68 lines
1.4 KiB
Nix
68 lines
1.4 KiB
Nix
|
{ config, pkgs, lib, zentralwerk, ... }:
|
||
|
|
||
|
{
|
||
|
c3d2 = {
|
||
|
deployment = {
|
||
|
server = "server10";
|
||
|
mounts = [ "etc" "var"];
|
||
|
};
|
||
|
};
|
||
|
|
||
|
microvm.mem = 1024;
|
||
|
|
||
|
networking = {
|
||
|
hostName = "broker";
|
||
|
firewall.allowedTCPPorts = [ 1883 ];
|
||
|
};
|
||
|
|
||
|
services.openssh.enable = true;
|
||
|
services.mosquitto = {
|
||
|
enable = true;
|
||
|
listeners = [
|
||
|
{
|
||
|
address = "0.0.0.0";
|
||
|
users."zentralwerk-network" = {
|
||
|
passwordFile = config.sops.secrets."mosquitto/users/zentralwerk-network".path;
|
||
|
acl = [
|
||
|
"write #"
|
||
|
];
|
||
|
};
|
||
|
users."services" = {
|
||
|
passwordFile = config.sops.secrets."mosquitto/users/services".path;
|
||
|
acl = [
|
||
|
"write #"
|
||
|
];
|
||
|
};
|
||
|
users."consumer" = {
|
||
|
passwordFile = config.sops.secrets."mosquitto/users/consumer".path;
|
||
|
acl = [
|
||
|
"read #"
|
||
|
];
|
||
|
};
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
|
||
|
sops = {
|
||
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||
|
secrets = let
|
||
|
perms = {
|
||
|
owner = config.systemd.services.mosquitto.serviceConfig.User;
|
||
|
group = config.systemd.services.mosquitto.serviceConfig.Group;
|
||
|
mode = "0440";
|
||
|
};
|
||
|
in
|
||
|
{
|
||
|
"mosquitto/users/zentralwerk-network" = perms;
|
||
|
"mosquitto/users/services" = perms;
|
||
|
"mosquitto/users/consumer" = perms;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
environment.systemPackages = with pkgs; [
|
||
|
mqttui
|
||
|
];
|
||
|
|
||
|
system.stateVersion = "22.05";
|
||
|
}
|