about summary refs log tree commit diff
path: root/nixos/modules/services/networking
diff options
context:
space:
mode:
authorSam Grayson <sam@samgrayson.me>2023-10-08 23:46:35 -0500
committerGitHub <noreply@github.com>2023-10-08 23:46:35 -0500
commitda32d38b1c52ba6d324ae382ec9d852b7c9da0f0 (patch)
tree986b4b79a539b555a51c263a393933520b2c21ad /nixos/modules/services/networking
parent87828a0e03d1418e848d3dd3f3014a632e4a4f64 (diff)
downloadnixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.tar
nixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.tar.gz
nixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.tar.bz2
nixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.tar.lz
nixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.tar.xz
nixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.tar.zst
nixlib-da32d38b1c52ba6d324ae382ec9d852b7c9da0f0.zip
nixos/mosquitto: fix ACL permissions
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r--nixos/modules/services/networking/mosquitto.nix34


1 files changed, 22 insertions, 12 deletions
diff --git a/nixos/modules/services/networking/mosquitto.nix b/nixos/modules/services/networking/mosquitto.nix
index c53d86c0babc..c6fcc64b4ca2 100644
--- a/nixos/modules/services/networking/mosquitto.nix
+++ b/nixos/modules/services/networking/mosquitto.nix
@@ -177,17 +177,6 @@ let
            ''
            ++ hashedLines));
 
-  makeACLFile = idx: users: supplement:
-    pkgs.writeText "mosquitto-acl-${toString idx}.conf"
-      (concatStringsSep
-        "\n"
-        (flatten [
-          supplement
-          (mapAttrsToList
-            (n: u: [ "user ${n}" ] ++ map (t: "topic ${t}") u.acl)
-            users)
-        ]));
-
   authPluginOptions = with types; submodule {
     options = {
       plugin = mkOption {
@@ -342,7 +331,7 @@ let
   formatListener = idx: listener:
     [
       "listener ${toString listener.port} ${toString listener.address}"
-      "acl_file ${makeACLFile idx listener.users listener.acl}"
+      "acl_file /etc/mosquitto/mosquitto-acl-${toString idx}.conf"
     ]
     ++ optional (! listener.omitPasswordAuth) "password_file ${cfg.dataDir}/passwd-${toString idx}"
     ++ formatFreeform {} listener.settings
@@ -704,6 +693,27 @@ in
             cfg.listeners);
     };
 
+    environment.etc = listToAttrs (
+      imap0
+        (idx: listener: {
+          name = "mosquitto/mosquitto-acl-${toString idx}.conf";
+          value = {
+            user = config.users.users.mosquitto.name;
+            group = config.users.users.mosquitto.group;
+            mode = "0400";
+            text = (concatStringsSep
+              "\n"
+              (flatten [
+                listener.acl
+                (mapAttrsToList
+                  (n: u: [ "user ${n}" ] ++ map (t: "topic ${t}") u.acl)
+                  listener.users)
+              ]));
+          };
+        })
+        cfg.listeners
+    );
+
     users.users.mosquitto = {
       description = "Mosquitto MQTT Broker Daemon owner";
       group = "mosquitto";

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-28 00:44:13 +0000