1
0
Fork 0

Compare commits

..

3 commits

Author SHA1 Message Date
a9d2e569ac
Update deps
All checks were successful
Build / build-arm64-linux (push) Successful in 1m4s
Build / build-amd64-linux (push) Successful in 3m6s
2024-08-10 23:38:05 +02:00
edeaca4ef3
weewx-proxy: move mqtt 2024-08-10 12:31:06 +02:00
02bfcbb486
mqtt: move all to argon 2024-08-10 12:31:06 +02:00
14 changed files with 109 additions and 88 deletions

View file

@ -27,6 +27,18 @@
file = ./forgejo-actions/token.age; file = ./forgejo-actions/token.age;
}; };
mosquitto-password-weewx-proxy = {
file = ./mosquitto/passwordWeewxProxy.age;
owner = "mosquitto";
group = "mosquitto";
};
mosquitto-password-home-assistant = {
file = ./mosquitto/passwordHomeAssistant.age;
owner = "mosquitto";
group = "mosquitto";
};
weewx-proxy-environment = { weewx-proxy-environment = {
file = ./weewx-proxy/environment.age; file = ./weewx-proxy/environment.age;
}; };

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g n5bqdakkXE07dAAGCNf9SCUU6oEXjODCAhl8Ilxe7Go
cBuxZx+yjTxkkx4P86rnRwP5ihw9w5G33AV3G+5M02k
-> ssh-ed25519 1fcLUQ AB1w+yvi9JXab7Nnl5Xh3yv2fgwJtBTFX7Z445sA/X4
rmN4E6hedJPufYB72v9cVVuqIMKntjaevn233ymEfwk
--- AK3WGXe19PWkB4gK0hh6l53fEvByUmP15lyCqcX0h38
¤%ÎýíKŽ@ÈÁ“™ý<E284A2>x±ÄLTQ}*ûO
PÐ΢B-šÂ:°¨Zø-!ïl

View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g if/5ukGpKTOqo4bqj3ae+da8B5F9lFv8qFeo+BRjawg
/ilXexPX4D4iKdC7miuHAmOzBFhJMdT0p+ILwu8czBI
-> ssh-ed25519 1fcLUQ 7swNCq5irWimLZrEXsgmrrWAX4wjgnvQzewM9s/fNHg
J5nWkadlu6I2jgEFlfsV30d6s7Ms2vnUibs8rZlz6FE
--- h/zCblLmDxDF5RXvW4EHsVtC7DzyEkF9K7ylyPR2KW0
ßt²Íe¬«
jG Û¨Kò™š§[Èt4l&(Þòø+H¾5G Ä´§lÎ/UÂe—I•k2 ŽË[†Øî¥EêÒžÖçÆ‹*ò_YCßËuè¥Ëà2¬.ƌƳüÙR$Tî³!9$œ]!I“ôWP Ü(Hf?rwG—N\8ª;¿

View file

@ -17,11 +17,17 @@
file = ./forgejo-actions/token.age; file = ./forgejo-actions/token.age;
}; };
mosquitto-password-weewx-proxy = { # mosquitto-password-weewx-proxy = {
file = ./mosquitto/passwordWeewxProxy.age; # file = ./mosquitto/passwordWeewxProxy.age;
owner = "mosquitto"; # owner = "mosquitto";
group = "mosquitto"; # group = "mosquitto";
}; # };
#
# mosquitto-password-home-assistant = {
# file = ./mosquitto/passwordHomeAssistant.age;
# owner = "mosquitto";
# group = "mosquitto";
# };
deye-mqtt-config = { deye-mqtt-config = {
file = ./deye-mqtt/config.age; file = ./deye-mqtt/config.age;

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g A7lLy/9e4eGyQpmBTZ6Fw5t2jP1B5aJQ5iGUVlZZrQ4
VfSOwKA+SYBfnCyuQDwXtN8z9owwdKlteXJxmIXjl1k
-> ssh-ed25519 60lgJw Dxs9EekvqHrLWB/M89aV0B1HxLBpbLYE8pxWx1Cf2X4
zb7Up1DfSBYIRXom4o53KWzC56bzLLKcscvKvtZGz5s
--- y1G11ujCFt9yyOWtN5FjFGZf6QeKpZbzt8U/XZC+PME
3ýN^•¼{ü(Y§öjßPÏ<>ØrLgvÅÜæÀ”ÌøH}ãá|Ïc<C38F>¿žAÇÙ

View file

@ -9,42 +9,4 @@
systemd.services.podman-deye-mqtt.restartTriggers = [ systemd.services.podman-deye-mqtt.restartTriggers = [
"${config.age.secrets.deye-mqtt-config.file}" "${config.age.secrets.deye-mqtt-config.file}"
]; ];
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1884;
settings = {
protocol = "mqtt";
};
users = {
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
bitshake = {
password = "didYouFindThis";
acl = [ "write bitshake/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read deye/#" "read bitshake/#" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1884 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"vlan51".allowedTCPPorts = mosquittoPorts;
"podman+".allowedTCPPorts = mosquittoPorts;
};
} }

View file

@ -497,11 +497,11 @@
"poetry2nix": "poetry2nix" "poetry2nix": "poetry2nix"
}, },
"locked": { "locked": {
"lastModified": 1723255302, "lastModified": 1723285809,
"narHash": "sha256-UjBgvrE/IhNxumED2uqXBrviEVOYpmitA0xiD7ONFxI=", "narHash": "sha256-xRedVj05KtR7d1QyOqFYR3jeLnv5dixvFWeYZp9Xme4=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "240996f427a888866b699f64a75f2c995f835a0a", "rev": "bf10d8a9187caf42c86ad1ba54c782b24461b2d5",
"revCount": 924, "revCount": 925,
"type": "git", "type": "git",
"url": "https://git.kempkens.io/daniel/nix-overlay" "url": "https://git.kempkens.io/daniel/nix-overlay"
}, },
@ -570,11 +570,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1723232966, "lastModified": 1723274555,
"narHash": "sha256-mz2aBTzGDkXeby7slDtzlfheVrNTwBBiEV7t0A0LpXI=", "narHash": "sha256-gDCMNBju0BwYHUPp6RVVnqE0VnbXl53VMk21OT9fkFw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23cbcfad3b2096470e5ab1faada54f1c4147f6e2", "rev": "33c40979a7ccf487d6c0e1a420ecf8e4ac2b676e",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -100,6 +100,10 @@ in
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon; "agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
"agenix/hosts/argon/mosquitto/passwordWeewxProxy.age".publicKeys = argon;
"agenix/hosts/argon/mosquitto/passwordHomeAssistant.age".publicKeys = argon;
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon; "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon; "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
@ -117,6 +121,8 @@ in
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon; "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
"agenix/hosts/neon/mosquitto/passwordHomeAssistant.age".publicKeys = neon;
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon; "agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
# Styx # Styx

View file

@ -27,6 +27,8 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/mosquitto.nix
../nixos/tailscale-router.nix ../nixos/tailscale-router.nix
../nixos/tailscale-nodns.nix ../nixos/tailscale-nodns.nix

View file

@ -23,8 +23,6 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/mosquitto.nix
../nixos/rtl_433.nix ../nixos/rtl_433.nix
../nixos/tailscale-router.nix ../nixos/tailscale-router.nix

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { pkgs, ... }:
{ {
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
@ -10,38 +10,7 @@
serviceConfig = { serviceConfig = {
Type = "exec"; Type = "exec";
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433"; ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://10.0.0.5:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
}; };
}; };
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
};
} }

View file

@ -17,7 +17,50 @@
}; };
}; };
networking.firewall.interfaces."vlan51" = { services.mosquitto.listeners = [
allowedTCPPorts = [ 4040 ]; {
}; address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
bitshake = {
password = "didYouFindThis";
acl = [ "write bitshake/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" "read deye/#" "read bitshake/#" "write hadata/#" ];
};
home-assistant = {
passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
acl = [ "readwrite #" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"vlan51".allowedTCPPorts = [ 4040 ] ++ mosquittoPorts;
};
} }