forked from hswaw/hscloud
hswaw/sound: add password file to mosquitto
Change-Id: Ifda90bb0fb6be681a04381335d18d19ffab81298 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1448 Reviewed-by: vuko <vuko@hackerspace.pl>
This commit is contained in:
parent
6204ccdf92
commit
142c8e6504
1 changed files with 29 additions and 1 deletions
|
@ -68,13 +68,41 @@ in {
|
|||
|
||||
services.acpid.enable = true;
|
||||
|
||||
# TODO copy acls and paswords from old sound
|
||||
# nixos mosquitto service adds psk_file to its namespace mounts. Using separate service and directory other than
|
||||
# /run/mosuitto/ seems like most reliable.
|
||||
systemd.services."mosquitto-secrets" = pkgs.lib.mkIf config.services.mosquitto.enable (
|
||||
let
|
||||
user = config.systemd.services.mosquitto.serviceConfig.User;
|
||||
in {
|
||||
description = "Mosquitto secrets";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "mosquitto.service" ];
|
||||
before = [ "mosquitto.service" ];
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = "yes";
|
||||
serviceConfig.ExecStart = [
|
||||
''${pkgs.coreutils}/bin/install "--owner=${user}" --mode=500 --directory /run/mosquitto-secrets''
|
||||
''${pkgs.coreutils}/bin/install "--owner=${user}" /root/secrets/mosquitto-pwfile /run/mosquitto-secrets/pwfile''
|
||||
];
|
||||
serviceConfig.ExecStop = [
|
||||
''${pkgs.coreutils}/bin/rm -rf /run/mosquitto-secrets''
|
||||
];
|
||||
}
|
||||
);
|
||||
|
||||
services.mosquitto.enable = true;
|
||||
services.mosquitto.listeners = [
|
||||
{
|
||||
settings.allow_anonymous = true;
|
||||
settings.psk_file = "/run/mosquitto-secrets/pwfile";
|
||||
acl = [
|
||||
"topic read $SYS/#"
|
||||
"topic #"
|
||||
];
|
||||
}
|
||||
];
|
||||
services.mosquitto.logType = ["all"];
|
||||
|
||||
services.home-assistant = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue