diff --git a/modules/homelab/services/smarthome/mosquitto/default.nix b/modules/homelab/services/smarthome/mosquitto/default.nix index 764a763..0436347 100644 --- a/modules/homelab/services/smarthome/mosquitto/default.nix +++ b/modules/homelab/services/smarthome/mosquitto/default.nix @@ -57,20 +57,14 @@ in # enable the ${service} service services.${service} = { enable = true; - listeners = [{ - port = cfg.port; - settings = { - allow_anonymous = false; - listener = 1883; - listener = 9001; - protocol = websockets; - persistence = true; - password_file = ${sec."mosquitto_password_file".path}; - persistence_file = ${service}.db; - persistence_location = cfg.data_dir; - }; + listeners = [ + { + acl = [ "pattern readwrite #" ]; # Allows read/write access to all topics + omitPasswordAuth = true; # Disables password authentication + settings.allow_anonymous = true; # Allows anonymous connections + } + ]; }; - ]; }; # override umask to make permissions work out @@ -81,23 +75,23 @@ in }; # # open firewall -# networking.firewall.allowedTCPPorts = [ cfg.port ]; + networking.firewall.allowedTCPPorts = [ cfg.port ]; - # internal reverse proxy entry - services.nginx.virtualHosts."${cfg.url}" = { - forceSSL = true; - sslCertificate = sec."ssl_blakedheld_crt".path; - sslCertificateKey = sec."ssl_blakedheld_key".path; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - }; - }; +# # internal reverse proxy entry +# services.nginx.virtualHosts."${cfg.url}" = { +# forceSSL = true; +# sslCertificate = sec."ssl_blakedheld_crt".path; +# sslCertificateKey = sec."ssl_blakedheld_key".path; +# locations."/" = { +# proxyPass = "http://127.0.0.1:${toString cfg.port}"; +# }; +# }; - sops.secrets = { - "${service}_password_file" = { - owner = "${service}"; - group = "${service}"; - }; +# sops.secrets = { +# "${service}_password_file" = { +# owner = "${service}"; +# group = "${service}"; +# }; # add to backups modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];