First data

mcp/home-docker/.gitignore

@@ -0,0 +1 @@
+.env

mcp/home-docker/compose.yml

@@ -0,0 +1,11 @@
+services:
+  ha-mcp:
+    image: ghcr.io/homeassistant-ai/ha-mcp:latest
+    container_name: ha-mcp
+    restart: unless-stopped
+    ports:
+      - "8086:8086"
+    environment:
+      HOMEASSISTANT_URL: ${HOMEASSISTANT_URL}
+      HOMEASSISTANT_TOKEN: ${HOMEASSISTANT_TOKEN}
+    command: ha-mcp-web

mcp/opnsense/.env.example

@@ -0,0 +1,17 @@
+# Required
+OPNSENSE_HOST=https://your-opnsense-host:port
+OPNSENSE_API_KEY=your-api-key
+OPNSENSE_API_SECRET=your-api-secret
+OPNSENSE_VERIFY_SSL=false
+
+# Optional - package version pin used by compose build
+OPNSENSE_MCP_VERSION=0.8.2
+SUPERGATEWAY_VERSION=3.4.3
+MCP_HTTP_PORT=8811
+
+# Optional - SSH features
+# OPNSENSE_SSH_HOST=your-opnsense-host
+# OPNSENSE_SSH_USERNAME=root
+# OPNSENSE_SSH_PASSWORD=your-password
+# HOST_SSH_KEY_PATH=C:/Users/your-user/.ssh/id_rsa
+# OPNSENSE_SSH_KEY_PATH=/run/secrets/opnsense_ssh_key

mcp/opnsense/.gitignore

@@ -0,0 +1 @@
+.env

mcp/opnsense/Dockerfile

@@ -0,0 +1,17 @@
+FROM node:20-alpine
+
+ARG OPNSENSE_MCP_VERSION=0.8.2
+ARG SUPERGATEWAY_VERSION=3.4.3
+
+ENV NODE_ENV=production
+
+RUN npm install --global \
+	"opnsense-mcp-server@${OPNSENSE_MCP_VERSION}" \
+	"supergateway@${SUPERGATEWAY_VERSION}"
+
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+CMD ["supergateway", "--stdio", "opnsense-mcp-server", "--outputTransport", "streamableHttp", "--port", "8000", "--streamableHttpPath", "/mcp", "--healthEndpoint", "/healthz", "--logLevel", "info"]

mcp/opnsense/README.md

@@ -0,0 +1,33 @@
+# OPNsense MCP Docker Setup
+
+This folder packages `opnsense-mcp-server` behind an HTTP MCP gateway for local Docker use.
+
+## Files
+
+- `Dockerfile` installs the published npm package and `supergateway`.
+- `compose.yml` defines a single long-running `opnsense-mcp` HTTP service.
+- `.env.example` shows the required and optional environment variables.
+
+## Usage
+
+1. Create `.env` from `.env.example`.
+   If you want SSH features with key auth, set `HOST_SSH_KEY_PATH` to a real host path and keep `OPNSENSE_SSH_KEY_PATH=/run/secrets/opnsense_ssh_key`.
+2. Build and start the service:
+
+   ```bash
+   docker compose -f compose.yml up -d --build
+   ```
+
+3. Connect your MCP client to the Streamable HTTP endpoint:
+
+   ```bash
+   http://localhost:8811/mcp
+   ```
+
+4. Check service health if needed:
+
+   ```bash
+   docker compose -f compose.yml ps
+   ```
+
+This avoids duplicate one-off containers because the intended workflow uses a single named service with `docker compose up`, not `docker compose run`.

mcp/opnsense/compose.yml

@@ -0,0 +1,24 @@
+services:
+  opnsense-mcp:
+    build:
+      context: .
+      args:
+        OPNSENSE_MCP_VERSION: ${OPNSENSE_MCP_VERSION:-0.8.2}
+        SUPERGATEWAY_VERSION: ${SUPERGATEWAY_VERSION:-3.4.3}
+    container_name: opnsense-mcp
+    restart: unless-stopped
+    env_file:
+      - .env
+    ports:
+      - "${MCP_HTTP_PORT:-8811}:8000"
+    volumes:
+      - type: bind
+        source: ${HOST_SSH_KEY_PATH}
+        target: /run/secrets/opnsense_ssh_key
+        read_only: true
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:8000/healthz"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 15s

mcp/opnsense/docker-entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -eu
+
+required_vars="OPNSENSE_HOST OPNSENSE_API_KEY OPNSENSE_API_SECRET"
+secure_key_path="/tmp/opnsense_ssh_key"
+
+for name in $required_vars; do
+  eval "value=\${$name:-}"
+  if [ -z "$value" ]; then
+    echo "Missing required environment variable: $name" >&2
+    exit 1
+  fi
+done
+
+if [ -z "${OPNSENSE_VERIFY_SSL:-}" ]; then
+  export OPNSENSE_VERIFY_SSL=false
+fi
+
+if [ -n "${OPNSENSE_SSH_KEY_PATH:-}" ] && [ -f "${OPNSENSE_SSH_KEY_PATH}" ]; then
+  cp "${OPNSENSE_SSH_KEY_PATH}" "$secure_key_path"
+  chmod 600 "$secure_key_path"
+  export OPNSENSE_SSH_KEY_PATH="$secure_key_path"
+fi
+
+exec "$@"