178 current 2025-10-09 16:19:44 25.05.20251006.20c4598 6.12.50 *

2025-10-09 19:29:59 -05:00
parent 7393c5047c
commit 0791c92e04
1 changed files with 22 additions and 28 deletions
--- a/modules/homelab/services/smarthome/mosquitto/default.nix
+++ b/modules/homelab/services/smarthome/mosquitto/default.nix
@@ -57,21 +57,15 @@ in
    # enable the ${service} service
    services.${service} = {
      enable = true;
-      listeners = [{
-        port = cfg.port;
-        settings = {
-          allow_anonymous = false;
-          listener = 1883;
-          listener = 9001;
-          protocol = websockets;
-          persistence = true;
-          password_file = ${sec."mosquitto_password_file".path};
-          persistence_file =  ${service}.db;
-          persistence_location = cfg.data_dir;
-        };
-      };
+        listeners = [
+          {
+            acl = [ "pattern readwrite #" ]; # Allows read/write access to all topics
+            omitPasswordAuth = true; # Disables password authentication
+            settings.allow_anonymous = true; # Allows anonymous connections
+          }
        ];
      };
+    };

    # override umask to make permissions work out
    systemd.services.${service}.serviceConfig = {
@@ -81,23 +75,23 @@ in
    };

 #    # open firewall
-#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+    networking.firewall.allowedTCPPorts = [ cfg.port ];

-    # internal reverse proxy entry
-    services.nginx.virtualHosts."${cfg.url}" = {
-      forceSSL = true;
-      sslCertificate = sec."ssl_blakedheld_crt".path;
-      sslCertificateKey = sec."ssl_blakedheld_key".path;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.port}";
-      };
-    };
+#    # internal reverse proxy entry
+#    services.nginx.virtualHosts."${cfg.url}" = {
+#      forceSSL = true;
+#      sslCertificate = sec."ssl_blakedheld_crt".path;
+#      sslCertificateKey = sec."ssl_blakedheld_key".path;
+#      locations."/" = {
+#        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+#      };
+#    };

-    sops.secrets = {
-      "${service}_password_file" = {
-        owner = "${service}";
-        group = "${service}";
-      };
+#    sops.secrets = {
+#      "${service}_password_file" = {
+#        owner = "${service}";
+#        group = "${service}";
+#      };

     # add to backups
     modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];