zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Lock down access to mqtt
All checks were successful
Check Flake / check-flake (push) Successful in 1m6s
Details

Browse Source
This commit is contained in:
Zuckerberg 2024-10-27 16:15:23 -07:00
parent 5b666a0565
commit c7d9e84f73
4 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
machines/storage/s0/home-automation.nix
View File

@ -8,9 +8,10 @@
enable = true; enable = true;
listeners = [ listeners = [
{ {
acl = [ "pattern readwrite #" ]; users.root = {
omitPasswordAuth = true; acl = [ "readwrite #" ];
settings.allow_anonymous = true; hashedPassword = "$7$101$8+QnkTzCdGizaKqq$lpU4o84n6D/1uwfA9pZDVExr1NDm1D/8tNla2tE9J9HdUqkvu192yYfiySY1MFqVNgUKgWEFu5P1bUKqRnzbUw==";
};
} }
]; ];
}; };
@ -28,7 +29,8 @@
}; };
mqtt = { mqtt = {
server = "mqtt://localhost:1883"; server = "mqtt://localhost:1883";
# base_topic = "zigbee2mqtt"; user = "root";
password = "'!/run/agenix/zigbee2mqtt.yaml mqtt_password'";
}; };
frontend = { frontend = {
host = "localhost"; host = "localhost";
@ -36,6 +38,7 @@
}; };
}; };
}; };
age.secrets."zigbee2mqtt.yaml".file = ../../../secrets/zigbee2mqtt.yaml.age;
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;

1
machines/storage/s0/properties.nix
View File

@ -12,6 +12,7 @@
"binary-cache" "binary-cache"
"gitea-actions-runner" "gitea-actions-runner"
"frigate" "frigate"
"zigbee"
]; ];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

3
secrets/secrets.nix
View File

@ -57,4 +57,7 @@ with roles;
# Frigate (DVR) # Frigate (DVR)
"frigate-credentials.age".publicKeys = frigate; "frigate-credentials.age".publicKeys = frigate;
# zigbee2mqtt secrets
"zigbee2mqtt.yaml.age".publicKeys = zigbee;
} }

8
secrets/zigbee2mqtt.yaml.age Normal file
View File

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 hPp1nw TSDuPaFp/Qcz4r819X4QmU/4J2TGpoX7jCCJCdFDog0
SwQUqEp45xMOeTkvBG6uX28kB8YWG66laYqakSgl9w4
-> ssh-ed25519 w3nu8g tLZDNE0iBgOpUB3djpNu3CgimsRc0zcds+AgctzxyQ4
Oyz6XORsApM4vFxWyaD3bR/ApIUFPY3q4yGvtbosUIY
--- vuXlQmuOFbJhBTACN5ciH2GlOCbRCMPZdlogG2O+KOk
Áëÿ!}UIì p0@Xž|°þ#晆0HÙõò#BÇRR<52>Ù
òùø5¾Iÿ?vX?pÝ<70><>fqÍ[lž¸˜­G7ü; UäÀOUä¶