felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat(rpi4): set up mosquitto

Browse source
This commit is contained in:
Felix Schröter 2020-10-21 20:54:55 +02:00
parent c1042ae01a
commit ad3299faa2
No known key found for this signature in database
GPG key ID: 910ACB9F6BD26F58
4 changed files with 79 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
flake.lock
View file

@ -17,6 +17,22 @@
"type": "github" "type": "github"
} }
}, },
"felschr-nixpkgs": {
"locked": {
"lastModified": 1603300533,
"narHash": "sha256-WQpKeqOAFkXv1NSq+VCpU7B6WJ6jdopvlUO0TkMq+mU=",
"owner": "felschr",
"repo": "nixpkgs",
"rev": "30b1d77f15634bb7574edf33087cd80f4e85a245",
"type": "github"
},
"original": {
"owner": "felschr",
"ref": "feat/mosquitto-password-file",
"repo": "nixpkgs",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -178,6 +194,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"felschr-nixpkgs": "felschr-nixpkgs",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",

15
flake.nix
View file

@ -1,6 +1,13 @@
{ {
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
inputs.felschr-nixpkgs = {
type = "github";
owner = "felschr";
repo = "nixpkgs";
ref = "feat/mosquitto-password-file";
};
inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.home-manager = { inputs.home-manager = {
@ -17,7 +24,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, flake-utils, home-manager, nur, pre-commit-hooks }: outputs = { self, nixpkgs, felschr-nixpkgs, flake-utils, home-manager, nur, pre-commit-hooks }:
let let
overlays = { overlays = {
deconz = self: super: { deconz = self: super: {
@ -80,7 +87,11 @@
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
nixpkgs.nixosModules.notDetected nixpkgs.nixosModules.notDetected
{ home-manager.users.felschr.imports = [ homeManagerModules.git ]; } {
disabledModules = [ "services/networking/mosquitto.nix" ];
imports = [ "${felschr-nixpkgs}/nixos/modules/services/networking/mosquitto.nix" ];
}
{ home-manager.users.felschr.imports = [ homeManagerModules.git ]; }
nixosModules.deconz nixosModules.deconz
(systemModule { (systemModule {
hostName = "felix-rpi4"; hostName = "felix-rpi4";

2
rpi4.nix
View file

@ -48,7 +48,7 @@ with builtins; {
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"home.felschr.com" = { ${ config.networking.domain } = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

53
services/home-assistant.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
with pkgs; { with pkgs;
{
environment.systemPackages = with pkgs; [ deconz ]; environment.systemPackages = with pkgs; [ deconz ];
local.services.deconz = { local.services.deconz = {
@ -10,6 +12,40 @@ with pkgs; {
openFirewall = true; openFirewall = true;
}; };
users.users.mosquitto.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
config.services.mosquitto.ssl.port
];
services.mosquitto = {
enable = true;
host = "0.0.0.0";
checkPasswords = true;
ssl = {
enable = true;
cafile = "/var/lib/acme/${config.networking.domain}/chain.pem";
certfile = "/var/lib/acme/${config.networking.domain}/cert.pem";
keyfile = "/var/lib/acme/${config.networking.domain}/key.pem";
};
users = {
"hass" = {
acl = [
"topic readwrite homeassistant/#"
"topic readwrite tasmota/#"
"topic readwrite owntracks/#"
];
hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
};
"owntracks" = {
acl = [
"topic readwrite owntracks/#"
];
hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
};
};
};
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
package = home-assistant.override { package = home-assistant.override {
@ -35,15 +71,22 @@ with pkgs; {
zeroconf = { }; zeroconf = { };
ssdp = { }; ssdp = { };
shopping_list = { }; shopping_list = { };
owntracks = {
mqtt_topic = "owntracks/#";
secret = "!secret owntracks_secret";
};
deconz = { deconz = {
host = "localhost"; host = "localhost";
port = 8080; port = 8080;
api_key = "!secret deconz_apikey"; api_key = "!secret deconz_apikey";
}; };
mqtt = {
broker = "localhost";
port = "8883";
username = "hass";
password = "!secret mqtt_password";
discovery = true;
discovery_prefix = "homeassistant";
};
owntracks = {
mqtt_topic = "owntracks/#";
};
}; };
# configWritable = true; # doesn't work atm # configWritable = true; # doesn't work atm
}; };