diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-07-27 15:13:24 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-11-21 22:40:15 +0100 |
commit | 36f58b687c48494e6f849f0bb816b5d4fcdc30f4 (patch) | |
tree | f05cfef37c7b81201bc25d18f0f7b1f8e3b48d62 /nixos/modules | |
parent | cc8681b2c718472614196b0424cdc47761c5d5a0 (diff) |
nixos/evcc: init
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/home-automation/evcc.nix | 92 |
2 files changed, 93 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2a23a32eaba6e..bc5f6f1d76cd8 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -491,6 +491,7 @@ ./services/hardware/vdr.nix ./services/home-automation/home-assistant.nix ./services/home-automation/zigbee2mqtt.nix + ./services/home-automation/evcc.nix ./services/logging/SystemdJournal2Gelf.nix ./services/logging/awstats.nix ./services/logging/filebeat.nix diff --git a/nixos/modules/services/home-automation/evcc.nix b/nixos/modules/services/home-automation/evcc.nix new file mode 100644 index 0000000000000..c12ba9d0c1e23 --- /dev/null +++ b/nixos/modules/services/home-automation/evcc.nix @@ -0,0 +1,92 @@ +{ lib +, pkgs +, config +, ... +}: + +with lib; + +let + cfg = config.services.evcc; + + format = pkgs.formats.yaml {}; + configFile = format.generate "evcc.yml" cfg.settings; + + package = pkgs.evcc; +in + +{ + meta.maintainers = with lib.maintainers; [ hexa ]; + + options.services.evcc = with types; { + enable = mkEnableOption (lib.mdDoc "EVCC, the extensible EV Charge Controller with PV integration"); + + extraArgs = mkOption { + type = listOf str; + default = []; + description = lib.mdDoc '' + Extra arguments to pass to the evcc executable. + ''; + }; + + settings = mkOption { + type = format.type; + description = lib.mdDoc '' + evcc configuration as a Nix attribute set. + + Check for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/${package.version}/evcc.dist.yaml]. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.evcc = { + after = [ + "network-online.target" + "mosquitto.target" + ]; + wantedBy = [ + "multi-user.target" + ]; + + serviceConfig = { + ExecStart = "${package}/bin/evcc --config ${configFile} ${escapeShellArgs cfg.extraArgs}"; + CapabilityBoundingSet = [ "" ]; + DeviceAllow = [ + "char-ttyUSB" + ]; + DevicePolicy = "closed"; + DynamicUser = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + PrivateTmp = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups= true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + UMask = "0077"; + User = "evcc"; + }; + }; + }; + + meta.buildDocsInSandbox = false; +} |