From 5db6c14cd3e287bc0a8de2446dbb04ed7c60fc14 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 13 Oct 2024 14:57:02 +0100 Subject: [PATCH] totoro: add some not-really-authed users to mosquitto just for separation --- ops/nixos/totoro/home-assistant.nix | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/ops/nixos/totoro/home-assistant.nix b/ops/nixos/totoro/home-assistant.nix index bfef7766b3..5deb06c5ad 100644 --- a/ops/nixos/totoro/home-assistant.nix +++ b/ops/nixos/totoro/home-assistant.nix @@ -8,21 +8,44 @@ in { settings = { homeassistant = true; serial.port = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_eca6e9ba6596ed11ac206b4ce259fb3e-if00-port0"; - mqtt.server = "mqtt://localhost:1883"; + mqtt = { + server = "mqtt://localhost:1883"; + user = "zigbee2mqtt"; + password = "zigbee2mqtt"; + }; frontend = { port = 8099; host = config.my.ip.tailscale6; }; }; }; - services.mosquitto = { + services.mosquitto = let + localhostUsers = { + zigbee2mqtt = { + password = "zigbee2mqtt"; + acl = [ + "readwrite zigbee2mqtt/#" + "readwrite homeassistant/#" + ]; + }; + homeassistant = { + password = "homeassistant"; + acl = [ + "readwrite zigbee2mqtt/#" + "readwrite homeassistant/#" + ]; + }; + }; + in { enable = true; listeners = [{ address = "127.0.0.1"; port = 1883; + users = localhostUsers; } { address = "::1"; port = 1883; + users = localhostUsers; }]; };