add mosquitto

2025-03-30 20:08:29 +03:00
parent 0629466bf2
commit 8586351606
10 changed files with 97 additions and 0 deletions
--- a/hosts/freun-dev/secrets.nix
+++ b/hosts/freun-dev/secrets.nix
@@ -19,6 +19,11 @@
          "dnote"
          "octodns"
          "mealie"
          "mosquitto/homie"
          "mosquitto/telegraf"
          "mosquitto/openhab"
          "mosquitto/shelly"
          "mosquitto/mokkimaatti"
          "gitlab-runner/default"
          "gitlab-runner/docker"
        ]
--- a/hosts/freun-dev/services.nix
+++ b/hosts/freun-dev/services.nix
@@ -231,6 +231,50 @@ in
      };
    };
    mosquitto = {
      enable = true;
      listeners = [
        {
          users = {
            homie = {
              acl = [
                "readwrite homie/#"
              ];
              hashedPasswordFile = secrets."mosquitto/homie".path;
            };
            telegraf = {
              acl = [
                "read openhab/#"
                "read homie/#"
                "read shellies/#"
                "read mokkimaatti/#"
              ];
              hashedPasswordFile = secrets."mosquitto/telegraf".path;
            };
            openhab = {
              acl = [
                "readwrite openhab/#"
              ];
              hashedPasswordFile = secrets."mosquitto/openhab".path;
            };
            shelly = {
              acl = [
                "readwrite shellies/#"
              ];
              hashedPasswordFile = secrets."mosquitto/shelly".path;
            };
            mokkimaatti = {
              acl = [
                "readwrite mokkimaatti/#"
              ];
              hashedPasswordFile = secrets."mosquitto/mokkimaatti".path;
            };
          };
        }
      ];
      openFirewall = true;
    };
    gitlab-runner = {
      enable = true;
      services = {
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -21,5 +21,6 @@
    ./adguardhome.nix
    ./mealie.nix
    ./uptime-kuma.nix
    ./mosquitto.nix
  ];
 }
--- a/modules/services/mosquitto.nix
+++ b/modules/services/mosquitto.nix
@@ -0,0 +1,14 @@
 { config, lib, ... }:
 let
  cfg = config.services.mosquitto;
 in
 {
  options = {
    services.mosquitto = {
      openFirewall = lib.mkEnableOption "Open firewall port for Mosquitto";
    };
  };
  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = map ({ port, ... }: port) cfg.listeners;
  };
 }
--- a/secrets/mosquitto/homie.age
+++ b/secrets/mosquitto/homie.age
--- a/secrets/mosquitto/mokkimaatti.age
+++ b/secrets/mosquitto/mokkimaatti.age
@@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 osOCZA eWLRpIyRno4qtjjwpXxlwsW4I5a59h+c8W4mJpb7rmg
 i1LmqRoWZ8wB1EYxNvtqoMSr1lqGbcHHqyAPK1Ldy3Y
 -> ssh-ed25519 DFiohQ Wn2NMzQBdv6KsZnBUj82FGo3FdOcyZqd1A+KkQy5G1w
 ZCrFCEeikNUmG1pO/f0wy7GzTzwCYoNhQBTeofmo98g
 -> ssh-ed25519 PT7ffg RnEdUTw4G7dVL/YWr5vls5IEf1BbrdBCjgk+ZTABlQo
 G2PEFcmClmcd8Ap6L4VEipULRZuGj3izzeB0l/cI6FU
 --- +Jmqn5CDZN3jaexEWZzZvuKvxjZfXfEdyUW3cQIIsnQ
 ƒ`‡ù€Úô<C39A>ŒÅ¬8\ÃRØYoç"¾Øó2ö/˜<[ÿ>ÈuÀyÿÉW¥ÝÞ<C39D>”`Ç® <¨™V¨Ø-úÌdÇBª*“ï±)n<>(‘oB7sñÕsâ€”À¢à’)aE)ÆÐ…4‹½ŠÎ(îÂmQ¹Fy·xj'„:õ<>wX,QµV”ìÈö
--- a/secrets/mosquitto/openhab.age
+++ b/secrets/mosquitto/openhab.age
@@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 osOCZA dkgMfjgrKalX7uGrncrep3rtVZFXUHeqwbPix7ngyFY
 a9jzF29C7Ltg7tn7Rcoi95847kRhWePylmMU7PGOkdo
 -> ssh-ed25519 DFiohQ CeZgWwo/TDb89fUVx2ueTArKGPuBjdp2sklqTpkgoj4
 7/H9QMGzIBXcSYTnzXfJwlvlKLI4B1miPU+LXzmiHtE
 -> ssh-ed25519 PT7ffg 456boso/C85lpir1PYUYD1pzb70vQvTrAN3gKy15s1s
 Sv2hsM/Yx1hUeGWih5zMYXzJaapm767IDzC/4wmKulU
 --- /iFmcxXywCLhEOLKLjzrKx/QW93++yzI7tXvn/asMUQ
 ¯`©òˆ:…*ŸÞ¥·œê')»{;tÉ¤`E¨`ŠØþ„â™‡ •Ï‘„šUà‹::›¿’h<E28099>Ó<A±É¢”%äZgsE¼ol„¿cƒãÈj¾<>Äuð‚ÔÔÌBÈ-¬³"{iëÒ…IÐ¿íe8NÃæ6§çºV<C2BA>÷SðFã$m¸Æ¥æ¼–oÈ
--- a/secrets/mosquitto/shelly.age
+++ b/secrets/mosquitto/shelly.age
--- a/secrets/mosquitto/telegraf.age
+++ b/secrets/mosquitto/telegraf.age
@@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 osOCZA mY+/XDi0aUXqyjMUtw3loj34odb0pTPOXpP3xMaGTy4
 bpSIdOmSeIvdO4Aw+hpBuNTlZRNYDk8GdbCVfAoJSIc
 -> ssh-ed25519 DFiohQ Dju2lm9o2KhU965PEAqGt9LI9BtNsV2bldkPbOC9WzE
 v+8qH52YoNUwrSbvlaN0H7VET9UfEecXwoMaLPXQEiw
 -> ssh-ed25519 PT7ffg AFg8dFq8hX/RrrjDLYEpBcrIy630iRRYAkLvag4DF0E
 Moh8lmYzweMiGLrdBd7kqi13/7vxscNEa15/IRfbCOA
 --- 6Wnopn2zv15ph9bi31fUEafeKzVTZEp2igI8nVW4P84
 '‡‚Q„Ýþ»ãFbÇŠæiÁ¶Û²ý–olkú*_'w«Ã
 ²¢´…5î.íì>Ý\©%(äElÅ¿PÜž"Õ(†bÔNÚ¢/m×Ë	í´\JëêºØx’øÀè˜6"jÖ·d%8‰ä¤ˆ°éš	bÁ‹ÐãäP ˆ<>#0™•çk]sœv».º
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -29,6 +29,11 @@ in
  "octodns.age".publicKeys = users ++ [ freun-dev ];
  "mealie.age".publicKeys = users ++ [ freun-dev ];
  "borgbackup-radish.age".publicKeys = users ++ [ radish ];
  "mosquitto/homie.age".publicKeys = users ++ [ freun-dev ];
  "mosquitto/telegraf.age".publicKeys = users ++ [ freun-dev ];
  "mosquitto/openhab.age".publicKeys = users ++ [ freun-dev ];
  "mosquitto/shelly.age".publicKeys = users ++ [ freun-dev ];
  "mosquitto/mokkimaatti.age".publicKeys = users ++ [ freun-dev ];
  "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
  "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
 }