My goal: to set up an MQTT broker (mosquitto) for use with the OwnTracks app under a NixOS server
My approach: Make a custom systemd oneshot script that creates the TLS keys and certificates for the MQTT broker using a script provided by the OwnTracks project. Then, configure mosquitto to use the generated CA certificate, server certificate, and key file.
The issue: I can’t figure out how to point mosquitto at the TLS files. So far I’ve tried:
[root@myhostname:~]# nixos-rebuild test
building Nix...
building the system configuration...
error:
Failed assertions:
- Invalid config key services.mosquitto.settings.cafile
- Invalid config key services.mosquitto.settings.certfile
- Invalid config key services.mosquitto.settings.keyfile
(use '--show-trace' to show detailed location information)
I’ve also tried using the extraConfig parameter, which results in:
error: The option 'services.mosquitto.extraConf' does not exist. Definition values:
If anyone can help me figure out how to point mosquitto to the generated TLS files, I would be very grateful.
Nevermind, figured it out. It turns out that the TLS configuration parameters go into listeners, not into the root of the service configuration. So my config now looks like: