feat(rpi4): set up mosquitto

This commit is contained in:
Felix Schröter 2020-10-21 20:54:55 +02:00
parent c1042ae01a
commit ad3299faa2
No known key found for this signature in database
GPG key ID: 910ACB9F6BD26F58
4 changed files with 79 additions and 8 deletions

View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
with pkgs; {
with pkgs;
{
environment.systemPackages = with pkgs; [ deconz ];
local.services.deconz = {
@ -10,6 +12,40 @@ with pkgs; {
openFirewall = true;
};
users.users.mosquitto.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
config.services.mosquitto.ssl.port
];
services.mosquitto = {
enable = true;
host = "0.0.0.0";
checkPasswords = true;
ssl = {
enable = true;
cafile = "/var/lib/acme/${config.networking.domain}/chain.pem";
certfile = "/var/lib/acme/${config.networking.domain}/cert.pem";
keyfile = "/var/lib/acme/${config.networking.domain}/key.pem";
};
users = {
"hass" = {
acl = [
"topic readwrite homeassistant/#"
"topic readwrite tasmota/#"
"topic readwrite owntracks/#"
];
hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
};
"owntracks" = {
acl = [
"topic readwrite owntracks/#"
];
hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
};
};
};
services.home-assistant = {
enable = true;
package = home-assistant.override {
@ -35,15 +71,22 @@ with pkgs; {
zeroconf = { };
ssdp = { };
shopping_list = { };
owntracks = {
mqtt_topic = "owntracks/#";
secret = "!secret owntracks_secret";
};
deconz = {
host = "localhost";
port = 8080;
api_key = "!secret deconz_apikey";
};
mqtt = {
broker = "localhost";
port = "8883";
username = "hass";
password = "!secret mqtt_password";
discovery = true;
discovery_prefix = "homeassistant";
};
owntracks = {
mqtt_topic = "owntracks/#";
};
};
# configWritable = true; # doesn't work atm
};