ctucx.git: nixfiles

ctucx' nixfiles

commit 0efac51e88c50a92c7990c33ad128b2ce1757494
parent d412805942fd076e5f312ea761f03438beb4e8db
Author: Leah (ctucx) <git@ctu.cx>
Date: Wed, 14 Jun 2023 21:06:09 +0200

machines/briefkasten/smarthome/sdm2mqtt: use nixosModule from flake

2 files changed, 22 insertions(+), 47 deletions(-)
M
flake.lock
|
8
++++----
M
machines/briefkasten/smarthome/sdm2mqtt.nix
|
61
++++++++++++++++++-------------------------------------------
diff --git a/flake.lock b/flake.lock
@@ -633,11 +633,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1685867352,
-        "narHash": "sha256-zHPUoDogvcdD8gZzuKgOkKhXPUmG8OAU+cc7kTSDn3g=",
+        "lastModified": 1686737576,
+        "narHash": "sha256-cckPJwouE81+Z4haXLlNas4Gcahg3+mv4jrAHsonHOM=",
         "ref": "main",
-        "rev": "2558947fb87a05427ba95359c91ed871d2939d1d",
-        "revCount": 4,
+        "rev": "ae936afec3ce745576a5c7be84a91959011b1378",
+        "revCount": 5,
         "type": "git",
         "url": "https://git.ctu.cx/sdm2mqtt"
       },

diff --git a/machines/briefkasten/smarthome/sdm2mqtt.nix b/machines/briefkasten/smarthome/sdm2mqtt.nix
@@ -1,55 +1,30 @@
 { inputs, config, pkgs, ... }:
 
-let
-  sdm2mqttConfig = {
-    devices."leah" =  50;
-    modbus.host    = "::1";
-    modbus.port    = 502;
-    mqtt.host      = "::1";
-    mqtt.port      = 1883;
-    updateInterval = 5;
+{
+
+  imports = [
+    inputs.sdm2mqtt.nixosModule
+  ];
+
+  services.sdm2mqtt = {
+    enable = true;
+    config = {
+      devices."leah" =  50;
+      modbus.host    = "::1";
+      modbus.port    = 502;
+      mqtt.host      = "::1";
+      mqtt.port      = 1883;
+      updateInterval = 5;
+    };
   };
 
-  configFile = pkgs.writeText "sdm2mqtt-config.json" (builtins.toJSON sdm2mqttConfig);
-
-in {
-
   systemd.services.sdm2mqtt = {
-    wantedBy  = [ "multi-user.target" ];
     requires  = [ "network-online.target" "mbusd.service" "mosquitto.service" ];
     after     = [ "network-online.target" "mbusd.service" "mosquitto.service" ];
     onFailure = [ "email-notify@%i.service" ];
 
-    environment.CONFIG_PATH = configFile;
-
-    serviceConfig = {
-      ExecStart    = "${pkgs.sdm2mqtt}/bin/sdm2mqtt";
-      Restart      = "on-failure";
-      RestartSec   = "5";
-
-      DynamicUser = true;
-
-      NoNewPrivileges         = true;
-      PrivateTmp              = true;
-
-      ProtectSystem           = "strict";
-      ProtectKernelLogs       = true;
-      ProtectKernelModules    = true;
-      ProtectKernelTunables   = true;
-      ProtectControlGroups    = true;
-      ProtectHome             = true;
-
-      IPAddressAllow          = "::1/128";
-
-      RestrictAddressFamilies = "AF_INET6";
-      RestrictNamespaces      = true;
-      RestrictRealtime        = true;
-
-      DevicePolicy            = "closed";
-      LockPersonality         = true;
-
-      LimitNPROC              = 1;
-    };
+    serviceConfig.IPAddressAllow          = "::1/128";
+    serviceConfig.RestrictAddressFamilies = "AF_INET6";
   };
 
 }