From 1d1eac65a1bc3bfa068497808528c90c3969dab1 Mon Sep 17 00:00:00 2001
From: Maaike <maaike.limper@gmail.com>
Date: Tue, 7 Jan 2025 16:52:12 +0100
Subject: [PATCH] mosquitto local mount and docs for adding users

---
 docker-compose.yml                         |  2 +-
 docs/source/user/public-services-setup.rst | 27 +++++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index f45a6684..fdd69ec7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -111,7 +111,7 @@ services:
     env_file:
       - wis2box.env
     volumes:
-      - mosquitto-config:/mosquitto/config
+      - ${WIS2BOX_HOST_DATADIR}/mosquitto:/mosquitto/config
 
   wis2box-management:
     container_name: wis2box-management
diff --git a/docs/source/user/public-services-setup.rst b/docs/source/user/public-services-setup.rst
index 7b22fb87..38a5438e 100644
--- a/docs/source/user/public-services-setup.rst
+++ b/docs/source/user/public-services-setup.rst
@@ -169,7 +169,32 @@ The broker address for the Global Broker to subscribe to WIS2 notifications usin
 - `ws://everyone:everyone@WIS2BOX_HOST/mqtt:80` - for MQTT over websockets without SSL
 - `wss://everyone:everyone@WIS2BOX_HOST/mqtt:443` - for MQTT over websockets with SSL
 
-Where ``WIS2BOX_HOST`` is the hostname or IP address of the host running wis2box.	
+Where ``WIS2BOX_HOST`` is the hostname or IP address of the host running wis2box.
+
+.. note::
+
+   The Global Broker will use the ``everyone`` user to subscribe to the internal MQTT broker on wis2box.
+
+If you want to create additional users for the internal MQTT broker, you can do so by logging into the mosquitto container and using the ``mosquitto_passwd`` command:
+
+.. code-block:: bash
+
+  docker exec -it mosquitto /bin/sh
+
+Then, to add a new user, use the following command:
+
+.. code-block:: bash
+
+  mosquitto_passwd -b /mosquitto/config/password.txt <username> <password>
+
+After adding a new user, you can edit the file ``/mosquitto/config/acl.conf`` to add or change access rights for mosquitto users. 
+
+For example to allow a user to publish to the topic ``wis2box/cap/publication``, you would add the following line to the ``acl.conf`` file:
+
+.. code-block:: bash
+
+  user <username>
+  topic readwrite wis2box/cap/publication
 
 External broker
 ---------------