Mosquitto: Difference between revisions

← Older edit

@@ Line 1: / Line 1: @@
 [https://mosquitto.org/ Mosquitto] is an open source message broker that implements the MQTT protocol, a lightweight and popular communication method for the Internet of Things (IoT). Mosquitto supports MQTT versions 5.0, 3.1.1 and 3.1, and can run on various devices, from low power single board computers to full servers.
+This article extends the documentation in the [https://nixos.org/manual/nixos/stable/#module-services-mosquitto NixOS manual].
 == Setup ==
@@ Line 6: / Line 8: @@
 <syntaxHighlight lang="nix">
-mosquitto = {
+services.mosquitto = {
    enable = true;
    listeners = [
@@ Line 15: / Line 17: @@
      }
    ];
+};
+networking.firewall = {
+  enable = true;
+  allowedTCPPorts = [ 1883 ];
+};
+</syntaxHighlight>
+== Advanced Setup ==
+The following more advanced setup also enables a local Mosquitto server listening on port <code>1883</code>, but with some setting overrides, a simple user definition containing ACL statements, and a bridge configuration that connects this Mosquitto instance to an AWS IoT Core broker using Mutual TLS. The configured topics are transparently copied between the two brokers (no local or remote prefixes are added to the topic names).
+<syntaxHighlight lang="nix">
+services.mosquitto = {
+  enable = true;
+  listeners = [{
+    address = "192.168.0.1";
+    port = 1883;
+    users.iotdevice = {
+      acl = [
+        "read IoT/device/action"
+        "write IoT/device/observations"
+        "write IoT/device/LW"
+      ];
+      password = "mysweetpassword-or-use-hashedPassword";
+    };
+  }];
+  bridges."aws_iot_core" = {
+    addresses = [{
+      address = "foobar.iot.us-west-2.amazonaws.com";
+      port = 8883;
+    }];
+    topics = [
+      "IoT/device/action in 1 \"\""
+      "IoT/device/observations out 1 \"\""
+      "IoT/device/LW out 0 \"\""
+    ];
+    settings = {
+      local_clientid = "NiXOS-Mosquitto";
+      remote_clientid = "NiXOS-Mosquitto";
+      cleansession = true;
+      notifications = false;
+      start_type = "automatic";
+      bridge_protocol_version = "mqttv311";
+      bridge_outgoing_retain = false;
+      bridge_insecure = false;
+      bridge_cafile = "/persist/etc/mosquitto/AmazonRootCA1-RSA.pem";
+      bridge_certfile = "/persist/etc/mosquitto/certificate.pem";
+      bridge_keyfile = "/persist/etc/mosquitto/private.pem.key";
+    };
+  };
 };
@@ Line 37: / Line 90: @@
 Use the hash after <code>root:</code> for the following configuration.
-Change the Mosquitto listeners configuration by addming a user, in this example called <code>root</code> with the hased password.
+Change the Mosquitto listeners configuration by adding a user, in this example called <code>root</code> with the hashed password.
 <syntaxHighlight lang="nix">
@@ Line 60: / Line 113: @@
 <syntaxHighlight lang="bash">
-nix shell nixpkgs#mosquitto --command mosquitto_sub -h localhost -t test -u root -p mypasswd
+nix shell nixpkgs#mosquitto --command mosquitto_sub -h localhost -t test -u root -P mypasswd
 </syntaxHighlight>
-and sending on a different shell a message which should be received by the command above
+On a different shell the second command sends a message which should be received by the command above
 <syntaxHighlight lang="bash">
-nix shell nixpkgs#mosquitto --command mosquitto_pub -h localhost -t test -m "Hello" -u root -p mypasswd
+nix shell nixpkgs#mosquitto --command mosquitto_pub -h localhost -t test -m "Hello" -u root -P mypasswd
 </syntaxHighlight>
 [[Category:Applications]]