Unverified Commit 00b9de62 authored by Martin Weinelt's avatar Martin Weinelt Committed by GitHub
Browse files

Merge pull request #202273 from NixOS/backport-131475-to-release-22.11

parents 7af45eba 1963f4c6

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

+10 −0
Original line number Diff line number Diff line
@@ -278,6 +278,16 @@ 
          <link linkend="opt-services.prometheus.sachet.enable">services.prometheus.sachet</link>.

        </para>

      </listitem>

      <listitem>

        <para>

          <link xlink:href="https://evcc.io">EVCC</link> is an EV charge

          controller with PV integration. It supports a multitude of

          chargers, meters, vehicle APIs and more and ties that together

          with a well-tested backend and a lightweight web frontend.

          Available as

          <link linkend="opt-services.evcc.enable">services.evcc</link>.

        </para>

      </listitem>

      <listitem>

        <para>

          <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>,

nixos/doc/manual/release-notes/rl-2211.section.md

+2 −0
Original line number Diff line number Diff line
@@ -98,6 +98,8 @@ In addition to numerous new and upgraded packages, this release has the followin 


- [Sachet](https://github.com/messagebird/sachet/), an SMS alerting tool for the Prometheus Alertmanager. Available as [services.prometheus.sachet](#opt-services.prometheus.sachet.enable).



- [EVCC](https://evcc.io) is an EV charge controller with PV integration. It supports a multitude of chargers, meters, vehicle APIs and more and ties that together with a well-tested backend and a lightweight web frontend. Available as [services.evcc](#opt-services.evcc.enable).



- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.

  Available as [services.infnoise](options.html#opt-services.infnoise.enable).

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -491,6 +491,7 @@ 
  ./services/hardware/vdr.nix

  ./services/home-automation/home-assistant.nix

  ./services/home-automation/zigbee2mqtt.nix

  ./services/home-automation/evcc.nix

  ./services/logging/SystemdJournal2Gelf.nix

  ./services/logging/awstats.nix

  ./services/logging/filebeat.nix

nixos/modules/services/home-automation/evcc.nix

0 → 100644
+92 −0
Original line number Diff line number Diff line 
{ lib

, pkgs

, config

, ...

}:



with lib;



let

  cfg = config.services.evcc;



  format = pkgs.formats.yaml {};

  configFile = format.generate "evcc.yml" cfg.settings;



  package = pkgs.evcc;

in



{

  meta.maintainers = with lib.maintainers; [ hexa ];



  options.services.evcc = with types; {

    enable = mkEnableOption (lib.mdDoc "EVCC, the extensible EV Charge Controller with PV integration");



    extraArgs = mkOption {

      type = listOf str;

      default = [];

      description = lib.mdDoc ''

        Extra arguments to pass to the evcc executable.

      '';

    };



    settings = mkOption {

      type = format.type;

      description = lib.mdDoc ''

        evcc configuration as a Nix attribute set.



        Check for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/${package.version}/evcc.dist.yaml].

      '';

    };

  };



  config = mkIf cfg.enable {

    systemd.services.evcc = {

      after = [

        "network-online.target"

        "mosquitto.target"

      ];

      wantedBy = [

        "multi-user.target"

      ];



      serviceConfig = {

        ExecStart = "${package}/bin/evcc --config ${configFile} ${escapeShellArgs cfg.extraArgs}";

        CapabilityBoundingSet = [ "" ];

        DeviceAllow = [

          "char-ttyUSB"

        ];

        DevicePolicy = "closed";

        DynamicUser = true;

        LockPersonality = true;

        MemoryDenyWriteExecute = true;

        RestrictAddressFamilies = [

          "AF_INET"

          "AF_INET6"

          "AF_UNIX"

        ];

        RestrictNamespaces = true;

        RestrictRealtime = true;

        PrivateTmp = true;

        PrivateUsers = true;

        ProcSubset = "pid";

        ProtectClock = true;

        ProtectControlGroups= true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        SystemCallArchitectures = "native";

        SystemCallFilter = [

          "@system-service"

          "~@privileged"

        ];

        UMask = "0077";

        User = "evcc";

      };

    };

  };



  meta.buildDocsInSandbox = false;

}

nixos/tests/all-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -198,6 +198,7 @@ in { 
  etebase-server = handleTest ./etebase-server.nix {};

  etesync-dav = handleTest ./etesync-dav.nix {};

  extra-python-packages = handleTest ./extra-python-packages.nix {};

  evcc = handleTest ./evcc.nix {};

  fancontrol = handleTest ./fancontrol.nix {};

  fcitx = handleTest ./fcitx {};

  fenics = handleTest ./fenics.nix {};