1
0
Fork 0

mqtt: move all to argon

This commit is contained in:
Daniel Kempkens 2024-08-09 20:24:24 +02:00
parent a6c7158462
commit 02bfcbb486
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
13 changed files with 97 additions and 76 deletions

View file

@ -27,6 +27,18 @@
file = ./forgejo-actions/token.age;
};
mosquitto-password-weewx-proxy = {
file = ./mosquitto/passwordWeewxProxy.age;
owner = "mosquitto";
group = "mosquitto";
};
mosquitto-password-home-assistant = {
file = ./mosquitto/passwordHomeAssistant.age;
owner = "mosquitto";
group = "mosquitto";
};
weewx-proxy-environment = {
file = ./weewx-proxy/environment.age;
};

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g n5bqdakkXE07dAAGCNf9SCUU6oEXjODCAhl8Ilxe7Go
cBuxZx+yjTxkkx4P86rnRwP5ihw9w5G33AV3G+5M02k
-> ssh-ed25519 1fcLUQ AB1w+yvi9JXab7Nnl5Xh3yv2fgwJtBTFX7Z445sA/X4
rmN4E6hedJPufYB72v9cVVuqIMKntjaevn233ymEfwk
--- AK3WGXe19PWkB4gK0hh6l53fEvByUmP15lyCqcX0h38
¤%ÎýíKŽ@ÈÁ“™ý<E284A2>x±ÄLTQ}*ûO
PÐ΢B-šÂ:°¨Zø-!ïl

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g if/5ukGpKTOqo4bqj3ae+da8B5F9lFv8qFeo+BRjawg
/ilXexPX4D4iKdC7miuHAmOzBFhJMdT0p+ILwu8czBI
-> ssh-ed25519 1fcLUQ 7swNCq5irWimLZrEXsgmrrWAX4wjgnvQzewM9s/fNHg
J5nWkadlu6I2jgEFlfsV30d6s7Ms2vnUibs8rZlz6FE
--- h/zCblLmDxDF5RXvW4EHsVtC7DzyEkF9K7ylyPR2KW0
ßt²Íe¬«
jG Û¨Kò™š§[Èt4l&(Þòø+H¾5G Ä´§lÎ/UÂe—I•k2 ŽË[†Øî¥EêÒžÖçÆ‹*ò_YCßËuè¥Ëà2¬.ƌƳüÙR$Tî³!9$œ]!I“ôWP Ü(Hf?rwG—N\8ª;¿

View file

@ -23,6 +23,12 @@
group = "mosquitto";
};
mosquitto-password-home-assistant = {
file = ./mosquitto/passwordHomeAssistant.age;
owner = "mosquitto";
group = "mosquitto";
};
deye-mqtt-config = {
file = ./deye-mqtt/config.age;
};

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g A7lLy/9e4eGyQpmBTZ6Fw5t2jP1B5aJQ5iGUVlZZrQ4
VfSOwKA+SYBfnCyuQDwXtN8z9owwdKlteXJxmIXjl1k
-> ssh-ed25519 60lgJw Dxs9EekvqHrLWB/M89aV0B1HxLBpbLYE8pxWx1Cf2X4
zb7Up1DfSBYIRXom4o53KWzC56bzLLKcscvKvtZGz5s
--- y1G11ujCFt9yyOWtN5FjFGZf6QeKpZbzt8U/XZC+PME
3ýN^•¼{ü(Y§öjßPÏ<>ØrLgvÅÜæÀ”ÌøH}ãá|Ïc<C38F>¿žAÇÙ

View file

@ -9,42 +9,4 @@
systemd.services.podman-deye-mqtt.restartTriggers = [
"${config.age.secrets.deye-mqtt-config.file}"
];
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1884;
settings = {
protocol = "mqtt";
};
users = {
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
bitshake = {
password = "didYouFindThis";
acl = [ "write bitshake/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read deye/#" "read bitshake/#" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1884 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"vlan51".allowedTCPPorts = mosquittoPorts;
"podman+".allowedTCPPorts = mosquittoPorts;
};
}

View file

@ -100,6 +100,10 @@ in
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
"agenix/hosts/argon/mosquitto/passwordWeewxProxy.age".publicKeys = argon;
"agenix/hosts/argon/mosquitto/passwordHomeAssistant.age".publicKeys = argon;
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
@ -117,6 +121,8 @@ in
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
"agenix/hosts/neon/mosquitto/passwordHomeAssistant.age".publicKeys = neon;
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
# Styx

View file

@ -27,6 +27,8 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/mosquitto.nix
../nixos/tailscale-router.nix
../nixos/tailscale-nodns.nix

View file

@ -23,8 +23,6 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/mosquitto.nix
../nixos/rtl_433.nix
../nixos/tailscale-router.nix

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }:
{ pkgs, ... }:
{
hardware.rtl-sdr.enable = true;
@ -10,38 +10,7 @@
serviceConfig = {
Type = "exec";
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
};
};
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" ];
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://10.0.0.5:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
};
}

View file

@ -17,7 +17,50 @@
};
};
networking.firewall.interfaces."vlan51" = {
allowedTCPPorts = [ 4040 ];
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
bitshake = {
password = "didYouFindThis";
acl = [ "write bitshake/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" "read deye/#" "read bitshake/#" ];
};
home-assistant = {
passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
acl = [ "readwrite #" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"vlan51".allowedTCPPorts = [ 4040 ] ++ mosquittoPorts;
};
}