Setup MQTT

2026-03-27 09:27:44 -04:00 · 2025-06-11 21:47:27 -04:00 · 2025-06-11 21:47:27 -04:00 · 91d8478c9b
commit 91d8478c9b
parent 5f2005a8c3
6 changed files with 120 additions and 3 deletions
--- a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
@ -0,0 +1,102 @@
+{ config, ... }: {
+  services.mosquitto = {
+    enable = true;
+    bridges = {
+      liamcottle = {
+        addresses = [{
+          address = "mqtt.meshtastic.liamcottle.net";
+          port = 1883;
+        }];
+        topics = [
+          "msh/# out 1 \"\""
+        ];
+        settings = {
+          remote_username = "uplink";
+          remote_password = "uplink";
+          cleansession = true;
+          keepalive_interval = 160;
+          notifications = false;
+          start_type = "automatic";
+        };
+      };
+      meshtastic = {
+        addresses = [{
+          address = "mqtt.meshtastic.org";
+          port = 1883;
+        }];
+        topics = [
+          "msh/# out 1 \"\""
+        ];
+        settings = {
+          remote_username = "meshdev";
+          remote_password = "large4cats";
+          #bridge_protocol_version = "mqttv311";
+          cleansession = true;
+          keepalive_interval = 160;
+          notifications = false;
+          start_type = "automatic";
+        };
+      };
+      homeassistant = {
+        addresses = [{
+          address = "homeasistant-lc.atlas-snares.ts.net";
+          port = 1883;
+        }];
+        topics = [
+          "msh/US/2/e/LongFast/!a386c80 out 1 \"\""
+          "msh/US/2/e/LongFast/!b03bcb24 out 1 \"\""
+          "msh/US/2/e/LongFast/!b03dbe58 out 1 \"\""
+          "msh/US/2/e/LongFast/!4370b0c6 out 1 \"\""
+        ];
+        settings = {
+          remote_username = "meshtastic_user";
+          remote_password = "meshtastic_user";
+          cleansession = true;
+          keepalive_interval = 160;
+          notifications = false;
+          start_type = "automatic";
+        };
+      };
+    };
+    listeners = let
+      mqtt_users = {
+        genebean = {
+          acl = [
+            "readwrite msh/#"
+          ];
+          hashedPasswordFile = config.sops.secrets.mosquitto_genebean.path;
+        };
+        mountain_mesh = {
+          acl = [
+            "readwrite msh/#"
+          ];
+          hashedPasswordFile = config.sops.secrets.mosquitto_mountain_mesh.path;
+        };
+      };
+    in [
+      {
+        users = mqtt_users;
+        settings.allow_anonymous = false;
+      }
+      {
+        port = 8883;
+        users = mqtt_users;
+        settings = let
+           certDir = config.security.acme.certs."mqtt.technicalissues.us".directory;
+        in {
+          allow_anonymous = false;
+          keyfile = certDir + "/key.pem";
+          certfile = certDir + "/cert.pem";
+          cafile = certDir + "/chain.pem";
+        };
+      }
+    ];
+  };
+
+  sops.secrets = {
+    mosquitto_genebean.owner = config.users.users.mosquitto.name;
+    mosquitto_mountain_mesh.owner = config.users.users.mosquitto.name;
+  };
+
+  users.users.mosquitto.extraGroups = [ "nginx" ];
+}