ctucx.git: nixfiles

machines/lollo/smarthome: move mosquitto config out of zigbee2mqtt's config

diff --git a/machines/lollo/smarthome/default.nix b/machines/lollo/smarthome/default.nix
@@ -3,9 +3,10 @@
 {
 
   imports = [
-    ./zigbee2mqtt.nix
+    ./mosquitto.nix
     ./mbusd.nix
 
+    ./zigbee2mqtt.nix
     ./influxdb2.nix
   ];
 

diff --git a/machines/lollo/smarthome/mosquitto.nix b/machines/lollo/smarthome/mosquitto.nix
@@ -0,0 +1,43 @@
+{ inputs, config, pkgs, ... }:
+
+{
+
+  age.secrets = {
+    mosquitto-passwd-leah = {
+      file  = ../../../secrets/lollo/mosquitto/passwd-leah.age;
+      owner = "mosquitto";
+    };
+  };
+
+  services = {
+    mosquitto = {
+      enable      = true;
+      persistence = false;
+      settings = {
+        max_keepalive = 60;
+      };
+      listeners = [
+        {
+          port = 1883;
+          omitPasswordAuth = true;
+          users = {};
+          settings = {
+            allow_anonymous = true;
+          };
+          acl = [ "topic readwrite #" "pattern readwrite #" ];
+        }
+        {
+          port = 9005;
+          users = {
+            leah.passwordFile = config.age.secrets.mosquitto-passwd-leah.path;
+          };
+          settings = {
+            protocol = "websockets";
+          };
+          acl = [ "topic readwrite #" "pattern readwrite #" ];
+        }
+      ];
+    };
+  };
+
+}+
\ No newline at end of file

diff --git a/machines/lollo/smarthome/zigbee2mqtt.nix b/machines/lollo/smarthome/zigbee2mqtt.nix
@@ -14,23 +14,6 @@
       SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee0"
     '';
 
-    mosquitto = {
-      enable      = true;
-      persistence = false;
-      settings = {
-        max_keepalive = 60;
-      };
-      listeners = [{
-        port = 1883;
-        omitPasswordAuth = true;
-        users = {};
-        settings = {
-          allow_anonymous = true;
-        };
-        acl = [ "topic readwrite #" "pattern readwrite #" ];
-      }];
-    };
-
     zigbee2mqtt = {
       enable   = true;
       package  = pkgs.zigbee2mqtt;

@@ -59,6 +42,7 @@
           network_key = inputs.local-secrets.hosts.lollo.zigbee2mqtt.network_key;
         };
 
+        device_options.retain = true;
         devices = {
           "0x84fd27fffeaaa597".friendly_name = "ikea_lamp_i";
           "0x842e14fffe57daae".friendly_name = "ikea_lamp_i_rgb";

diff --git a/secrets/lollo/mosquitto/passwd-leah.age b/secrets/lollo/mosquitto/passwd-leah.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 eIDTyeUYnSrZ/swInLVJSDPFUg1INMif68T8MmCxxRU
+jhnkBf+Wl4dQdq9EDYYsUaXuoSkZDqyVWY89prFjfmM
+-> ssh-ed25519 2LuoZg t7dIcY+T06cqWODrZR0lJyPww/zxqQOKlOCKH07PkGY
+6WT5bulxAVwLvANw9OXPRA01IUAqI07vlUYdWSPlyrw
+-> 6-grease Zr uMvTV Ou rK{AmGi
+bSYLWhfHwucrNOw6kU839B4LgsS8e9MxC9fFFE597Yj4URhpMPLIMSvpQqOFV+1x
+b8iLQDnTiaemag
+--- a7bdHmcgl9Zt59EPGVRT9Gt2Xw0wDwouDZXLwVIhjnw
++�="�'3׸h`8��̃��`0�0�g��ً��龬؝Z�|+
\ No newline at end of file

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -24,6 +24,8 @@ in {
   "coladose/syncthing/cert.age".publicKeys                    = [ leah coladose ];
 
 
+  "lollo/mosquitto/passwd-leah.age".publicKeys                = [ leah lollo ];
+
   "lollo/syncthing/key.age".publicKeys                        = [ leah lollo ];
   "lollo/syncthing/cert.age".publicKeys                       = [ leah lollo ];