gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: move mosquitto to tei

Browse source
This commit is contained in:
arcnmx 2024-01-14 11:23:18 -08:00
parent c4dd16b101
commit 2cc89e56da
6 changed files with 51 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

31
systems/tewi/nixos.nix
View file

@ -44,11 +44,10 @@ in {
nixos.sops
nixos.tailscale
nixos.nginx
nixos.mosquitto
nixos.zigbee2mqtt
nixos.systemd2mqtt
nixos.deluge
nixos.home-assistant
inputs.systemd2mqtt.nixosModules.default
./mediatomb.nix
./deluge.nix
];
@ -63,6 +62,12 @@ in {
services.kanidm.serverSettings.db_fs_type = "zfs";
services.tailscale.advertiseExitNode = true;
services.postgresql.package = pkgs.postgresql_14;
services.zigbee2mqtt.settings.mqtt.server = let
inherit (meta.network.nodes) tei;
in "mqtt://${tei.networking.access.hostnameForNetwork.local}:1883";
services.systemd2mqtt.mqtt.url = let
inherit (meta.network.nodes) tei;
in "tcp://${tei.networking.access.hostnameForNetwork.local}:1883";
sops.defaultSopsFile = ./secrets.yaml;
@ -97,17 +102,9 @@ in {
name = "";
};
services.systemd2mqtt = {
enable = true;
user = "root";
mqtt = {
url = "tcp://localhost:1883";
username = "systemd";
};
units = {
${md.shadow.mount} = {};
"mediatomb.service" = mkIf config.services.mediatomb.enable {};
};
services.systemd2mqtt.units = {
${md.shadow.mount} = {};
"mediatomb.service" = mkIf config.services.mediatomb.enable {};
};
environment.etc = {
@ -132,7 +129,6 @@ in {
sops.secrets = {
openiscsi-config = {};
openiscsi-env = mkIf config.services.openiscsi.enableAutoLoginOut { };
systemd2mqtt-env = {};
};
fileSystems = {
@ -204,13 +200,6 @@ in {
];
};
};
systemd2mqtt = mkIf config.services.systemd2mqtt.enable rec {
requires = mkIf config.services.mosquitto.enable ["mosquitto.service"];
after = requires;
serviceConfig.EnvironmentFile = [
config.sops.secrets.systemd2mqtt-env.path
];
};
};
units = {
${md.shadow.mount} = {

8
systems/tewi/secrets.yaml
View file

@ -1,7 +1,3 @@
espresense-pass: ENC[AES256_GCM,data:wGwUiDHkm5xpVTYxuTy2hQ==,iv:U5Ys+AFEkT7ThbR/qgh5VLNTBRsG72zYqOIO09HFTTc=,tag:h3wNg8nUKOYekpkdJelbOw==,type:str]
hass-pass: ENC[AES256_GCM,data:LvoI4sQ77HpYdmNoPLQ=,iv:oAQGTqBh1sf4fbuWGs9AqCE1yS8IApyhEQDUG+yQk7k=,tag:sBPdLuLTJ8OMoZYzUdmnAQ==,type:str]
systemd-pass: ENC[AES256_GCM,data:3bEqqWsnBHOgzD95YqwDvg==,iv:ack6EGhE2GzxwRi3gwj1A19Tzi2PJ9iiisMrKozPV/M=,tag:uCR51yn9dAG2x9DCfo1mGQ==,type:str]
z2m-pass: ENC[AES256_GCM,data:1bqOab8EQbniAMeL9XRmDg==,iv:uUU3kbuCRIGaueTPE54EHwm4IGwUu+67O4gPYZmd1h4=,tag:iceTSLsRuADiOgZ5cnlnjw==,type:str]
tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/FltOKExby0=,iv:c8yN1XLk3ZAAzkBozzHJ9BWerWdiNQG/p8e46j8cZyo=,tag:E5Ey5R+t372yLE6XegoOrA==,type:str]
openiscsi-config: ENC[AES256_GCM,data:xyZVJRzR4vK+UAtq3+/QcszLIlcHXYifHnFKm5tVbFUj3c7PjxYGLkvXZfFvERStewdNIQ==,iv:BcbEupXiLECXwfETaVOqfHQ+vkBbrGxkQn54WBYug54=,tag:e0cddYTQAfzSk2AhvzJFvA==,type:str]
openiscsi-env: ENC[AES256_GCM,data:uAlnrtk64UQukKBWHYrH5J4Ys+GIpu5zDg==,iv:7ahUk9nocs4cSgtr/A4G0Xhlp7pZj/bUlUDLMMYEAMk=,tag:rE2mdBGT3kZqyoDIaKUY3w==,type:str]
@ -36,8 +32,8 @@ sops:
VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR
7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-14T17:50:09Z"
mac: ENC[AES256_GCM,data:W3j1Cb5Fjcp0cHwHm9Ob/2X/leZt4BAHrkXHe4Ug10iBmtzZ2tILidmmcJv+C3ZfW2LoXXHnCE1BpCGSK7Ocs6+Bw+ceXiIp+DiJhjJw3f37qdG1mWM7YYyP70MO1085JjXHaGuYFuAVPP8ikwCYRa0CSa+Ot4mzFgnw8osf/oo=,iv:8mQ0giTD3WsSRQBQzWDkP+T9BQZZSzQJuIs+Fd9qhL8=,tag:C4U931lQjch/Gq+JqKUh/w==,type:str]
lastmodified: "2024-01-14T18:50:19Z"
mac: ENC[AES256_GCM,data:valCgX2sFI28L9UhZaWMkvW6+AIWlNv/pUkdC9Fn55tFm7BMhYjgJsKRnG8JNtBCCOvqb+7K2ZCBhDASoUykN1OXNMk3wnlHnMumREneSMK+SsgrnPTqgBZS4J73r9cAVkcVLqU8QNXfimr4Rx7Jm1Mlg0rRqkbOIwop0diluLo=,iv:bqyIpGu6FRLlkL8lQSjpv+I2jQsZEJ4fSJ/zBQp8X4I=,tag:MdOeEq2/OaVl0ZPwaMvqEw==,type:str]
pgp:
- created_at: "2023-03-10T17:06:53Z"
enc: |