coolneng
/
zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Set up MQTT broker

This commit is contained in:
coolneng 2023-04-03 00:50:47 +02:00
parent 0102218afc
commit fb3f2bf87d
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
8 changed files with 114 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
configuration.nix
View File

@ -151,6 +151,16 @@ with pkgs;
owner = "matrix-as-telegram"; owner = "matrix-as-telegram";
group = "matrix-as-telegram"; group = "matrix-as-telegram";
}; };
secrets.mqtt-sender = {
file = secrets/mqtt-sender.age;
owner = "mosquitto";
group = "mosquitto";
};
secrets.mqtt-receiver = {
file = secrets/mqtt-receiver.age;
owner = "mosquitto";
group = "mosquitto";
};
identityPaths = [ "/etc/ssh/id_ed25519" ]; identityPaths = [ "/etc/ssh/id_ed25519" ];
}; };

18
modules/communication.nix
View File

@ -127,4 +127,22 @@ in {
# Enable voice messages for facebook # Enable voice messages for facebook
systemd.services.matrix-as-facebook.path = [ ffmpeg ]; systemd.services.matrix-as-facebook.path = [ ffmpeg ];
# MQTT configuration
services.mosquitto = {
enable = true;
dataDir = "/vault/mosquitto";
logType = [ "websockets" "error" "warning" "notice" "information" ];
logDest = [ "syslog" ];
listeners = [{
users.homeostasis = {
acl = [ "write #" ];
hashedPasswordFile = config.age.secrets.mqtt-sender.path;
};
users.prometheus = {
acl = [ "read #" ];
hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
};
}];
};
} }

137
modules/hardware-configuration.nix
View File

@ -4,89 +4,98 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ]; boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/2178-694E"; device = "/dev/disk/by-uuid/2178-694E";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/var/lib/matrix-as-facebook" = fileSystems."/var/lib/gitea" = {
{ device = "vault/state_directories/matrix-as-facebook"; device = "vault/state_directories/gitea";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/matrix-as-signal" = fileSystems."/var/lib/wallabag" = {
{ device = "vault/state_directories/matrix-as-signal"; device = "vault/state_directories/wallabag";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/signald" = fileSystems."/var/lib/matrix-as-facebook" = {
{ device = "vault/state_directories/signald"; device = "vault/state_directories/matrix-as-facebook";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/gitea" = fileSystems."/var/lib/signald" = {
{ device = "vault/state_directories/gitea"; device = "vault/state_directories/signald";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/matrix-as-telegram" = fileSystems."/var/lib/matrix-as-signal" = {
{ device = "vault/state_directories/matrix-as-telegram"; device = "vault/state_directories/matrix-as-signal";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault" = fileSystems."/vault" = {
{ device = "vault"; device = "vault";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/wallabag" = fileSystems."/vault/backups" = {
{ device = "vault/state_directories/wallabag"; device = "vault/backups";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/git" = fileSystems."/vault/git" = {
{ device = "vault/git"; device = "vault/git";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups" = fileSystems."/vault/syncthing" = {
{ device = "vault/backups"; device = "vault/syncthing";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/radicale" = fileSystems."/vault/backups/zion" = {
{ device = "vault/radicale"; device = "vault/backups/zion";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups/zion" = fileSystems."/vault/radicale" = {
{ device = "vault/backups/zion"; device = "vault/radicale";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/syncthing" = fileSystems."/vault/backups/monolith" = {
{ device = "vault/syncthing"; device = "vault/backups/monolith";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/vault/backups/monolith" = fileSystems."/var/lib/matrix-as-telegram" = {
{ device = "vault/backups/monolith"; device = "vault/state_directories/matrix-as-telegram";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/containers/storage/overlay" = {
device = "/var/lib/containers/storage/overlay";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/vault/mosquitto" = {
device = "vault/mosquitto";
fsType = "zfs";
};
swapDevices = [ ]; swapDevices = [ ];
@ -95,7 +104,9 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.cni-podman0.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true; # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth2e6ad4e4.useDHCP = lib.mkDefault true;
# networking.interfaces.wg0.useDHCP = lib.mkDefault true; # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true; # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;

1
modules/networking.nix
View File

@ -50,6 +50,7 @@ in {
443 # HTTPS 443 # HTTPS
53 # DNS 53 # DNS
8448 # Matrix 8448 # Matrix
1883 # MQTT
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
wireguard_port # Wireguard wireguard_port # Wireguard

1
scripts/motd.sh
View File

@ -33,6 +33,7 @@ services=(
"nginx.service" "nginx.service"
"dnsmasq.service" "dnsmasq.service"
"podman-openbooks.service" "podman-openbooks.service"
"mosquitto.service"
) )
for var in "${services[@]}"; do for var in "${services[@]}"; do

8
secrets/mqtt-receiver.age Normal file
View File

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 iUaRGg JT+as1Cl66qOy5yY3WJNs0bh51DWaCe/+XZLR8m1L0A
/6CyRX6Ks7Wr/ySlJhdfkabcy4N5rQ0VzGtlbxL8RCs
-> L$l;-grease uU_g`a
N00Z5C8AKzdnGZuFUHqY6uZBiMryyT3IXkdNlYW2fVJLOSfkfFdXssIK9hcMObyi
sQENGphUf1Sk16Vo9p4emOL5mtzU
--- flb9q0/Q608TJ6K9fsGULVwi2Pk860Cz750d5DBSfMM
1é%ÐÃ=ÍLÚ®¶‡sôc/ˆIy“ñoT!¤Ú<C2A4>´&X×ÄÑWÕ¿<E280B9>  8Zö‡¹¢¡Ã¦¦­¯ô¯ — ±tw€'ç² i‰eÂŽ_Õ}-ÒVÛ$ºS¶¯<C2B6>õîØ®AëÞîh¦è®¡²!‡¯9ZîÉå¥hqÑIa¡ô, §•p0}g ³:D

BIN
secrets/mqtt-sender.age Normal file
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@ -12,4 +12,6 @@ in {
"dendrite.age".publicKeys = [ zion ]; "dendrite.age".publicKeys = [ zion ];
"dendrite-postgres.age".publicKeys = [ zion ]; "dendrite-postgres.age".publicKeys = [ zion ];
"telegram.age".publicKeys = [ zion ]; "telegram.age".publicKeys = [ zion ];
"mqtt-sender.age".publicKeys = [ zion ];
"mqtt-receiver.age".publicKeys = [ zion ];
} }