|
|
|
@ -123,12 +123,33 @@ in |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
passwordFile = mkOption { |
|
|
|
|
type = with types; uniq (nullOr str); |
|
|
|
|
example = "/path/to/file"; |
|
|
|
|
default = null; |
|
|
|
|
description = '' |
|
|
|
|
Specifies the path to a file containing the |
|
|
|
|
clear text password for the MQTT user. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
hashedPassword = mkOption { |
|
|
|
|
type = with types; uniq (nullOr str); |
|
|
|
|
default = null; |
|
|
|
|
description = '' |
|
|
|
|
Specifies the hashed password for the MQTT User. |
|
|
|
|
<option>hashedPassword</option> overrides <option>password</option>. |
|
|
|
|
To generate hashed password install <literal>mosquitto</literal> |
|
|
|
|
package and use <literal>mosquitto_passwd</literal>. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
hashedPasswordFile = mkOption { |
|
|
|
|
type = with types; uniq (nullOr str); |
|
|
|
|
example = "/path/to/file"; |
|
|
|
|
default = null; |
|
|
|
|
description = '' |
|
|
|
|
Specifies the path to a file containing the |
|
|
|
|
hashed password for the MQTT user. |
|
|
|
|
To generate hashed password install <literal>mosquitto</literal> |
|
|
|
|
package and use <literal>mosquitto_passwd</literal>. |
|
|
|
|
''; |
|
|
|
@ -190,6 +211,13 @@ in |
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable { |
|
|
|
|
|
|
|
|
|
assertions = mapAttrsToList (name: cfg: { |
|
|
|
|
assertion = length (filter (s: s != null) (with cfg; [ |
|
|
|
|
password passwordFile hashedPassword hashedPasswordFile |
|
|
|
|
])) <= 1; |
|
|
|
|
message = "Cannot set more than one password option"; |
|
|
|
|
}) cfg.users; |
|
|
|
|
|
|
|
|
|
systemd.services.mosquitto = { |
|
|
|
|
description = "Mosquitto MQTT Broker Daemon"; |
|
|
|
|
wantedBy = [ "multi-user.target" ]; |
|
|
|
@ -210,7 +238,11 @@ in |
|
|
|
|
touch ${cfg.dataDir}/passwd |
|
|
|
|
'' + concatStringsSep "\n" ( |
|
|
|
|
mapAttrsToList (n: c: |
|
|
|
|
if c.hashedPassword != null then |
|
|
|
|
if c.hashedPasswordFile != null then |
|
|
|
|
"echo '${n}:'$(cat '${c.hashedPasswordFile}') >> ${cfg.dataDir}/passwd" |
|
|
|
|
else if c.passwordFile != null then |
|
|
|
|
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} $(cat '${c.passwordFile}')" |
|
|
|
|
else if c.hashedPassword != null then |
|
|
|
|
"echo '${n}:${c.hashedPassword}' >> ${cfg.dataDir}/passwd" |
|
|
|
|
else optionalString (c.password != null) |
|
|
|
|
"${pkgs.mosquitto}/bin/mosquitto_passwd -b ${cfg.dataDir}/passwd ${n} '${c.password}'" |
|
|
|
|