robin/taspromto
1
0
Fork 0
mirror of https://codeberg.org/icewind/taspromto.git synced 2026-06-03 16:44:11 +02:00
Code Issues Projects Releases Wiki Activity

update module

Browse source
This commit is contained in:
Robin Appelman 2024-10-27 14:09:19 +01:00
commit 89511832c2
3 changed files with 56 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

68
module.nix
View file

@ -5,6 +5,25 @@
}:
with lib; let
cfg = config.services.taspromto;
format = pkgs.formats.toml { };
configFile = format.generate "taspromto-config.toml" {
listen = {
inherit (cfg) port;
};
names = {
mitemp = cfg.mitempNames;
rftemp = cfg.rfChannelNames;
};
mqtt = {
inherit (cfg.mqtt) hostname port;
password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
} // (
optionalAttrs (cfg.mqtt.passwordFile != null) {
inherit (cfg.mqtt) username;
password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
}
);
};
in
{
options.services.taspromto = {
@ -23,19 +42,40 @@ in
};
port = mkOption {
type = types.int;
type = types.port;
default = 3030;
description = "port to listen to";
};
mqttCredentailsFile = mkOption {
type = types.str;
description = "path containing MQTT_HOSTNAME, MQTT_USERNAME and MQTT_PASSWORD environment variables";
mqtt = mkOption {
type = types.submodule {
options = {
hostname = mkOption {
type = types.str;
description = "Hostname of the MQTT server";
};
port = mkOption {
type = types.port;
default = 1883;
description = "Port of the MQTT server";
};
username = mkOption {
type = types.nullOr types.str;
default = null;
description = "Username for the MQTT server";
};
passwordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = "File containing the password for the MQTT server";
};
};
};
};
package = mkOption {
type = types.package;
defaultText = literalExpression "pkgs.shelve";
defaultText = literalExpression "pkgs.taspromto";
description = "package to use";
};
};
@ -43,15 +83,14 @@ in
config = mkIf cfg.enable {
systemd.services."taspromto" = {
wantedBy = [ "multi-user.target" ];
environment = {
PORT = toString cfg.port;
MITEMP_NAMES = concatStringsSep "," (map (k: k + "=" + cfg.mitempNames."${k}") (attrNames cfg.mitempNames));
RF_TEMP_NAMES = concatStringsSep "," (map (k: k + "=" + cfg.rfChannelNames."${k}") (attrNames cfg.rfChannelNames));
};
serviceConfig = {
ExecStart = "${cfg.package}/bin/taspromto";
EnvironmentFile = cfg.mqttCredentailsFile;
LoadCredential = optional (cfg.mqtt.passwordFile != null) [
"mqtt_password:${cfg.mqtt.passwordFile}"
];
ExecStart = "${cfg.package}/bin/taspromto ${configFile}";
Restart = "on-failure";
DynamicUser = true;
PrivateTmp = true;
@ -70,12 +109,13 @@ in
ProtectHostname = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RuntimeDirectory = "taspromto";
RestrictRealtime = true;
ProtectProc = "noaccess";
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
IPAddressDeny = "any";
IPAddressAllow = [ "localhost" ];
IPAddressAllow = [ "localhost" cfg.mqtt.hostname ];
PrivateUsers = true;
ProcSubset = "pid";
};

2
src/config.rs
View file

@ -25,7 +25,7 @@ pub enum ListenConfig {
port: u16,
},
Unix {
path: String,
socket: String,
},
}

2
src/main.rs
View file

@ -101,7 +101,7 @@ async fn serve(device_states: Arc<Mutex<DeviceStates>>, config: Config) {
ListenConfig::Ip { address, port } => {
warp::serve(metrics).run((address, port)).await;
}
ListenConfig::Unix { path } => {
ListenConfig::Unix { socket: path } => {
let listener = UnixListener::bind(path).unwrap();
let incoming = UnixListenerStream::new(listener);
warp::serve(metrics).run_incoming(incoming).await;