{ pkgs, lib, config, ... }: let zytemp_mqtt_src = pkgs.fetchFromGitHub { owner = "patrislav1"; repo = "zytemp_mqtt"; rev = "a6be5e3082e1e10dee435cfb9643fb13e9a71c34"; # PR that adds humidity sha256 = "sha256-cMWDi20isnbB6jlMzut7YyYB4te4bVFYXSgCEQWQnts="; }; zytemp_mqtt = pkgs.python3Packages.buildPythonPackage rec { name = "zytemp_mqtt"; src = zytemp_mqtt_src; propagatedBuildInputs = with pkgs.python3Packages; [ hidapi paho-mqtt pyaml ]; }; usb_zytemp_udev = pkgs.stdenv.mkDerivation { pname = "usb-zytemp-udev-rules"; version = "unstable-2023-05-24"; src = zytemp_mqtt_src; dontConfigure = true; dontBuild = true; dontFixup = true; installPhase = '' mkdir -p $out/lib/udev/rules.d cp udev/90-usb-zytemp-permissions.rules $out/lib/udev/rules.d/90-usb-zytemp.rules ''; }; mqtt_host = "192.168.7.53"; # Ludwig in { config = { environment.etc."zytempmqtt/config.yaml".text = lib.generators.toYAML { } { decrypt = true; mqtt_host = mqtt_host; friendly_name = "Desk sensor"; }; services.udev.packages = [ usb_zytemp_udev ]; systemd = { services.zytemp_mqtt = { description = "Forward zyTemp CO2 sensor to MQTT"; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${zytemp_mqtt}/bin/zytempmqtt"; # Hardening (hapazardeous) CapabilityBoundingSet = ""; DynamicUser = true; LockPersonality = true; MemoryDenyWriteExecute = false; NoNewPrivileges = true; PrivateTmp = true; PrivateUsers = true; ProtectClock = true; ProtectControlGroups = true; ProtectHome = true; ProtectHostname = true; ProtectKernelLogs = true; ProtectKernelModules = true; RemoveIPC = true; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; SystemCallArchitectures = "native"; SystemCallFilter = [ "@system-service" "~@privileged" "~@resouces" ]; UMask = "0077"; }; }; }; }; }