51 lines
1.4 KiB
Nix
51 lines
1.4 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.services.co2_exporter;
|
|
in
|
|
{
|
|
options.services.co2_exporter = {
|
|
enable = lib.mkEnableOption "co2 exporter";
|
|
package = lib.mkOption {
|
|
type = lib.types.package;
|
|
default = pkgs.co2_exporter;
|
|
description = "The package to use for the exporter.";
|
|
};
|
|
device = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.path;
|
|
default = null;
|
|
description = "The path to the co2 monitor device.";
|
|
};
|
|
listenAddress = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = ":8080";
|
|
description = "The address to listen on";
|
|
example = "127.0.0.1:8080";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.services.co2_exporter = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
environment = {
|
|
CO2MONITOR_ADDRESS = cfg.listenAddress;
|
|
} // (lib.optionalAttrs (!isNull cfg.device) {
|
|
CO2MONITOR_DEVICE = cfg.device;
|
|
});
|
|
serviceConfig = {
|
|
ExecStart = "${cfg.package}/bin/co2_exporter";
|
|
Restart = "always";
|
|
|
|
# systemd-analyze --no-pager security co2_exporter.service
|
|
DynamicUser = true;
|
|
CapabilityBoundingSet = null;
|
|
PrivateUsers = true;
|
|
ProtectHome = true;
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
RestrictNamespaces = true;
|
|
SystemCallFilter = "@system-service";
|
|
};
|
|
};
|
|
};
|
|
}
|