From 635d20815a60a6af005eb606be1732e71f7b551a Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Sun, 1 Sep 2024 14:19:15 +0200
Subject: [PATCH] mediaserver: update config

---
 agenix/hosts/mediaserver/wireguard/config.age | Bin 638 -> 674 bytes
 system/nixos/weewx-proxy.nix                  |  80 ++++++++++--------
 2 files changed, 46 insertions(+), 34 deletions(-)

diff --git a/agenix/hosts/mediaserver/wireguard/config.age b/agenix/hosts/mediaserver/wireguard/config.age
index f44eeb6823c05dc9c1478f74b03dfebf2a9fefba..8616e9d132872d8328f520fc5e1c880ccf282b8f 100644
GIT binary patch
delta 641
zcmV-{0)GAe1fm6yEPqR3Q&e|lL}qMnXl6z<b#7!$V=zQ=YiUk-G*3@2O=K%#N>grO
zFLgFTK?+HDMs;RPS1&k9SZriUNmDdtMlnKhVpdTxR#<LLOj$KqV{$i2Gih&eK?*HC
zAaiqQEoEdfH8n9gAXzyyS!rh=Yf@@*dSW<JFe`R*XEAC?d4FYhRYGA>S7lXfPBw62
zQ&MPFcQjEmMod##3UX3MG*CoxMQv6&T1<C#cTF=^RB?AURykEwNOMt8SY=mdSvPbr
zGd4wM3N0-yAVfH9c4BI1FIIOeFhw(0S4B`oZ%ap1Z7?fPFHuiHOk-1UHF`p7PE%7s
z3d|V)BQyxYseg-6)6c0%O2&&enYl@xGaam@<WqX%`@r?Ew>BI&h%*_boN#%mN_izI
zQ&M#EKC1sS_GMnNLRCA1`1>pi&s{AJl@jiO+V&;*H&#j7l+sffl(gI?@WrHcdnGkP
z?Lm`%NzkT?U2TM;JCqU^zpcXY+l0A>(YG2MlKLiI2Y+S-@%9EQPtOqWMh-TgCX092
zQlH}LZdhPlDeTwN7jv)?d*%W4JK8z+2(ybLS))yv__$eQru9tegLhzpTF+jes?`f4
z7sPX3;9p1i9%jb_2iU?2JnaBc$kjYj8wH@M{rpIr2zT%Ku~k4bJCO;}tKWWLLY3F-
zWEotuFnSCehu3!b2rqZ%?=cN*<@4yuiovH(m1gc9D~ft&S8}?P@WkjNLIMNiAQ0oN
zsIp<+MzoS8wKItc#Wxw>Iz{%7_Le(Xl}5O&b!~e^!<m>ZnU@F3ZHL;r5~WFy|3w88
bYTkijesS2tZ^9w3Kppk<HmIkmQCHWlPZ1Kg

delta 605
zcmV-j0;2t*1^xt(EPqCFa&$v!N_1FlbW&3@ZfP`Hc6d@rQF>u;Qc*!jL`Xz=GG%vR
zRcB;HFbYd=VKHoMZ!0S>Z*4emNI5q$H9|*8P-QE0a!6WDWJ7UxQ%+?}VN`NLK?*HC
zAaiqQEoEdfH8n9gAXzyyS!rh=Z+1B~S7bw1V^m2*ML1b=W`AO0Lt1V&Ggm}cQfo9p
zd2LT&NmX=qL{WHS3PVjeWK36Lb!K!)QCdP`acV|xa#nM4I7enlG&F2YS2RdSY;SHd
zdU-NI3N0-yAaYJ-YC%F(M^I5Kb8ly2a#(9+c27}9L_{%6XJ#{MOHE-hHA7-TFDr0w
z3g;u8P*TAg&VOp*c21i>7~;(<q6_<A!V^1^!<~Wno=uyBo^bzINv(crpDnbBfd=a<
z_J$D26U9K@%pe4X)oU&T>k#&iyPZg~HI@zs_a*y84a+nP+Hkiq9m=iaJg4K0+MEb~
z5O(U^y2QnB8v=ON`aZxAg!#akSP6$5Vxi=7TQC?|H-8%jqc3{~@0^Nm!l7Y6m&DZ9
zE^xHFfT9B$eMK%^86vitF_OGT{zMvwj8F9zRvJ$_8K)x*adsc^dKP?v#gnYRM}#2s
z;WQZ{zqWORM+Sn{=|o)-hKU@@TBaqqYfwJruoo=|jTc}xy#(Fn6DIQm7v-E%5vlHW
z+hq7t3RVCL;s>QEN`Og3%VbBT88y<Ug=w?D%6n?W#JjooAJ4lJ;_v619nzHYl@bnP
rSPQRVna-u;VT~;;nx)R#QS7{=JTvmBCy3ycJ6tanDU>wxVz_q7@l^U7

diff --git a/system/nixos/weewx-proxy.nix b/system/nixos/weewx-proxy.nix
index 8e60b8a..0523609 100644
--- a/system/nixos/weewx-proxy.nix
+++ b/system/nixos/weewx-proxy.nix
@@ -17,43 +17,55 @@
     };
   };
 
-  services.mosquitto.listeners = [
-    {
-      address = "0.0.0.0";
-      port = 1883;
+  services.mosquitto = {
+    listeners = [
+      {
+        address = "0.0.0.0";
+        port = 1883;
 
+        settings = {
+          protocol = "mqtt";
+        };
+
+        users = {
+          rtl = {
+            password = "didYouFindThis";
+            acl = [ "write rtl433" ];
+          };
+
+          deye = {
+            password = "didYouFindThis";
+            acl = [ "write deye/#" ];
+          };
+
+          bitshake = {
+            password = "didYouFindThis";
+            acl = [ "write bitshake/#" ];
+          };
+
+          weewx-proxy = {
+            hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
+            acl = [ "read rtl433" "read deye/#" "read bitshake/#" "write hadata/#" ];
+          };
+
+          home-assistant = {
+            passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
+            acl = [ "readwrite #" ];
+          };
+        };
+      }
+    ];
+
+    bridges.home-assistant = {
+      addresses = [{ address = "10.0.0.230"; port = 1883; }];
       settings = {
-        protocol = "mqtt";
+        remote_username = "mqtt_bridge";
+        remote_password = "verySecurePassword";
+        try_private = true;
       };
-
-      users = {
-        rtl = {
-          password = "didYouFindThis";
-          acl = [ "write rtl433" ];
-        };
-
-        deye = {
-          password = "didYouFindThis";
-          acl = [ "write deye/#" ];
-        };
-
-        bitshake = {
-          password = "didYouFindThis";
-          acl = [ "write bitshake/#" ];
-        };
-
-        weewx-proxy = {
-          hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
-          acl = [ "read rtl433" "read deye/#" "read bitshake/#" "write hadata/#" ];
-        };
-
-        home-assistant = {
-          passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
-          acl = [ "readwrite #" ];
-        };
-      };
-    }
-  ];
+      topics = [ "hadata/# out" "deye/# out" ];
+    };
+  };
 
   networking.firewall.interfaces =
     let