mqtt: move all to argon
This commit is contained in:
parent
a6c7158462
commit
02bfcbb486
13 changed files with 97 additions and 76 deletions
|
@ -27,6 +27,18 @@
|
||||||
file = ./forgejo-actions/token.age;
|
file = ./forgejo-actions/token.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mosquitto-password-weewx-proxy = {
|
||||||
|
file = ./mosquitto/passwordWeewxProxy.age;
|
||||||
|
owner = "mosquitto";
|
||||||
|
group = "mosquitto";
|
||||||
|
};
|
||||||
|
|
||||||
|
mosquitto-password-home-assistant = {
|
||||||
|
file = ./mosquitto/passwordHomeAssistant.age;
|
||||||
|
owner = "mosquitto";
|
||||||
|
group = "mosquitto";
|
||||||
|
};
|
||||||
|
|
||||||
weewx-proxy-environment = {
|
weewx-proxy-environment = {
|
||||||
file = ./weewx-proxy/environment.age;
|
file = ./weewx-proxy/environment.age;
|
||||||
};
|
};
|
||||||
|
|
8
agenix/hosts/argon/mosquitto/passwordHomeAssistant.age
Normal file
8
agenix/hosts/argon/mosquitto/passwordHomeAssistant.age
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 MtGp6g n5bqdakkXE07dAAGCNf9SCUU6oEXjODCAhl8Ilxe7Go
|
||||||
|
cBuxZx+yjTxkkx4P86rnRwP5ihw9w5G33AV3G+5M02k
|
||||||
|
-> ssh-ed25519 1fcLUQ AB1w+yvi9JXab7Nnl5Xh3yv2fgwJtBTFX7Z445sA/X4
|
||||||
|
rmN4E6hedJPufYB72v9cVVuqIMKntjaevn233ymEfwk
|
||||||
|
--- AK3WGXe19PWkB4gK0hh6l53fEvByUmP15lyCqcX0h38
|
||||||
|
¤%ÎýíKŽ@ÈÁ“™ý<E284A2>x±ÄLTQ}*ûO
|
||||||
|
PÐ΢B-šÂ:°¨Zø-!ïl
|
8
agenix/hosts/argon/mosquitto/passwordWeewxProxy.age
Normal file
8
agenix/hosts/argon/mosquitto/passwordWeewxProxy.age
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 MtGp6g if/5ukGpKTOqo4bqj3ae+da8B5F9lFv8qFeo+BRjawg
|
||||||
|
/ilXexPX4D4iKdC7miuHAmOzBFhJMdT0p+ILwu8czBI
|
||||||
|
-> ssh-ed25519 1fcLUQ 7swNCq5irWimLZrEXsgmrrWAX4wjgnvQzewM9s/fNHg
|
||||||
|
J5nWkadlu6I2jgEFlfsV30d6s7Ms2vnUibs8rZlz6FE
|
||||||
|
--- h/zCblLmDxDF5RXvW4EHsVtC7DzyEkF9K7ylyPR2KW0
|
||||||
|
ßt²Íe¬«
|
||||||
|
jG Û¨Kò™š§[Èt4l&(Þòø+H¾5G‹ Ä´§lÎ/–UÂe—8³l¹™I•k2
ŽË[†Øî¥EêÒ’žÖçÆ‹*ò_YCß—Ëuè¥Ëà2¬.ƌƳüÙR$Tî³!9$œ]!I“ôW‚P
Ü(Hf?rwG—N\8ª;¿
|
Binary file not shown.
|
@ -23,6 +23,12 @@
|
||||||
group = "mosquitto";
|
group = "mosquitto";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mosquitto-password-home-assistant = {
|
||||||
|
file = ./mosquitto/passwordHomeAssistant.age;
|
||||||
|
owner = "mosquitto";
|
||||||
|
group = "mosquitto";
|
||||||
|
};
|
||||||
|
|
||||||
deye-mqtt-config = {
|
deye-mqtt-config = {
|
||||||
file = ./deye-mqtt/config.age;
|
file = ./deye-mqtt/config.age;
|
||||||
};
|
};
|
||||||
|
|
Binary file not shown.
7
agenix/hosts/neon/mosquitto/passwordHomeAssistant.age
Normal file
7
agenix/hosts/neon/mosquitto/passwordHomeAssistant.age
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 MtGp6g A7lLy/9e4eGyQpmBTZ6Fw5t2jP1B5aJQ5iGUVlZZrQ4
|
||||||
|
VfSOwKA+SYBfnCyuQDwXtN8z9owwdKlteXJxmIXjl1k
|
||||||
|
-> ssh-ed25519 60lgJw Dxs9EekvqHrLWB/M89aV0B1HxLBpbLYE8pxWx1Cf2X4
|
||||||
|
zb7Up1DfSBYIRXom4o53KWzC56bzLLKcscvKvtZGz5s
|
||||||
|
--- y1G11ujCFt9yyOWtN5FjFGZf6QeKpZbzt8U/XZC+PME
|
||||||
|
3ýN^•¼{ü(Y§öjßPÏ<>ØrLgvÅÜæÀ”ÌøH}ãá|Ïc<C38F>¿žAÇÙ
|
|
@ -9,42 +9,4 @@
|
||||||
systemd.services.podman-deye-mqtt.restartTriggers = [
|
systemd.services.podman-deye-mqtt.restartTriggers = [
|
||||||
"${config.age.secrets.deye-mqtt-config.file}"
|
"${config.age.secrets.deye-mqtt-config.file}"
|
||||||
];
|
];
|
||||||
|
|
||||||
services.mosquitto.listeners = [
|
|
||||||
{
|
|
||||||
address = "0.0.0.0";
|
|
||||||
port = 1884;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
protocol = "mqtt";
|
|
||||||
};
|
|
||||||
|
|
||||||
users = {
|
|
||||||
deye = {
|
|
||||||
password = "didYouFindThis";
|
|
||||||
acl = [ "write deye/#" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
bitshake = {
|
|
||||||
password = "didYouFindThis";
|
|
||||||
acl = [ "write bitshake/#" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
weewx-proxy = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
|
||||||
acl = [ "read deye/#" "read bitshake/#" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.interfaces =
|
|
||||||
let
|
|
||||||
mosquittoPorts = [ 1884 ];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"end0".allowedTCPPorts = mosquittoPorts;
|
|
||||||
"vlan51".allowedTCPPorts = mosquittoPorts;
|
|
||||||
"podman+".allowedTCPPorts = mosquittoPorts;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -100,6 +100,10 @@ in
|
||||||
|
|
||||||
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
|
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
|
||||||
|
|
||||||
|
"agenix/hosts/argon/mosquitto/passwordWeewxProxy.age".publicKeys = argon;
|
||||||
|
|
||||||
|
"agenix/hosts/argon/mosquitto/passwordHomeAssistant.age".publicKeys = argon;
|
||||||
|
|
||||||
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
|
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
|
||||||
|
|
||||||
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
|
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
|
||||||
|
@ -117,6 +121,8 @@ in
|
||||||
|
|
||||||
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
||||||
|
|
||||||
|
"agenix/hosts/neon/mosquitto/passwordHomeAssistant.age".publicKeys = neon;
|
||||||
|
|
||||||
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
|
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
|
||||||
|
|
||||||
# Styx
|
# Styx
|
||||||
|
|
|
@ -27,6 +27,8 @@ in
|
||||||
|
|
||||||
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
|
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
|
||||||
|
|
||||||
|
../nixos/mosquitto.nix
|
||||||
|
|
||||||
../nixos/tailscale-router.nix
|
../nixos/tailscale-router.nix
|
||||||
../nixos/tailscale-nodns.nix
|
../nixos/tailscale-nodns.nix
|
||||||
|
|
||||||
|
|
|
@ -23,8 +23,6 @@ in
|
||||||
|
|
||||||
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
|
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
|
||||||
|
|
||||||
../nixos/mosquitto.nix
|
|
||||||
|
|
||||||
../nixos/rtl_433.nix
|
../nixos/rtl_433.nix
|
||||||
|
|
||||||
../nixos/tailscale-router.nix
|
../nixos/tailscale-router.nix
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
hardware.rtl-sdr.enable = true;
|
hardware.rtl-sdr.enable = true;
|
||||||
|
@ -10,38 +10,7 @@
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "exec";
|
Type = "exec";
|
||||||
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
|
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://10.0.0.5:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mosquitto.listeners = [
|
|
||||||
{
|
|
||||||
address = "0.0.0.0";
|
|
||||||
port = 1883;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
protocol = "mqtt";
|
|
||||||
};
|
|
||||||
|
|
||||||
users = {
|
|
||||||
rtl = {
|
|
||||||
password = "didYouFindThis";
|
|
||||||
acl = [ "write rtl433" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
weewx-proxy = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
|
||||||
acl = [ "read rtl433" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.interfaces =
|
|
||||||
let
|
|
||||||
mosquittoPorts = [ 1883 ];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"end0".allowedTCPPorts = mosquittoPorts;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,50 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.interfaces."vlan51" = {
|
services.mosquitto.listeners = [
|
||||||
allowedTCPPorts = [ 4040 ];
|
{
|
||||||
|
address = "0.0.0.0";
|
||||||
|
port = 1883;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
protocol = "mqtt";
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
rtl = {
|
||||||
|
password = "didYouFindThis";
|
||||||
|
acl = [ "write rtl433" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
deye = {
|
||||||
|
password = "didYouFindThis";
|
||||||
|
acl = [ "write deye/#" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
bitshake = {
|
||||||
|
password = "didYouFindThis";
|
||||||
|
acl = [ "write bitshake/#" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
weewx-proxy = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
||||||
|
acl = [ "read rtl433" "read deye/#" "read bitshake/#" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
home-assistant = {
|
||||||
|
passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
|
||||||
|
acl = [ "readwrite #" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall.interfaces =
|
||||||
|
let
|
||||||
|
mosquittoPorts = [ 1883 ];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"end0".allowedTCPPorts = mosquittoPorts;
|
||||||
|
"vlan51".allowedTCPPorts = [ 4040 ] ++ mosquittoPorts;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue