDP listener (configured for EU868 region by default)
+* `3001`: ChirpStack Gateway Bridge Basics Station listener (configured for EU868 region by default, with TLS, client-certificate files can be generated in the ChirpStack UI)
+* `8883`: Mosquitto MQTT (with TLS, client-certificate files can be generated in the ChirpStack UI)
+
 ### Requirements
 
 On the machine from where you will execute this Ansible playbook (e.g. your own
 
@@ -50,11 +50,16 @@ chirpstack_gateway_bridge_basicstation:
   # chirpstack-gateway-bridge-basicstation-[region].toml
   region: eu868
 
+  # The full domain by which the ChirpStack Gateway Bridge Basics Station
+  # backend is available.
+  # e.g. subdomain.example.com
+  fqdn: subdomain.example.com
+
 # ChirpStack configuration.
 chirpstack:
   # The full domain by which ChirpStack is reachable.
   # e.g. subdomain.example.com
-  fqdn: localhost
+  fqdn: subdomain.example.com
 
   # If enabled, a Let's Encrypt certificate will be configured. Else a
   # self-signed certificate will be used.
 
@@ -50,6 +50,11 @@ chirpstack_gateway_bridge_basicstation:
   # chirpstack-gateway-bridge-basicstation-[region].toml
   region: eu868
 
+  # The full domain by which the ChirpStack Gateway Bridge Basics Station
+  # backend is available.
+  # e.g. subdomain.example.com
+  fqdn: localhost
+
 # ChirpStack configuration.
 chirpstack:
   # The full domain by which ChirpStack is reachable.
 
@@ -3,6 +3,57 @@
     name: chirpstack-gateway-bridge
     state: latest
 
+- name: create certs directory
+  file:
+    path: /etc/chirpstack-gateway-bridge/certs
+    state: directory
+    owner: gatewaybridge
+    group: gatewaybridge
+    mode: "0700"
+
+- name: copy server cert config
+  template:
+    src: server-cert.json
+    dest: /etc/chirpstack-gateway-bridge/certs/server-cert.json
+    owner: gatewaybridge
+    group: gatewaybridge
+    mode: "0600"
+
+- name: generate server certificate
+  shell: "cfssl gencert -ca /etc/chirpstack-certs/ca.pem -ca-key /etc/chirpstack-certs/ca-key.pem -config /etc/chirpstack-certs/ca-config.json -profile server server-cert.json | cfssljson -bare /etc/chirpstack-gateway-bridge/certs/server"
+  args:
+    chdir: /etc/chirpstack-gateway-bridge/certs
+  notify:
+    - restart chirpstack-gateway-bridge-basicstation
+
+- name: copy ca cert
+  copy:
+    src: /etc/chirpstack-certs/ca.pem
+    dest: /etc/chirpstack-gateway-bridge/certs/ca.pem
+    remote_src: "yes"
+    owner: gatewaybridge
+    group: gatewaybridge
+    mode: "0600"
+  notify:
+    - restart chirpstack-gateway-bridge-basicstation
+
+- name: set certificate permissions
+  file:
+    path: /etc/chirpstack-gateway-bridge/certs
+    state: directory
+    recurse: "yes"
+    owner: gatewaybridge
+    group: gatewaybridge
+    mode: "0600"
+
+- name: set certificate directory permissions
+  file:
+    path: /etc/chirpstack-gateway-bridge/certs
+    state: directory
+    owner: gatewaybridge
+    group: gatewaybridge
+    mode: "0700"
+
 - name: add systemd service
   template:
     src: chirpstack-gateway-bridge-basicstation.service
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AS923"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AS923"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AS923"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AS923"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="AU915"
   frequency_min=915000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000
 
@@ -16,9 +16,9 @@ type="basic_station"
 
   [backend.basic_station]
   bind=":3001"
-  tls_cert=""
-  tls_key=""
-  ca_cert=""
+  tls_cert="/etc/chirpstack-gateway-bridge/certs/server.pem"
+  tls_key="/etc/chirpstack-gateway-bridge/certs/server-key.pem"
+  ca_cert="/etc/chirpstack-gateway-bridge/certs/ca.pem"
 
   region="US915"
   frequency_min=470000000