main
1{
2 config,
3 ...
4}:
5{
6 imports = [
7 ../common/services/bind.nix
8
9 ../common/services/prometheus-exporters-bind.nix
10 ];
11
12 networking.firewall.enable = false;
13
14 services = {
15 mosquitto = {
16 enable = true;
17 listeners = [
18 {
19 address = "0.0.0.0";
20 port = 1883;
21 omitPasswordAuth = false;
22 settings = {
23 allow_anonymous = false;
24 };
25 acl = [ "topic readwrite #" ];
26 users = {
27 homeassistant = {
28 acl = [ "readwrite #" ];
29 hashedPasswordFile = config.age.secrets."mosquitto-homeassistant-password".path;
30 };
31 };
32 }
33 ];
34 };
35
36 # MQTT exporter disabled due to broken package in nixpkgs
37 # ImportError: cannot import name 'main' from 'mqtt_exporter.main'
38 # prometheus.exporters.mqtt = {
39 # enable = true;
40 # port = 9234;
41 # mqttAddress = "127.0.0.1";
42 # mqttPort = 1883;
43 # mqttTopic = "#"; # Subscribe to all topics
44 # mqttUsername = "homeassistant";
45 # environmentFile = config.age.secrets."mosquitto-homeassistant-password".path;
46 # logLevel = "INFO";
47 # };
48
49 };
50
51 age.secrets."mosquitto-homeassistant-password" = {
52 file = ../../secrets/demeter/mosquitto-homeassistant-password.age;
53 mode = "400";
54 owner = "mosquitto";
55 group = "mosquitto";
56 };
57}