135 lines
3.3 KiB
Nix
135 lines
3.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
utils,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib)
|
|
getExe
|
|
mkEnableOption
|
|
mkIf
|
|
mkOption
|
|
mkPackageOption
|
|
;
|
|
|
|
cfg = config.services.evcc;
|
|
|
|
format = pkgs.formats.yaml { };
|
|
configFile = format.generate "evcc.yml" cfg.settings;
|
|
|
|
package = pkgs.evcc;
|
|
in
|
|
|
|
{
|
|
meta.maintainers = with lib.maintainers; [ hexa ];
|
|
|
|
options.services.evcc = with lib.types; {
|
|
enable = mkEnableOption "EVCC, the extensible EV Charge Controller and Home Energy Management System";
|
|
|
|
package = mkPackageOption pkgs "evcc" { };
|
|
|
|
extraArgs = mkOption {
|
|
type = listOf str;
|
|
default = [ ];
|
|
description = ''
|
|
Extra arguments to pass to the `evcc` executable.
|
|
'';
|
|
};
|
|
|
|
environmentFile = mkOption {
|
|
type = nullOr path;
|
|
default = null;
|
|
example = /run/keys/evcc;
|
|
description = ''
|
|
File with environment variables to pass into the runtime environment.
|
|
|
|
Useful to pass secrets into the configuration, that get applied using `envsubst`.
|
|
'';
|
|
};
|
|
|
|
settings = mkOption {
|
|
type = format.type;
|
|
description = ''
|
|
evcc configuration as a Nix attribute set. Supports substitution of secrets using `envsubst` from the `environmentFile`.
|
|
|
|
Check for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/${package.version}/evcc.dist.yaml).
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.evcc = {
|
|
wants = [ "network-online.target" ];
|
|
after = [
|
|
"network-online.target"
|
|
"mosquitto.target"
|
|
];
|
|
wantedBy = [
|
|
"multi-user.target"
|
|
];
|
|
environment.HOME = "/var/lib/evcc";
|
|
path = with pkgs; [
|
|
getent
|
|
];
|
|
serviceConfig = {
|
|
EnvironmentFile = lib.optionals (cfg.environmentFile != null) [ cfg.environmentFile ];
|
|
ExecStartPre = utils.escapeSystemdExecArgs [
|
|
(getExe pkgs.envsubst)
|
|
"-i"
|
|
configFile
|
|
"-o"
|
|
"/run/evcc/config.yaml"
|
|
];
|
|
ExecStart = utils.escapeSystemdExecArgs (
|
|
[
|
|
(getExe cfg.package)
|
|
"--config=/run/evcc/config.yaml"
|
|
]
|
|
++ cfg.extraArgs
|
|
);
|
|
CapabilityBoundingSet = [ "" ];
|
|
DeviceAllow = [
|
|
"char-ttyUSB"
|
|
];
|
|
DevicePolicy = "closed";
|
|
DynamicUser = true;
|
|
LockPersonality = true;
|
|
MemoryDenyWriteExecute = true;
|
|
PrivateTmp = true;
|
|
PrivateUsers = true;
|
|
ProcSubset = "pid";
|
|
ProtectClock = true;
|
|
ProtectControlGroups = true;
|
|
ProtectHome = true;
|
|
ProtectHostname = true;
|
|
ProtectKernelLogs = true;
|
|
ProtectKernelModules = true;
|
|
ProtectKernelTunables = true;
|
|
ProtectProc = "invisible";
|
|
Restart = "on-failure";
|
|
RestrictAddressFamilies = [
|
|
"AF_INET"
|
|
"AF_INET6"
|
|
"AF_UNIX"
|
|
"AF_NETLINK"
|
|
];
|
|
RestrictNamespaces = true;
|
|
RestrictRealtime = true;
|
|
RuntimeDirectory = "evcc";
|
|
StateDirectory = "evcc";
|
|
SystemCallArchitectures = "native";
|
|
SystemCallFilter = [
|
|
"@system-service"
|
|
"~@privileged"
|
|
];
|
|
UMask = "0077";
|
|
User = "evcc";
|
|
};
|
|
};
|
|
};
|
|
|
|
meta.buildDocsInSandbox = false;
|
|
}
|