34 lines
870 B
Nix
34 lines
870 B
Nix
{ config, pkgs, ... }:
|
|
|
|
rec {
|
|
networking.firewall.allowedTCPPorts = [1883];
|
|
|
|
# security.acme.certs."mqtt.stubbe.rocks" = {
|
|
# email = "mqqt@stubbe.rocks";
|
|
# webroot = "/var/www/challenges/";
|
|
# allowKeysForGroup = true;
|
|
# group = "mosquitto";
|
|
# postRun = ''
|
|
# chmod g+rw -R /var/lib/acme/mqtt.stubbe.rocks
|
|
# chown mosquitto:root -R /var/lib/acme/mqtt.stubbe.rocks
|
|
# '';
|
|
# directory = "/var/lib/acme/mqtt.stubbe.rocks";
|
|
# };
|
|
|
|
services.mosquitto = rec {
|
|
enable = true;
|
|
# ssl = {
|
|
# enable = true;
|
|
# cafile = "/var/lib/acme/mqtt.stubbe.rocks/full.pem";
|
|
# certfile = "/var/lib/acme/mqtt.stubbe.rocks/cert.pem";
|
|
# keyfile = "/var/lib/acme/mqtt.stubbe.rocks/key.pem";
|
|
# };
|
|
host = "0.0.0.0";
|
|
checkPasswords = true;
|
|
users."eeN!ei2eilo1aiT6" = {
|
|
acl = [ "topic readwrite myink/#" ];
|
|
password = "AS5hoh5ug(ei8eer";
|
|
};
|
|
};
|
|
}
|