diff options
| author | pennae <82953136+pennae@users.noreply.github.com> | 2024-02-26 22:58:40 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-26 22:58:40 +0100 |
| commit | 13aff9b34cc32e59d35c62ac9356e4a41198a538 (patch) | |
| tree | 6642bcd6d9f74724628333a14ab4a2a942f1352c /nixos/modules/services/networking | |
| parent | 4082c12461150780df2bcd45c540215993b929af (diff) | |
| parent | 14ffe0e240a19beafd39921ed0f9351fa63b6a7e (diff) | |
| download | nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.tar nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.tar.gz nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.tar.bz2 nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.tar.lz nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.tar.xz nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.tar.zst nixlib-13aff9b34cc32e59d35c62ac9356e4a41198a538.zip | |
Merge pull request #259937 from charmoniumQ/patch-1
nixos/mosquitto: fix ACL permissions
Diffstat (limited to 'nixos/modules/services/networking')
| -rw-r--r-- | nixos/modules/services/networking/mosquitto.nix | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix index ad9eefb42252..0aca263ae5b2 100644 --- a/nixos/modules/services/networking/mosquitto.nix +++ b/nixos/modules/services/networking/mosquitto.nix @@ -177,17 +177,6 @@ let '' ++ hashedLines)); - makeACLFile = idx: users: supplement: - pkgs.writeText "mosquitto-acl-${toString idx}.conf" - (concatStringsSep - "\n" - (flatten [ - supplement - (mapAttrsToList - (n: u: [ "user ${n}" ] ++ map (t: "topic ${t}") u.acl) - users) - ])); - authPluginOptions = with types; submodule { options = { plugin = mkOption { @@ -342,7 +331,7 @@ let formatListener = idx: listener: [ "listener ${toString listener.port} ${toString listener.address}" - "acl_file ${makeACLFile idx listener.users listener.acl}" + "acl_file /etc/mosquitto/mosquitto-acl-${toString idx}.conf" ] ++ optional (! listener.omitPasswordAuth) "password_file ${cfg.dataDir}/passwd-${toString idx}" ++ formatFreeform {} listener.settings @@ -698,6 +687,27 @@ in cfg.listeners); }; + environment.etc = listToAttrs ( + imap0 + (idx: listener: { + name = "mosquitto/mosquitto-acl-${toString idx}.conf"; + value = { + user = config.users.users.mosquitto.name; + group = config.users.users.mosquitto.group; + mode = "0400"; + text = (concatStringsSep + "\n" + (flatten [ + listener.acl + (mapAttrsToList + (n: u: [ "user ${n}" ] ++ map (t: "topic ${t}") u.acl) + listener.users) + ])); + }; + }) + cfg.listeners + ); + users.users.mosquitto = { description = "Mosquitto MQTT Broker Daemon owner"; group = "mosquitto"; |