commit 18dc3dd0b9977e17c11f449b57188aca6261f454 · pyrox.dev/nixpkgs

+2 -1

nixos/modules/services/home-automation/zwave-js.nix

···

       108
       108
        
               description = "Z-Wave JS Server";

     

       109
       109
        
               serviceConfig = {

     

       110
       110
        
                 ExecStartPre = ''

     

       111
       111
       -
                   /bin/sh -c "${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${configFile} ${cfg.secretsConfigFile} > ${mergedConfigFile}"

     

       111
       111
       +
                   /bin/sh -c "${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${configFile} %d/secrets.json > ${mergedConfigFile}"

     

       112
       112
        
                 '';

     

       113
       113
       +
                 LoadCredential = "secrets.json:${cfg.secretsConfigFile}";

     

       113
       114
        
                 ExecStart = lib.concatStringsSep " " [

     

       114
       115
        
                   "${cfg.package}/bin/zwave-server"

     

       115
       116
        
                   "--config ${mergedConfigFile}"

+10 -11

nixos/tests/zwave-js.nix

···

       1
       1
       -
       { pkgs, lib, ... }:

     

       1
       1
       +
       { lib, ... }:

     

       2
       2
        
       

     

       3
       3
       -
       let

     

       4
       4
       -
         secretsConfigFile = pkgs.writeText "secrets.json" (

     

       5
       5
       -
           builtins.toJSON {

     

       6
       6
       -
             securityKeys = {

     

       7
       7
       -
               "S0_Legacy" = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

     

       8
       8
       -
             };

     

       9
       9
       -
           }

     

       10
       10
       -
         );

     

       11
       11
       -
       in

     

       12
       3
        
       {

     

       13
       4
        
         name = "zwave-js";

     

       14
       5
        
         meta.maintainers = with lib.maintainers; [ graham33 ];

     

       15
       6
        
       

     

       16
       7
        
         nodes = {

     

       17
       8
        
           machine = {

     

       9
       9
       +
             # show that 0400 secrets can be used by the DynamicUser; ideally

     

       10
       10
       +
             # this would be an out-of-store file, e.g. /run/secrets/jwavejs/secrets.json

     

       11
       11
       +
             environment.etc."zwavejs/secrets.json" = {

     

       12
       12
       +
               mode = "0400";

     

       13
       13
       +
               text = builtins.toJSON {

     

       14
       14
       +
                 securityKeys.S0_Legacy = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

     

       15
       15
       +
               };

     

       16
       16
       +
             };

     

       18
       17
        
             services.zwave-js = {

     

       19
       18
        
               enable = true;

     

       20
       19
        
               serialPort = "/dev/null";

     

       21
       20
        
               extraFlags = [ "--mock-driver" ];

     

       22
       22
       -
               inherit secretsConfigFile;

     

       21
       21
       +
               secretsConfigFile = "/etc/zwavejs/secrets.json";

     

       23
       22
        
             };

     

       24
       23
        
           };

     

       25
       24
        
         };