mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
54 lines
1.1 KiB
Nix
54 lines
1.1 KiB
Nix
{ config, lib, tf, ... }: {
|
|
networks.gensokyo = {
|
|
tcp = [
|
|
# Mosquitto
|
|
1883
|
|
];
|
|
};
|
|
|
|
sops.secrets = {
|
|
z2m-pass.owner = "mosquitto";
|
|
systemd-pass.owner = "mosquitto";
|
|
hass-pass.owner = "mosquitto";
|
|
espresence-pass.owner = "mosquitto";
|
|
};
|
|
|
|
services.mosquitto = {
|
|
enable = true;
|
|
persistence = true;
|
|
listeners = [{
|
|
acl = [
|
|
"pattern readwrite #"
|
|
];
|
|
users = {
|
|
z2m = {
|
|
passwordFile = config.sops.secrets.z2m-pass.path;
|
|
acl = [
|
|
"readwrite #"
|
|
];
|
|
};
|
|
espresence = {
|
|
passwordFile = config.sops.secrets.espresence-pass.path;
|
|
acl = [
|
|
"readwrite #"
|
|
];
|
|
};
|
|
systemd = {
|
|
passwordFile = config.sops.secrets.systemd-pass.path;
|
|
acl = [
|
|
"readwrite #"
|
|
];
|
|
};
|
|
hass = {
|
|
passwordFile = config.sops.secrets.hass-pass.path;
|
|
acl = [
|
|
"readwrite #"
|
|
];
|
|
};
|
|
};
|
|
settings = {
|
|
allow_anonymous = false;
|
|
};
|
|
}];
|
|
};
|
|
}
|