style: format deconz & home-assistant configs

services/deconz.nix

@@ -10,8 +10,7 @@ let
   cfg = config.local.services.deconz;
   name = "deconz";
   stateDir = "/var/lib/${name}";
-in
+in {
-{
   options.local.services.deconz = {
 
     enable = mkEnableOption "deCONZ, a ZigBee gateway";
@@ -54,10 +53,7 @@ in
 
     extraOpts = mkOption {
       type = types.listOf types.str;
-      default = [
+      default = [ "--auto-connect=1" "--dbg-info=1" ];
-        "--auto-connect=1"
-        "--dbg-info=1"
-      ];
       description = ''
         Extra command line options for deCONZ.
         These options seem undocumented, but some examples can be found here:
@@ -68,10 +64,8 @@ in
 
   config = mkIf cfg.enable {
 
-    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
+    networking.firewall.allowedTCPPorts =
-      cfg.httpPort
+      lib.mkIf cfg.openFirewall [ cfg.httpPort cfg.wsPort ];
-      cfg.wsPort
-    ];
 
     systemd.services.deconz = {
       description = "deCONZ ZigBee gateway";
@@ -83,23 +77,20 @@ in
         rm -f ${stateDir}/.local/share/dresden-elektronik/deCONZ/zcldb.txt
       '';
       serviceConfig = {
-        ExecStart =
+        ExecStart = "${cfg.package}/bin/deCONZ" + " -platform minimal"
-          "${cfg.package}/bin/deCONZ"
-          + " -platform minimal"
           + " --http-port=${toString cfg.httpPort}"
           + " --ws-port=${toString cfg.wsPort}"
-          + (if cfg.device != "" then " --dev=${cfg.device}" else "")
+          + (if cfg.device != "" then " --dev=${cfg.device}" else "") + " "
-          + " " + (lib.concatStringsSep " " cfg.extraOpts);
+          + (lib.concatStringsSep " " cfg.extraOpts);
         Restart = "on-failure";
-        AmbientCapabilities =
+        AmbientCapabilities = let
-          let
+          # ref. upstream deconz.service
-            # ref. upstream deconz.service
+          caps = lib.optionals (cfg.httpPort < 1024 || cfg.wsPort < 1024)
-            caps = lib.optionals (cfg.httpPort < 1024 || cfg.wsPort < 1024) [ "CAP_NET_BIND_SERVICE" ]
+            [ "CAP_NET_BIND_SERVICE" ]
-                ++ lib.optionals (cfg.allowRebootSystem) [ "CAP_SYS_BOOT" ]
+            ++ lib.optionals (cfg.allowRebootSystem) [ "CAP_SYS_BOOT" ]
-                ++ lib.optionals (cfg.allowRestartService) [ "CAP_KILL" ]
+            ++ lib.optionals (cfg.allowRestartService) [ "CAP_KILL" ]
-                ++ lib.optionals (cfg.allowSetSystemTime) [ "CAP_SYS_TIME" ];
+            ++ lib.optionals (cfg.allowSetSystemTime) [ "CAP_SYS_TIME" ];
-          in
+        in lib.concatStringsSep " " caps;
-            lib.concatStringsSep " " caps;
         UMask = "0027";
         User = name;
         StateDirectory = name;
@@ -115,9 +106,9 @@ in
       group = name;
       isSystemUser = true;
       home = stateDir;
-      extraGroups = [ "dialout" ];  # for access to /dev/ttyACM0 (ConBee)
+      extraGroups = [ "dialout" ]; # for access to /dev/ttyACM0 (ConBee)
     };
 
-    users.groups.deconz = {};
+    users.groups.deconz = { };
   };
 }

services/home-assistant.nix

@@ -1,12 +1,11 @@
 { config, pkgs, ... }:
 
-with pkgs; 
+with pkgs;
 
 let
   mqttDomain = "mqtt.${config.networking.domain}";
   mqttWSPort = "9001";
-in
+in {
-{
   environment.systemPackages = with pkgs; [ deconz ];
 
   local.services.deconz = {
@@ -18,7 +17,7 @@ in
 
   services.nginx = {
     virtualHosts = {
-      ${ mqttDomain } = {
+      ${mqttDomain} = {
         enableACME = true;
         forceSSL = true;
         locations."/" = {
@@ -29,9 +28,7 @@ in
     };
   };
 
-  networking.firewall.allowedTCPPorts = [
+  networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ];
-    config.services.mosquitto.port
-  ];
 
   services.mosquitto = {
     enable = true;
@@ -51,30 +48,19 @@ in
         hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
       };
       "tasmota" = {
-        acl = [
+        acl = [ "topic readwrite tasmota/#" "topic readwrite homeassistant/#" ];
-          "topic readwrite tasmota/#"
-          "topic readwrite homeassistant/#"
-        ];
         hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
       };
       "owntracks" = {
-        acl = [
+        acl = [ "topic readwrite owntracks/#" ];
-          "topic readwrite owntracks/#"
-        ];
         hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
       };
       "felix" = {
-        acl = [
+        acl = [ "topic read owntracks/#" "topic readwrite owntracks/felix/#" ];
-          "topic read owntracks/#"
-          "topic readwrite owntracks/felix/#"
-        ];
         hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
       };
       "birgit" = {
-        acl = [
+        acl = [ "topic read owntracks/#" "topic readwrite owntracks/birgit/#" ];
-          "topic read owntracks/#"
-          "topic readwrite owntracks/birgit/#"
-        ];
         hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
       };
     };
@@ -83,9 +69,7 @@ in
   services.home-assistant = {
     enable = true;
     package = home-assistant.override {
-      extraPackages = ps: with ps; [
+      extraPackages = ps: with ps; [ (callPackage pydeconz { }) ];
-        (callPackage pydeconz { })
-      ];
     };
     openFirewall = true;
     config = {
@@ -120,9 +104,7 @@ in
         discovery = true;
         discovery_prefix = "homeassistant";
       };
-      owntracks = {
+      owntracks = { mqtt_topic = "owntracks/#"; };
-        mqtt_topic = "owntracks/#";
-      };
     };
     # configWritable = true; # doesn't work atm
   };