fmt

2026-06-03 08:34:21 +02:00 · 2025-06-02 22:26:45 +02:00 · 2025-06-02 22:26:45 +02:00 · 5c87b874e4
commit 5c87b874e4
parent 0938b09f74
6 changed files with 71 additions and 66 deletions
--- a/module.nix
+++ b/module.nix
@ -1,11 +1,12 @@
-{ config
-, lib
-, pkgs
-, ...
+{
+  config,
+  lib,
+  pkgs,
+  ...
 }:
 with lib; let
  cfg = config.services.taspromto;
-  format = pkgs.formats.toml { };
+  format = pkgs.formats.toml {};
  configFile = format.generate "taspromto-config.toml" {
    listen = {
      inherit (cfg) port;
@ -14,29 +15,30 @@ with lib; let
      mitemp = cfg.mitempNames;
      rftemp = cfg.rfChannelNames;
    };
-    mqtt = {
-      inherit (cfg.mqtt) hostname port;
-    } // (
-      optionalAttrs (cfg.mqtt.passwordFile != null) {
-        inherit (cfg.mqtt) username;
-        password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
+    mqtt =
+      {
+        inherit (cfg.mqtt) hostname port;
      }
-    );
+      // (
+        optionalAttrs (cfg.mqtt.passwordFile != null) {
+          inherit (cfg.mqtt) username;
+          password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
+        }
+      );
  };
-in
-{
+in {
  options.services.taspromto = {
    enable = mkEnableOption "taspromto";

    mitempNames = mkOption {
      type = types.attrs;
-      default = { };
+      default = {};
      description = "Names for mitemp sensors";
    };

    rfChannelNames = mkOption {
      type = types.attrs;
-      default = { };
+      default = {};
      description = "Names for 433mhz temperature sensors";
    };

@ -81,7 +83,7 @@ in

  config = mkIf cfg.enable {
    systemd.services."taspromto" = {
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];

      serviceConfig = {
        LoadCredential = optional (cfg.mqtt.passwordFile != null) [
@ -108,13 +110,13 @@ in
        ProtectHostname = true;
        LockPersonality = true;
        ProtectKernelTunables = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
+        RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"];
        RuntimeDirectory = "taspromto";
        RestrictRealtime = true;
        ProtectProc = "noaccess";
-        SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
+        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
        IPAddressDeny = "any";
-        IPAddressAllow = [ "localhost" cfg.mqtt.hostname ];
+        IPAddressAllow = ["localhost" cfg.mqtt.hostname];
        PrivateUsers = true;
        ProcSubset = "pid";
      };