Files
homelab/config/mqtt-mosquitto.nix
T
Xavier Morel b0458b6043
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 3s
chore: regen secrets (notably mqtt)
2026-05-28 14:10:51 +02:00

62 lines
1.6 KiB
Nix

{
pkgs,
config,
tools,
...
}:
{
services.mosquitto = {
enable = true;
logType = [
"error"
"warning"
"subscribe"
"unsubscribe"
"websockets"
];
listeners = [
{
acl = [ "pattern readwrite #" ];
port = 1883;
omitPasswordAuth = false;
users = {
mqtt.passwordFile = config.age.secrets.mqtt-password-mqtt.path;
ha.passwordFile = config.age.secrets.mqtt-password-ha.path;
z2m.passwordFile = config.age.secrets.mqtt-password-z2m.path;
frigate.passwordFile = config.age.secrets.mqtt-password-frigate.path;
};
settings = {
allow_anonymous = false;
require_certificate = false;
use_identity_as_username = true;
};
}
{
acl = [ "pattern readwrite #" ];
port = 9001;
omitPasswordAuth = false;
users = {
mqtt.passwordFile = config.age.secrets.mqtt-password-mqtt.path;
ha.passwordFile = config.age.secrets.mqtt-password-ha.path;
z2m.passwordFile = config.age.secrets.mqtt-password-z2m.path;
frigate.passwordFile = config.age.secrets.mqtt-password-frigate.path;
};
settings = {
protocol = "websockets";
listener_allow_anonymous = false;
require_certificate = false;
use_identity_as_username = true;
};
}
];
};
services.prometheus.exporters.mqtt = {
enable = true;
mqttUsername = "mqtt";
environmentFile = config.age.secrets.mqtt-exporter-environment.path;
openFirewall = true;
port = 9000;
zigbee2MqttAvailability = true;
};
}