Added mosquitto as mqtt broker

modules/nixos/services/homeassistant/default.nix

@@ -33,6 +33,8 @@ in {
       extraComponents = [
         "hue"
         "met"
+        "mqtt"
+        "octoprint"
         "tuya"
         "vizio"
         "zeroconf"

modules/nixos/services/mosquitto/default.nix

@@ -0,0 +1,45 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  format,
+  ...
+}:
+with lib; let
+  cfg = config.aa.services.mosquitto;
+  mosquitto_cfg = config.services.mosquitto;
+in {
+  options.aa.services.mosquitto = with types; {
+    enable = mkEnableOption "home assistant";
+  };
+  config = mkIf cfg.enable {
+    age.secrets = {
+      hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
+      theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;
+    };
+
+    services.mosquitto = {
+      enable = true;
+      listeners = [
+        {
+          users = {
+            hass = {
+              acl = [
+                "read home/#"
+                "readwrite homeassistant/status"
+              ];
+              passwordFile = config.age.secrets.hass_mqtt.path;
+            };
+            theengs_ble_gateway = {
+              acl = ["readwrite home/#"];
+              passwordFile = config.age.secrets.theengs_ble_mqtt.path;
+            };
+          };
+        }
+      ];
+    };
+
+    networking.firewall.allowedTCPPorts = [1883];
+  };
+}

secrets/cf_dns_kilonull.age

@@ -1,14 +1,13 @@
 age-encryption.org/v1
--> ssh-ed25519 Yk7ehg NwKwWQiMTehA+gluPXpVyL4zyhGRheQ1hCyyjPyWNlM
+-> ssh-ed25519 Yk7ehg YW+VO4Mb5SxfM9mxXRvYKC2kJVZeULkllzvUbo0VShM
-ZTD2ssehxzayPhnW+OVqXzr/fqQ7Hdm711RgZT5R4Pw
+yOts+jZvdreDDC13fT/4BdF7d/B03RaGlDzSwBGa6Q8
--> ssh-ed25519 SYNSNQ oEc4p7cz7u+gEYIJVW7hl+VXwXzPSpRXCL33Ij2ZIkc
+-> ssh-ed25519 SYNSNQ tdbAwQABaA+r2Kkm7d9UIsVC7J/LtmlI1rnbQOlkYQU
-avgbK9ss20KmL1XB9Sg45bwv6BItDcMJj8/e2fXxZOE
+sJfnI9RdEoYaI7+rlrG+N4cTxdWRX2XDDzjuql5CYhI
--> ssh-ed25519 t5XIGA huqEOk8X1Z4g4pcjAc6griyt3x+hU5NWMfCUL8WoUkI
+-> ssh-ed25519 t5XIGA 61XjTYo7NAeORxGErzRef/qluiux1GiOKbTUoetarzE
-yqJxaxWF04PzcmyFN8hq+u9DaQmbI4W3PSDC2+Rxr5I
+JZYJQRs6jDPubIVAxbvDK3wGUcydLs8mbj+s/gYannk
--> piv-p256 UIEGzg AzYN661WI0nUCA4MHnSqOT0A23jbBl9Dnv5CmmJkvuSk
+-> piv-p256 UIEGzg A+RKB16kMJniwsfCfG5apfAXcoYFyo+7NAIp0PRcEyeZ
-BXxeYW5RdiYNwtMG+PHF5b7x2Pu129SNOeqItwfcWTs
+aWL7CzAm9iEFyoeaK7fWSiV8zVYv9FZr0JV5sgD1r/k
--> X{\S-grease <0c[|Bb
+-> X-:^I-grease )G"sj("
-tXXujcfm/3s/TMaX5tM9TamHAEHSUCArwJCDEJ2SFKcL8FSV1N3srp4wNogtF7pO
+jVX1VFRb4ltX1a+uPuXUtXycWEMUY0RRqC9IRJ7KDMQk39Rt
-PjLeXFHo
+--- gT6dA9SwnjRXm0xmHuVZcjmPyk4Awg7EOJGEsiVRbjQ
---- 1VR3EGzzVvK+pbDlvomJ6cJ9wOrP2LoPsUqmh0c6bVE
+ÚPˆTŸ¬é›pô¡<>E«[T`˜Ã­›ê|³¯<è<>GCû‹ï#´šŸH‡9ª‹^ÀÞ›¡#3!åÕ'Ú£Æ&覛hó”pZøŽcKÀ3À4S0‡”€g@,æZú̆òyÇï¨i ©
8I"{€&á
èö‡T
ÞÇЉl#PK<50>œoyÔh8Ù]êi²Ø	ä<>øÛ7¼~Ú|Ògz¤Â‘~6
-°¸>¦/<2F>Éÿ,+ðì®bÇLþjgŽfÏ<9m¿K‰ÙõT¢‚±N3òà¦wÄ͹1¸(¿&É´D¦Á	7ø2 #­.^"KWì$BªKUknDX¨î­kÂÝ7GRÚ¡d§Ìèœ^9`Ðã©Ñ”yóM-µˆçKvõO#çÑ#¤þ8_—<Êù©âu:;Ø\•
A0â¬X5ø³)²Þ

secrets/secrets.nix

@@ -10,4 +10,6 @@ let
 in {
   "cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel machines.pi4];
   "nextcloud_admin.age".publicKeys = [users.me machines.node];
+  "theengs_ble_mqtt.age".publicKeys = [users.me machines.pi4];
+  "hass_mqtt.age".publicKeys = [users.me machines.pi4 machines.node];
 }

secrets/theengs_ble_mqtt.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 t5XIGA VI8M2lKHFTlmy8SztjfCE5sGTZEtk11OvYKOHVsYbFM
+BKBGSSpbl0D64mtyfKBkapjyn3G4U7DLPDu0Xb7T0sM
+-> piv-p256 UIEGzg A4nB8kjBm06K2nVBkHANTzBZcflssYIyA4fKgxtNmnMF
+8dFmHQjiJ9bDDC7zcVjoiDtv8aHLZUdYZwp/YCL6Lmo
+-> "DI?cD^G-grease sK5f 3_ <Zq
+lPu7GtAC0D0wNw0lBLB9MTpMFnU
+--- a3oVDb9D/2tKnYpZ0HIrTPdOJsHKudZEOkmSqD5l05E
+|ï½îsˆÈ%7<>‘RWÇêÉ9ÊÈgY:ä/R9ܤÁMƒT· £Z‚Ú<1B>5.TîkËßçèüË“¨E:

systems/aarch64-linux/pi4/default.nix

@@ -43,6 +43,7 @@
     };
     services.prometheus.enable = true;
     services.promtail.enable = true;
+    services.mosquitto.enable = true;
 
     security.acme = {
       enable = true;