Simon Bruder
10b8d432d5
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
55 lines
1.5 KiB
Nix
55 lines
1.5 KiB
Nix
# SPDX-FileCopyrightText: 2022-2023 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.services.co2_exporter;
|
|
in
|
|
{
|
|
options.services.co2_exporter = {
|
|
enable = lib.mkEnableOption "co2 exporter";
|
|
package = lib.mkOption {
|
|
type = lib.types.package;
|
|
default = pkgs.co2_exporter;
|
|
description = "The package to use for the exporter.";
|
|
};
|
|
device = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.path;
|
|
default = null;
|
|
description = "The path to the co2 monitor device.";
|
|
};
|
|
listenAddress = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = ":8080";
|
|
description = "The address to listen on";
|
|
example = "127.0.0.1:8080";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.services.co2_exporter = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
environment = {
|
|
CO2MONITOR_ADDRESS = cfg.listenAddress;
|
|
} // (lib.optionalAttrs (!isNull cfg.device) {
|
|
CO2MONITOR_DEVICE = cfg.device;
|
|
});
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/co2_exporter";
|
|
Restart = "always";
|
|
|
|
# systemd-analyze --no-pager security co2_exporter.service
|
|
DynamicUser = true;
|
|
CapabilityBoundingSet = null;
|
|
PrivateUsers = true;
|
|
ProtectHome = true;
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
RestrictNamespaces = true;
|
|
SystemCallFilter = "@system-service";
|
|
};
|
|
};
|
|
};
|
|
}
|