refactor(mosquitto): split mosquitto out of home-assistant config

rpi4.nix

@@ -22,6 +22,7 @@ in with builtins; {
     ./services/jellyfin.nix
     ./services/etebase.nix
     # ./services/photoprism.nix # TODO not working on aarch64 due to tensorflow
+    ./services/mosquitto.nix
     ./services/home-assistant.nix
     ./services/owntracks.nix
     ./services/miniflux.nix

services/home-assistant.nix

@@ -2,80 +2,23 @@
 
 with pkgs;
 
-let
+let mqttPort = 1883;
-  mqttHost = "mqtt.felschr.com";
-  mqttPort = 1883;
-  mqttWSPort = 9001;
 in {
   # just installed for ConBee firmware updates
   environment.systemPackages = with pkgs; [ deconz ];
 
   services.nginx = {
-    virtualHosts = {
+    virtualHosts."${config.networking.domain}" = {
-      ${mqttHost} = {
+      enableACME = true;
-        serverAliases = [ "mqtt.home.felschr.com" ];
+      forceSSL = true;
-        enableACME = true;
+      locations."/" = {
-        forceSSL = true;
+        proxyPass =
-        locations."/" = {
+          "http://localhost:${toString config.services.home-assistant.port}";
-          proxyPass = "http://localhost:${toString mqttWSPort}";
+        proxyWebsockets = true;
-          proxyWebsockets = true;
-        };
-      };
-      ${config.networking.domain} = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass =
-            "http://localhost:${toString config.services.home-assistant.port}";
-          proxyWebsockets = true;
-        };
       };
     };
   };
 
-  networking.firewall.allowedTCPPorts = [ mqttPort ];
-
-  services.mosquitto = {
-    enable = true;
-    listeners = [
-      {
-        port = mqttPort;
-        users = {
-          "hass" = {
-            acl = [
-              "readwrite homeassistant/#"
-              "readwrite tasmota/#"
-              "readwrite owntracks/#"
-            ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
-          };
-          "tasmota" = {
-            acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
-          };
-          "owntracks" = {
-            acl = [ "readwrite owntracks/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
-          };
-        };
-      }
-      {
-        port = mqttWSPort;
-        settings.protocol = "websockets";
-        users = {
-          "felix" = {
-            acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
-          };
-          "birgit" = {
-            acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
-          };
-        };
-      }
-    ];
-  };
-
   services.home-assistant = {
     enable = true;
     openFirewall = true;
@@ -89,7 +32,7 @@ in {
         name = "Home";
         latitude = "!secret latitude";
         longitude = "!secret longitude";
-        elevation = 0;
+        elevation = 42;
         unit_system = "metric";
         temperature_unit = "C";
         external_url = "https://home.felschr.com";
@@ -133,10 +76,10 @@ in {
             friendly_name = "Total Energy Usage";
             unit_of_measurement = "kWh";
             value_template = ''
-              {{
+              {% computer = states('sensor.outlet_computer_energy_total') | float %}
-                (states.sensor.outlet_computer_energy_total.state | float) +
+              {% tv = states('sensor.outlet_tv_energy_total') | float %}
-                (states.sensor.outlet_tv_energy_total.state | float)
+
-              }}
+              {{ computer + tv }}
             '';
           };
         };

services/mosquitto.nix

@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+with pkgs;
+
+let
+  host = "mqtt.felschr.com";
+  port = 1883;
+  wsPort = 9001;
+in {
+  services.nginx = {
+    virtualHosts."${mqttHost}" = {
+      serverAliases = [ "mqtt.home.felschr.com" ];
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString wsPort}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ port ];
+
+  services.mosquitto = {
+    enable = true;
+    listeners = [
+      {
+        port = port;
+        users = {
+          "hass" = {
+            acl = [
+              "readwrite homeassistant/#"
+              "readwrite tasmota/#"
+              "readwrite owntracks/#"
+            ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
+          };
+          "tasmota" = {
+            acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
+          };
+          "owntracks" = {
+            acl = [ "readwrite owntracks/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
+          };
+        };
+      }
+      {
+        port = wsPort;
+        settings.protocol = "websockets";
+        users = {
+          "felix" = {
+            acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
+          };
+          "birgit" = {
+            acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
+          };
+        };
+      }
+    ];
+  };
+}