From 496d9fa4af45fe4790c26f0e77d2685c359b68be Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Sat, 14 Aug 2021 11:11:41 +0200 Subject: [PATCH] Add info about the Docker images and signatures in the README --- README.md | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3ac2ddd..874368d 100644 --- a/README.md +++ b/README.md @@ -11,13 +11,24 @@ possible because the sensor cannot communicate with the MQTT broken over TLS. Collecting the sensor data via an authenticated action call over HTTPS seemed the easiest, and most secure way. -## Usage +## Run it + +### With the pre-built binaries + +Pre-built binaries are [available in the releases](https://github.com/LeSuisse/shelly-ht-action-prometheus/releases). + +You can verify the authenticity of the binaries using [Cosign](https://github.com/sigstore/cosign). To do so, +download our public key [cosign.pub](./release/cosign.pub) and then: + +``` +$> cosign verify-blob -key cosign.pub -signature shelly-ht-action-prometheus___.sig shelly-ht-action-prometheus +``` The service can be launched like this: ``` $> SENSOR_PASSWORD= \ - ADDRESS_METRICS=127.0.0.1:17796 \ # Listen address exposing metrics to scrap with Promethes + ADDRESS_METRICS=127.0.0.1:17796 \ # Listen address exposing metrics to scrap with Prometheus ADDRESS_SENSOR=127.0.0.1:17795 \ # Listen address for submitting the action call from the sensor shelly-ht-action-prometheus ``` @@ -25,6 +36,29 @@ $> SENSOR_PASSWORD= \ If you want to run it as a SystemD service you can check the content of [shelly-ht-action-prometheus.service](./systemd/shelly-ht-action-prometheus.service). +### With the Docker images + +A Docker image is available: [ghcr.io/lesuisse/shelly-ht-action-prometheus](https://github.com/LeSuisse/shelly-ht-action-prometheus/pkgs/container/shelly-ht-action-prometheus). + +You can verify the authenticity of the image using [Cosign](https://github.com/sigstore/cosign). To do so, +download our public key [cosign.pub](./release/cosign.pub) and then: + +``` +$> cosign verify -key cosign.pub ghcr.io/lesuisse/shelly-ht-action-prometheus +``` + +You need to set the environment variable `SENSOR_PASSWORD` when launching the container, for example with the Docker CLI: + +``` +$> docker run --rm -d \ + -e SENSOR_PASSWORD= \ + -p 127.0.0.1:17796:17796 \ # Listen address exposing metrics to scrap with Prometheus + -p 127.0.0.1:17796:17795 \ # Listen address for submitting the action call from the sensor + ghcr.io/lesuisse/shelly-ht-action-prometheus +``` + +## Usage + It is recommended to not expose directly the service but to put it behind a reverse proxy, so you can communicate with it over HTTPS.