57 lines
1.4 KiB
Nix
57 lines
1.4 KiB
Nix
{ lib, pkgs, config, ... }:
|
|
let
|
|
inherit (config.networking) ports;
|
|
cfgdir = pkgs.stdenvNoCC.mkDerivation {
|
|
name = "esphome-config";
|
|
src = ./devices;
|
|
dontBuild = true;
|
|
installPhase = ''
|
|
mkdir $out
|
|
cp -r * $out
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
sops.secrets.esphome = {
|
|
sopsFile = ../../secrets.yaml;
|
|
restartUnits = [ config.systemd.services.esphome.name ];
|
|
};
|
|
|
|
services.esphome = {
|
|
enable = true;
|
|
address = "127.0.0.1";
|
|
port = ports.esphome.tcp;
|
|
package = pkgs.esphome;
|
|
};
|
|
|
|
systemd.services.esphome = {
|
|
environment = {
|
|
"PLATFORMIO_CORE_DIR" = lib.mkForce "/tmp/.platformio";
|
|
};
|
|
serviceConfig = {
|
|
BindReadOnlyPaths = [
|
|
"/nix/store"
|
|
cfgdir
|
|
"%d/secrets.yaml:/var/lib/esphome/secrets.yaml"
|
|
];
|
|
BindPaths = [
|
|
"/var/lib/esphome"
|
|
];
|
|
DeviceAllow = [
|
|
"char-ttyACM rw"
|
|
"char-ttyAMA rw"
|
|
"char-ttyUSB rw"
|
|
];
|
|
ExecStartPre = [
|
|
"${pkgs.rsync}/bin/rsync -a --delete --checksum --exclude secrets.yaml --exclude=.esphome --exclude=.platformio --exclude=.gitignore '${cfgdir}/' '/var/lib/esphome/'"
|
|
];
|
|
LoadCredential = "secrets.yaml:${config.sops.secrets.esphome.path}";
|
|
PrivateTmp = true;
|
|
RootDirectory = "/run/esphome";
|
|
RuntimeDirectory = "esphome";
|
|
StateDirectory = "esphome";
|
|
SupplementaryGroups = [ "dialout" ];
|
|
WorkingDirectory = lib.mkForce "/tmp";
|
|
};
|
|
};
|
|
}
|