feat: configure homeassistant and esphome on new machine

2025-10-11 07:10:39 +02:00 · 2025-01-26 01:43:01 +01:00 · 2025-01-26 01:43:01 +01:00 · 3d37e2959f
commit 3d37e2959f
parent 0ff0828ca9
52 changed files with 403 additions and 672 deletions
--- a/hosts/sausebiene/mosquitto.nix
+++ b/hosts/sausebiene/mosquitto.nix
@ -0,0 +1,42 @@
+{ config, ... }:
+{
+  age.secrets.mosquitto-pw-home-assistant = {
+    mode = "440";
+    owner = "hass";
+    group = "mosquitto";
+    generator.script = "alnum";
+  };
+
+  services.mosquitto = {
+    enable = true;
+    persistence = true;
+    listeners = [
+      {
+        acl = [ "pattern readwrite #" ];
+        users = {
+          # zigbee2mqtt = {
+          #   passwordFile = config.age.secrets.mosquitto-pw-zigbee2mqtt.path;
+          #   acl = [ "readwrite #" ];
+          # };
+          home_assistant = {
+            passwordFile = config.age.secrets.mosquitto-pw-home-assistant.path;
+            acl = [ "readwrite #" ];
+          };
+        };
+        settings.allow_anonymous = false;
+      }
+    ];
+  };
+
+  networking.nftables.firewall.rules = {
+    # Allow devices and iot VLANs to access the MQTT server
+    access-mqtt = {
+      from = [
+        "vlan-devices"
+        "vlan-iot"
+      ];
+      to = [ "local" ];
+      allowedTCPPorts = [ 1883 ];
+    };
+  };
+}