Set up MQTT broker
This commit is contained in:
@@ -127,4 +127,22 @@ in {
|
||||
# Enable voice messages for facebook
|
||||
systemd.services.matrix-as-facebook.path = [ ffmpeg ];
|
||||
|
||||
# MQTT configuration
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
dataDir = "/vault/mosquitto";
|
||||
logType = [ "websockets" "error" "warning" "notice" "information" ];
|
||||
logDest = [ "syslog" ];
|
||||
listeners = [{
|
||||
users.homeostasis = {
|
||||
acl = [ "write #" ];
|
||||
hashedPasswordFile = config.age.secrets.mqtt-sender.path;
|
||||
};
|
||||
users.prometheus = {
|
||||
acl = [ "read #" ];
|
||||
hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
@@ -4,89 +4,98 @@
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2178-694E";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/2178-694E";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/matrix-as-facebook" =
|
||||
{ device = "vault/state_directories/matrix-as-facebook";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/var/lib/gitea" = {
|
||||
device = "vault/state_directories/gitea";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/matrix-as-signal" =
|
||||
{ device = "vault/state_directories/matrix-as-signal";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/var/lib/wallabag" = {
|
||||
device = "vault/state_directories/wallabag";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/signald" =
|
||||
{ device = "vault/state_directories/signald";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/var/lib/matrix-as-facebook" = {
|
||||
device = "vault/state_directories/matrix-as-facebook";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/gitea" =
|
||||
{ device = "vault/state_directories/gitea";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/var/lib/signald" = {
|
||||
device = "vault/state_directories/signald";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/matrix-as-telegram" =
|
||||
{ device = "vault/state_directories/matrix-as-telegram";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/var/lib/matrix-as-signal" = {
|
||||
device = "vault/state_directories/matrix-as-signal";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault" =
|
||||
{ device = "vault";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault" = {
|
||||
device = "vault";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/wallabag" =
|
||||
{ device = "vault/state_directories/wallabag";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault/backups" = {
|
||||
device = "vault/backups";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/git" =
|
||||
{ device = "vault/git";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault/git" = {
|
||||
device = "vault/git";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/backups" =
|
||||
{ device = "vault/backups";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault/syncthing" = {
|
||||
device = "vault/syncthing";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/radicale" =
|
||||
{ device = "vault/radicale";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault/backups/zion" = {
|
||||
device = "vault/backups/zion";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/backups/zion" =
|
||||
{ device = "vault/backups/zion";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault/radicale" = {
|
||||
device = "vault/radicale";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/syncthing" =
|
||||
{ device = "vault/syncthing";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/vault/backups/monolith" = {
|
||||
device = "vault/backups/monolith";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/vault/backups/monolith" =
|
||||
{ device = "vault/backups/monolith";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/var/lib/matrix-as-telegram" = {
|
||||
device = "vault/state_directories/matrix-as-telegram";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/containers/storage/overlay" = {
|
||||
device = "/var/lib/containers/storage/overlay";
|
||||
fsType = "none";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
|
||||
fileSystems."/vault/mosquitto" = {
|
||||
device = "vault/mosquitto";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
@@ -95,7 +104,9 @@
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.cni-podman0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.veth2e6ad4e4.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
||||
@@ -50,6 +50,7 @@ in {
|
||||
443 # HTTPS
|
||||
53 # DNS
|
||||
8448 # Matrix
|
||||
1883 # MQTT
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
wireguard_port # Wireguard
|
||||
|
||||
Reference in New Issue
Block a user