{ inputs, config, pkgs, ... }:

{

  age.secrets = {
    mosquitto-passwd-katja = {
      file  = ./. + "/../../../secrets/${config.networking.hostName}/mosquitto/passwd-katja.age";
      owner = "mosquitto";
    };
  };

  services = {
    mosquitto = {
      enable      = true;
      persistence = false;
      settings = {
        max_keepalive = 60;
      };
      listeners = [

        {
          port = 1883;
          omitPasswordAuth = true;
          users = {};
          settings = {
            allow_anonymous = true;
          };
          acl = [ "topic readwrite #" "pattern readwrite #" ];
        }

        {
          address = "::1";
          port    = 9005;
          users = {
            katja.passwordFile = config.age.secrets.mosquitto-passwd-katja.path;
          };
          settings = {
            protocol = "websockets";
          };
          acl = [ "topic readwrite #" "pattern readwrite #" ];
        }

      ];
    };
  };

}