From accca0bd6e4bb419e975f73095fcaf2922718c49 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 1 Mar 2022 19:19:31 +0100 Subject: nixos/zigbee2mqtt: move into home-automation category --- nixos/modules/module-list.nix | 2 +- .../services/home-automation/zigbee2mqtt.nix | 142 +++++++++++++++++++++ nixos/modules/services/misc/zigbee2mqtt.nix | 142 --------------------- 3 files changed, 143 insertions(+), 143 deletions(-) create mode 100644 nixos/modules/services/home-automation/zigbee2mqtt.nix delete mode 100644 nixos/modules/services/misc/zigbee2mqtt.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index c6f4ec5f08c3..a496e93115cf 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -454,6 +454,7 @@ ./services/hardware/vdr.nix ./services/hardware/xow.nix ./services/home-automation/home-assistant.nix + ./services/home-automation/zigbee2mqtt.nix ./services/logging/SystemdJournal2Gelf.nix ./services/logging/awstats.nix ./services/logging/filebeat.nix @@ -625,7 +626,6 @@ ./services/misc/weechat.nix ./services/misc/xmr-stak.nix ./services/misc/xmrig.nix - ./services/misc/zigbee2mqtt.nix ./services/misc/zoneminder.nix ./services/misc/zookeeper.nix ./services/monitoring/alerta.nix diff --git a/nixos/modules/services/home-automation/zigbee2mqtt.nix b/nixos/modules/services/home-automation/zigbee2mqtt.nix new file mode 100644 index 000000000000..ff6d595e5a6e --- /dev/null +++ b/nixos/modules/services/home-automation/zigbee2mqtt.nix @@ -0,0 +1,142 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.zigbee2mqtt; + + format = pkgs.formats.yaml { }; + configFile = format.generate "zigbee2mqtt.yaml" cfg.settings; + +in +{ + meta.maintainers = with maintainers; [ sweber hexa ]; + + imports = [ + # Remove warning before the 21.11 release + (mkRenamedOptionModule [ "services" "zigbee2mqtt" "config" ] [ "services" "zigbee2mqtt" "settings" ]) + ]; + + options.services.zigbee2mqtt = { + enable = mkEnableOption "enable zigbee2mqtt service"; + + package = mkOption { + description = "Zigbee2mqtt package to use"; + default = pkgs.zigbee2mqtt; + defaultText = literalExpression '' + pkgs.zigbee2mqtt + ''; + type = types.package; + }; + + dataDir = mkOption { + description = "Zigbee2mqtt data directory"; + default = "/var/lib/zigbee2mqtt"; + type = types.path; + }; + + settings = mkOption { + type = format.type; + default = { }; + example = literalExpression '' + { + homeassistant = config.services.home-assistant.enable; + permit_join = true; + serial = { + port = "/dev/ttyACM1"; + }; + } + ''; + description = '' + Your configuration.yaml as a Nix attribute set. + Check the documentation + for possible options. + ''; + }; + }; + + config = mkIf (cfg.enable) { + + # preset config values + services.zigbee2mqtt.settings = { + homeassistant = mkDefault config.services.home-assistant.enable; + permit_join = mkDefault false; + mqtt = { + base_topic = mkDefault "zigbee2mqtt"; + server = mkDefault "mqtt://localhost:1883"; + }; + serial.port = mkDefault "/dev/ttyACM0"; + # reference device configuration, that is kept in a separate file + # to prevent it being overwritten in the units ExecStartPre script + devices = mkDefault "devices.yaml"; + }; + + systemd.services.zigbee2mqtt = { + description = "Zigbee2mqtt Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + environment.ZIGBEE2MQTT_DATA = cfg.dataDir; + serviceConfig = { + ExecStart = "${cfg.package}/bin/zigbee2mqtt"; + User = "zigbee2mqtt"; + Group = "zigbee2mqtt"; + WorkingDirectory = cfg.dataDir; + Restart = "on-failure"; + + # Hardening + CapabilityBoundingSet = ""; + DeviceAllow = [ + config.services.zigbee2mqtt.settings.serial.port + ]; + DevicePolicy = "closed"; + LockPersonality = true; + MemoryDenyWriteExecute = false; + NoNewPrivileges = true; + PrivateDevices = false; # prevents access to /dev/serial, because it is set 0700 root:root + PrivateUsers = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectSystem = "strict"; + ReadWritePaths = cfg.dataDir; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SupplementaryGroups = [ + "dialout" + ]; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "~@resources" + ]; + UMask = "0077"; + }; + preStart = '' + cp --no-preserve=mode ${configFile} "${cfg.dataDir}/configuration.yaml" + ''; + }; + + users.users.zigbee2mqtt = { + home = cfg.dataDir; + createHome = true; + group = "zigbee2mqtt"; + uid = config.ids.uids.zigbee2mqtt; + }; + + users.groups.zigbee2mqtt.gid = config.ids.gids.zigbee2mqtt; + }; +} diff --git a/nixos/modules/services/misc/zigbee2mqtt.nix b/nixos/modules/services/misc/zigbee2mqtt.nix deleted file mode 100644 index ff6d595e5a6e..000000000000 --- a/nixos/modules/services/misc/zigbee2mqtt.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.zigbee2mqtt; - - format = pkgs.formats.yaml { }; - configFile = format.generate "zigbee2mqtt.yaml" cfg.settings; - -in -{ - meta.maintainers = with maintainers; [ sweber hexa ]; - - imports = [ - # Remove warning before the 21.11 release - (mkRenamedOptionModule [ "services" "zigbee2mqtt" "config" ] [ "services" "zigbee2mqtt" "settings" ]) - ]; - - options.services.zigbee2mqtt = { - enable = mkEnableOption "enable zigbee2mqtt service"; - - package = mkOption { - description = "Zigbee2mqtt package to use"; - default = pkgs.zigbee2mqtt; - defaultText = literalExpression '' - pkgs.zigbee2mqtt - ''; - type = types.package; - }; - - dataDir = mkOption { - description = "Zigbee2mqtt data directory"; - default = "/var/lib/zigbee2mqtt"; - type = types.path; - }; - - settings = mkOption { - type = format.type; - default = { }; - example = literalExpression '' - { - homeassistant = config.services.home-assistant.enable; - permit_join = true; - serial = { - port = "/dev/ttyACM1"; - }; - } - ''; - description = '' - Your configuration.yaml as a Nix attribute set. - Check the documentation - for possible options. - ''; - }; - }; - - config = mkIf (cfg.enable) { - - # preset config values - services.zigbee2mqtt.settings = { - homeassistant = mkDefault config.services.home-assistant.enable; - permit_join = mkDefault false; - mqtt = { - base_topic = mkDefault "zigbee2mqtt"; - server = mkDefault "mqtt://localhost:1883"; - }; - serial.port = mkDefault "/dev/ttyACM0"; - # reference device configuration, that is kept in a separate file - # to prevent it being overwritten in the units ExecStartPre script - devices = mkDefault "devices.yaml"; - }; - - systemd.services.zigbee2mqtt = { - description = "Zigbee2mqtt Service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - environment.ZIGBEE2MQTT_DATA = cfg.dataDir; - serviceConfig = { - ExecStart = "${cfg.package}/bin/zigbee2mqtt"; - User = "zigbee2mqtt"; - Group = "zigbee2mqtt"; - WorkingDirectory = cfg.dataDir; - Restart = "on-failure"; - - # Hardening - CapabilityBoundingSet = ""; - DeviceAllow = [ - config.services.zigbee2mqtt.settings.serial.port - ]; - DevicePolicy = "closed"; - LockPersonality = true; - MemoryDenyWriteExecute = false; - NoNewPrivileges = true; - PrivateDevices = false; # prevents access to /dev/serial, because it is set 0700 root:root - PrivateUsers = true; - PrivateTmp = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectProc = "invisible"; - ProcSubset = "pid"; - ProtectSystem = "strict"; - ReadWritePaths = cfg.dataDir; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SupplementaryGroups = [ - "dialout" - ]; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "~@resources" - ]; - UMask = "0077"; - }; - preStart = '' - cp --no-preserve=mode ${configFile} "${cfg.dataDir}/configuration.yaml" - ''; - }; - - users.users.zigbee2mqtt = { - home = cfg.dataDir; - createHome = true; - group = "zigbee2mqtt"; - uid = config.ids.uids.zigbee2mqtt; - }; - - users.groups.zigbee2mqtt.gid = config.ids.gids.zigbee2mqtt; - }; -} -- cgit 1.4.1