snooper/module.nix

72 lines
1.9 KiB
Nix

packages:
{ config, lib, pkgs, ... }:
with lib;
let
snooper-server = packages."${pkgs.system}".snooper-server;
cfg = config.services.snooper;
in {
options.services.snooper = with types; {
enable = mkEnableOption "Enable Snooper notifiaction server.";
verbose = mkEnableOption "Generate verbose logs and output.";
event-topics = mkOption {
type = listOf str;
description = "MQTT topics on which to listen for detection events.";
};
notification-topic = mkOption {
type = str;
description = "MQTT topic on which to send notifications.";
};
mqtt = {
host = mkOption {
type = str;
description = "Hostname of the MQTT server.";
};
port = mkOption {
type = port;
description = "Port on which the MQTT server is listening.";
default = 1883;
};
username = mkOption {
type = str;
description = "User as which to connect to the MQTT server.";
};
password-file = mkOption {
type = str;
description =
"File (on the local host) containing the password for the MQTT server.";
};
};
};
config = mkIf cfg.enable {
systemd.services.snooper = {
path = [ snooper-server ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = true;
LoadCredential = [ "mqtt.passwd:${cfg.mqtt-client.password-file}" ];
ExecStart = pkgs.writeShellScript "snooper-server.sh"
(concatStringsSep " " ([
"snooper-server"
"--mqtt-host=${cfg.mqtt.host}"
"--mqtt-port=${toString cfg.mqtt.port}"
"--mqtt-user=${cfg.mqtt.username}"
"--mqtt-password-file=$CREDENTIALS_DIRECTORY/mqtt.passwd"
"--notification-topic=${cfg.notification-topic}"
] ++ (map (topic: "--event-topic=${topic}") cfg.event-topics)
++ (optional cfg.verbose "--verbose")));
};
};
};
}