Unverified Commit 31680c6f authored by Martin Weinelt's avatar Martin Weinelt Committed by GitHub
Browse files

zwave-js-ui: init at 9.27.8; nixos/zwave-js-ui: init module (#336623)

parents 4843d1fb d7ba3b54

nixos/doc/manual/release-notes/rl-2505.section.md

+2 −0
Original line number Diff line number Diff line
@@ -69,6 +69,8 @@ 


- [crab-hole](https://github.com/LuckyTurtleDev/crab-hole), a cross platform Pi-hole clone written in Rust using hickory-dns/trust-dns. Available as [services.crab-hole](#opt-services.crab-hole.enable).



- [zwave-js-ui](https://zwave-js.github.io/zwave-js-ui/), a full featured Z-Wave Control Panel and MQTT Gateway. Available as [services.zwave-js-ui](#opt-services.zwave-js-ui.enable).



- [Amazon CloudWatch Agent](https://github.com/aws/amazon-cloudwatch-agent), the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as [services.amazon-cloudwatch-agent](options.html#opt-services.amazon-cloudwatch-agent.enable).



- [Bat](https://github.com/sharkdp/bat), a {manpage}`cat(1)` clone with wings. Available as [programs.bat](options.html#opt-programs.bat).

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -668,6 +668,7 @@ 
  ./services/home-automation/wyoming/satellite.nix

  ./services/home-automation/zigbee2mqtt.nix

  ./services/home-automation/zwave-js.nix

  ./services/home-automation/zwave-js-ui.nix

  ./services/logging/SystemdJournal2Gelf.nix

  ./services/logging/awstats.nix

  ./services/logging/filebeat.nix

nixos/modules/services/home-automation/zwave-js-ui.nix

0 → 100644
+120 −0
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  ...

}:

let

  inherit (lib)

    getExe

    mkIf

    mkEnableOption

    mkOption

    mkPackageOption

    types

    ;

  cfg = config.services.zwave-js-ui;

in

{

  options.services.zwave-js-ui = {

    enable = mkEnableOption "zwave-js-ui";



    package = mkPackageOption pkgs "zwave-js-ui" { };



    serialPort = mkOption {

      type = types.path;

      description = ''

        Serial port for the Z-Wave controller.



        Only used to grant permissions to the device; must be additionally configured in the application

      '';

      example = "/dev/serial/by-id/usb-example";

    };



    settings = mkOption {

      type = types.submodule {

        freeformType =

          with types;

          attrsOf (

            nullOr (oneOf [

              str

              path

              package

            ])

          );



        options = {

          STORE_DIR = mkOption {

            type = types.str;

            default = "%S/zwave-js-ui";

            visible = false;

            readOnly = true;

          };



          ZWAVEJS_EXTERNAL_CONFIG = mkOption {

            type = types.str;

            default = "%S/zwave-js-ui/.config-db";

            visible = false;

            readOnly = true;

          };

        };

      };



      description = ''

        Extra environment variables passed to the zwave-js-ui process.



        Check <https://zwave-js.github.io/zwave-js-ui/#/guide/env-vars> for possible options

      '';

      example = {

        HOST = "::";

        PORT = "8091";

      };

    };

  };

  config = mkIf cfg.enable {

    systemd.services.zwave-js-ui = {

      environment = cfg.settings;

      wantedBy = [ "multi-user.target" ];

      serviceConfig = {

        ExecStart = getExe cfg.package;

        RuntimeDirectory = "zwave-js-ui";

        StateDirectory = "zwave-js-ui";

        RootDirectory = "%t/zwave-js-ui";

        BindReadOnlyPaths = [

          "/nix/store"

        ];

        DeviceAllow = [ cfg.serialPort ];

        DynamicUser = true;

        SupplementaryGroups = [ "dialout" ];

        CapabilityBoundingSet = [ "" ];

        RestrictAddressFamilies = "AF_INET AF_INET6";

        DevicePolicy = "closed";

        LockPersonality = true;

        MemoryDenyWriteExecute = false;

        NoNewPrivileges = true;

        PrivateUsers = true;

        PrivateTmp = true;

        ProtectClock = true;

        ProtectControlGroups = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernalTunables = true;

        ProtectProc = "invisible";

        ProcSubset = "pid";

        RemoveIPC = true;

        RestrictNamespaces = true;

        RestrictRealtime = true;

        RestrictSUIDSGID = true;

        SystemCallArchitectures = "native";

        SystemCallFilter = [

          "@system-service @pkey"

          "~@privileged @resources"

        ];

        UMask = "0077";

      };

    };

  };

  meta.maintainers = with lib.maintainers; [ cdombroski ];

}

nixos/tests/all-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -1204,4 +1204,5 @@ in { 
  zrepl = handleTest ./zrepl.nix {};

  zsh-history = handleTest ./zsh-history.nix {};

  zwave-js = handleTest ./zwave-js.nix {};

  zwave-js-ui = handleTest ./zwave-js-ui.nix {};

}

nixos/tests/zwave-js-ui.nix

0 → 100644
+31 −0
Original line number Diff line number Diff line 
import ./make-test-python.nix (

  { lib, ... }:

  {

    name = "zwave-js-ui";

    meta.maintainers = with lib.maintainers; [ cdombroski ];



    nodes = {

      machine =

        { ... }:

        {

          services.zwave-js-ui = {

            enable = true;

            serialPort = "/dev/null";

            settings = {

              HOST = "::";

              PORT = "9999";

            };

          };

        };

    };



    testScript = ''

      start_all()



      machine.wait_for_unit("zwave-js-ui.service")

      machine.wait_for_open_port(9999)

      machine.wait_until_succeeds("journalctl --since -1m --unit zwave-js-ui --grep 'Listening on port 9999host :: protocol HTTP'")

      machine.wait_for_file("/var/lib/zwave-js-ui/nodes.json")

    '';

  }

)