curacao: Add CO2 sensor
This commit is contained in:
		
							parent
							
								
									20dd333799
								
							
						
					
					
						commit
						ce5a099899
					
				
					 2 changed files with 72 additions and 0 deletions
				
			
		
							
								
								
									
										71
									
								
								curacao/co2meter/default.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										71
									
								
								curacao/co2meter/default.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,71 @@ | |||
| { pkgs, lib, config, ... }: | ||||
| let | ||||
|   zytemp_mqtt_src = pkgs.fetchFromGitHub { | ||||
|     owner = "patrislav1"; | ||||
|     repo = "zytemp_mqtt"; | ||||
|     rev = "a6be5e3082e1e10dee435cfb9643fb13e9a71c34"; # PR that adds humidity | ||||
|     sha256 = "sha256-cMWDi20isnbB6jlMzut7YyYB4te4bVFYXSgCEQWQnts="; | ||||
|   }; | ||||
|   zytemp_mqtt = pkgs.python3Packages.buildPythonPackage | ||||
|     rec { | ||||
|       name = "zytemp_mqtt"; | ||||
|       src = zytemp_mqtt_src; | ||||
|       propagatedBuildInputs = with pkgs.python3Packages; [ hidapi paho-mqtt pyaml ]; | ||||
|     }; | ||||
|   usb_zytemp_udev = pkgs.stdenv.mkDerivation { | ||||
|     pname = "usb-zytemp-udev-rules"; | ||||
|     version = "unstable-2023-05-24"; | ||||
|     src = zytemp_mqtt_src; | ||||
| 
 | ||||
|     dontConfigure = true; | ||||
|     dontBuild = true; | ||||
|     dontFixup = true; | ||||
| 
 | ||||
|     installPhase = '' | ||||
|       mkdir -p $out/lib/udev/rules.d | ||||
|       cp udev/90-usb-zytemp-permissions.rules $out/lib/udev/rules.d/90-usb-zytemp.rules | ||||
|     ''; | ||||
|   }; | ||||
|   mqtt_host = "192.168.7.53"; # Ludwig | ||||
| in | ||||
| { | ||||
|   config = { | ||||
|     environment.etc."zytempmqtt/config.yaml".text = lib.generators.toYAML { } { | ||||
|       decrypt = true; | ||||
|       mqtt_host = mqtt_host; | ||||
|       friendly_name = "Desk sensor"; | ||||
|     }; | ||||
|     services.udev.packages = [ usb_zytemp_udev ]; | ||||
|     systemd = { | ||||
|       services.zytemp_mqtt = { | ||||
|         description = "Forward zyTemp CO2 sensor to MQTT"; | ||||
|         wantedBy = [ "multi-user.target" ]; | ||||
|         serviceConfig = { | ||||
|           ExecStart = "${zytemp_mqtt}/bin/zytempmqtt"; | ||||
| 
 | ||||
|           # Hardening (hapazardeous) | ||||
|           CapabilityBoundingSet = ""; | ||||
|           DynamicUser = true; | ||||
|           LockPersonality = true; | ||||
|           MemoryDenyWriteExecute = false; | ||||
|           NoNewPrivileges = true; | ||||
|           PrivateTmp = true; | ||||
|           PrivateUsers = true; | ||||
|           ProtectClock = true; | ||||
|           ProtectControlGroups = true; | ||||
|           ProtectHome = true; | ||||
|           ProtectHostname = true; | ||||
|           ProtectKernelLogs = true; | ||||
|           ProtectKernelModules = true; | ||||
|           RemoveIPC = true; | ||||
|           RestrictNamespaces = true; | ||||
|           RestrictRealtime = true; | ||||
|           RestrictSUIDSGID = true; | ||||
|           SystemCallArchitectures = "native"; | ||||
|           SystemCallFilter = [ "@system-service" "~@privileged" "~@resouces" ]; | ||||
|           UMask = "0077"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue