genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Setup MQTT

Browse source
This commit is contained in:
Gene Liverman 2025-06-11 21:47:27 -04:00
parent 5f2005a8c3
commit 91d8478c9b
6 changed files with 120 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/hosts/nixos/default.nix
View file

@ -12,6 +12,7 @@
iftop
inetutils
iotop
mosquitto
neofetch
python3
smartmontools

2
modules/hosts/nixos/hetznix01/default.nix
View file

@ -31,8 +31,10 @@
465 # SMTP with TLS
587 # SMTP with STARTTLS
993 # imaps
1883 # mqtt
8333 # Bitcoin Core
8448 # Matrix Synapse
8883 # mqtt over tls
9735 # LND
];
# firewall.allowedUDPPorts = [ ... ];

3
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -5,6 +5,7 @@ in {
../../../common/linux/lets-encrypt.nix
../../../common/linux/restic.nix
./matrix-synapse.nix
./mosquitto.nix
./nginx.nix
];
@ -76,7 +77,7 @@ in {
extraApps = with config.services.nextcloud.package.packages.apps; {
# List of apps we want to install and are already packaged in
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/nextcloud/packages/nextcloud-apps.json
inherit
inherit
richdocuments # Collabora Online for Nextcloud - https://apps.nextcloud.com/apps/richdocuments
;
};

102
modules/hosts/nixos/hetznix01/post-install/mosquitto.nix Normal file
View file

@ -0,0 +1,102 @@
{ config, ... }: {
services.mosquitto = {
enable = true;
bridges = {
liamcottle = {
addresses = [{
address = "mqtt.meshtastic.liamcottle.net";
port = 1883;
}];
topics = [
"msh/# out 1 \"\""
];
settings = {
remote_username = "uplink";
remote_password = "uplink";
cleansession = true;
keepalive_interval = 160;
notifications = false;
start_type = "automatic";
};
};
meshtastic = {
addresses = [{
address = "mqtt.meshtastic.org";
port = 1883;
}];
topics = [
"msh/# out 1 \"\""
];
settings = {
remote_username = "meshdev";
remote_password = "large4cats";
#bridge_protocol_version = "mqttv311";
cleansession = true;
keepalive_interval = 160;
notifications = false;
start_type = "automatic";
};
};
homeassistant = {
addresses = [{
address = "homeasistant-lc.atlas-snares.ts.net";
port = 1883;
}];
topics = [
"msh/US/2/e/LongFast/!a386c80 out 1 \"\""
"msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
"msh/US/2/e/LongFast/!b03dbe58 out 1 \"\""
"msh/US/2/e/LongFast/!4370b0c6 out 1 \"\""
];
settings = {
remote_username = "meshtastic_user";
remote_password = "meshtastic_user";
cleansession = true;
keepalive_interval = 160;
notifications = false;
start_type = "automatic";
};
};
};
listeners = let
mqtt_users = {
genebean = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
};
mountain_mesh = {
acl = [
"readwrite msh/#"
];
hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
};
};
in [
{
users = mqtt_users;
settings.allow_anonymous = false;
}
{
port = 8883;
users = mqtt_users;
settings = let
certDir = config.security.acme.certs."mqtt.technicalissues.us".directory;
in {
allow_anonymous = false;
keyfile = certDir + "/key.pem";
certfile = certDir + "/cert.pem";
cafile = certDir + "/chain.pem";
};
}
];
};
sops.secrets = {
mosquitto_genebean.owner = config.users.users.mosquitto.name;
mosquitto_mountain_mesh.owner = config.users.users.mosquitto.name;
};
users.users.mosquitto.extraGroups = [ "nginx" ];
}

6
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -152,6 +152,12 @@ in {
"/_synapse/client".proxyPass = "http://[::1]:8008";
};
};
"mqtt.${domain}" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".return = "301 https://beanbag.technicalissues.us";
};
"ot.${domain}" = {
enableACME = true;
acmeRoot = null;

9
modules/hosts/nixos/hetznix01/secrets.yaml
View file

@ -2,9 +2,14 @@ local_git_config: ENC[AES256_GCM,data:BulcGoJ85+BA3maqbMewUdaNOl3feaJMq/4yZL8Y8S
local_private_env: ENC[AES256_GCM,data:OFcCaE9/hpd6JIoUTTxg0pEFL3rkUE3G+JzP/wjFXpa/AJa2Rr0Kv42Pu+iwgPMWgcpp50ChjVxGvbceNQ==,iv:I2LyWwvdMdE4wKLb3udLVMu3jFsvYR1ruZvaVt9GG7c=,tag:tBPmlNr0iNdLRU1GIRV2mg==,type:str]
matrix_secrets_yaml: ENC[AES256_GCM,data:6DLtAZIYBlL7iQVS/FBeUEhHyAOFZ5JRNqFBqi59GVh7cP0Hp8RBWxKpWAH2eUPYqUqUGCKrSSH3sJqzV+vasSR62tcltV7+13+q+rZVCZNCEf21EwQ5aaxgR3yG4n3YUPqLsCQB6UnWn0tF5HO0ofjYkya0pQ/nX9TBiiqIcPcd4NovbTtf+S0G0VptqyXAuRvJoKCx42ft9IBfV9tF1QsXLemKYlI10hN5l/MgJHwVbwH5xXR2kLKvnlpAyIoST/uJhswQV9DyK9cnl09ZM9ztcXhveBzv6uDW+pme8lFL99SMtMJcbSzxYW/pt+GJgYd1NiaoPbayWM72jdpH0hf2zWchxnIJIyL3H6EzIjD8BE9GnMP7ujQwBZGNZITRSg==,iv:cDtuOhv2v6CZcwiMM3oqjmajIl7D8Im+LkfarcjTM/w=,tag:e7zRQBYslJqESOGN3c4/aw==,type:str]
matrix_homeserver_signing_key: ENC[AES256_GCM,data:+RflNxFfS2w9LbavT7YnCQIhJWI49kN7pOa9/dH0BpDWxKQaLE4ZYBYq0ikAgcHaF3+rBL3f6KxUacw=,iv:6+nZzuxBUwjM74XHCD89YWfyuMRcoIwQlHLiNN4NWdc=,tag:91yigynRz6QdEd4rF7d/9g==,type:str]
mosquitto_mountain_mesh: ENC[AES256_GCM,data:LczPsPtAgkTTGcG3KYXMkfeA67e81Q5zJ5Nb8JcSosvvUwJRUi6yDcV/0wsYbMxeWDMrE/p+2KFRI48BVcUbY/LXqyFu5iNbX5IJXxzrexXXSTnOLa2PEamESzQlWI0ZS+K0Q48/5v9ekNVOkPgNQQ==,iv:jfa0QKOp8fyieUYTbMnBJ18VZwPO2CVnYQECHLNCyPI=,tag:9YZU82XQUmLJAFK+AiZ/Vw==,type:str]
mosquitto_genebean: ENC[AES256_GCM,data:QzLpyXST+hlmCq7SIpkxra5jiA3JTWPgGV/NPBoeC+yESpiXQOnWzzSiNS09l3xGmjvTLR4dGUeTD1CUl4FwUsMT15MWjWHYNAfuoywy50i7xCCKPwERDxniar7Ykq7o0rz2UkNlW0X7uLQar+rn6g==,iv:ECt5oAh2R1a+RFEk5lEsDFEj2+4Z/D4Q7ezK1iTsS6k=,tag:4tLFjqezUFW8hA8udyPkiw==,type:str]
mqtt_recorder_pass: ENC[AES256_GCM,data:N44nv2mk5zguWXNHdKsxhoKUjiduD1hzsAb6,iv:aLudKuUBTPXgtAF33exELH/PESD0CqoDaydeqdhcmbA=,tag:3lhrqO8jxJiRHWZjWSRa0g==,type:str]
nextcloud_admin_pass: ENC[AES256_GCM,data:dite1z9lAQg4geuoDvXnveJP0iI/ouEe,iv:VT17WjQdS8T1qIxwyjdLy2VNpP5tv7KXhY+twpotiaQ=,tag:5DQLvRI87BamUutSUnvncA==,type:str]
owntracks_basic_auth: ENC[AES256_GCM,data:GX1U1uf7+erE+g9GzhXK5ED2QicfcbpRCwpJDw6Zr9X2FtdMYleH5mhLxw==,iv:PflRq+P50+oFf4wv5wwlY6V9bApGuJ3tlYTvJZ5mg0E=,tag:VHBY5qv7rX74DGURsYaWpw==,type:str]
pack1828_gene_liverman_pass: ENC[AES256_GCM,data:f1sO6ZKbg6wsPtAE0X5g0vqvEToBG4Ps+f0GiAK7ThDHna4UDHc0MlEbLsRb+C/WtKfDMFm2EfbfFIks,iv:jy7gt4mGXjsUXbuW8ml/tkc6AEOnkfflP7rtD6pU4JU=,tag:ccS0VfRd5yT/i+ic/N2Suw==,type:str]
pack1828_dawn_liverman_pass: ENC[AES256_GCM,data:reJDYGed0VBGoZ48FMPhWFBn7zM42uFcMaBy2569JS4kKZ9AqFFVJKstmyj3U81hE7aG2hxaLOT0sGQA,iv:tfXu7jCuuAcR7kxVb8Lfj/tKhwpZ/gTY9xwmWOy/kPA=,tag:qHOdjvz8yGChumP5D7q25w==,type:str]
pack1828_steve_mclendon_pass: ENC[AES256_GCM,data:js6im7Uobhgh8TM/R6pAQeBOWbqMmmVu+y+0yG/W0QRAtjxqy2gwYdtu0PBf7ZbXoDvqLWBj9tYiH5T2,iv:dmGmkNrkcWfGv/bgpf/TowDVb7sG3Oqq26iJqfMfE74=,tag:W7TmUvOM+ApkJ4EXDqmRLw==,type:str]
plausible_admin_pass: ENC[AES256_GCM,data:nMGHMTp3YsDGP3YA9qmZqRCBA5BonS7SaLo=,iv:gN9qu+35DHiJVKh8vHF6KAwrFqgfdNNCC0+q3L/mBGg=,tag:XKlzT4Bp9IIKTSAmjDhd1Q==,type:str]
plausible_secret_key_base: ENC[AES256_GCM,data:6Co3VO9Ocmd6cppRpm763jjpRE9yCb75FnrrvCD5XtQPoq6c7ZnCPfSPzWF7jOv6e0g+ghao015myEe3pmNlPcx55KE4LpPwNGHdGbFHmNsGiIDrDUC3Hw==,iv:0FXSF//7FAGrQKiMOfHFoWE539MzCnz7xUTHxxatTCI=,tag:cKMFwyLYScKVM3v+6hvwzg==,type:str]
tailscale_key: ENC[AES256_GCM,data:Bl00WuIrLvxmt7aNsoXC6G7XFls7waZMzdfo/MsEOZl/i3wHwrjrmgwd3V4GkaJ42UjrC1OLobrkuLves4w=,iv:tlCu0EWgvhvs1ANdtQr7KWHJ2RjpHniUm/rFC4L/MHs=,tag:+8eov9w+SPGZPnjMdrN8gA==,type:str]
@ -23,8 +28,8 @@ sops:
WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV
W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-21T02:47:26Z"
mac: ENC[AES256_GCM,data:j8SrPIwZCVS+YrJOZt/S/UfiYKMFEYdjy5aNlJbmq+wK6OBoyRnOsuIbD+lSERhru47k4sSd+3g6r+ygSuF9vXz+sqvuizkqLM39k0+zz771UaBiYTy/06mwIBsHVh99TskWH2ByKSQ47vyzkLPi26YAUmom6omX4Asplizhu9w=,iv:6ryKJnRJXlW6cyBj+Aseno636dAWESG8ImFL3KwKApM=,tag:KymKRDQv0kfzJdv/0xvDHQ==,type:str]
lastmodified: "2025-06-09T00:02:18Z"
mac: ENC[AES256_GCM,data:/gbUCnVDQ9FSpm/nwqM/b9DfQ5hCcsTG5DEHF9dKYRQq64rOrCTfusrbCj89WAbabJVHWijDWrI/al5ZtHz1q/i3QXSP81cjabugtGcwdtrl6vpQn+K/Uf6t8N65fIvJG1JcepR4CgguVdTmVU5aOCWnB+Ai9PlbPa6p2OE32k8=,iv:E2YXecvKQ6qsezSyKi4771UqqVsQ2buN+4wzT2hAyO8=,tag:ajCENU3pJEmWa7k93vixvQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4