From 48f9a637948f8258a454aac73505026219523ef6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= Date: Sun, 12 Dec 2021 19:20:31 +0100 Subject: [PATCH] refactor(mosquitto): split mosquitto out of home-assistant config --- rpi4.nix | 1 + services/home-assistant.nix | 83 ++++++------------------------------- services/mosquitto.nix | 64 ++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 70 deletions(-) create mode 100644 services/mosquitto.nix diff --git a/rpi4.nix b/rpi4.nix index fcf7bd1..61a6737 100644 --- a/rpi4.nix +++ b/rpi4.nix @@ -22,6 +22,7 @@ in with builtins; { ./services/jellyfin.nix ./services/etebase.nix # ./services/photoprism.nix # TODO not working on aarch64 due to tensorflow + ./services/mosquitto.nix ./services/home-assistant.nix ./services/owntracks.nix ./services/miniflux.nix diff --git a/services/home-assistant.nix b/services/home-assistant.nix index 782533d..9d6e33a 100644 --- a/services/home-assistant.nix +++ b/services/home-assistant.nix @@ -2,80 +2,23 @@ with pkgs; -let - mqttHost = "mqtt.felschr.com"; - mqttPort = 1883; - mqttWSPort = 9001; +let mqttPort = 1883; in { # just installed for ConBee firmware updates environment.systemPackages = with pkgs; [ deconz ]; services.nginx = { - virtualHosts = { - ${mqttHost} = { - serverAliases = [ "mqtt.home.felschr.com" ]; - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString mqttWSPort}"; - proxyWebsockets = true; - }; - }; - ${config.networking.domain} = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.home-assistant.port}"; - proxyWebsockets = true; - }; + virtualHosts."${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.home-assistant.port}"; + proxyWebsockets = true; }; }; }; - networking.firewall.allowedTCPPorts = [ mqttPort ]; - - services.mosquitto = { - enable = true; - listeners = [ - { - port = mqttPort; - users = { - "hass" = { - acl = [ - "readwrite homeassistant/#" - "readwrite tasmota/#" - "readwrite owntracks/#" - ]; - hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass"; - }; - "tasmota" = { - acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ]; - hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota"; - }; - "owntracks" = { - acl = [ "readwrite owntracks/#" ]; - hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks"; - }; - }; - } - { - port = mqttWSPort; - settings.protocol = "websockets"; - users = { - "felix" = { - acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ]; - hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix"; - }; - "birgit" = { - acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ]; - hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit"; - }; - }; - } - ]; - }; - services.home-assistant = { enable = true; openFirewall = true; @@ -89,7 +32,7 @@ in { name = "Home"; latitude = "!secret latitude"; longitude = "!secret longitude"; - elevation = 0; + elevation = 42; unit_system = "metric"; temperature_unit = "C"; external_url = "https://home.felschr.com"; @@ -133,10 +76,10 @@ in { friendly_name = "Total Energy Usage"; unit_of_measurement = "kWh"; value_template = '' - {{ - (states.sensor.outlet_computer_energy_total.state | float) + - (states.sensor.outlet_tv_energy_total.state | float) - }} + {% computer = states('sensor.outlet_computer_energy_total') | float %} + {% tv = states('sensor.outlet_tv_energy_total') | float %} + + {{ computer + tv }} ''; }; }; diff --git a/services/mosquitto.nix b/services/mosquitto.nix new file mode 100644 index 0000000..eb57c48 --- /dev/null +++ b/services/mosquitto.nix @@ -0,0 +1,64 @@ +{ config, pkgs, ... }: + +with pkgs; + +let + host = "mqtt.felschr.com"; + port = 1883; + wsPort = 9001; +in { + services.nginx = { + virtualHosts."${mqttHost}" = { + serverAliases = [ "mqtt.home.felschr.com" ]; + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString wsPort}"; + proxyWebsockets = true; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ port ]; + + services.mosquitto = { + enable = true; + listeners = [ + { + port = port; + users = { + "hass" = { + acl = [ + "readwrite homeassistant/#" + "readwrite tasmota/#" + "readwrite owntracks/#" + ]; + hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass"; + }; + "tasmota" = { + acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ]; + hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota"; + }; + "owntracks" = { + acl = [ "readwrite owntracks/#" ]; + hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks"; + }; + }; + } + { + port = wsPort; + settings.protocol = "websockets"; + users = { + "felix" = { + acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ]; + hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix"; + }; + "birgit" = { + acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ]; + hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit"; + }; + }; + } + ]; + }; +}