1
0
Fork 0

Compare commits

..

No commits in common. "a9d2e569ac4428ff3857f892866a9c96e60459e7" and "a6c7158462b1a37d605f89ae86d28538d164a981" have entirely different histories.

14 changed files with 88 additions and 109 deletions

View file

@ -27,18 +27,6 @@
file = ./forgejo-actions/token.age; file = ./forgejo-actions/token.age;
}; };
mosquitto-password-weewx-proxy = {
file = ./mosquitto/passwordWeewxProxy.age;
owner = "mosquitto";
group = "mosquitto";
};
mosquitto-password-home-assistant = {
file = ./mosquitto/passwordHomeAssistant.age;
owner = "mosquitto";
group = "mosquitto";
};
weewx-proxy-environment = { weewx-proxy-environment = {
file = ./weewx-proxy/environment.age; file = ./weewx-proxy/environment.age;
}; };

View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g n5bqdakkXE07dAAGCNf9SCUU6oEXjODCAhl8Ilxe7Go
cBuxZx+yjTxkkx4P86rnRwP5ihw9w5G33AV3G+5M02k
-> ssh-ed25519 1fcLUQ AB1w+yvi9JXab7Nnl5Xh3yv2fgwJtBTFX7Z445sA/X4
rmN4E6hedJPufYB72v9cVVuqIMKntjaevn233ymEfwk
--- AK3WGXe19PWkB4gK0hh6l53fEvByUmP15lyCqcX0h38
¤%ÎýíKŽ@ÈÁ“™ý<E284A2>x±ÄLTQ}*ûO
PÐ΢B-šÂ:°¨Zø-!ïl

View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g if/5ukGpKTOqo4bqj3ae+da8B5F9lFv8qFeo+BRjawg
/ilXexPX4D4iKdC7miuHAmOzBFhJMdT0p+ILwu8czBI
-> ssh-ed25519 1fcLUQ 7swNCq5irWimLZrEXsgmrrWAX4wjgnvQzewM9s/fNHg
J5nWkadlu6I2jgEFlfsV30d6s7Ms2vnUibs8rZlz6FE
--- h/zCblLmDxDF5RXvW4EHsVtC7DzyEkF9K7ylyPR2KW0
ßt²Íe¬«
jG Û¨Kò™š§[Èt4l&(Þòø+H¾5G Ä´§lÎ/UÂe—I•k2 ŽË[†Øî¥EêÒžÖçÆ‹*ò_YCßËuè¥Ëà2¬.ƌƳüÙR$Tî³!9$œ]!I“ôWP Ü(Hf?rwG—N\8ª;¿

View file

@ -17,17 +17,11 @@
file = ./forgejo-actions/token.age; file = ./forgejo-actions/token.age;
}; };
# mosquitto-password-weewx-proxy = { mosquitto-password-weewx-proxy = {
# file = ./mosquitto/passwordWeewxProxy.age; file = ./mosquitto/passwordWeewxProxy.age;
# owner = "mosquitto"; owner = "mosquitto";
# group = "mosquitto"; group = "mosquitto";
# }; };
#
# mosquitto-password-home-assistant = {
# file = ./mosquitto/passwordHomeAssistant.age;
# owner = "mosquitto";
# group = "mosquitto";
# };
deye-mqtt-config = { deye-mqtt-config = {
file = ./deye-mqtt/config.age; file = ./deye-mqtt/config.age;

View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g A7lLy/9e4eGyQpmBTZ6Fw5t2jP1B5aJQ5iGUVlZZrQ4
VfSOwKA+SYBfnCyuQDwXtN8z9owwdKlteXJxmIXjl1k
-> ssh-ed25519 60lgJw Dxs9EekvqHrLWB/M89aV0B1HxLBpbLYE8pxWx1Cf2X4
zb7Up1DfSBYIRXom4o53KWzC56bzLLKcscvKvtZGz5s
--- y1G11ujCFt9yyOWtN5FjFGZf6QeKpZbzt8U/XZC+PME
3ýN^•¼{ü(Y§öjßPÏ<>ØrLgvÅÜæÀ”ÌøH}ãá|Ïc<C38F>¿žAÇÙ

View file

@ -9,4 +9,42 @@
systemd.services.podman-deye-mqtt.restartTriggers = [ systemd.services.podman-deye-mqtt.restartTriggers = [
"${config.age.secrets.deye-mqtt-config.file}" "${config.age.secrets.deye-mqtt-config.file}"
]; ];
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1884;
settings = {
protocol = "mqtt";
};
users = {
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
bitshake = {
password = "didYouFindThis";
acl = [ "write bitshake/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read deye/#" "read bitshake/#" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1884 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"vlan51".allowedTCPPorts = mosquittoPorts;
"podman+".allowedTCPPorts = mosquittoPorts;
};
} }

View file

@ -497,11 +497,11 @@
"poetry2nix": "poetry2nix" "poetry2nix": "poetry2nix"
}, },
"locked": { "locked": {
"lastModified": 1723285809, "lastModified": 1723255302,
"narHash": "sha256-xRedVj05KtR7d1QyOqFYR3jeLnv5dixvFWeYZp9Xme4=", "narHash": "sha256-UjBgvrE/IhNxumED2uqXBrviEVOYpmitA0xiD7ONFxI=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "bf10d8a9187caf42c86ad1ba54c782b24461b2d5", "rev": "240996f427a888866b699f64a75f2c995f835a0a",
"revCount": 925, "revCount": 924,
"type": "git", "type": "git",
"url": "https://git.kempkens.io/daniel/nix-overlay" "url": "https://git.kempkens.io/daniel/nix-overlay"
}, },
@ -570,11 +570,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1723274555, "lastModified": 1723232966,
"narHash": "sha256-gDCMNBju0BwYHUPp6RVVnqE0VnbXl53VMk21OT9fkFw=", "narHash": "sha256-mz2aBTzGDkXeby7slDtzlfheVrNTwBBiEV7t0A0LpXI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "33c40979a7ccf487d6c0e1a420ecf8e4ac2b676e", "rev": "23cbcfad3b2096470e5ab1faada54f1c4147f6e2",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -100,10 +100,6 @@ in
"agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon; "agenix/hosts/argon/forgejo-actions/token.age".publicKeys = argon;
"agenix/hosts/argon/mosquitto/passwordWeewxProxy.age".publicKeys = argon;
"agenix/hosts/argon/mosquitto/passwordHomeAssistant.age".publicKeys = argon;
"agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon; "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon;
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon; "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
@ -121,8 +117,6 @@ in
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon; "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
"agenix/hosts/neon/mosquitto/passwordHomeAssistant.age".publicKeys = neon;
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon; "agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
# Styx # Styx

View file

@ -27,8 +27,6 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "argon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/mosquitto.nix
../nixos/tailscale-router.nix ../nixos/tailscale-router.nix
../nixos/tailscale-nodns.nix ../nixos/tailscale-nodns.nix

View file

@ -23,6 +23,8 @@ in
(import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; })) (import ../nixos/forgejo-runner.nix (args // { inherit secret; name = "neon"; tag = "ubuntu-latest-arm64"; nixTag = "arm64"; }))
../nixos/mosquitto.nix
../nixos/rtl_433.nix ../nixos/rtl_433.nix
../nixos/tailscale-router.nix ../nixos/tailscale-router.nix

View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
hardware.rtl-sdr.enable = true; hardware.rtl-sdr.enable = true;
@ -10,7 +10,38 @@
serviceConfig = { serviceConfig = {
Type = "exec"; Type = "exec";
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://10.0.0.5:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433"; ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
};
};
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" ];
}; };
}; };
} }
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
};
}

View file

@ -17,50 +17,7 @@
}; };
}; };
services.mosquitto.listeners = [ networking.firewall.interfaces."vlan51" = {
{ allowedTCPPorts = [ 4040 ];
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
bitshake = {
password = "didYouFindThis";
acl = [ "write bitshake/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" "read deye/#" "read bitshake/#" "write hadata/#" ];
};
home-assistant = {
passwordFile = config.age.secrets.mosquitto-password-home-assistant.path;
acl = [ "readwrite #" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"vlan51".allowedTCPPorts = [ 4040 ] ++ mosquittoPorts;
}; };
} }