yorick
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

switch from rabbitmq to nats

master
Yorick van Pelt 2024-01-02 11:42:04 +01:00
parent 8ac041ba0d
commit 8fa27408dc
Signed by: yorick
GPG Key ID: D8D3CC6D951384DE
5 changed files with 64 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
fixups.nix
View File

@ -1,2 +1,15 @@
(pkgs: super: {
# https://github.com/NixOS/nixpkgs/pull/278153
nats-server = super.buildGoModule rec {
pname = "nats-server";
version = "2.10.7";
src = pkgs.fetchFromGitHub {
owner = "nats-io";
repo = pname;
rev = "v${version}";
hash = "sha256-DZ0a4gptTjuSVBlhDEWKTmU6Dgt36xulfjVK1kJtXhI=";
};
doCheck = false;
vendorHash = "sha256-Q2wc4esu2H81ct9TUPs+ysT3LrW698+9JllbvdDa5Yc=";
};
})

45
nixos/machines/frumar/default.nix
View File

@ -130,15 +130,11 @@
boot.zfs.requestEncryptionCredentials = false;
networking.firewall = {
interfaces.wg-y.allowedTCPPorts = [ 3000 9090 ]; # grafana and prometheus via pennyworth
# mqtt
allowedTCPPorts = [ 1883 ];
# mqtt, nats
allowedTCPPorts = [ 1883 4222 ];
# mqtt
allowedUDPPorts = [ 1883 ];
};
services.rabbitmq = {
enable = true;
plugins = [ "rabbitmq_mqtt" "rabbitmq_management" ];
};
services.grafana = {
enable = true;
settings = {
@ -162,8 +158,10 @@
frumar-mail-pass.file = ../../../secrets/frumar-mail-pass.age;
grafana.file = ../../../secrets/grafana.env.age;
oauth2-proxy.file = ../../../secrets/oauth2-proxy.age;
zigbee2mqtt.file = ../../../secrets/zigbee2mqtt.env.age;
};
systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secrets.grafana.path;
systemd.services.zigbee2mqtt.serviceConfig.EnvironmentFile = config.age.secrets.zigbee2mqtt.path;
services.zfs.autoScrub = {
enable = true;
interval = "*-*-01 02:00:00"; # monthly + 2 hours
@ -252,5 +250,38 @@
nginx.virtualHosts = [ "priv.yori.cc" ];
extraConfig.whitelist-domain = ["priv.yori.cc"];
};
services.yorick.marvin-tracker.enable = true;
services.nats = {
enable = true;
jetstream = true;
settings = {
mqtt.port = 1883;
system_account = "SYS";
accounts = {
SYS.users = [ {
user = "admin";
password = "$2y$10$TWoKGC7/VKQRnIK163akm.0JRdhSA00lMMVn8fa1tPyKBgbED0BL2";
} ];
default = {
jetstream = "enabled";
users = [
{
user = "yorick";
password = "$2y$10$EtQh8YX0I91X774PhDxhKOSGSc0IAAvGwZErVKV3z.IfeHTcT1.yy";
}
{
user = "iot";
password = "$2y$10$.JF/0CQ1PYCFPITsSXGj..k5v60rZvDc.LWCIDhZpoc93NyyIa5wS";
allowed_connection_types = [ "MQTT" ];
}
{
user = "zigbee2mqtt";
password = "$2a$11$CC5NVYiTUeoa4A4w94NFMORO/0jhMR60JWgPUgjct8c2vg29wwIGG";
allowed_connection_types = [ "MQTT" ];
}
];
};
};
};
};
# services.yorick.marvin-tracker.enable = true;
}

9
nixos/machines/frumar/home-automation.nix
View File

@ -9,12 +9,11 @@
};
services.zigbee2mqtt = {
enable = true;
settings.availability = true;
settings.device_options = {
retain = true;
legacy = false;
settings = {
availability = true;
device_options.legacy = false;
serial.port = "/dev/ttyUSB0";
};
settings.serial.port = "/dev/ttyUSB0";
};
services.home-assistant = {
enable = true;

1
secrets/secrets.nix
View File

@ -25,5 +25,6 @@ in
"root-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
"frumar-mail-pass-hash.age".publicKeys = [ yorick pennyworth ];
"frumar-mail-pass.age".publicKeys = [ yorick frumar ];
"zigbee2mqtt.env.age".publicKeys = [ yorick frumar ];
"oauth2-proxy.age".publicKeys = [ yorick frumar ];
}

8
secrets/zigbee2mqtt.env.age Normal file
View File

@ -0,0 +1,8 @@
age-encryption.org/v1
-> X25519 7yGph74rkmQTSJNiGDmv19xuBxge6974YxV6CittBm0
NUa74cljoPwGbNc5pAsofWWHMKyekzTYbOa3FPT+xVY
-> ssh-ed25519 n7yA6g 7iJ0C2P9dt4ciwoXw2Zpq8T3KRTxzxI9qRMAyziiG3E
xaXAvQuP4pqwmvy2fKJAqH9Ng8+e2MdN/KQ90uB56hE
--- 1EeeSv+xD4Gfr03iSNipNtEAAyWAZf4layPFJfOY6w8
H“K!T¸ ©oAzä2à5@L€ú¿„h¢ÖóÞVü€¯†Ñ®uF@Ö9nƒÛñÅ8U!,ºŽ‘¡—,»Yjc%…FBãÌK<C38C>ÛGrÿ9Ü?\÷ƒ5šûÕdæ: KKYÂ
)<29>%öŽ¦•CÑ®`j±ïiý´à¦E¾uë64ç