feat: several updates

2025-12-09 14:35:20 +01:00
parent aec2e5bf63
commit a78704f30f
36 changed files with 826 additions and 150 deletions
--- a/config/mqtt-mosquitto.nix
+++ b/config/mqtt-mosquitto.nix
@@ -0,0 +1,64 @@
+{
+  pkgs,
+  config,
+  tools,
+  ...
+}:
+{
+  services.mosquitto = {
+    enable = true;
+    logType = [
+      "error"
+      "warning"
+      "subscribe"
+      "unsubscribe"
+      "websockets"
+    ];
+    settings = {
+      # ???
+    };
+    listeners = [
+      {
+        acl = [ "pattern readwrite #" ];
+        port = 1883;
+        omitPasswordAuth = false;
+        users = {
+          mqtt.passwordFile = config.age.secrets.mqtt-password-mqtt.path;
+          ha.passwordFile = config.age.secrets.mqtt-password-ha.path;
+          z2m.passwordFile = config.age.secrets.mqtt-password-z2m.path;
+          frigate.passwordFile = config.age.secrets.mqtt-password-frigate.path;
+        };
+        settings = {
+          allow_anonymous = false;
+          require_certificate = true;
+          use_identity_as_username = true;
+        };
+      }
+      {
+        acl = [ "pattern readwrite #" ];
+        port = 9001;
+        omitPasswordAuth = false;
+        users = {
+          mqtt.passwordFile = config.age.secrets.mqtt-password-mqtt.path;
+          ha.passwordFile = config.age.secrets.mqtt-password-ha.path;
+          z2m.passwordFile = config.age.secrets.mqtt-password-z2m.path;
+          frigate.passwordFile = config.age.secrets.mqtt-password-frigate.path;
+        };
+        settings = {
+          protocol = "websockets";
+          allow_anonymous = false;
+          require_certificate = true;
+          use_identity_as_username = true;
+        };
+      }
+    ];
+  };
+  services.prometheus.exporters.mqtt = {
+    enable = true;
+    mqttUsername = "mqtt";
+    environmentFile = config.age.secrets.mqtt-exporter-environment.path;
+    openFirewall = true;
+    port = 9000;
+    zigbee2MqttAvailability = true;
+  };
+}