add mosquitto

2025-03-30 20:08:29 +03:00
parent 0629466bf2
commit 8586351606
10 changed files with 97 additions and 0 deletions
--- a/hosts/freun-dev/secrets.nix
+++ b/hosts/freun-dev/secrets.nix
@@ -19,6 +19,11 @@
          "dnote"
          "octodns"
          "mealie"
+          "mosquitto/homie"
+          "mosquitto/telegraf"
+          "mosquitto/openhab"
+          "mosquitto/shelly"
+          "mosquitto/mokkimaatti"
          "gitlab-runner/default"
          "gitlab-runner/docker"
        ]
--- a/hosts/freun-dev/services.nix
+++ b/hosts/freun-dev/services.nix
@@ -231,6 +231,50 @@ in
      };
    };

+    mosquitto = {
+      enable = true;
+      listeners = [
+        {
+          users = {
+            homie = {
+              acl = [
+                "readwrite homie/#"
+              ];
+              hashedPasswordFile = secrets."mosquitto/homie".path;
+            };
+            telegraf = {
+              acl = [
+                "read openhab/#"
+                "read homie/#"
+                "read shellies/#"
+                "read mokkimaatti/#"
+              ];
+              hashedPasswordFile = secrets."mosquitto/telegraf".path;
+            };
+            openhab = {
+              acl = [
+                "readwrite openhab/#"
+              ];
+              hashedPasswordFile = secrets."mosquitto/openhab".path;
+            };
+            shelly = {
+              acl = [
+                "readwrite shellies/#"
+              ];
+              hashedPasswordFile = secrets."mosquitto/shelly".path;
+            };
+            mokkimaatti = {
+              acl = [
+                "readwrite mokkimaatti/#"
+              ];
+              hashedPasswordFile = secrets."mosquitto/mokkimaatti".path;
+            };
+          };
+        }
+      ];
+      openFirewall = true;
+    };
+
    gitlab-runner = {
      enable = true;
      services = {
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -21,5 +21,6 @@
    ./adguardhome.nix
    ./mealie.nix
    ./uptime-kuma.nix
+    ./mosquitto.nix
  ];
 }
--- a/modules/services/mosquitto.nix
+++ b/modules/services/mosquitto.nix
@@ -0,0 +1,14 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.mosquitto;
+in
+{
+  options = {
+    services.mosquitto = {
+      openFirewall = lib.mkEnableOption "Open firewall port for Mosquitto";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = map ({ port, ... }: port) cfg.listeners;
+  };
+}
--- a/secrets/mosquitto/homie.age
+++ b/secrets/mosquitto/homie.age
--- a/secrets/mosquitto/mokkimaatti.age
+++ b/secrets/mosquitto/mokkimaatti.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 osOCZA eWLRpIyRno4qtjjwpXxlwsW4I5a59h+c8W4mJpb7rmg
+i1LmqRoWZ8wB1EYxNvtqoMSr1lqGbcHHqyAPK1Ldy3Y
+-> ssh-ed25519 DFiohQ Wn2NMzQBdv6KsZnBUj82FGo3FdOcyZqd1A+KkQy5G1w
+ZCrFCEeikNUmG1pO/f0wy7GzTzwCYoNhQBTeofmo98g
+-> ssh-ed25519 PT7ffg RnEdUTw4G7dVL/YWr5vls5IEf1BbrdBCjgk+ZTABlQo
+G2PEFcmClmcd8Ap6L4VEipULRZuGj3izzeB0l/cI6FU
+--- +Jmqn5CDZN3jaexEWZzZvuKvxjZfXfEdyUW3cQIIsnQ
+ƒ`‡ù€Úô<C39A>ŒÅ¬8\ÃRØYoç"¾Øó2ö/˜<[ÿ>ÈuÀyÿÉW¥ÝÞ<C39D>”`Ç® <¨™V¨Ø-úÌdÇBª*“ï±)n<>(‘oB7sñÕsâ€”À¢à’)aE)ÆÐ…4‹½ŠÎ(îÂmQ¹Fy·xj'„:õ<>wX,QµV”ìÈö
--- a/secrets/mosquitto/openhab.age
+++ b/secrets/mosquitto/openhab.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 osOCZA dkgMfjgrKalX7uGrncrep3rtVZFXUHeqwbPix7ngyFY
+a9jzF29C7Ltg7tn7Rcoi95847kRhWePylmMU7PGOkdo
+-> ssh-ed25519 DFiohQ CeZgWwo/TDb89fUVx2ueTArKGPuBjdp2sklqTpkgoj4
+7/H9QMGzIBXcSYTnzXfJwlvlKLI4B1miPU+LXzmiHtE
+-> ssh-ed25519 PT7ffg 456boso/C85lpir1PYUYD1pzb70vQvTrAN3gKy15s1s
+Sv2hsM/Yx1hUeGWih5zMYXzJaapm767IDzC/4wmKulU
+--- /iFmcxXywCLhEOLKLjzrKx/QW93++yzI7tXvn/asMUQ
+¯`©òˆ:…*ŸÞ¥·œê')»{;tÉ¤`E¨`ŠØþ„â™‡ •Ï‘„šUà‹::›¿’h<E28099>Ó<A±É¢”%äZgsE¼ol„¿cƒãÈj¾<>Äuð‚ÔÔÌBÈ-¬³"{iëÒ…IÐ¿íe8NÃæ6§çºV<C2BA>÷SðFã$m¸Æ¥æ¼–oÈ
--- a/secrets/mosquitto/shelly.age
+++ b/secrets/mosquitto/shelly.age
--- a/secrets/mosquitto/telegraf.age
+++ b/secrets/mosquitto/telegraf.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 osOCZA mY+/XDi0aUXqyjMUtw3loj34odb0pTPOXpP3xMaGTy4
+bpSIdOmSeIvdO4Aw+hpBuNTlZRNYDk8GdbCVfAoJSIc
+-> ssh-ed25519 DFiohQ Dju2lm9o2KhU965PEAqGt9LI9BtNsV2bldkPbOC9WzE
+v+8qH52YoNUwrSbvlaN0H7VET9UfEecXwoMaLPXQEiw
+-> ssh-ed25519 PT7ffg AFg8dFq8hX/RrrjDLYEpBcrIy630iRRYAkLvag4DF0E
+Moh8lmYzweMiGLrdBd7kqi13/7vxscNEa15/IRfbCOA
+--- 6Wnopn2zv15ph9bi31fUEafeKzVTZEp2igI8nVW4P84
+'‡‚Q„Ýþ»ãFbÇŠæiÁ¶Û²ý–olkú*_'w«Ã
+²¢´…5î.íì>Ý\©%(äElÅ¿PÜž"Õ(†bÔNÚ¢/m×Ë	í´\JëêºØx’øÀè˜6"jÖ·d%8‰ä¤ˆ°éš	bÁ‹ÐãäP ˆ<>#0™•çk]sœv».º
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -29,6 +29,11 @@ in
  "octodns.age".publicKeys = users ++ [ freun-dev ];
  "mealie.age".publicKeys = users ++ [ freun-dev ];
  "borgbackup-radish.age".publicKeys = users ++ [ radish ];
+  "mosquitto/homie.age".publicKeys = users ++ [ freun-dev ];
+  "mosquitto/telegraf.age".publicKeys = users ++ [ freun-dev ];
+  "mosquitto/openhab.age".publicKeys = users ++ [ freun-dev ];
+  "mosquitto/shelly.age".publicKeys = users ++ [ freun-dev ];
+  "mosquitto/mokkimaatti.age".publicKeys = users ++ [ freun-dev ];
  "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
  "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
 }