diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/mosquitto.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/networking/mosquitto.nix | 96 |
1 files changed, 49 insertions, 47 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/mosquitto.nix b/nixpkgs/nixos/modules/services/networking/mosquitto.nix index b41a2fd27be2..49f0cc90122b 100644 --- a/nixpkgs/nixos/modules/services/networking/mosquitto.nix +++ b/nixpkgs/nixos/modules/services/networking/mosquitto.nix @@ -36,7 +36,7 @@ let password = mkOption { type = uniq (nullOr str); default = null; - description = '' + description = lib.mdDoc '' Specifies the (clear text) password for the MQTT User. ''; }; @@ -45,7 +45,7 @@ let type = uniq (nullOr types.path); example = "/path/to/file"; default = null; - description = '' + description = lib.mdDoc '' Specifies the path to a file containing the clear text password for the MQTT user. ''; @@ -54,10 +54,10 @@ let hashedPassword = mkOption { type = uniq (nullOr str); default = null; - description = '' + description = mdDoc '' Specifies the hashed password for the MQTT User. - To generate hashed password install <literal>mosquitto</literal> - package and use <literal>mosquitto_passwd</literal>. + To generate hashed password install `mosquitto` + package and use `mosquitto_passwd`. ''; }; @@ -65,11 +65,11 @@ let type = uniq (nullOr types.path); example = "/path/to/file"; default = null; - description = '' + description = mdDoc '' Specifies the path to a file containing the hashed password for the MQTT user. - To generate hashed password install <literal>mosquitto</literal> - package and use <literal>mosquitto_passwd</literal>. + To generate hashed password install `mosquitto` + package and use `mosquitto_passwd`. ''; }; @@ -77,7 +77,7 @@ let type = listOf str; example = [ "read A/B" "readwrite A/#" ]; default = []; - description = '' + description = lib.mdDoc '' Control client access to topics on the broker. ''; }; @@ -155,24 +155,24 @@ let options = { plugin = mkOption { type = path; - description = '' - Plugin path to load, should be a <literal>.so</literal> file. + description = mdDoc '' + Plugin path to load, should be a `.so` file. ''; }; denySpecialChars = mkOption { type = bool; - description = '' - Automatically disallow all clients using <literal>#</literal> - or <literal>+</literal> in their name/id. + description = mdDoc '' + Automatically disallow all clients using `#` + or `+` in their name/id. ''; default = true; }; options = mkOption { type = attrsOf optionType; - description = '' - Options for the auth plugin. Each key turns into a <literal>auth_opt_*</literal> + description = mdDoc '' + Options for the auth plugin. Each key turns into a `auth_opt_*` line in the config. ''; default = {}; @@ -199,6 +199,7 @@ let allow_anonymous = 1; allow_zero_length_clientid = 1; auto_id_prefix = 1; + bind_interface = 1; cafile = 1; capath = 1; certfile = 1; @@ -230,7 +231,7 @@ let options = { port = mkOption { type = port; - description = '' + description = lib.mdDoc '' Port to listen on. Must be set to 0 to listen on a unix domain socket. ''; default = 1883; @@ -238,8 +239,8 @@ let address = mkOption { type = nullOr str; - description = '' - Address to listen on. Listen on <literal>0.0.0.0</literal>/<literal>::</literal> + description = mdDoc '' + Address to listen on. Listen on `0.0.0.0`/`::` when unset. ''; default = null; @@ -247,10 +248,10 @@ let authPlugins = mkOption { type = listOf authPluginOptions; - description = '' + description = mdDoc '' Authentication plugin to attach to this listener. - Refer to the <link xlink:href="https://mosquitto.org/man/mosquitto-conf-5.html"> - mosquitto.conf documentation</link> for details on authentication plugins. + Refer to the [mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) + for details on authentication plugins. ''; default = []; }; @@ -258,7 +259,7 @@ let users = mkOption { type = attrsOf userOptions; example = { john = { password = "123456"; acl = [ "readwrite john/#" ]; }; }; - description = '' + description = lib.mdDoc '' A set of users and their passwords and ACLs. ''; default = {}; @@ -266,7 +267,7 @@ let omitPasswordAuth = mkOption { type = bool; - description = '' + description = lib.mdDoc '' Omits password checking, allowing anyone to log in with any user name unless other mandatory authentication methods (eg TLS client certificates) are configured. ''; @@ -275,7 +276,7 @@ let acl = mkOption { type = listOf str; - description = '' + description = lib.mdDoc '' Additional ACL items to prepend to the generated ACL file. ''; example = [ "pattern read #" "topic readwrite anon/report/#" ]; @@ -286,7 +287,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = '' + description = lib.mdDoc '' Additional settings for this listener. ''; default = {}; @@ -295,7 +296,7 @@ let }; listenerAsserts = prefix: listener: - assertKeysValid prefix freeformListenerKeys listener.settings + assertKeysValid "${prefix}.settings" freeformListenerKeys listener.settings ++ userAsserts prefix listener.users ++ imap0 (i: v: authAsserts "${prefix}.authPlugins.${toString i}" v) @@ -353,14 +354,14 @@ let options = { address = mkOption { type = str; - description = '' + description = lib.mdDoc '' Address of the remote MQTT broker. ''; }; port = mkOption { type = port; - description = '' + description = lib.mdDoc '' Port of the remote MQTT broker. ''; default = 1883; @@ -368,17 +369,17 @@ let }; }); default = []; - description = '' + description = lib.mdDoc '' Remote endpoints for the bridge. ''; }; topics = mkOption { type = listOf str; - description = '' + description = lib.mdDoc '' Topic patterns to be shared between the two brokers. - Refer to the <link xlink:href="https://mosquitto.org/man/mosquitto-conf-5.html"> - mosquitto.conf documentation</link> for details on the format. + Refer to the [ + mosquitto.conf documentation](https://mosquitto.org/man/mosquitto-conf-5.html) for details on the format. ''; default = []; example = [ "# both 2 local/topic/ remote/topic/" ]; @@ -388,7 +389,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = '' + description = lib.mdDoc '' Additional settings for this bridge. ''; default = {}; @@ -397,7 +398,7 @@ let }; bridgeAsserts = prefix: bridge: - assertKeysValid prefix freeformBridgeKeys bridge.settings + assertKeysValid "${prefix}.settings" freeformBridgeKeys bridge.settings ++ [ { assertion = length bridge.addresses > 0; message = "Bridge ${prefix} needs remote broker addresses"; @@ -448,7 +449,7 @@ let type = package; default = pkgs.mosquitto; defaultText = literalExpression "pkgs.mosquitto"; - description = '' + description = lib.mdDoc '' Mosquitto package to use. ''; }; @@ -456,7 +457,7 @@ let bridges = mkOption { type = attrsOf bridgeOptions; default = {}; - description = '' + description = lib.mdDoc '' Bridges to build to other MQTT brokers. ''; }; @@ -464,17 +465,17 @@ let listeners = mkOption { type = listOf listenerOptions; default = {}; - description = '' + description = lib.mdDoc '' Listeners to configure on this broker. ''; }; includeDirs = mkOption { type = listOf path; - description = '' + description = mdDoc '' Directories to be scanned for further config files to include. Directories will processed in the order given, - <literal>*.conf</literal> files in the directory will be + `*.conf` files in the directory will be read in case-sensistive alphabetical order. ''; default = []; @@ -482,7 +483,7 @@ let logDest = mkOption { type = listOf (either path (enum [ "stdout" "stderr" "syslog" "topic" "dlt" ])); - description = '' + description = lib.mdDoc '' Destinations to send log messages to. ''; default = [ "stderr" ]; @@ -491,7 +492,7 @@ let logType = mkOption { type = listOf (enum [ "debug" "error" "warning" "notice" "information" "subscribe" "unsubscribe" "websockets" "none" "all" ]); - description = '' + description = lib.mdDoc '' Types of messages to log. ''; default = []; @@ -499,7 +500,7 @@ let persistence = mkOption { type = bool; - description = '' + description = lib.mdDoc '' Enable persistent storage of subscriptions and messages. ''; default = true; @@ -508,7 +509,7 @@ let dataDir = mkOption { default = "/var/lib/mosquitto"; type = types.path; - description = '' + description = lib.mdDoc '' The data directory. ''; }; @@ -517,7 +518,7 @@ let type = submodule { freeformType = attrsOf optionType; }; - description = '' + description = lib.mdDoc '' Global configuration options for the mosquitto broker. ''; default = {}; @@ -526,7 +527,7 @@ let globalAsserts = prefix: cfg: flatten [ - (assertKeysValid prefix freeformGlobalKeys cfg.settings) + (assertKeysValid "${prefix}.settings" freeformGlobalKeys cfg.settings) (imap0 (n: l: listenerAsserts "${prefix}.listener.${toString n}" l) cfg.listeners) (mapAttrsToList (n: b: bridgeAsserts "${prefix}.bridge.${n}" b) cfg.bridges) ]; @@ -629,9 +630,10 @@ in ])); RemoveIPC = true; RestrictAddressFamilies = [ - "AF_UNIX" # for sd_notify() call + "AF_UNIX" "AF_INET" "AF_INET6" + "AF_NETLINK" ]; RestrictNamespaces = true; RestrictRealtime = true; |