From 20eebf0ca30f7fabf5cd818a81a9e60c487b0962 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 17 Sep 2018 21:52:41 +0200
Subject: ma homeautomation: add mqtt

---
 makefu/2configs/deployment/homeautomation/mqtt.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 makefu/2configs/deployment/homeautomation/mqtt.nix

(limited to 'makefu/2configs/deployment/homeautomation/mqtt.nix')

diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix
new file mode 100644
index 000000000..1d6a6a3a3
--- /dev/null
+++ b/makefu/2configs/deployment/homeautomation/mqtt.nix
@@ -0,0 +1,16 @@
+{ pkgs, config, ... }:
+{
+  services.mosquitto = {
+    enable = true;
+    host = "0.0.0.0";
+    allowAnonymous = false;
+    checkPasswords = true;
+    # see <host>/mosquitto
+    users.sensor = {
+      hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg==";
+      acl = [ "topic readwrite #" ];
+    };
+  };
+  environment.systemPackages = [ pkgs.mosquitto ];
+  networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ];
+}
-- 
cgit v1.2.3


From 884c73d2c0542a303a8af93e522fc17e3578e622 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 18 Sep 2018 02:16:12 +0200
Subject: ma homeautomation: add mqtt broker with acl

---
 makefu/2configs/deployment/homeautomation/mqtt.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'makefu/2configs/deployment/homeautomation/mqtt.nix')

diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix
index 1d6a6a3a3..cd1c328d7 100644
--- a/makefu/2configs/deployment/homeautomation/mqtt.nix
+++ b/makefu/2configs/deployment/homeautomation/mqtt.nix
@@ -10,7 +10,15 @@
       hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg==";
       acl = [ "topic readwrite #" ];
     };
+    users.hass = {
+      hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA==";
+      acl = [ "topic readwrite #" ];
+    };
+    users.stats = {
+      hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA==";
+      acl = [ "topic read #" ];
+    };
   };
   environment.systemPackages = [ pkgs.mosquitto ];
-  networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ];
+  # port open via trusted interface
 }
-- 
cgit v1.2.3