refactor: move services out of systems/tewi/

2026-02-09 04:19:19 -08:00 · 2024-01-09 13:12:55 -08:00 · 2024-01-09 13:12:55 -08:00 · 5a661e8809
commit 5a661e8809
parent 2f68968238
30 changed files with 992 additions and 638 deletions
--- a/nixos/mosquitto.nix
+++ b/nixos/mosquitto.nix
@ -0,0 +1,56 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib) mkDefault;
+in {
+  sops.secrets = {
+    z2m-pass.owner = "mosquitto";
+    systemd-pass.owner = "mosquitto";
+    hass-pass.owner = "mosquitto";
+    espresense-pass.owner = "mosquitto";
+  };
+
+  services.mosquitto = {
+    enable = mkDefault true;
+    persistence = mkDefault true;
+    listeners = [
+      {
+        openFirewall = mkDefault true;
+        acl = [
+          "pattern readwrite #"
+        ];
+        users = {
+          z2m = {
+            passwordFile = config.sops.secrets.z2m-pass.path;
+            acl = [
+              "readwrite #"
+            ];
+          };
+          espresense = {
+            passwordFile = config.sops.secrets.espresense-pass.path;
+            acl = [
+              "readwrite #"
+            ];
+          };
+          systemd = {
+            passwordFile = config.sops.secrets.systemd-pass.path;
+            acl = [
+              "readwrite #"
+            ];
+          };
+          hass = {
+            passwordFile = config.sops.secrets.hass-pass.path;
+            acl = [
+              "readwrite #"
+            ];
+          };
+        };
+        settings = {
+          allow_anonymous = mkDefault false;
+        };
+      }
+    ];
+  };
+}