mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
refactor: move mosquitto to tei
This commit is contained in:
arcnmx
parent
c4dd16b101
commit
2cc89e56da
6 changed files with 51 additions and 29 deletions
|
|
@ -16,6 +16,7 @@
|
|||
nixos.access.zigbee2mqtt
|
||||
nixos.vouch
|
||||
nixos.kanidm
|
||||
nixos.mosquitto
|
||||
nixos.syncplay
|
||||
./cloudflared.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -2,6 +2,10 @@ tailscale-key: ENC[AES256_GCM,data:0ify9ntv5wgr8S8wUdV72mbjt3h/jjceFnocMEIndeEJ1
|
|||
vouch-client-secret: ENC[AES256_GCM,data:NSWRuvWo0uI1F4VP3NcMGwzlt1ctiaKG1g8XX91t2OU9UvdkuLYZYEzWfG7UEk2d,iv:HP3Q3kABV2tdHITPJlYQmv/iA4cu/ldC0BwPxKGFJU8=,tag:zCNF6POLbB5+Yzq+LeK5WQ==,type:str]
|
||||
vouch-jwt: ENC[AES256_GCM,data:Oh6iNnyx6LnlBAW+Hs94qdVOxPJ/fiKDxCN+FRTp+yp8xReC8Ky0tC+NlO18hwuAiFoR++sQ4cUlWJbGZqmtRA==,iv:TNDcvq8LeWYENc+oY+JIgM6pdbkEj/PFhBjpO2UIPCg=,tag:zt5kivDX4WTLwcWmR4vmpQ==,type:str]
|
||||
syncplay-env: ENC[AES256_GCM,data:l4AgVYVZoPMiRUAg8EKDPRLwUvUG8wcKVQzwUH9ZX5vO9Of9fcSvg5Mf6aVlz7qjuJ2ncsvdWLyU0r/5pFwu9AHY5MD2nenigw6Yt4Y6g/4=,iv:sVsQyJh5SMKoFqW6/DIGHDfCVSwtYvZ8GhsG3QpiTdI=,tag:4sk2ATSbHURRraMVFO4rwg==,type:str]
|
||||
espresense-pass: ENC[AES256_GCM,data:EqWTlLrspkYMrIzpukHZgw==,iv:AGmodebSHxsm353GTMlzPUp8ewUHzo8CJRd248DPsLQ=,tag:SDXgHy4TWQVysinlew0l8w==,type:str]
|
||||
hass-pass: ENC[AES256_GCM,data:eAAxGpFi+wIKoSUciDs=,iv:DEyRKpdIWf5sCFBf+p4LtReezYrHCIS1m9ukZQAJfjw=,tag:6ygX5KyKO0u/unpu8BtMDg==,type:str]
|
||||
systemd-pass: ENC[AES256_GCM,data:O5Ksb8m01wuL0OzCD6+8Lg==,iv:9ZdJtkzJNQFqFsaR439zlANilOeVSjZu5qSMedxSmnc=,tag:ArTASOcpgsUqSq+X2fjbHw==,type:str]
|
||||
z2m-pass: ENC[AES256_GCM,data:sQ5we47mb/5/PdKaTqPeeA==,iv:jm77q/9XGoQ/sFogbz09shl2yCLhve75QWuH9JNB+Oc=,tag:DywjElUcCc0i1wmOrXqJkw==,type:str]
|
||||
postgresql-init: ENC[AES256_GCM,data:AJY1PhgQ/vPYAugA+oqlm2CUjI+RZ3zVOd2zdMMtFt+uLmcxoAyap/zxvVDzCzzNY/jqAJnUaAr1aYw9Nd2icSMurR4=,iv:S4d4+1ncVlEzy50eU1lyPi3gPC+yvVZe6kGZa+oK2KU=,tag:U98pYwYf3sJRmB7Ac8g9Fw==,type:str]
|
||||
cloudflared-tunnel-apartment: ENC[AES256_GCM,data:ysak+T+01jwznciOLY8xq6vkL+7ELiby7EBoEU2fdJSblsnd6EX736vkNZQV8QznDy5hdJtMLddFGSxUHgWujkFIK7Ra8dbK+QoYLdEmgkaZqyHy95fWwkjUc4d8OyxPA4YVRfGYh2NOBhE++YXy7zeZbvlau55CydQT9EyiCh1QkJwCURfG65iCJ7Ml36X+GeB4F4i1JZsvqsz4mXhP9WgqgzwuWA==,iv:PHRsxe+0P20TwT/a14AeiLjh5RFbY1zm9HKaIiunTw8=,tag:/z4dsGKjKz5l6ISL0lX0KQ==,type:str]
|
||||
cloudflared-tunnel-apartment-deluge: ENC[AES256_GCM,data:Itq8yrIwCsvc3E2KOijK8TJqdw==,iv:+MMas0vLUb5p0kvXduMFa0D/nxkIZ6rOG9EpTjnCL0U=,tag:rD0NPDfP+wemrEsFbN/ZXA==,type:str]
|
||||
|
|
@ -21,8 +25,8 @@ sops:
|
|||
bGU0VHd0aFhHRC91WHh0Z0Y4TTE5QzgKpHehWfoJT4F1TtMHJ0tZkoJAPFAihQ7T
|
||||
aunsQeLHJkHv1eWKpraTmo+04GVZofwId/1TtOContveBynfxcuG7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-14T17:50:18Z"
|
||||
mac: ENC[AES256_GCM,data:DVl8LhH4L5sdlKVvZR2r69oOM2mOcBV6NWoY7jGfYmUdRv5S1ynApUsXjrqWQrGxjI7wIEcuPacM2QVVQgQfKbPyrJBEfsakGlwHcczSpukGG4RHmVz3/V2b+RlGUHudrpPbx+576QfJJyU8HkmQMqlQFVolnCQRBQ5ATA1va00=,iv:PVwthKWwT7jRrXI5/WID50IesRm/Gn9M7uquG7q6hrM=,tag:r+nH2gI3nSwndvII3GgnOw==,type:str]
|
||||
lastmodified: "2024-01-14T18:50:31Z"
|
||||
mac: ENC[AES256_GCM,data:D7Lkzb544atq4F+UgTJUSNPiO71lLX9OcQZExFGNWtmoDVpjNYiKkk4C1k12JYWSSR2Kq1tjn4zX5Lxqs5XiJIRBWohmk/65n5SplgZTeK+2MvReR1ZdcqvPKUSjFO5tf1BPu0w/6SrxdGacf5k6HES2RRmXBwf4QCfYChhzNUw=,iv:3ZBr+D6w7asoS37ECEx2f4snB2DmbNTn1lZ4kisYgh4=,tag:1VrdK4eVrH4B2bUnU/AKfg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-01-07T21:18:21Z"
|
||||
enc: |-
|
||||
|
|
|
|||
|
|
@ -44,11 +44,10 @@ in {
|
|||
nixos.sops
|
||||
nixos.tailscale
|
||||
nixos.nginx
|
||||
nixos.mosquitto
|
||||
nixos.zigbee2mqtt
|
||||
nixos.systemd2mqtt
|
||||
nixos.deluge
|
||||
nixos.home-assistant
|
||||
inputs.systemd2mqtt.nixosModules.default
|
||||
./mediatomb.nix
|
||||
./deluge.nix
|
||||
];
|
||||
|
|
@ -63,6 +62,12 @@ in {
|
|||
services.kanidm.serverSettings.db_fs_type = "zfs";
|
||||
services.tailscale.advertiseExitNode = true;
|
||||
services.postgresql.package = pkgs.postgresql_14;
|
||||
services.zigbee2mqtt.settings.mqtt.server = let
|
||||
inherit (meta.network.nodes) tei;
|
||||
in "mqtt://${tei.networking.access.hostnameForNetwork.local}:1883";
|
||||
services.systemd2mqtt.mqtt.url = let
|
||||
inherit (meta.network.nodes) tei;
|
||||
in "tcp://${tei.networking.access.hostnameForNetwork.local}:1883";
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
|
||||
|
|
@ -97,17 +102,9 @@ in {
|
|||
name = "";
|
||||
};
|
||||
|
||||
services.systemd2mqtt = {
|
||||
enable = true;
|
||||
user = "root";
|
||||
mqtt = {
|
||||
url = "tcp://localhost:1883";
|
||||
username = "systemd";
|
||||
};
|
||||
units = {
|
||||
${md.shadow.mount} = {};
|
||||
"mediatomb.service" = mkIf config.services.mediatomb.enable {};
|
||||
};
|
||||
services.systemd2mqtt.units = {
|
||||
${md.shadow.mount} = {};
|
||||
"mediatomb.service" = mkIf config.services.mediatomb.enable {};
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
|
|
@ -132,7 +129,6 @@ in {
|
|||
sops.secrets = {
|
||||
openiscsi-config = {};
|
||||
openiscsi-env = mkIf config.services.openiscsi.enableAutoLoginOut { };
|
||||
systemd2mqtt-env = {};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
|
|
@ -204,13 +200,6 @@ in {
|
|||
];
|
||||
};
|
||||
};
|
||||
systemd2mqtt = mkIf config.services.systemd2mqtt.enable rec {
|
||||
requires = mkIf config.services.mosquitto.enable ["mosquitto.service"];
|
||||
after = requires;
|
||||
serviceConfig.EnvironmentFile = [
|
||||
config.sops.secrets.systemd2mqtt-env.path
|
||||
];
|
||||
};
|
||||
};
|
||||
units = {
|
||||
${md.shadow.mount} = {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,3 @@
|
|||
espresense-pass: ENC[AES256_GCM,data:wGwUiDHkm5xpVTYxuTy2hQ==,iv:U5Ys+AFEkT7ThbR/qgh5VLNTBRsG72zYqOIO09HFTTc=,tag:h3wNg8nUKOYekpkdJelbOw==,type:str]
|
||||
hass-pass: ENC[AES256_GCM,data:LvoI4sQ77HpYdmNoPLQ=,iv:oAQGTqBh1sf4fbuWGs9AqCE1yS8IApyhEQDUG+yQk7k=,tag:sBPdLuLTJ8OMoZYzUdmnAQ==,type:str]
|
||||
systemd-pass: ENC[AES256_GCM,data:3bEqqWsnBHOgzD95YqwDvg==,iv:ack6EGhE2GzxwRi3gwj1A19Tzi2PJ9iiisMrKozPV/M=,tag:uCR51yn9dAG2x9DCfo1mGQ==,type:str]
|
||||
z2m-pass: ENC[AES256_GCM,data:1bqOab8EQbniAMeL9XRmDg==,iv:uUU3kbuCRIGaueTPE54EHwm4IGwUu+67O4gPYZmd1h4=,tag:iceTSLsRuADiOgZ5cnlnjw==,type:str]
|
||||
tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/FltOKExby0=,iv:c8yN1XLk3ZAAzkBozzHJ9BWerWdiNQG/p8e46j8cZyo=,tag:E5Ey5R+t372yLE6XegoOrA==,type:str]
|
||||
openiscsi-config: ENC[AES256_GCM,data:xyZVJRzR4vK+UAtq3+/QcszLIlcHXYifHnFKm5tVbFUj3c7PjxYGLkvXZfFvERStewdNIQ==,iv:BcbEupXiLECXwfETaVOqfHQ+vkBbrGxkQn54WBYug54=,tag:e0cddYTQAfzSk2AhvzJFvA==,type:str]
|
||||
openiscsi-env: ENC[AES256_GCM,data:uAlnrtk64UQukKBWHYrH5J4Ys+GIpu5zDg==,iv:7ahUk9nocs4cSgtr/A4G0Xhlp7pZj/bUlUDLMMYEAMk=,tag:rE2mdBGT3kZqyoDIaKUY3w==,type:str]
|
||||
|
|
@ -36,8 +32,8 @@ sops:
|
|||
VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
|
||||
7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-01-14T17:50:09Z"
|
||||
mac: ENC[AES256_GCM,data:W3j1Cb5Fjcp0cHwHm9Ob/2X/leZt4BAHrkXHe4Ug10iBmtzZ2tILidmmcJv+C3ZfW2LoXXHnCE1BpCGSK7Ocs6+Bw+ceXiIp+DiJhjJw3f37qdG1mWM7YYyP70MO1085JjXHaGuYFuAVPP8ikwCYRa0CSa+Ot4mzFgnw8osf/oo=,iv:8mQ0giTD3WsSRQBQzWDkP+T9BQZZSzQJuIs+Fd9qhL8=,tag:C4U931lQjch/Gq+JqKUh/w==,type:str]
|
||||
lastmodified: "2024-01-14T18:50:19Z"
|
||||
mac: ENC[AES256_GCM,data:valCgX2sFI28L9UhZaWMkvW6+AIWlNv/pUkdC9Fn55tFm7BMhYjgJsKRnG8JNtBCCOvqb+7K2ZCBhDASoUykN1OXNMk3wnlHnMumREneSMK+SsgrnPTqgBZS4J73r9cAVkcVLqU8QNXfimr4Rx7Jm1Mlg0rRqkbOIwop0diluLo=,iv:bqyIpGu6FRLlkL8lQSjpv+I2jQsZEJ4fSJ/zBQp8X4I=,tag:MdOeEq2/OaVl0ZPwaMvqEw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-03-10T17:06:53Z"
|
||||
enc: |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue