fix(emqx): ACLs

JJGadgets · Feb 1, 2025 · 91c2d51 · 91c2d51
1 parent e7e8212
commit 91c2d51
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/kube/deploy/core/db/emqx/cluster/emqx.yaml b/kube/deploy/core/db/emqx/cluster/emqx.yaml
@@ -29,10 +29,10 @@ spec:
             enable = true
             type = file
             path = "/secrets/acl.conf"
-          },
-          {
-            enable = true
-            type = built_in_database
+          # },
+          # {
+          #   enable = true
+          #   type = built_in_database
           }
         ]
       }

diff --git a/kube/deploy/core/db/emqx/cluster/es.yaml b/kube/deploy/core/db/emqx/cluster/es.yaml
@@ -36,11 +36,13 @@ spec:
 
           %% Zigbee2MQTT, data and HASS discovery
           {allow, {user, "{{ .X_EMQX_MQTT_Z2M_USERNAME }}"}, publish, ["homeassistant/#"]}.
+          {allow, {user, "{{ .X_EMQX_MQTT_Z2M_USERNAME }}"}, subscribe, ["homeassistant/status"]}.
           {allow, {user, "{{ .X_EMQX_MQTT_Z2M_USERNAME }}"}, all, ["hass/#", "zigbee2mqtt/#"]}.
 
           %% Valetudo, data and HASS discovery
           {allow, {user, "{{ .X_EMQX_MQTT_VALETUDO_USERNAME }}"}, publish, ["homeassistant/#"]}.
+          {allow, {user, "{{ .X_EMQX_MQTT_VALETUDO_USERNAME }}"}, subscribe, ["homeassistant/status"]}.
           {allow, {user, "{{ .X_EMQX_MQTT_VALETUDO_USERNAME }}"}, all, ["valetudo/#"]}.
 
           %% Default Deny All
-          {deny, all}.
+          %%{deny, all}. %% commented out to allow failures to be logged