{ lib, config, pkgs, ... }: let cfg = config.my.networking.zigbee2mqtt; defaultPorts = config.services.zigbee2mqtt.firewallTCPPorts.default; in { options.my.networking.zigbee2mqtt = { enable = lib.mkEnableOption "Enable Technitium DNS Server"; enable-metric = lib.mkEnableOption "Enable Zigbee2MQTT metrics export to Prometheus"; mqtt-port = lib.mkOption { type = lib.types.port; default = 1883; description = "Port for the MQTT server."; }; z2m-frontend-port = lib.mkOption { type = lib.types.port; default = 8080; description = "Port for the Zigbee2MQTT frontend."; }; mqtt-passwordFile = lib.mkOption { type = lib.types.path; default = "/run/keys/mqtt.password"; description = "Path to the file containing the MQTT password."; }; z2mqtt-passwordFile = lib.mkOption { type = lib.types.path; default = "/run/keys/mqtt.password"; description = "Path to the file containing the Zigbee2mqtt password."; }; }; config = lib.mkIf cfg.enable { services.mosquitto = { enable = true; listeners = [ { address = "0.0.0.0"; port = cfg.mqtt-port; users = { homeassistant = { acl = [ "readwrite homeassistant/#" "readwrite zigbee2mqtt/#" ]; passwordFile = cfg.mqtt-passwordFile; }; }; } ]; }; services.zigbee2mqtt = { enable = true; settings = { permit_join = false; frontend = { enabled = true; port = cfg.z2m-frontend-port; }; homeassistant = { enabled = true; status_topic = "homeassistant/status"; }; mqtt = { server = "mqtt://localhost:1883"; user = "homeassistant"; }; serial = { port = "tcp://slzb-06m.home:6638"; baudrate = 115200; adapter = "ember"; disable_led = false; advanced = { transmit_power = 20; }; }; }; }; systemd.services.zigbee2mqtt.serviceConfig.EnvironmentFile = cfg.z2mqtt-passwordFile; networking.firewall.allowedTCPPorts = [ cfg.mqtt-port cfg.z2m-frontend-port ]; }; }