{ ... }:
let
  port = 1883;
in
{
  services.mosquitto = {
    enable = true;
    listeners = [
      {
        address = "10.158.1.1";
        acl = [ "topic readwrite #" ];
        port = port;
        settings = {
          allow_anonymous = true;
        };
      }
    ];
  };
  networking.firewall.allowedTCPPorts = [ port ];
}