style: format deconz & home-assistant configs
This commit is contained in:
parent
2be736cc24
commit
8f63ebbdca
|
|
@ -10,8 +10,7 @@ let
|
||||||
cfg = config.local.services.deconz;
|
cfg = config.local.services.deconz;
|
||||||
name = "deconz";
|
name = "deconz";
|
||||||
stateDir = "/var/lib/${name}";
|
stateDir = "/var/lib/${name}";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options.local.services.deconz = {
|
options.local.services.deconz = {
|
||||||
|
|
||||||
enable = mkEnableOption "deCONZ, a ZigBee gateway";
|
enable = mkEnableOption "deCONZ, a ZigBee gateway";
|
||||||
|
|
@ -54,10 +53,7 @@ in
|
||||||
|
|
||||||
extraOpts = mkOption {
|
extraOpts = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [
|
default = [ "--auto-connect=1" "--dbg-info=1" ];
|
||||||
"--auto-connect=1"
|
|
||||||
"--dbg-info=1"
|
|
||||||
];
|
|
||||||
description = ''
|
description = ''
|
||||||
Extra command line options for deCONZ.
|
Extra command line options for deCONZ.
|
||||||
These options seem undocumented, but some examples can be found here:
|
These options seem undocumented, but some examples can be found here:
|
||||||
|
|
@ -68,10 +64,8 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
|
networking.firewall.allowedTCPPorts =
|
||||||
cfg.httpPort
|
lib.mkIf cfg.openFirewall [ cfg.httpPort cfg.wsPort ];
|
||||||
cfg.wsPort
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.deconz = {
|
systemd.services.deconz = {
|
||||||
description = "deCONZ ZigBee gateway";
|
description = "deCONZ ZigBee gateway";
|
||||||
|
|
@ -83,23 +77,20 @@ in
|
||||||
rm -f ${stateDir}/.local/share/dresden-elektronik/deCONZ/zcldb.txt
|
rm -f ${stateDir}/.local/share/dresden-elektronik/deCONZ/zcldb.txt
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart =
|
ExecStart = "${cfg.package}/bin/deCONZ" + " -platform minimal"
|
||||||
"${cfg.package}/bin/deCONZ"
|
|
||||||
+ " -platform minimal"
|
|
||||||
+ " --http-port=${toString cfg.httpPort}"
|
+ " --http-port=${toString cfg.httpPort}"
|
||||||
+ " --ws-port=${toString cfg.wsPort}"
|
+ " --ws-port=${toString cfg.wsPort}"
|
||||||
+ (if cfg.device != "" then " --dev=${cfg.device}" else "")
|
+ (if cfg.device != "" then " --dev=${cfg.device}" else "") + " "
|
||||||
+ " " + (lib.concatStringsSep " " cfg.extraOpts);
|
+ (lib.concatStringsSep " " cfg.extraOpts);
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
AmbientCapabilities =
|
AmbientCapabilities = let
|
||||||
let
|
|
||||||
# ref. upstream deconz.service
|
# ref. upstream deconz.service
|
||||||
caps = lib.optionals (cfg.httpPort < 1024 || cfg.wsPort < 1024) [ "CAP_NET_BIND_SERVICE" ]
|
caps = lib.optionals (cfg.httpPort < 1024 || cfg.wsPort < 1024)
|
||||||
|
[ "CAP_NET_BIND_SERVICE" ]
|
||||||
++ lib.optionals (cfg.allowRebootSystem) [ "CAP_SYS_BOOT" ]
|
++ lib.optionals (cfg.allowRebootSystem) [ "CAP_SYS_BOOT" ]
|
||||||
++ lib.optionals (cfg.allowRestartService) [ "CAP_KILL" ]
|
++ lib.optionals (cfg.allowRestartService) [ "CAP_KILL" ]
|
||||||
++ lib.optionals (cfg.allowSetSystemTime) [ "CAP_SYS_TIME" ];
|
++ lib.optionals (cfg.allowSetSystemTime) [ "CAP_SYS_TIME" ];
|
||||||
in
|
in lib.concatStringsSep " " caps;
|
||||||
lib.concatStringsSep " " caps;
|
|
||||||
UMask = "0027";
|
UMask = "0027";
|
||||||
User = name;
|
User = name;
|
||||||
StateDirectory = name;
|
StateDirectory = name;
|
||||||
|
|
@ -118,6 +109,6 @@ in
|
||||||
extraGroups = [ "dialout" ]; # for access to /dev/ttyACM0 (ConBee)
|
extraGroups = [ "dialout" ]; # for access to /dev/ttyACM0 (ConBee)
|
||||||
};
|
};
|
||||||
|
|
||||||
users.groups.deconz = {};
|
users.groups.deconz = { };
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,7 @@ with pkgs;
|
||||||
let
|
let
|
||||||
mqttDomain = "mqtt.${config.networking.domain}";
|
mqttDomain = "mqtt.${config.networking.domain}";
|
||||||
mqttWSPort = "9001";
|
mqttWSPort = "9001";
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
environment.systemPackages = with pkgs; [ deconz ];
|
environment.systemPackages = with pkgs; [ deconz ];
|
||||||
|
|
||||||
local.services.deconz = {
|
local.services.deconz = {
|
||||||
|
|
@ -18,7 +17,7 @@ in
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
${ mqttDomain } = {
|
${mqttDomain} = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
|
@ -29,9 +28,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ];
|
||||||
config.services.mosquitto.port
|
|
||||||
];
|
|
||||||
|
|
||||||
services.mosquitto = {
|
services.mosquitto = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -51,30 +48,19 @@ in
|
||||||
hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
|
hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
|
||||||
};
|
};
|
||||||
"tasmota" = {
|
"tasmota" = {
|
||||||
acl = [
|
acl = [ "topic readwrite tasmota/#" "topic readwrite homeassistant/#" ];
|
||||||
"topic readwrite tasmota/#"
|
|
||||||
"topic readwrite homeassistant/#"
|
|
||||||
];
|
|
||||||
hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
|
hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
|
||||||
};
|
};
|
||||||
"owntracks" = {
|
"owntracks" = {
|
||||||
acl = [
|
acl = [ "topic readwrite owntracks/#" ];
|
||||||
"topic readwrite owntracks/#"
|
|
||||||
];
|
|
||||||
hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
|
hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
|
||||||
};
|
};
|
||||||
"felix" = {
|
"felix" = {
|
||||||
acl = [
|
acl = [ "topic read owntracks/#" "topic readwrite owntracks/felix/#" ];
|
||||||
"topic read owntracks/#"
|
|
||||||
"topic readwrite owntracks/felix/#"
|
|
||||||
];
|
|
||||||
hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
|
hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
|
||||||
};
|
};
|
||||||
"birgit" = {
|
"birgit" = {
|
||||||
acl = [
|
acl = [ "topic read owntracks/#" "topic readwrite owntracks/birgit/#" ];
|
||||||
"topic read owntracks/#"
|
|
||||||
"topic readwrite owntracks/birgit/#"
|
|
||||||
];
|
|
||||||
hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
|
hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -83,9 +69,7 @@ in
|
||||||
services.home-assistant = {
|
services.home-assistant = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = home-assistant.override {
|
package = home-assistant.override {
|
||||||
extraPackages = ps: with ps; [
|
extraPackages = ps: with ps; [ (callPackage pydeconz { }) ];
|
||||||
(callPackage pydeconz { })
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
config = {
|
config = {
|
||||||
|
|
@ -120,9 +104,7 @@ in
|
||||||
discovery = true;
|
discovery = true;
|
||||||
discovery_prefix = "homeassistant";
|
discovery_prefix = "homeassistant";
|
||||||
};
|
};
|
||||||
owntracks = {
|
owntracks = { mqtt_topic = "owntracks/#"; };
|
||||||
mqtt_topic = "owntracks/#";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
# configWritable = true; # doesn't work atm
|
# configWritable = true; # doesn't work atm
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue