diff --git a/home-server.nix b/home-server.nix index e2e21af..291581b 100644 --- a/home-server.nix +++ b/home-server.nix @@ -26,7 +26,6 @@ in with builtins; { ./services/home-assistant ./services/esphome.nix ./services/watchtower.nix - ./services/owntracks.nix ./services/immich.nix ./services/miniflux.nix ./services/paperless.nix @@ -91,7 +90,6 @@ in with builtins; { "books.felschr.com" "news.felschr.com" "mqtt.felschr.com" - "owntracks.felschr.com" "etebase.felschr.com" "paperless.felschr.com" ]; diff --git a/secrets/mqtt/birgit.age b/secrets/mqtt/birgit.age deleted file mode 100644 index cdacae3..0000000 --- a/secrets/mqtt/birgit.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 OAZQhA Zk7pyxZCYNBqc2Yq2YVTnuSAEYCQCb2sTDnEHdeeRVE -uLBwYObVyoGkvs5vvtRwpY8/YiCi1qY4a/jjbFNCkCc --> ssh-ed25519 lJaKnA 1oPaj5fMj7JGjWhGUcRt2AZ6hPuVJzgDGtQhRNJ/mSE -1Fetob/75g/x1pMjuIamAmJWGAEJpTdZMjYQiJ9I1+0 --> ssh-ed25519 72ij7w t8GTBY5xjmM0MTro5fxE/0yQHGuH4gLwAll5XGz7TR8 -FGT/HXGg+7nbXSAHQoYpNNUT6PTNx3FtccUA9ReeywI --> \FcVUy0l-grease -nZBgdgKQagVXynNlPuYXx2OKM/yw76nGM11e6nGBDkGhX+xJn7QQacN60XyTCgOq -1Cg ---- BQOtkyCXiut1BtuVpp6ZqSdRQsftPMBAWCBT26Gliug -vHi^W}J…WDi&^^rSbecfRe(T_Gr lw¯#D]є׃ՙux Lyv!t8Ȳ8 \ No newline at end of file diff --git a/secrets/mqtt/felix.age b/secrets/mqtt/felix.age deleted file mode 100644 index 14734a7..0000000 Binary files a/secrets/mqtt/felix.age and /dev/null differ diff --git a/secrets/mqtt/owntracks.age b/secrets/mqtt/owntracks.age deleted file mode 100644 index 56cff30..0000000 --- a/secrets/mqtt/owntracks.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 OAZQhA m6D5sjiAsBvLDuUGWQ6i4W+NbvamBUQJOakUalmt8WI -WBOapJnIFtXXWcj/jK2f1andoQRGBdSXVJqjExlWBs0 --> ssh-ed25519 lJaKnA 0j29b+NTPdWMnYqT4ub8DaDwbVspWeGe7YyWZT65v24 -ZO71r4GJZrGH5FHu8ikPokqPqJFzZgXBWp0pVWQn9PM --> ssh-ed25519 72ij7w OB+Cayu5k0Wr58yjDNhgx2mVLC6BRPKpCAu9GVFB0gg -YvJFljaN8k53YADUpv//mQyKP0I0UWOOhGSVHxameso --> $b)_:kE-grease 1r{~ -5Qy7XF5G4q4r3/fZTgVvF6Hh8l41jGh8fB5BtiL53FCA6xsl47v6MqBKLkpyowbd -d03Wbt/PfmrYke7e9WOWn1EKG+v+EZJ7us3JiLK9zy0hs6Y ---- tOD38UbHBF898Kl1wODM6PC53thmqt0kb1Kw8GRSZuY -PF)_4@ O6m@O׊]PcЄ>NUMI eX`) ;j+POu}^ /ʅр44í.9M♐ಙ,2KG@DI/jBT۰bBK"cR}%>&b \ No newline at end of file diff --git a/secrets/owntracks/htpasswd.age b/secrets/owntracks/htpasswd.age deleted file mode 100644 index db2f5d2..0000000 Binary files a/secrets/owntracks/htpasswd.age and /dev/null differ diff --git a/secrets/owntracks/recorder.env.age b/secrets/owntracks/recorder.env.age deleted file mode 100644 index 0d1ccd9..0000000 --- a/secrets/owntracks/recorder.env.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 OAZQhA wIE3VAy2VaP+135sze5kcUaXI+KilAIbkeggBQnoAk4 -p+8JKhkfkWHepXM1msDRHlY3V5gqkOkj/73VJDUywSc --> ssh-ed25519 lJaKnA 3PwR62JamBSgHRDfEzCQf5SlkAlRZ5cVwWKsOctRFGQ -4wyHMnxdzLDvviVEKRO9Fm6gqENHQkBB8t/KoxL3b5s --> ssh-ed25519 72ij7w GfkjvD4g+f1NPpl79sV8obf5doHTBVq5FL460ym0DHQ -wLQx/WIq+fKOhdwuCssi90don1Ua/YKbxSsvUp6wrg8 --> y>ssL,-grease -iqwx9J3eKDYl5fnlFG8cTbsdMGjrNZQ2lCteeFD0DWAM6SHpYbR08BINE4hJQ1pT -feMzHYmXMdQU4Hn/d8J/5i4V/RpvvLCFKyxbgHC7qsTGEqo8cnw6Ghv844Y0aJcY -qA ---- 6wVkJPPC2apD4mVSN0isSLCmjOQ2BmTntvSiqA66zJ4 -:bI4FrU={ ȿd]!a`LC-OC#zԼS@=wn \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 18a8b8d..1869b33 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,14 +18,9 @@ in { "restic/password.age".publicKeys = [ felschr home-pc home-server pilot1 ]; "smtp.age".publicKeys = [ felschr home-pc home-server ]; "samba.age".publicKeys = [ felschr home-pc home-server ]; - "mqtt/felix.age".publicKeys = [ felschr home-pc home-server ]; - "mqtt/birgit.age".publicKeys = [ felschr home-pc home-server ]; "mqtt/hass.age".publicKeys = [ felschr home-pc home-server ]; "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ]; - "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ]; "cloudflare.age".publicKeys = [ felschr home-pc home-server ]; - "owntracks/recorder.env.age".publicKeys = [ felschr home-pc home-server ]; - "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ]; "etebase-server.age".publicKeys = [ felschr home-pc home-server ]; "calibre-web/htpasswd.age".publicKeys = [ felschr home-pc home-server ]; "miniflux.age".publicKeys = [ felschr home-pc home-server ]; diff --git a/services/home-assistant/default.nix b/services/home-assistant/default.nix index 982343f..3c85084 100644 --- a/services/home-assistant/default.nix +++ b/services/home-assistant/default.nix @@ -62,7 +62,6 @@ in { database_path = "/var/lib/hass/zigbee.db"; zigpy_config = { ota = { ikea_provider = true; }; }; }; - owntracks = { mqtt_topic = "owntracks/#"; }; alarm_control_panel = [{ platform = "manual"; code = "!secret alarm_code"; diff --git a/services/mosquitto.nix b/services/mosquitto.nix index 8f6f976..70bbba0 100644 --- a/services/mosquitto.nix +++ b/services/mosquitto.nix @@ -16,7 +16,6 @@ in { mqtt-birgit = mkSecret ../secrets/mqtt/birgit.age; mqtt-hass = mkSecret ../secrets/mqtt/hass.age; mqtt-tasmota = mkSecret ../secrets/mqtt/tasmota.age; - mqtt-owntracks = mkSecret ../secrets/mqtt/owntracks.age; }; services.nginx = { @@ -34,42 +33,18 @@ in { services.mosquitto = { enable = true; - listeners = [ - { - port = port; - users = { - "hass" = { - acl = [ - "readwrite homeassistant/#" - "readwrite tasmota/#" - "readwrite owntracks/#" - ]; - hashedPasswordFile = config.age.secrets.mqtt-hass.path; - }; - "tasmota" = { - acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ]; - hashedPasswordFile = config.age.secrets.mqtt-tasmota.path; - }; - "owntracks" = { - acl = [ "readwrite owntracks/#" ]; - hashedPasswordFile = config.age.secrets.mqtt-owntracks.path; - }; + listeners = [{ + port = port; + users = { + "hass" = { + acl = [ "readwrite homeassistant/#" "readwrite tasmota/#" ]; + hashedPasswordFile = config.age.secrets.mqtt-hass.path; }; - } - { - port = wsPort; - settings.protocol = "websockets"; - users = { - "felix" = { - acl = [ "read owntracks/#" "readwrite owntracks/felix/#" ]; - hashedPasswordFile = config.age.secrets.mqtt-felix.path; - }; - "birgit" = { - acl = [ "read owntracks/#" "readwrite owntracks/birgit/#" ]; - hashedPasswordFile = config.age.secrets.mqtt-birgit.path; - }; + "tasmota" = { + acl = [ "readwrite tasmota/#" "readwrite homeassistant/#" ]; + hashedPasswordFile = config.age.secrets.mqtt-tasmota.path; }; - } - ]; + }; + }]; }; } diff --git a/services/owntracks.nix b/services/owntracks.nix deleted file mode 100644 index c8135a4..0000000 --- a/services/owntracks.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, pkgs, ... }: - -let - frontend-config = builtins.toFile "owntracks-frontend-config.js" '' - window.owntracks = window.owntracks || {}; - window.owntracks.config = {}; - ''; -in { - age.secrets.owntracks-recorder-env.file = - ../secrets/owntracks/recorder.env.age; - age.secrets.owntracks-htpasswd = { - file = ../secrets/owntracks/htpasswd.age; - owner = config.services.nginx.user; - }; - - virtualisation.oci-containers.containers = { - owntracks-recorder = { - image = "owntracks/recorder"; - ports = [ "8083:8083" ]; - environment = { - OTR_HOST = "localhost"; - OTR_PORT = "1883"; - OTR_USER = "owntracks"; - }; - # provide OTR_PASS - environmentFiles = [ config.age.secrets.owntracks-recorder-env.path ]; - volumes = [ "/var/lib/owntracks/recorder/store:/store" ]; - extraOptions = [ "--network=host" ]; - }; - - owntracks-frontend = { - image = "owntracks/frontend"; - ports = [ "8085:8085" ]; - environment = { - SERVER_HOST = "localhost"; - SERVER_PORT = "8083"; - LISTEN_PORT = "8085"; - }; - volumes = [ "${frontend-config}:/usr/share/nginx/html/config/config.js" ]; - extraOptions = [ "--network=host" ]; - }; - }; - - services = { - nginx = { - virtualHosts."owntracks.felschr.com" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:8085"; - basicAuthFile = config.age.secrets.owntracks-htpasswd.path; - }; - }; - }; - -}