mqtt: migrate to new configuration format

2 files changed, 27 insertions, 15 deletions

diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix
index e78f0f97..8ace4238 100644
--- a/krebs/2configs/shack/mqtt.nix
+++ b/krebs/2configs/shack/mqtt.nix
@@ -1,15 +1,21 @@
-# hostname: mqtt.shack
+{ ... }:
 {
   networking.firewall.allowedTCPPorts = [ 1883 ];
   networking.firewall.allowedUDPPorts = [ 1883 ];
   services.mosquitto = {
     enable = true;
-    host = "0.0.0.0";
-    users = {};
-    # TODO: secure that shit
-    aclExtraConf = ''
-      pattern readwrite #
-    '';
-    allowAnonymous = true;
+    persistence = false;
+    settings.max_keepalive = 60;
+    listeners = [
+      {
+        port = 1883;
+        omitPasswordAuth = true;
+        users = {};
+        settings = {
+          allow_anonymous = true;
+        };
+        acl = [ "topic readwrite #" "pattern readwrite #" ];
+      }
+    ];
   };
 }
diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix
index 9d1da839..cba43e22 100644
--- a/makefu/2configs/mqtt.nix
+++ b/makefu/2configs/mqtt.nix
@@ -2,12 +2,18 @@
 {
   services.mosquitto = {
     enable = true;
-    host = "0.0.0.0";
-    users = {};
-    # TODO: secure that shit
-    aclExtraConf = ''
-      pattern readwrite #
-    '';
-    allowAnonymous = true;
+    persistence = false;
+    settings.max_keepalive = 60;
+    listeners = [
+      {
+        port = 1883;
+        omitPasswordAuth = true;
+        users = {};
+        settings = {
+          allow_anonymous = true;
+        };
+        acl = [ "topic readwrite #" "pattern readwrite #" ];
+      }
+    ];
   };
 }