dotfiles/modules/nixos/services/mosquitto/default.nix

50 lines
1.2 KiB
Nix
Raw Permalink Normal View History

2023-11-27 02:41:45 +00:00
{
config,
lib,
...
}: let
2023-11-27 02:41:45 +00:00
cfg = config.aa.services.mosquitto;
in {
options.aa.services.mosquitto = with lib; {
2023-11-27 02:41:45 +00:00
enable = mkEnableOption "home assistant";
};
config = lib.mkIf cfg.enable {
2023-11-27 02:41:45 +00:00
age.secrets = {
hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;
2024-02-06 04:20:02 +00:00
teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age;
2023-11-27 02:41:45 +00:00
};
services.mosquitto = {
enable = true;
listeners = [
{
users = {
hass = {
acl = [
2023-12-01 04:05:14 +00:00
"readwrite home/#"
"readwrite homeassistant/#"
2024-02-06 04:20:02 +00:00
"read teslamate/#"
2023-11-27 02:41:45 +00:00
];
passwordFile = config.age.secrets.hass_mqtt.path;
};
theengs_ble_gateway = {
2023-12-01 04:05:14 +00:00
acl = [
"readwrite home/#"
"readwrite homeassistant/#"
];
2023-11-27 02:41:45 +00:00
passwordFile = config.age.secrets.theengs_ble_mqtt.path;
};
2024-02-06 04:20:02 +00:00
teslamate = {
acl = ["readwrite teslamate/#"];
passwordFile = config.age.secrets.teslamate_mqtt.path;
};
2023-11-27 02:41:45 +00:00
};
}
];
};
networking.firewall.allowedTCPPorts = [1883];
};
}