ctucx.git: sdm2mqtt

Publish data from SDM120M meters via MQTT

commit ae936afec3ce745576a5c7be84a91959011b1378
parent 2558947fb87a05427ba95359c91ed871d2939d1d
Author: Leah (ctucx) <git@ctu.cx>
Date: Wed, 14 Jun 2023 12:03:39 +0200

flake.nix: add nixosModule

2 files changed, 96 insertions(+), 1 deletion(-)
M
flake.nix
|
4
+++-
A
nixosModule.nix
|
93
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/flake.nix b/flake.nix
@@ -8,7 +8,9 @@
 
   outputs = { self, nixpkgs, flake-utils }: {
 
-    overlay = final: prev: {
+    nixosModule = import ./nixosModule.nix;
+
+    overlay     = final: prev: {
 
       sdm2mqtt = (
         let

diff --git a/nixosModule.nix b/nixosModule.nix
@@ -0,0 +1,93 @@
+{ options, config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg            = config.services.sdm2mqtt;
+  settingsFormat = pkgs.formats.json {};
+  configFile     = settingsFormat.generate "sdm2mqtt-config.json" cfg.config;
+
+in {
+
+  options = {
+    services.sdm2mqtt = with lib; {
+      enable = mkEnableOption "sdm2mqtt - Exporter for SDM120M meters to mqtt, written in nim";
+
+      package = mkOption {
+        type    = types.package;
+        default = pkgs.sdm2mqtt;
+      };
+
+      config = mkOption {
+        type    = settingsFormat.type;
+        default = {};
+        example = {};
+      };
+
+      environmentFiles = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        example = [ "/run/keys/sdm2mqtt.env" ];
+        description = lib.mdDoc ''
+          File to load as environment file. Environment variables from this file
+          will be interpolated into the config file using envsubst.
+          This is useful to avoid putting secrets into the nix store.
+        '';
+      };
+
+    };
+  };
+
+
+  config = lib.mkIf cfg.enable {
+
+    systemd.services.sdm2mqtt = {
+      after           = [ "network-online.target" ];
+      wantedBy        = [ "multi-user.target" ];
+
+      environment.CONFIG_PATH  = (
+        if cfg.environmentFiles == []
+        then configFile
+        else "/var/run/sdm2mqtt/config.json"
+      );
+
+      serviceConfig = {
+        DynamicUser  = true;
+
+        Restart      = "on-failure";
+        RestartSec   = 5;
+
+        RuntimeDirectory   = "sdm2mqtt";
+
+        EnvironmentFile = cfg.environmentFiles;
+
+        ExecStart    = "${cfg.package}/bin/sdm2mqtt";
+        ExecStartPre = lib.optional (cfg.environmentFiles != []) (pkgs.writeShellScript "sdm2mqtt-preStart" ''
+          umask 077
+          ${pkgs.envsubst}/bin/envsubst -i "${configFile}" > /var/run/sdm2mqtt/config.json
+        '');
+
+        NoNewPrivileges         = true;
+        PrivateTmp              = true;
+
+        ProtectSystem           = "strict";
+        ProtectKernelLogs       = true;
+        ProtectKernelModules    = true;
+        ProtectKernelTunables   = true;
+        ProtectControlGroups    = true;
+        ProtectHome             = true;
+
+        RestrictAddressFamilies = lib.mkDefault "AF_UNIX AF_INET AF_INET6";
+        RestrictNamespaces      = true;
+        RestrictRealtime        = true;
+      
+        DevicePolicy            = "closed";
+        LockPersonality         = true;
+
+        LimitNPROC              = 1;
+      };
+    };
+
+  };
+
+}