diff options
author | Sandro <sandro.jaeckel@gmail.com> | 2024-02-07 18:14:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-07 18:14:05 +0100 |
commit | f7654894a3e856b4a7b2f9791e46932c4a2e7718 (patch) | |
tree | f4758225f4866dca94d587355df251c07530fa4c | |
parent | 761755b21513537a91689af280b9c8ea2510de90 (diff) | |
parent | 1b3f92087bc8d15fa86ca97379d18aeb963443b7 (diff) | |
download | nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.tar nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.tar.gz nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.tar.bz2 nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.tar.lz nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.tar.xz nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.tar.zst nixlib-f7654894a3e856b4a7b2f9791e46932c4a2e7718.zip |
Merge pull request #285298 from SuperSandro2000/govee2mqtt
govee2mqtt: init at 2024.01.21-088d4ca8, nixos/govee2mqtt: init
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/home-automation/govee2mqtt.nix | 90 | ||||
-rw-r--r-- | pkgs/by-name/go/govee2mqtt/dont-vendor-openssl.diff | 41 | ||||
-rw-r--r-- | pkgs/by-name/go/govee2mqtt/package.nix | 56 |
4 files changed, 188 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 23a761041bf4..2996da3c2d55 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -579,6 +579,7 @@ ./services/home-automation/ebusd.nix ./services/home-automation/esphome.nix ./services/home-automation/evcc.nix + ./services/home-automation/govee2mqtt.nix ./services/home-automation/home-assistant.nix ./services/home-automation/homeassistant-satellite.nix ./services/home-automation/zigbee2mqtt.nix diff --git a/nixos/modules/services/home-automation/govee2mqtt.nix b/nixos/modules/services/home-automation/govee2mqtt.nix new file mode 100644 index 000000000000..1dee5999fa3b --- /dev/null +++ b/nixos/modules/services/home-automation/govee2mqtt.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.govee2mqtt; +in { + meta.maintainers = with lib.maintainers; [ SuperSandro2000 ]; + + options.services.govee2mqtt = { + enable = lib.mkEnableOption "Govee2MQTT"; + + package = lib.mkPackageOption pkgs "govee2mqtt" { }; + + user = lib.mkOption { + type = lib.types.str; + default = "govee2mqtt"; + description = "User under which Govee2MQTT should run."; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "govee2mqtt"; + description = "Group under which Govee2MQTT should run."; + }; + + environmentFile = lib.mkOption { + type = lib.types.path; + example = "/var/lib/govee2mqtt/govee2mqtt.env"; + description = '' + Environment file as defined in {manpage}`systemd.exec(5)`. + + See upstream documentation <https://github.com/wez/govee2mqtt/blob/main/docs/CONFIG.md>. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + users = { + groups.${cfg.group} = { }; + users.${cfg.user} = { + description = "Govee2MQTT service user"; + inherit (cfg) group; + isSystemUser = true; + }; + }; + + systemd.services.govee2mqtt = { + description = "Govee2MQTT Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" ]; + serviceConfig = { + CacheDirectory = "govee2mqtt"; + Environment = [ + "GOVEE_CACHE_DIR=/var/cache/govee2mqtt" + ]; + EnvironmentFile = cfg.environmentFile; + ExecStart = "${lib.getExe cfg.package} serve --govee-iot-key=/var/lib/govee2mqtt/iot.key --govee-iot-cert=/var/lib/govee2mqtt/iot.cert" + + " --amazon-root-ca=${pkgs.cacert.unbundled}/etc/ssl/certs/Amazon_Root_CA_1:66c9fcf99bf8c0a39e2f0788a43e696365bca.crt"; + Group = cfg.group; + Restart = "on-failure"; + StateDirectory = "govee2mqtt"; + User = cfg.user; + + # Hardening + AmbientCapabilities = ""; + CapabilityBoundingSet = ""; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateMounts = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = "strict"; + RemoveIPC = true; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + }; + }; + }; +} diff --git a/pkgs/by-name/go/govee2mqtt/dont-vendor-openssl.diff b/pkgs/by-name/go/govee2mqtt/dont-vendor-openssl.diff new file mode 100644 index 000000000000..fb290f11eccd --- /dev/null +++ b/pkgs/by-name/go/govee2mqtt/dont-vendor-openssl.diff @@ -0,0 +1,41 @@ +diff --git a/Cargo.lock b/Cargo.lock +index 303f6f8..952a7ff 100644 +--- a/Cargo.lock ++++ b/Cargo.lock +@@ -1373,15 +1373,6 @@ version = "0.1.5" + source = "registry+https://github.com/rust-lang/crates.io-index" + checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" + +-[[package]] +-name = "openssl-src" +-version = "300.2.1+3.2.0" +-source = "registry+https://github.com/rust-lang/crates.io-index" +-checksum = "3fe476c29791a5ca0d1273c697e96085bbabbbea2ef7afd5617e78a4b40332d3" +-dependencies = [ +- "cc", +-] +- + [[package]] + name = "openssl-sys" + version = "0.9.98" +@@ -1390,7 +1381,6 @@ checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7" + dependencies = [ + "cc", + "libc", +- "openssl-src", + "pkg-config", + "vcpkg", + ] +diff --git a/Cargo.toml b/Cargo.toml +index a4cf25c..42fde6d 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -44,7 +44,7 @@ parking_lot = "0.12.1" + + [dependencies.mosquitto-rs] + version="0.11.1" +-features = ["vendored-openssl"] ++features = ["router"] + #path = "../mosquitto-rs/mosquitto-rs" + + [dev-dependencies] diff --git a/pkgs/by-name/go/govee2mqtt/package.nix b/pkgs/by-name/go/govee2mqtt/package.nix new file mode 100644 index 000000000000..41392d0022c1 --- /dev/null +++ b/pkgs/by-name/go/govee2mqtt/package.nix @@ -0,0 +1,56 @@ +{ rustPlatform +, lib +, fetchFromGitHub +, fetchpatch +, openssl +, pkg-config +}: + +rustPlatform.buildRustPackage rec { + pname = "govee2mqtt"; + version = "2024.01.24-ea3cd430"; + + src = fetchFromGitHub { + owner = "wez"; + repo = "govee2mqtt"; + rev = version; + hash = "sha256-iGOj0a4+wLd8QlM1tr+NYfd2tuwgHV+u5dt0zf+WscY="; + }; + + cargoPatches = [ + ./dont-vendor-openssl.diff + ]; + + patches = [ + # update test fixtures https://github.com/wez/govee2mqtt/pull/120 + (fetchpatch { + url = "https://github.com/wez/govee2mqtt/commit/0c2dc3e1cc1ccd44ddf98ead34e081ac4b4335f1.patch"; + hash = "sha256-0TNYyvRRcMkE9FYPcVoKburejhAn/cVYM3eaobS4nx8="; + }) + ]; + + postPatch = '' + substituteInPlace src/service/http.rs \ + --replace '"assets"' '"${placeholder "out"}/share/govee2mqtt/assets"' + ''; + + cargoHash = "sha256-wApf+H5T7HPkCGQwv8ePoDnStUn04oVvv3eIJ8aKVUw="; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ openssl ]; + + postInstall = '' + mkdir -p $out/share/govee2mqtt/ + cp -r assets $out/share/govee2mqtt/ + ''; + + meta = with lib; { + description = "Connect Govee lights and devices to Home Assistant"; + homepage = "https://github.com/wez/govee2mqtt"; + changelog = "https://github.com/wez/govee2mqtt/blob/${src.rev}/addon/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ SuperSandro2000 ]; + mainProgram = "govee"; + }; +} |