Mosquitto

Mosquitto is an open source message broker that implements the MQTT protocol, a lightweight and popular communication method for the Internet of Things (IoT). Mosquitto supports MQTT versions 5.0, 3.1.1 and 3.1, and can run on various devices, from low power single board computers to full servers.

Setup

The following setup enables a local Mosquitto server listening on port 1883, allowing anonymous access for demonstration purpose.

services.mosquitto = {
  enable = true;
  listeners = [
    {
      acl = [ "pattern readwrite #" ];
      omitPasswordAuth = true;
      settings.allow_anonymous = true;
    }
  ];
};

networking.firewall = {
  enable = true;
  allowedTCPPorts = [ 1883 ];
};

Configuration

Password authentication

The following command will generate a hashed password for the user root into the file /tmp/passwd.

nix shell nixpkgs#mosquitto --command mosquitto_passwd -c /tmp/passwd root
cat /tmp/passwd
# root:$7$101$KIGAc4K4Pj2zfump$a1s19bL++vN7RlUqJne869JZepEditIOTDPrmaRG2Jlg37/uNJcLzxjk6n5adwbc7COd3eyXuJ7T+CEI+wwxvQ==

Use the hash after root: for the following configuration.

Change the Mosquitto listeners configuration by adding a user, in this example called root with the hashed password.

mosquitto = {
  enable = true;
  listeners = [
    {
      users.root = {
        acl = [
          "readwrite #"
        ];
        hashedPassword = "$6$arZ0Sf.HKZGgSBRR$/cAB1gB4P9JQzZ6cEnIWbPNlit.PYQsbRTaRmfUsBePOtPN6P/L7TWNMaeFc2YTT904loeC3Xq3Qpdzxgen9Y/==";
      };
    }
  ];
};

Usage

Testing the server is possible by running a listening comand. We also supply username root and password mypasswd from above.

nix shell nixpkgs#mosquitto --command mosquitto_sub -h localhost -t test -u root -P mypasswd

On a different shell the second command sends a message which should be received by the command above

nix shell nixpkgs#mosquitto --command mosquitto_pub -h localhost -t test -m "Hello" -u root -P mypasswd