diff --git a/agenix/hosts/mediaserver/wireguard/config.age b/agenix/hosts/mediaserver/wireguard/config.age index f44eeb6..8616e9d 100644 Binary files a/agenix/hosts/mediaserver/wireguard/config.age and b/agenix/hosts/mediaserver/wireguard/config.age differ diff --git a/system/nixos/weewx-proxy.nix b/system/nixos/weewx-proxy.nix index 8e60b8a..0523609 100644 --- a/system/nixos/weewx-proxy.nix +++ b/system/nixos/weewx-proxy.nix @@ -17,43 +17,55 @@ }; }; - services.mosquitto.listeners = [ - { - address = "0.0.0.0"; - port = 1883; + services.mosquitto = { + listeners = [ + { + address = "0.0.0.0"; + port = 1883; + settings = { + protocol = "mqtt"; + }; + + users = { + rtl = { + password = "didYouFindThis"; + acl = [ "write rtl433" ]; + }; + + deye = { + password = "didYouFindThis"; + acl = [ "write deye/#" ]; + }; + + bitshake = { + password = "didYouFindThis"; + acl = [ "write bitshake/#" ]; + }; + + weewx-proxy = { + hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path; + acl = [ "read rtl433" "read deye/#" "read bitshake/#" "write hadata/#" ]; + }; + + home-assistant = { + passwordFile = config.age.secrets.mosquitto-password-home-assistant.path; + acl = [ "readwrite #" ]; + }; + }; + } + ]; + + bridges.home-assistant = { + addresses = [{ address = "10.0.0.230"; port = 1883; }]; settings = { - protocol = "mqtt"; + remote_username = "mqtt_bridge"; + remote_password = "verySecurePassword"; + try_private = true; }; - - users = { - rtl = { - password = "didYouFindThis"; - acl = [ "write rtl433" ]; - }; - - deye = { - password = "didYouFindThis"; - acl = [ "write deye/#" ]; - }; - - bitshake = { - password = "didYouFindThis"; - acl = [ "write bitshake/#" ]; - }; - - weewx-proxy = { - hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path; - acl = [ "read rtl433" "read deye/#" "read bitshake/#" "write hadata/#" ]; - }; - - home-assistant = { - passwordFile = config.age.secrets.mosquitto-password-home-assistant.path; - acl = [ "readwrite #" ]; - }; - }; - } - ]; + topics = [ "hadata/# out" "deye/# out" ]; + }; + }; networking.firewall.interfaces = let