fmt:

2026-06-03 18:24:08 +02:00 · 2025-06-02 22:21:13 +02:00 · 2025-06-02 22:21:13 +02:00 · e9a16ce546
commit e9a16ce546
parent 745376df6f
5 changed files with 56 additions and 46 deletions
--- a/module.nix
+++ b/module.nix
@ -1,30 +1,32 @@
-{ config
-, lib
-, pkgs
-, ...
+{
+  config,
+  lib,
+  pkgs,
+  ...
 }:
 with lib; let
  cfg = config.services.tasproxy;
-  format = pkgs.formats.toml { };
+  format = pkgs.formats.toml {};
  configFile = format.generate "tasproxy-config.toml" {
    listen = {
      inherit (cfg) socket;
    };
-    mqtt = {
-      inherit (cfg.mqtt) hostname port;
-    } // (
-      optionalAttrs (cfg.mqtt.passwordFile != null) {
-        inherit (cfg.mqtt) username;
-        password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
+    mqtt =
+      {
+        inherit (cfg.mqtt) hostname port;
      }
-    );
+      // (
+        optionalAttrs (cfg.mqtt.passwordFile != null) {
+          inherit (cfg.mqtt) username;
+          password_file = "$CREDENTIALS_DIRECTORY/mqtt_password";
+        }
+      );
    tasmota = optionalAttrs (cfg.tasmota.username != null) {
      inherit (cfg.tasmota) username;
      password_file = "$CREDENTIALS_DIRECTORY/tasmota_password";
    };
  };
-in
-{
+in {
  options.services.tasproxy = {
    enable = mkEnableOption "Log archiver";

@ -81,7 +83,7 @@ in
          };
        };
      };
-      default = { };
+      default = {};
    };

    enableUnixSocket = mkOption {
@ -99,14 +101,16 @@ in

  config = mkIf cfg.enable {
    systemd.services."tasproxy" = {
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = ["multi-user.target"];

      serviceConfig = {
-        LoadCredential = (optional (cfg.mqtt.passwordFile != null) [
-          "mqtt_password:${cfg.mqtt.passwordFile}"
-        ]) ++ (optional (cfg.tasmota.passwordFile != null) [
-          "tasmota_password:${cfg.tasmota.passwordFile}"
-        ]);
+        LoadCredential =
+          (optional (cfg.mqtt.passwordFile != null) [
+            "mqtt_password:${cfg.mqtt.passwordFile}"
+          ])
+          ++ (optional (cfg.tasmota.passwordFile != null) [
+            "tasmota_password:${cfg.tasmota.passwordFile}"
+          ]);

        ExecStart = "${cfg.package}/bin/tasproxy ${configFile}";

@ -128,10 +132,10 @@ in
        ProtectHostname = true;
        LockPersonality = true;
        ProtectKernelTunables = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ] ++ optionals cfg.enableUnixSocket [ "AF_UNIX" ];
+        RestrictAddressFamilies = ["AF_INET" "AF_INET6"] ++ optionals cfg.enableUnixSocket ["AF_UNIX"];
        RestrictRealtime = true;
        ProtectProc = "noaccess";
-        SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
+        SystemCallFilter = ["@system-service" "~@resources" "~@privileged"];
        IPAddressDeny = "multicast";
        PrivateUsers = true;
        ProcSubset = "pid";