blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

178 current 2025-10-09 16:19:44 25.05.20251006.20c4598 6.12.50 *

Browse Source
This commit is contained in:
blake
2025-10-09 19:29:59 -05:00
parent 7393c5047c
commit 0791c92e04
1 changed files with 22 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
modules/homelab/services/smarthome/mosquitto/default.nix
View File

@@ -57,21 +57,15 @@ in
# enable the ${service} service # enable the ${service} service
services.${service} = { services.${service} = {
enable = true; enable = true;
listeners = [{ listeners = [
port = cfg.port; {
settings = { acl = [ "pattern readwrite #" ]; # Allows read/write access to all topics
allow_anonymous = false; omitPasswordAuth = true; # Disables password authentication
listener = 1883; settings.allow_anonymous = true; # Allows anonymous connections
listener = 9001; }
protocol = websockets;
persistence = true;
password_file = ${sec."mosquitto_password_file".path};
persistence_file = ${service}.db;
persistence_location = cfg.data_dir;
};
};
]; ];
}; };
};
# override umask to make permissions work out # override umask to make permissions work out
systemd.services.${service}.serviceConfig = { systemd.services.${service}.serviceConfig = {
@@ -81,23 +75,23 @@ in
}; };
# # open firewall # # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ]; networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry # # internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = { # services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true; # forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path; # sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path; # sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = { # locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; # proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; # };
}; # };
sops.secrets = { # sops.secrets = {
"${service}_password_file" = { # "${service}_password_file" = {
owner = "${service}"; # owner = "${service}";
group = "${service}"; # group = "${service}";
}; # };
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];