mirror of
https://codeberg.org/icewind/taspromto.git
synced 2026-06-03 16:44:11 +02:00
update module
This commit is contained in:
parent
7f7ad384a8
commit
89511832c2
3 changed files with 56 additions and 16 deletions
66
module.nix
66
module.nix
|
|
@ -5,6 +5,25 @@
|
||||||
}:
|
}:
|
||||||
with lib; let
|
with lib; let
|
||||||
cfg = config.services.taspromto;
|
cfg = config.services.taspromto;
|
||||||
|
format = pkgs.formats.toml { };
|
||||||
|
configFile = format.generate "taspromto-config.toml" {
|
||||||
|
listen = {
|
||||||
|
inherit (cfg) port;
|
||||||
|
};
|
||||||
|
names = {
|
||||||
|
mitemp = cfg.mitempNames;
|
||||||
|
rftemp = cfg.rfChannelNames;
|
||||||
|
};
|
||||||
|
mqtt = {
|
||||||
|
inherit (cfg.mqtt) hostname port;
|
||||||
|
password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
|
||||||
|
} // (
|
||||||
|
optionalAttrs (cfg.mqtt.passwordFile != null) {
|
||||||
|
inherit (cfg.mqtt) username;
|
||||||
|
password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
|
||||||
|
}
|
||||||
|
);
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.taspromto = {
|
options.services.taspromto = {
|
||||||
|
|
@ -23,19 +42,40 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.int;
|
type = types.port;
|
||||||
default = 3030;
|
default = 3030;
|
||||||
description = "port to listen to";
|
description = "port to listen to";
|
||||||
};
|
};
|
||||||
|
|
||||||
mqttCredentailsFile = mkOption {
|
mqtt = mkOption {
|
||||||
|
type = types.submodule {
|
||||||
|
options = {
|
||||||
|
hostname = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = "path containing MQTT_HOSTNAME, MQTT_USERNAME and MQTT_PASSWORD environment variables";
|
description = "Hostname of the MQTT server";
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 1883;
|
||||||
|
description = "Port of the MQTT server";
|
||||||
|
};
|
||||||
|
username = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "Username for the MQTT server";
|
||||||
|
};
|
||||||
|
passwordFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "File containing the password for the MQTT server";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
defaultText = literalExpression "pkgs.shelve";
|
defaultText = literalExpression "pkgs.taspromto";
|
||||||
description = "package to use";
|
description = "package to use";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -43,15 +83,14 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.services."taspromto" = {
|
systemd.services."taspromto" = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
environment = {
|
|
||||||
PORT = toString cfg.port;
|
|
||||||
MITEMP_NAMES = concatStringsSep "," (map (k: k + "=" + cfg.mitempNames."${k}") (attrNames cfg.mitempNames));
|
|
||||||
RF_TEMP_NAMES = concatStringsSep "," (map (k: k + "=" + cfg.rfChannelNames."${k}") (attrNames cfg.rfChannelNames));
|
|
||||||
};
|
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${cfg.package}/bin/taspromto";
|
LoadCredential = optional (cfg.mqtt.passwordFile != null) [
|
||||||
EnvironmentFile = cfg.mqttCredentailsFile;
|
"mqtt_password:${cfg.mqtt.passwordFile}"
|
||||||
|
];
|
||||||
|
|
||||||
|
ExecStart = "${cfg.package}/bin/taspromto ${configFile}";
|
||||||
|
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
|
|
@ -70,12 +109,13 @@ in
|
||||||
ProtectHostname = true;
|
ProtectHostname = true;
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
ProtectKernelTunables = true;
|
ProtectKernelTunables = true;
|
||||||
RestrictAddressFamilies = "AF_INET AF_INET6";
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
|
||||||
|
RuntimeDirectory = "taspromto";
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
ProtectProc = "noaccess";
|
ProtectProc = "noaccess";
|
||||||
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
|
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
|
||||||
IPAddressDeny = "any";
|
IPAddressDeny = "any";
|
||||||
IPAddressAllow = [ "localhost" ];
|
IPAddressAllow = [ "localhost" cfg.mqtt.hostname ];
|
||||||
PrivateUsers = true;
|
PrivateUsers = true;
|
||||||
ProcSubset = "pid";
|
ProcSubset = "pid";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ pub enum ListenConfig {
|
||||||
port: u16,
|
port: u16,
|
||||||
},
|
},
|
||||||
Unix {
|
Unix {
|
||||||
path: String,
|
socket: String,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -101,7 +101,7 @@ async fn serve(device_states: Arc<Mutex<DeviceStates>>, config: Config) {
|
||||||
ListenConfig::Ip { address, port } => {
|
ListenConfig::Ip { address, port } => {
|
||||||
warp::serve(metrics).run((address, port)).await;
|
warp::serve(metrics).run((address, port)).await;
|
||||||
}
|
}
|
||||||
ListenConfig::Unix { path } => {
|
ListenConfig::Unix { socket: path } => {
|
||||||
let listener = UnixListener::bind(path).unwrap();
|
let listener = UnixListener::bind(path).unwrap();
|
||||||
let incoming = UnixListenerStream::new(listener);
|
let incoming = UnixListenerStream::new(listener);
|
||||||
warp::serve(metrics).run_incoming(incoming).await;
|
warp::serve(metrics).run_incoming(incoming).await;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue