refactor(mosquitto): split mosquitto out of home-assistant config

2021-12-12 19:20:31 +01:00 · 2021-12-12 19:20:31 +01:00 · 48f9a63794
parent 4211fceda9
commit 48f9a63794
3 changed files with 78 additions and 70 deletions
--- a/rpi4.nix
+++ b/rpi4.nix
@ -22,6 +22,7 @@ in with builtins; {
    ./services/jellyfin.nix
    ./services/etebase.nix
    # ./services/photoprism.nix # TODO not working on aarch64 due to tensorflow
+    ./services/mosquitto.nix
    ./services/home-assistant.nix
    ./services/owntracks.nix
    ./services/miniflux.nix
--- a/services/home-assistant.nix
+++ b/services/home-assistant.nix
@ -2,26 +2,13 @@

 with pkgs;

-let
-  mqttHost = "mqtt.felschr.com";
-  mqttPort = 1883;
-  mqttWSPort = 9001;
+let mqttPort = 1883;
 in {
  # just installed for ConBee firmware updates
  environment.systemPackages = with pkgs; [ deconz ];

  services.nginx = {
-    virtualHosts = {
-      ${mqttHost} = {
-        serverAliases = [ "mqtt.home.felschr.com" ];
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://localhost:${toString mqttWSPort}";
-          proxyWebsockets = true;
-        };
-      };
-      ${config.networking.domain} = {
+    virtualHosts."${config.networking.domain}" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
@ -31,50 +18,6 @@ in {
      };
    };
  };
-  };
-
-  networking.firewall.allowedTCPPorts = [ mqttPort ];
-
-  services.mosquitto = {
-    enable = true;
-    listeners = [
-      {
-        port = mqttPort;
-        users = {
-          "hass" = {
-            acl = [
-              "readwrite homeassistant/#"
-              "readwrite tasmota/#"
-              "readwrite owntracks/#"
-            ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
-          };
-          "tasmota" = {
-            acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
-          };
-          "owntracks" = {
-            acl = [ "readwrite owntracks/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
-          };
-        };
-      }
-      {
-        port = mqttWSPort;
-        settings.protocol = "websockets";
-        users = {
-          "felix" = {
-            acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
-          };
-          "birgit" = {
-            acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ];
-            hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
-          };
-        };
-      }
-    ];
-  };

  services.home-assistant = {
    enable = true;
@ -89,7 +32,7 @@ in {
        name = "Home";
        latitude = "!secret latitude";
        longitude = "!secret longitude";
-        elevation = 0;
+        elevation = 42;
        unit_system = "metric";
        temperature_unit = "C";
        external_url = "https://home.felschr.com";
@ -133,10 +76,10 @@ in {
            friendly_name = "Total Energy Usage";
            unit_of_measurement = "kWh";
            value_template = ''
-              {{
-                (states.sensor.outlet_computer_energy_total.state | float) +
-                (states.sensor.outlet_tv_energy_total.state | float)
-              }}
+              {% computer = states('sensor.outlet_computer_energy_total') | float %}
+              {% tv = states('sensor.outlet_tv_energy_total') | float %}
+
+              {{ computer + tv }}
            '';
          };
        };
--- a/services/mosquitto.nix
+++ b/services/mosquitto.nix
@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+with pkgs;
+
+let
+  host = "mqtt.felschr.com";
+  port = 1883;
+  wsPort = 9001;
+in {
+  services.nginx = {
+    virtualHosts."${mqttHost}" = {
+      serverAliases = [ "mqtt.home.felschr.com" ];
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://localhost:${toString wsPort}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ port ];
+
+  services.mosquitto = {
+    enable = true;
+    listeners = [
+      {
+        port = port;
+        users = {
+          "hass" = {
+            acl = [
+              "readwrite homeassistant/#"
+              "readwrite tasmota/#"
+              "readwrite owntracks/#"
+            ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
+          };
+          "tasmota" = {
+            acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
+          };
+          "owntracks" = {
+            acl = [ "readwrite owntracks/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
+          };
+        };
+      }
+      {
+        port = wsPort;
+        settings.protocol = "websockets";
+        users = {
+          "felix" = {
+            acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
+          };
+          "birgit" = {
+            acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ];
+            hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
+          };
+        };
+      }
+    ];
+  };
+}