mqtt: move all to argon
This commit is contained in:
parent
a6c7158462
commit
02bfcbb486
13 changed files with 97 additions and 76 deletions
|
@ -27,6 +27,18 @@
|
|||
file = ./forgejo-actions/token.age;
|
||||
};
|
||||
|
||||
mosquitto-password-weewx-proxy = {
|
||||
file = ./mosquitto/passwordWeewxProxy.age;
|
||||
owner = "mosquitto";
|
||||
group = "mosquitto";
|
||||
};
|
||||
|
||||
mosquitto-password-home-assistant = {
|
||||
file = ./mosquitto/passwordHomeAssistant.age;
|
||||
owner = "mosquitto";
|
||||
group = "mosquitto";
|
||||
};
|
||||
|
||||
weewx-proxy-environment = {
|
||||
file = ./weewx-proxy/environment.age;
|
||||
};
|
||||
|
|
8
agenix/hosts/argon/mosquitto/passwordHomeAssistant.age
Normal file
8
agenix/hosts/argon/mosquitto/passwordHomeAssistant.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g n5bqdakkXE07dAAGCNf9SCUU6oEXjODCAhl8Ilxe7Go
|
||||
cBuxZx+yjTxkkx4P86rnRwP5ihw9w5G33AV3G+5M02k
|
||||
-> ssh-ed25519 1fcLUQ AB1w+yvi9JXab7Nnl5Xh3yv2fgwJtBTFX7Z445sA/X4
|
||||
rmN4E6hedJPufYB72v9cVVuqIMKntjaevn233ymEfwk
|
||||
--- AK3WGXe19PWkB4gK0hh6l53fEvByUmP15lyCqcX0h38
|
||||
¤%ÎýíKŽ@ÈÁ“™ý<E284A2>x±ÄLTQ}*ûO
|
||||
PÐ΢B-šÂ:°¨Zø-!ïl
|
8
agenix/hosts/argon/mosquitto/passwordWeewxProxy.age
Normal file
8
agenix/hosts/argon/mosquitto/passwordWeewxProxy.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g if/5ukGpKTOqo4bqj3ae+da8B5F9lFv8qFeo+BRjawg
|
||||
/ilXexPX4D4iKdC7miuHAmOzBFhJMdT0p+ILwu8czBI
|
||||
-> ssh-ed25519 1fcLUQ 7swNCq5irWimLZrEXsgmrrWAX4wjgnvQzewM9s/fNHg
|
||||
J5nWkadlu6I2jgEFlfsV30d6s7Ms2vnUibs8rZlz6FE
|
||||
--- h/zCblLmDxDF5RXvW4EHsVtC7DzyEkF9K7ylyPR2KW0
|
||||
ßt²Íe¬«
|
||||
jG Û¨Kò™š§[Èt4l&(Þòø+H¾5G‹ Ä´§lÎ/–UÂe—8³l¹™I•k2
ŽË[†Øî¥EêÒ’žÖçÆ‹*ò_YCß—Ëuè¥Ëà2¬.ƌƳüÙR$Tî³!9$œ]!I“ôW‚P
Ü(Hf?rwG—N\8ª;¿
|
Binary file not shown.
|
@ -23,6 +23,12 @@
|
|||
group = "mosquitto";
|
||||
};
|
||||
|
||||
mosquitto-password-home-assistant = {
|
||||
file = ./mosquitto/passwordHomeAssistant.age;
|
||||
owner = "mosquitto";
|
||||
group = "mosquitto";
|
||||
};
|
||||
|
||||
deye-mqtt-config = {
|
||||
file = ./deye-mqtt/config.age;
|
||||
};
|
||||
|
|
Binary file not shown.
7
agenix/hosts/neon/mosquitto/passwordHomeAssistant.age
Normal file
7
agenix/hosts/neon/mosquitto/passwordHomeAssistant.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 MtGp6g A7lLy/9e4eGyQpmBTZ6Fw5t2jP1B5aJQ5iGUVlZZrQ4
|
||||
VfSOwKA+SYBfnCyuQDwXtN8z9owwdKlteXJxmIXjl1k
|
||||
-> ssh-ed25519 60lgJw Dxs9EekvqHrLWB/M89aV0B1HxLBpbLYE8pxWx1Cf2X4
|
||||
zb7Up1DfSBYIRXom4o53KWzC56bzLLKcscvKvtZGz5s
|
||||
--- y1G11ujCFt9yyOWtN5FjFGZf6QeKpZbzt8U/XZC+PME
|
||||
3ýN^•¼{ü(Y§öjßPÏ<>ØrLgvÅÜæÀ”ÌøH}ãá|Ïc<C38F>¿žAÇÙ
|
|
@ -9,42 +9,4 @@
|
|||
systemd.services.podman-deye-mqtt.restartTriggers = [
|
||||
"${config.age.secrets.deye-mqtt-config.file}"
|
||||
];
|
||||
|
||||
services.mosquitto.listeners = [
|
||||
{
|
||||
address = "0.0.0.0";
|
||||
port = 1884;
|
||||
|
||||
settings = {
|
||||
protocol = "mqtt";
|
||||
};
|
||||
|
||||
users = {
|
||||
deye = {
|
||||
password = "didYouFindThis";
|
||||
acl = [ "write deye/#" ];
|
||||
};
|
||||
|
||||
bitshake = {
|
||||
password = "didYouFindThis";
|
||||
acl = [ "write bitshake/#" ];
|
||||
};
|
||||
|
||||
weewx-proxy = {
|
||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
||||
acl = [ "read deye/#" "read bitshake/#" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall.interfaces =
|
||||
let
|
||||
mosquittoPorts = [ 1884 ];
|
||||
in
|
||||
{
|
||||
"end0".allowedTCPPorts = mosquittoPorts;
|
||||
"vlan51".allowedTCPPorts = mosquittoPorts;
|
||||
"podman+".allowedTCPPorts = mosquittoPorts;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -100,6 +100,10 @@ in
|
|||
|
||||
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
|
||||
|
||||
"agenix/hosts/argon/mosquitto/passwordWeewxProxy.age".publicKeys = argon;
|
||||
|
||||
"agenix/hosts/argon/mosquitto/passwordHomeAssistant.age".publicKeys = argon;
|
||||
|
||||
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
|
||||
|
||||
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
|
||||
|
@ -117,6 +121,8 @@ in
|
|||
|
||||
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
||||
|
||||
"agenix/hosts/neon/mosquitto/passwordHomeAssistant.age".publicKeys = neon;
|
||||
|
||||
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
|
||||
|
||||
# Styx
|
||||
|
|
|
@ -27,6 +27,8 @@ in
|
|||
|
||||
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
|
||||
|
||||
../nixos/mosquitto.nix
|
||||
|
||||
../nixos/tailscale-router.nix
|
||||
../nixos/tailscale-nodns.nix
|
||||
|
||||
|
|
|
@ -23,8 +23,6 @@ in
|
|||
|
||||
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
|
||||
|
||||
../nixos/mosquitto.nix
|
||||
|
||||
../nixos/rtl_433.nix
|
||||
|
||||
../nixos/tailscale-router.nix
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
hardware.rtl-sdr.enable = true;
|
||||
|
@ -10,38 +10,7 @@
|
|||
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
|
||||
};
|
||||
};
|
||||
|
||||
services.mosquitto.listeners = [
|
||||
{
|
||||
address = "0.0.0.0";
|
||||
port = 1883;
|
||||
|
||||
settings = {
|
||||
protocol = "mqtt";
|
||||
};
|
||||
|
||||
users = {
|
||||
rtl = {
|
||||
password = "didYouFindThis";
|
||||
acl = [ "write rtl433" ];
|
||||
};
|
||||
|
||||
weewx-proxy = {
|
||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
||||
acl = [ "read rtl433" ];
|
||||
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://10.0.0.5:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall.interfaces =
|
||||
let
|
||||
mosquittoPorts = [ 1883 ];
|
||||
in
|
||||
{
|
||||
"end0".allowedTCPPorts = mosquittoPorts;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,7 +17,50 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."vlan51" = {
|
||||
allowedTCPPorts = [ 4040 ];
|
||||
services.mosquitto.listeners = [
|
||||
{
|
||||
address = "0.0.0.0";
|
||||
port = 1883;
|
||||
|
||||
settings = {
|
||||
protocol = "mqtt";
|
||||
};
|
||||
|
||||
users = {
|
||||
rtl = {
|
||||
password = "didYouFindThis";
|
||||
acl = [ "write rtl433" ];
|
||||
};
|
||||
|
||||
deye = {
|
||||
password = "didYouFindThis";
|
||||
acl = [ "write deye/#" ];
|
||||
};
|
||||
|
||||
bitshake = {
|
||||
password = "didYouFindThis";
|
||||
acl = [ "write bitshake/#" ];
|
||||
};
|
||||
|
||||
weewx-proxy = {
|
||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
||||
acl = [ "read rtl433" "read deye/#" "read bitshake/#" ];
|
||||
};
|
||||
|
||||
home-assistant = {
|
||||
passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
|
||||
acl = [ "readwrite #" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall.interfaces =
|
||||
let
|
||||
mosquittoPorts = [ 1883 ];
|
||||
in
|
||||
{
|
||||
"end0".allowedTCPPorts = mosquittoPorts;
|
||||
"vlan51".allowedTCPPorts = [ 4040 ] ++ mosquittoPorts;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue