diff --git a/nixos/systemd2mqtt.nix b/nixos/systemd2mqtt.nix new file mode 100644 index 00000000..a6d10aa1 --- /dev/null +++ b/nixos/systemd2mqtt.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkIf mkDefault; + cfg = config.services.systemd2mqtt; +in { + services.systemd2mqtt = { + enable = mkDefault true; + user = mkDefault "root"; + mqtt = { + url = mkIf config.services.mosquitto.enable ( + mkDefault "tcp://localhost:1883" + ); + username = mkDefault "systemd"; + }; + }; + + systemd.services.systemd2mqtt = mkIf cfg.enable rec { + requires = mkIf config.services.mosquitto.enable ["mosquitto.service"]; + after = requires; + serviceConfig.EnvironmentFile = [ + config.sops.secrets.systemd2mqtt-env.path + ]; + }; + + sops.secrets = { + systemd2mqtt-env.owner = cfg.user; + }; +} diff --git a/systems/tei/nixos.nix b/systems/tei/nixos.nix index 15ec26d1..26265d3d 100644 --- a/systems/tei/nixos.nix +++ b/systems/tei/nixos.nix @@ -16,6 +16,7 @@ nixos.access.zigbee2mqtt nixos.vouch nixos.kanidm + nixos.mosquitto nixos.syncplay ./cloudflared.nix ]; diff --git a/systems/tei/secrets.yaml b/systems/tei/secrets.yaml index 4d50f9e4..083cba94 100644 --- a/systems/tei/secrets.yaml +++ b/systems/tei/secrets.yaml @@ -2,6 +2,10 @@ tailscale-key: ENC[AES256_GCM,data:0ify9ntv5wgr8S8wUdV72mbjt3h/jjceFnocMEIndeEJ1 vouch-client-secret: ENC[AES256_GCM,data:NSWRuvWo0uI1F4VP3NcMGwzlt1ctiaKG1g8XX91t2OU9UvdkuLYZYEzWfG7UEk2d,iv:HP3Q3kABV2tdHITPJlYQmv/iA4cu/ldC0BwPxKGFJU8=,tag:zCNF6POLbB5+Yzq+LeK5WQ==,type:str] vouch-jwt: ENC[AES256_GCM,data:Oh6iNnyx6LnlBAW+Hs94qdVOxPJ/fiKDxCN+FRTp+yp8xReC8Ky0tC+NlO18hwuAiFoR++sQ4cUlWJbGZqmtRA==,iv:TNDcvq8LeWYENc+oY+JIgM6pdbkEj/PFhBjpO2UIPCg=,tag:zt5kivDX4WTLwcWmR4vmpQ==,type:str] syncplay-env: ENC[AES256_GCM,data:l4AgVYVZoPMiRUAg8EKDPRLwUvUG8wcKVQzwUH9ZX5vO9Of9fcSvg5Mf6aVlz7qjuJ2ncsvdWLyU0r/5pFwu9AHY5MD2nenigw6Yt4Y6g/4=,iv:sVsQyJh5SMKoFqW6/DIGHDfCVSwtYvZ8GhsG3QpiTdI=,tag:4sk2ATSbHURRraMVFO4rwg==,type:str] +espresense-pass: ENC[AES256_GCM,data:EqWTlLrspkYMrIzpukHZgw==,iv:AGmodebSHxsm353GTMlzPUp8ewUHzo8CJRd248DPsLQ=,tag:SDXgHy4TWQVysinlew0l8w==,type:str] +hass-pass: ENC[AES256_GCM,data:eAAxGpFi+wIKoSUciDs=,iv:DEyRKpdIWf5sCFBf+p4LtReezYrHCIS1m9ukZQAJfjw=,tag:6ygX5KyKO0u/unpu8BtMDg==,type:str] +systemd-pass: ENC[AES256_GCM,data:O5Ksb8m01wuL0OzCD6+8Lg==,iv:9ZdJtkzJNQFqFsaR439zlANilOeVSjZu5qSMedxSmnc=,tag:ArTASOcpgsUqSq+X2fjbHw==,type:str] +z2m-pass: ENC[AES256_GCM,data:sQ5we47mb/5/PdKaTqPeeA==,iv:jm77q/9XGoQ/sFogbz09shl2yCLhve75QWuH9JNB+Oc=,tag:DywjElUcCc0i1wmOrXqJkw==,type:str] postgresql-init: ENC[AES256_GCM,data:AJY1PhgQ/vPYAugA+oqlm2CUjI+RZ3zVOd2zdMMtFt+uLmcxoAyap/zxvVDzCzzNY/jqAJnUaAr1aYw9Nd2icSMurR4=,iv:S4d4+1ncVlEzy50eU1lyPi3gPC+yvVZe6kGZa+oK2KU=,tag:U98pYwYf3sJRmB7Ac8g9Fw==,type:str] cloudflared-tunnel-apartment: ENC[AES256_GCM,data:ysak+T+01jwznciOLY8xq6vkL+7ELiby7EBoEU2fdJSblsnd6EX736vkNZQV8QznDy5hdJtMLddFGSxUHgWujkFIK7Ra8dbK+QoYLdEmgkaZqyHy95fWwkjUc4d8OyxPA4YVRfGYh2NOBhE++YXy7zeZbvlau55CydQT9EyiCh1QkJwCURfG65iCJ7Ml36X+GeB4F4i1JZsvqsz4mXhP9WgqgzwuWA==,iv:PHRsxe+0P20TwT/a14AeiLjh5RFbY1zm9HKaIiunTw8=,tag:/z4dsGKjKz5l6ISL0lX0KQ==,type:str] cloudflared-tunnel-apartment-deluge: ENC[AES256_GCM,data:Itq8yrIwCsvc3E2KOijK8TJqdw==,iv:+MMas0vLUb5p0kvXduMFa0D/nxkIZ6rOG9EpTjnCL0U=,tag:rD0NPDfP+wemrEsFbN/ZXA==,type:str] @@ -21,8 +25,8 @@ sops: bGU0VHd0aFhHRC91WHh0Z0Y4TTE5QzgKpHehWfoJT4F1TtMHJ0tZkoJAPFAihQ7T aunsQeLHJkHv1eWKpraTmo+04GVZofwId/1TtOContveBynfxcuG7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-14T17:50:18Z" - mac: ENC[AES256_GCM,data:DVl8LhH4L5sdlKVvZR2r69oOM2mOcBV6NWoY7jGfYmUdRv5S1ynApUsXjrqWQrGxjI7wIEcuPacM2QVVQgQfKbPyrJBEfsakGlwHcczSpukGG4RHmVz3/V2b+RlGUHudrpPbx+576QfJJyU8HkmQMqlQFVolnCQRBQ5ATA1va00=,iv:PVwthKWwT7jRrXI5/WID50IesRm/Gn9M7uquG7q6hrM=,tag:r+nH2gI3nSwndvII3GgnOw==,type:str] + lastmodified: "2024-01-14T18:50:31Z" + mac: ENC[AES256_GCM,data:D7Lkzb544atq4F+UgTJUSNPiO71lLX9OcQZExFGNWtmoDVpjNYiKkk4C1k12JYWSSR2Kq1tjn4zX5Lxqs5XiJIRBWohmk/65n5SplgZTeK+2MvReR1ZdcqvPKUSjFO5tf1BPu0w/6SrxdGacf5k6HES2RRmXBwf4QCfYChhzNUw=,iv:3ZBr+D6w7asoS37ECEx2f4snB2DmbNTn1lZ4kisYgh4=,tag:1VrdK4eVrH4B2bUnU/AKfg==,type:str] pgp: - created_at: "2024-01-07T21:18:21Z" enc: |- diff --git a/systems/tewi/nixos.nix b/systems/tewi/nixos.nix index 9b657b3b..d53cdbf2 100644 --- a/systems/tewi/nixos.nix +++ b/systems/tewi/nixos.nix @@ -44,11 +44,10 @@ in { nixos.sops nixos.tailscale nixos.nginx - nixos.mosquitto nixos.zigbee2mqtt + nixos.systemd2mqtt nixos.deluge nixos.home-assistant - inputs.systemd2mqtt.nixosModules.default ./mediatomb.nix ./deluge.nix ]; @@ -63,6 +62,12 @@ in { services.kanidm.serverSettings.db_fs_type = "zfs"; services.tailscale.advertiseExitNode = true; services.postgresql.package = pkgs.postgresql_14; + services.zigbee2mqtt.settings.mqtt.server = let + inherit (meta.network.nodes) tei; + in "mqtt://${tei.networking.access.hostnameForNetwork.local}:1883"; + services.systemd2mqtt.mqtt.url = let + inherit (meta.network.nodes) tei; + in "tcp://${tei.networking.access.hostnameForNetwork.local}:1883"; sops.defaultSopsFile = ./secrets.yaml; @@ -97,17 +102,9 @@ in { name = ""; }; - services.systemd2mqtt = { - enable = true; - user = "root"; - mqtt = { - url = "tcp://localhost:1883"; - username = "systemd"; - }; - units = { - ${md.shadow.mount} = {}; - "mediatomb.service" = mkIf config.services.mediatomb.enable {}; - }; + services.systemd2mqtt.units = { + ${md.shadow.mount} = {}; + "mediatomb.service" = mkIf config.services.mediatomb.enable {}; }; environment.etc = { @@ -132,7 +129,6 @@ in { sops.secrets = { openiscsi-config = {}; openiscsi-env = mkIf config.services.openiscsi.enableAutoLoginOut { }; - systemd2mqtt-env = {}; }; fileSystems = { @@ -204,13 +200,6 @@ in { ]; }; }; - systemd2mqtt = mkIf config.services.systemd2mqtt.enable rec { - requires = mkIf config.services.mosquitto.enable ["mosquitto.service"]; - after = requires; - serviceConfig.EnvironmentFile = [ - config.sops.secrets.systemd2mqtt-env.path - ]; - }; }; units = { ${md.shadow.mount} = { diff --git a/systems/tewi/secrets.yaml b/systems/tewi/secrets.yaml index 97d9a305..5c77496e 100644 --- a/systems/tewi/secrets.yaml +++ b/systems/tewi/secrets.yaml @@ -1,7 +1,3 @@ -espresense-pass: ENC[AES256_GCM,data:wGwUiDHkm5xpVTYxuTy2hQ==,iv:U5Ys+AFEkT7ThbR/qgh5VLNTBRsG72zYqOIO09HFTTc=,tag:h3wNg8nUKOYekpkdJelbOw==,type:str] -hass-pass: ENC[AES256_GCM,data:LvoI4sQ77HpYdmNoPLQ=,iv:oAQGTqBh1sf4fbuWGs9AqCE1yS8IApyhEQDUG+yQk7k=,tag:sBPdLuLTJ8OMoZYzUdmnAQ==,type:str] -systemd-pass: ENC[AES256_GCM,data:3bEqqWsnBHOgzD95YqwDvg==,iv:ack6EGhE2GzxwRi3gwj1A19Tzi2PJ9iiisMrKozPV/M=,tag:uCR51yn9dAG2x9DCfo1mGQ==,type:str] -z2m-pass: ENC[AES256_GCM,data:1bqOab8EQbniAMeL9XRmDg==,iv:uUU3kbuCRIGaueTPE54EHwm4IGwUu+67O4gPYZmd1h4=,tag:iceTSLsRuADiOgZ5cnlnjw==,type:str] tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/FltOKExby0=,iv:c8yN1XLk3ZAAzkBozzHJ9BWerWdiNQG/p8e46j8cZyo=,tag:E5Ey5R+t372yLE6XegoOrA==,type:str] openiscsi-config: ENC[AES256_GCM,data:xyZVJRzR4vK+UAtq3+/QcszLIlcHXYifHnFKm5tVbFUj3c7PjxYGLkvXZfFvERStewdNIQ==,iv:BcbEupXiLECXwfETaVOqfHQ+vkBbrGxkQn54WBYug54=,tag:e0cddYTQAfzSk2AhvzJFvA==,type:str] openiscsi-env: ENC[AES256_GCM,data:uAlnrtk64UQukKBWHYrH5J4Ys+GIpu5zDg==,iv:7ahUk9nocs4cSgtr/A4G0Xhlp7pZj/bUlUDLMMYEAMk=,tag:rE2mdBGT3kZqyoDIaKUY3w==,type:str] @@ -36,8 +32,8 @@ sops: VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR 7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-14T17:50:09Z" - mac: ENC[AES256_GCM,data:W3j1Cb5Fjcp0cHwHm9Ob/2X/leZt4BAHrkXHe4Ug10iBmtzZ2tILidmmcJv+C3ZfW2LoXXHnCE1BpCGSK7Ocs6+Bw+ceXiIp+DiJhjJw3f37qdG1mWM7YYyP70MO1085JjXHaGuYFuAVPP8ikwCYRa0CSa+Ot4mzFgnw8osf/oo=,iv:8mQ0giTD3WsSRQBQzWDkP+T9BQZZSzQJuIs+Fd9qhL8=,tag:C4U931lQjch/Gq+JqKUh/w==,type:str] + lastmodified: "2024-01-14T18:50:19Z" + mac: ENC[AES256_GCM,data:valCgX2sFI28L9UhZaWMkvW6+AIWlNv/pUkdC9Fn55tFm7BMhYjgJsKRnG8JNtBCCOvqb+7K2ZCBhDASoUykN1OXNMk3wnlHnMumREneSMK+SsgrnPTqgBZS4J73r9cAVkcVLqU8QNXfimr4Rx7Jm1Mlg0rRqkbOIwop0diluLo=,iv:bqyIpGu6FRLlkL8lQSjpv+I2jQsZEJ4fSJ/zBQp8X4I=,tag:MdOeEq2/OaVl0ZPwaMvqEw==,type:str] pgp: - created_at: "2023-03-10T17:06:53Z" enc: | diff --git a/tree.nix b/tree.nix index f82a7b28..15a91788 100644 --- a/tree.nix +++ b/tree.nix @@ -45,6 +45,7 @@ filebin mosh doc-warnings + inputs.systemd2mqtt.nixosModules.default ]); }; };