curacao: Add CO2 sensor
This commit is contained in:
parent
20dd333799
commit
ce5a099899
71
curacao/co2meter/default.nix
Normal file
71
curacao/co2meter/default.nix
Normal file
|
@ -0,0 +1,71 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
zytemp_mqtt_src = pkgs.fetchFromGitHub {
|
||||
owner = "patrislav1";
|
||||
repo = "zytemp_mqtt";
|
||||
rev = "a6be5e3082e1e10dee435cfb9643fb13e9a71c34"; # PR that adds humidity
|
||||
sha256 = "sha256-cMWDi20isnbB6jlMzut7YyYB4te4bVFYXSgCEQWQnts=";
|
||||
};
|
||||
zytemp_mqtt = pkgs.python3Packages.buildPythonPackage
|
||||
rec {
|
||||
name = "zytemp_mqtt";
|
||||
src = zytemp_mqtt_src;
|
||||
propagatedBuildInputs = with pkgs.python3Packages; [ hidapi paho-mqtt pyaml ];
|
||||
};
|
||||
usb_zytemp_udev = pkgs.stdenv.mkDerivation {
|
||||
pname = "usb-zytemp-udev-rules";
|
||||
version = "unstable-2023-05-24";
|
||||
src = zytemp_mqtt_src;
|
||||
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
dontFixup = true;
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib/udev/rules.d
|
||||
cp udev/90-usb-zytemp-permissions.rules $out/lib/udev/rules.d/90-usb-zytemp.rules
|
||||
'';
|
||||
};
|
||||
mqtt_host = "192.168.7.53"; # Ludwig
|
||||
in
|
||||
{
|
||||
config = {
|
||||
environment.etc."zytempmqtt/config.yaml".text = lib.generators.toYAML { } {
|
||||
decrypt = true;
|
||||
mqtt_host = mqtt_host;
|
||||
friendly_name = "Desk sensor";
|
||||
};
|
||||
services.udev.packages = [ usb_zytemp_udev ];
|
||||
systemd = {
|
||||
services.zytemp_mqtt = {
|
||||
description = "Forward zyTemp CO2 sensor to MQTT";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${zytemp_mqtt}/bin/zytempmqtt";
|
||||
|
||||
# Hardening (hapazardeous)
|
||||
CapabilityBoundingSet = "";
|
||||
DynamicUser = true;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = false;
|
||||
NoNewPrivileges = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
RemoveIPC = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [ "@system-service" "~@privileged" "~@resouces" ];
|
||||
UMask = "0077";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,6 +5,7 @@
|
|||
};
|
||||
imports = [
|
||||
./backup
|
||||
./co2meter
|
||||
./dedup
|
||||
./disko.nix
|
||||
./features.nix
|
||||
|
|
Loading…
Reference in a new issue