I know it’s been a while, so maybe you’ve gotten this but in case not or if others find this - I too struggled to get this working, but now have a working configuration I can share.
The format of the addresses bit is similar to how you can configure 1 or more addresses on a system network interface (see Networking - NixOS Wiki), so we can use a block like this:
bridges."bridge_connection_name" = {
addresses = [{
address = "remote-mqtt-broker.example.com"
port = 1883;
}];
For me, I needed a local MQTT broker that listened over plaintext MQTT and bridged to an AWS IoT Core MQTT broker using Mutual TLS. In case it’s helpful to you or others, here’s my full (with creds/endpoints redacted) service configuration:
# Local plaintext MQTT Broker + Bridge to AWS IoT over TLS
services.mosquitto = {
enable = true;
logType = [ "all" ];
listeners = [{
address = "192.168.0.1";
port = 1883;
users.iotdevice = {
acl = [
"read IoT/device/action"
"write IoT/device/observations"
"write IoT/device/LW"
];
password = "mysweetpassword-or-use-hashedPassword";
};
settings = {
bind_interface = "eth0";
};
}];
bridges."aws_iot_core" = {
addresses = [{
address = "foobar.iot.us-west-2.amazonaws.com";
port = 8883;
}];
topics = [
"IoT/device/action in 1 \"\""
"IoT/device/observations out 1 \"\""
"IoT/device/LW out 0 \"\""
];
settings = {
local_clientid = "iotdevice-pi";
remote_clientid = "IoT-Mosquitto";
cleansession = true;
notifications = false;
start_type = "automatic";
bridge_protocol_version = "mqttv311";
bridge_outgoing_retain = false;
bridge_insecure = false;
bridge_cafile = "/persist/etc/mosquitto/AmazonRootCA1-RSA.pem";
bridge_certfile = "/persist/etc/mosquitto/client.pem";
bridge_keyfile = "/persist/etc/mosquitto/c_key.pem";
};
};
};
Remember to open up any firewall ports you need for the listener, e.g. for my example above TCP port 1883.
And here’s a bunch of resources that I used in making it (in no particular order, just a dump of my open tabs):
- nixpkgs/nixos/modules/services/networking/mosquitto.nix at 7bf5ade7a6d8283c3b2fa38c04bc0e6544e45ad2 · NixOS/nixpkgs · GitHub (you basically need to refer to this for the various configuration property names you’ll need to use, and to figure out where they go)
- Mosquitto MQTT Cheat Sheet | Mike Polinowski
- mosquitto.conf man page | Eclipse Mosquitto
- Mosquitto - NixOS Wiki (I’ve also edited this to include my example config I shared here)
- TLS configuration for mosquitto
- https://spectrum-os.org/git/nixpkgs/tree/nixos/modules/services/networking/mosquitto.md?id=4fed4b8da8e91c01a9d28e9d3b936c16dd098a4f