zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Lock down access to mqtt
All checks were successful
Check Flake / check-flake (push) Successful in 1m6s
Details

Browse Source
This commit is contained in:
Zuckerberg 2024-10-27 16:15:23 -07:00
parent 5b666a0565
commit c7d9e84f73
4 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
machines/storage/s0/home-automation.nix
View File

@ -8,9 +8,10 @@
enable = true;
listeners = [
{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
settings.allow_anonymous = true;
users.root = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$8+QnkTzCdGizaKqq$lpU4o84n6D/1uwfA9pZDVExr1NDm1D/8tNla2tE9J9HdUqkvu192yYfiySY1MFqVNgUKgWEFu5P1bUKqRnzbUw==";
};
}
];
};
@ -28,7 +29,8 @@
};
mqtt = {
server = "mqtt://localhost:1883";
# base_topic = "zigbee2mqtt";
user = "root";
password = "'!/run/agenix/zigbee2mqtt.yaml mqtt_password'";
};
frontend = {
host = "localhost";
@ -36,6 +38,7 @@
};
};
};
age.secrets."zigbee2mqtt.yaml".file = ../../../secrets/zigbee2mqtt.yaml.age;
services.home-assistant = {
enable = true;

1
machines/storage/s0/properties.nix
View File

@ -12,6 +12,7 @@
"binary-cache"
"gitea-actions-runner"
"frigate"
"zigbee"
];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

3
secrets/secrets.nix
View File

@ -57,4 +57,7 @@ with roles;
# Frigate (DVR)
"frigate-credentials.age".publicKeys = frigate;
# zigbee2mqtt secrets
"zigbee2mqtt.yaml.age".publicKeys = zigbee;
}

8
secrets/zigbee2mqtt.yaml.age Normal file
View File

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 hPp1nw TSDuPaFp/Qcz4r819X4QmU/4J2TGpoX7jCCJCdFDog0
SwQUqEp45xMOeTkvBG6uX28kB8YWG66laYqakSgl9w4
-> ssh-ed25519 w3nu8g tLZDNE0iBgOpUB3djpNu3CgimsRc0zcds+AgctzxyQ4
Oyz6XORsApM4vFxWyaD3bR/ApIUFPY3q4yGvtbosUIY
--- vuXlQmuOFbJhBTACN5ciH2GlOCbRCMPZdlogG2O+KOk
Áëÿ!}UIì p0@Xž|°þ#晆0HÙõò#BÇRR<52>Ù
òùø5¾Iÿ?vX?pÝ<70><>fqÍ[lž¸˜­G7ü; UäÀOUä¶