mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 04:19:19 -08:00
60 lines
1.5 KiB
Nix
60 lines
1.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
access,
|
|
gensokyo-zone,
|
|
...
|
|
}:
|
|
let
|
|
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
|
|
inherit (lib.modules) mkIf mkOptionDefault;
|
|
inherit (config.services) nginx;
|
|
portPlaintext = 1883;
|
|
portSsl = 8883;
|
|
system = access.systemForService "mosquitto";
|
|
inherit (system.exports.services) mosquitto;
|
|
in {
|
|
config = {
|
|
services.nginx = {
|
|
stream = {
|
|
upstreams = let
|
|
addr = mkAlmostOptionDefault (access.getAddressFor system.name "lan");
|
|
in {
|
|
mqtt.servers.access = {
|
|
inherit addr;
|
|
port = mkOptionDefault mosquitto.ports.default.port;
|
|
};
|
|
mqtts = {
|
|
enable = mkAlmostOptionDefault mosquitto.ports.ssl.enable;
|
|
ssl.enable = true;
|
|
servers.access = {
|
|
inherit addr;
|
|
port = mkOptionDefault mosquitto.ports.ssl.port;
|
|
};
|
|
};
|
|
};
|
|
servers.mosquitto = {
|
|
listen = {
|
|
mqtt.port = mkOptionDefault portPlaintext;
|
|
mqtts = {
|
|
ssl = true;
|
|
port = mkOptionDefault portSsl;
|
|
};
|
|
};
|
|
proxy.upstream = mkAlmostOptionDefault (
|
|
if nginx.stream.upstreams.mqtts.enable then "mqtts" else "mqtt"
|
|
);
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
interfaces.local.allowedTCPPorts = let
|
|
inherit (nginx.stream.servers.mosquitto) listen;
|
|
in [
|
|
listen.mqtt.port
|
|
(mkIf listen.mqtts.enable listen.mqtts.port)
|
|
];
|
|
};
|
|
};
|
|
}
|