Loading maintainers/maintainer-list.nix +11 −0 Original line number Diff line number Diff line Loading @@ -6989,6 +6989,11 @@ githubId = 615606; name = "Glenn Searby"; }; Gliczy = { name = "Gliczy"; github = "Gliczy"; githubId = 129636582; }; glittershark = { name = "Griffin Smith"; email = "root@gws.fyi"; Loading Loading @@ -10757,6 +10762,12 @@ name = "Yanning Chen"; matrix = "@self:lightquantum.me"; }; Ligthiago = { email = "donets.andre@gmail.com"; github = "Ligthiago"; githubId = 142721811; name = "Andrey Donets"; }; lihop = { email = "nixos@leroy.geek.nz"; github = "lihop"; Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -579,6 +579,7 @@ ./services/home-automation/ebusd.nix ./services/home-automation/esphome.nix ./services/home-automation/evcc.nix ./services/home-automation/govee2mqtt.nix ./services/home-automation/home-assistant.nix ./services/home-automation/homeassistant-satellite.nix ./services/home-automation/zigbee2mqtt.nix Loading nixos/modules/services/cluster/kubernetes/pki.nix +0 −1 Original line number Diff line number Diff line Loading @@ -219,7 +219,6 @@ in inherit (cert) action; authority = { inherit remote; file.path = cert.caCert; root_ca = cert.caCert; profile = "default"; auth_key_file = certmgrAPITokenPath; Loading nixos/modules/services/home-automation/govee2mqtt.nix 0 → 100644 +90 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: let cfg = config.services.govee2mqtt; in { meta.maintainers = with lib.maintainers; [ SuperSandro2000 ]; options.services.govee2mqtt = { enable = lib.mkEnableOption "Govee2MQTT"; package = lib.mkPackageOption pkgs "govee2mqtt" { }; user = lib.mkOption { type = lib.types.str; default = "govee2mqtt"; description = "User under which Govee2MQTT should run."; }; group = lib.mkOption { type = lib.types.str; default = "govee2mqtt"; description = "Group under which Govee2MQTT should run."; }; environmentFile = lib.mkOption { type = lib.types.path; example = "/var/lib/govee2mqtt/govee2mqtt.env"; description = '' Environment file as defined in {manpage}`systemd.exec(5)`. See upstream documentation <https://github.com/wez/govee2mqtt/blob/main/docs/CONFIG.md>. ''; }; }; config = lib.mkIf cfg.enable { users = { groups.${cfg.group} = { }; users.${cfg.user} = { description = "Govee2MQTT service user"; inherit (cfg) group; isSystemUser = true; }; }; systemd.services.govee2mqtt = { description = "Govee2MQTT Service"; wantedBy = [ "multi-user.target" ]; after = [ "networking.target" ]; serviceConfig = { CacheDirectory = "govee2mqtt"; Environment = [ "GOVEE_CACHE_DIR=/var/cache/govee2mqtt" ]; EnvironmentFile = cfg.environmentFile; ExecStart = "${lib.getExe cfg.package} serve --govee-iot-key=/var/lib/govee2mqtt/iot.key --govee-iot-cert=/var/lib/govee2mqtt/iot.cert" + " --amazon-root-ca=${pkgs.cacert.unbundled}/etc/ssl/certs/Amazon_Root_CA_1:66c9fcf99bf8c0a39e2f0788a43e696365bca.crt"; Group = cfg.group; Restart = "on-failure"; StateDirectory = "govee2mqtt"; User = cfg.user; # Hardening AmbientCapabilities = ""; CapabilityBoundingSet = ""; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; PrivateTmp = true; PrivateUsers = true; ProcSubset = "pid"; ProtectClock = true; ProtectControlGroups = true; ProtectHome = true; ProtectHostname = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RemoveIPC = true; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; }; }; }; } nixos/modules/services/home-automation/zigbee2mqtt.nix +0 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,6 @@ in after = [ "network.target" ]; environment.ZIGBEE2MQTT_DATA = cfg.dataDir; serviceConfig = { Type = "notify"; ExecStart = "${cfg.package}/bin/zigbee2mqtt"; User = "zigbee2mqtt"; Group = "zigbee2mqtt"; Loading Loading
maintainers/maintainer-list.nix +11 −0 Original line number Diff line number Diff line Loading @@ -6989,6 +6989,11 @@ githubId = 615606; name = "Glenn Searby"; }; Gliczy = { name = "Gliczy"; github = "Gliczy"; githubId = 129636582; }; glittershark = { name = "Griffin Smith"; email = "root@gws.fyi"; Loading Loading @@ -10757,6 +10762,12 @@ name = "Yanning Chen"; matrix = "@self:lightquantum.me"; }; Ligthiago = { email = "donets.andre@gmail.com"; github = "Ligthiago"; githubId = 142721811; name = "Andrey Donets"; }; lihop = { email = "nixos@leroy.geek.nz"; github = "lihop"; Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -579,6 +579,7 @@ ./services/home-automation/ebusd.nix ./services/home-automation/esphome.nix ./services/home-automation/evcc.nix ./services/home-automation/govee2mqtt.nix ./services/home-automation/home-assistant.nix ./services/home-automation/homeassistant-satellite.nix ./services/home-automation/zigbee2mqtt.nix Loading
nixos/modules/services/cluster/kubernetes/pki.nix +0 −1 Original line number Diff line number Diff line Loading @@ -219,7 +219,6 @@ in inherit (cert) action; authority = { inherit remote; file.path = cert.caCert; root_ca = cert.caCert; profile = "default"; auth_key_file = certmgrAPITokenPath; Loading
nixos/modules/services/home-automation/govee2mqtt.nix 0 → 100644 +90 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: let cfg = config.services.govee2mqtt; in { meta.maintainers = with lib.maintainers; [ SuperSandro2000 ]; options.services.govee2mqtt = { enable = lib.mkEnableOption "Govee2MQTT"; package = lib.mkPackageOption pkgs "govee2mqtt" { }; user = lib.mkOption { type = lib.types.str; default = "govee2mqtt"; description = "User under which Govee2MQTT should run."; }; group = lib.mkOption { type = lib.types.str; default = "govee2mqtt"; description = "Group under which Govee2MQTT should run."; }; environmentFile = lib.mkOption { type = lib.types.path; example = "/var/lib/govee2mqtt/govee2mqtt.env"; description = '' Environment file as defined in {manpage}`systemd.exec(5)`. See upstream documentation <https://github.com/wez/govee2mqtt/blob/main/docs/CONFIG.md>. ''; }; }; config = lib.mkIf cfg.enable { users = { groups.${cfg.group} = { }; users.${cfg.user} = { description = "Govee2MQTT service user"; inherit (cfg) group; isSystemUser = true; }; }; systemd.services.govee2mqtt = { description = "Govee2MQTT Service"; wantedBy = [ "multi-user.target" ]; after = [ "networking.target" ]; serviceConfig = { CacheDirectory = "govee2mqtt"; Environment = [ "GOVEE_CACHE_DIR=/var/cache/govee2mqtt" ]; EnvironmentFile = cfg.environmentFile; ExecStart = "${lib.getExe cfg.package} serve --govee-iot-key=/var/lib/govee2mqtt/iot.key --govee-iot-cert=/var/lib/govee2mqtt/iot.cert" + " --amazon-root-ca=${pkgs.cacert.unbundled}/etc/ssl/certs/Amazon_Root_CA_1:66c9fcf99bf8c0a39e2f0788a43e696365bca.crt"; Group = cfg.group; Restart = "on-failure"; StateDirectory = "govee2mqtt"; User = cfg.user; # Hardening AmbientCapabilities = ""; CapabilityBoundingSet = ""; LockPersonality = true; NoNewPrivileges = true; PrivateDevices = true; PrivateMounts = true; PrivateTmp = true; PrivateUsers = true; ProcSubset = "pid"; ProtectClock = true; ProtectControlGroups = true; ProtectHome = true; ProtectHostname = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; RemoveIPC = true; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; }; }; }; }
nixos/modules/services/home-automation/zigbee2mqtt.nix +0 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,6 @@ in after = [ "network.target" ]; environment.ZIGBEE2MQTT_DATA = cfg.dataDir; serviceConfig = { Type = "notify"; ExecStart = "${cfg.package}/bin/zigbee2mqtt"; User = "zigbee2mqtt"; Group = "zigbee2mqtt"; Loading
![github-actions[bot]'s avatar](https://secure.gravatar.com/avatar/e7cd911927c7d1acf6281b69d385990d8fadcd26871048bbcdbff2e88da7f607?s=48&d=identicon "github-actions[bot]")