Set up MQTT broker
This commit is contained in:
parent
0102218afc
commit
fb3f2bf87d
|
@ -151,6 +151,16 @@ with pkgs;
|
|||
owner = "matrix-as-telegram";
|
||||
group = "matrix-as-telegram";
|
||||
};
|
||||
secrets.mqtt-sender = {
|
||||
file = secrets/mqtt-sender.age;
|
||||
owner = "mosquitto";
|
||||
group = "mosquitto";
|
||||
};
|
||||
secrets.mqtt-receiver = {
|
||||
file = secrets/mqtt-receiver.age;
|
||||
owner = "mosquitto";
|
||||
group = "mosquitto";
|
||||
};
|
||||
identityPaths = [ "/etc/ssh/id_ed25519" ];
|
||||
};
|
||||
|
||||
|
|
|
@ -127,4 +127,22 @@ in {
|
|||
# Enable voice messages for facebook
|
||||
systemd.services.matrix-as-facebook.path = [ ffmpeg ];
|
||||
|
||||
# MQTT configuration
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
dataDir = "/vault/mosquitto";
|
||||
logType = [ "websockets" "error" "warning" "notice" "information" ];
|
||||
logDest = [ "syslog" ];
|
||||
listeners = [{
|
||||
users.homeostasis = {
|
||||
acl = [ "write #" ];
|
||||
hashedPasswordFile = config.age.secrets.mqtt-sender.path;
|
||||
};
|
||||
users.prometheus = {
|
||||
acl = [ "read #" ];
|
||||
hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -4,87 +4,96 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2178-694E";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/2178-694E";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/matrix-as-facebook" =
|
||||
{ device = "vault/state_directories/matrix-as-facebook";
|
||||
fileSystems."/var/lib/gitea" = {
|
||||
device = "vault/state_directories/gitea";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/matrix-as-signal" =
|
||||
{ device = "vault/state_directories/matrix-as-signal";
|
||||
fileSystems."/var/lib/wallabag" = {
|
||||
device = "vault/state_directories/wallabag";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/signald" =
|
||||
{ device = "vault/state_directories/signald";
|
||||
fileSystems."/var/lib/matrix-as-facebook" = {
|
||||
device = "vault/state_directories/matrix-as-facebook";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/gitea" =
|
||||
{ device = "vault/state_directories/gitea";
|
||||
fileSystems."/var/lib/signald" = {
|
||||
device = "vault/state_directories/signald";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/matrix-as-telegram" =
|
||||
{ device = "vault/state_directories/matrix-as-telegram";
|
||||
fileSystems."/var/lib/matrix-as-signal" = {
|
||||
device = "vault/state_directories/matrix-as-signal";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault" =
|
||||
{ device = "vault";
|
||||
fileSystems."/vault" = {
|
||||
device = "vault";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/wallabag" =
|
||||
{ device = "vault/state_directories/wallabag";
|
||||
fileSystems."/vault/backups" = {
|
||||
device = "vault/backups";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/git" =
|
||||
{ device = "vault/git";
|
||||
fileSystems."/vault/git" = {
|
||||
device = "vault/git";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/backups" =
|
||||
{ device = "vault/backups";
|
||||
fileSystems."/vault/syncthing" = {
|
||||
device = "vault/syncthing";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/radicale" =
|
||||
{ device = "vault/radicale";
|
||||
fileSystems."/vault/backups/zion" = {
|
||||
device = "vault/backups/zion";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/backups/zion" =
|
||||
{ device = "vault/backups/zion";
|
||||
fileSystems."/vault/radicale" = {
|
||||
device = "vault/radicale";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/syncthing" =
|
||||
{ device = "vault/syncthing";
|
||||
fileSystems."/vault/backups/monolith" = {
|
||||
device = "vault/backups/monolith";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/backups/monolith" =
|
||||
{ device = "vault/backups/monolith";
|
||||
fileSystems."/var/lib/matrix-as-telegram" = {
|
||||
device = "vault/state_directories/matrix-as-telegram";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/containers/storage/overlay" = {
|
||||
device = "/var/lib/containers/storage/overlay";
|
||||
fsType = "none";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
|
||||
fileSystems."/vault/mosquitto" = {
|
||||
device = "vault/mosquitto";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
|
@ -95,7 +104,9 @@
|
|||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.cni-podman0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.veth2e6ad4e4.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
|
|
@ -50,6 +50,7 @@ in {
|
|||
443 # HTTPS
|
||||
53 # DNS
|
||||
8448 # Matrix
|
||||
1883 # MQTT
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
wireguard_port # Wireguard
|
||||
|
|
|
@ -33,6 +33,7 @@ services=(
|
|||
"nginx.service"
|
||||
"dnsmasq.service"
|
||||
"podman-openbooks.service"
|
||||
"mosquitto.service"
|
||||
)
|
||||
|
||||
for var in "${services[@]}"; do
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iUaRGg JT+as1Cl66qOy5yY3WJNs0bh51DWaCe/+XZLR8m1L0A
|
||||
/6CyRX6Ks7Wr/ySlJhdfkabcy4N5rQ0VzGtlbxL8RCs
|
||||
-> L$l;-grease uU_g`a
|
||||
N00Z5C8AKzdnGZuFUHqY6uZBiMryyT3IXkdNlYW2fVJLOSfkfFdXssIK9hcMObyi
|
||||
sQENGphUf1Sk16Vo9p4emOL5mtzU
|
||||
--- flb9q0/Q608TJ6K9fsGULVwi2Pk860Cz750d5DBSfMM
|
||||
1é%ÐÃ=ÍLÚ®¶‡sôc/ˆIy“ñoT!¤Ú<C2A4>´&X×ÄÑWÕ’ZÌ‹¿<E280B9> 8Zö‡¹¢¡Ã¦¦¯ô¯ —±tw€'ç² i‰eÂ’Ž_Õ}-ÒVÛ$ºS¶¯<C2B6>õîØ®AëÞîh¦è®¡²!‡¯9ZîÉå¥hqÑ–Ia¡ô,
§•p0}g ³:D
|
Binary file not shown.
|
@ -12,4 +12,6 @@ in {
|
|||
"dendrite.age".publicKeys = [ zion ];
|
||||
"dendrite-postgres.age".publicKeys = [ zion ];
|
||||
"telegram.age".publicKeys = [ zion ];
|
||||
"mqtt-sender.age".publicKeys = [ zion ];
|
||||
"mqtt-receiver.age".publicKeys = [ zion ];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue