mirror of
https://github.com/NotAShelf/air-quality-monitor.git
synced 2024-11-22 13:20:48 +00:00
rename settings.device
to settings.serialPort
This commit is contained in:
parent
6e0c40b1f9
commit
a22882a169
3 changed files with 94 additions and 48 deletions
|
@ -41,7 +41,7 @@ A sample configuration would be as follows:
|
||||||
port = 8081; # serve web application on port 8081
|
port = 8081; # serve web application on port 8081
|
||||||
user = "pi-aqm";
|
user = "pi-aqm";
|
||||||
group = "pi-aqm";
|
group = "pi-aqm";
|
||||||
device = "/dev/ttyUSB0"; # this is the device port that corresponds to your sensor device
|
serialPort = "/dev/ttyUSB0"; # this is the serial port that corresponds to your sensor device
|
||||||
|
|
||||||
redis.createLocally = true;
|
redis.createLocally = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -14,35 +14,36 @@ in {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = self.packages.${pkgs.system}.pi-air-quality-monitor;
|
default = self.packages.${pkgs.system}.pi-air-quality-monitor;
|
||||||
};
|
};
|
||||||
|
|
||||||
openFirewall = mkOption {
|
openFirewall = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
description = "Whether to open the firewall for the server";
|
description = "Whether to open the firewall for the service";
|
||||||
};
|
};
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 8080;
|
default = 8080;
|
||||||
description = "Port to run the server on";
|
description = "Port to run the service on";
|
||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "pi-aqm";
|
default = "pi-aqm";
|
||||||
description = "User to run the server as";
|
description = "User to run the servvice as";
|
||||||
};
|
};
|
||||||
|
|
||||||
group = mkOption {
|
group = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "pi-aqm";
|
default = "pi-aqm";
|
||||||
description = "Group to run the server as";
|
description = "Group to run the service as";
|
||||||
};
|
};
|
||||||
|
|
||||||
device = mkOption {
|
serialPort = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = "/dev/ttyUSB0";
|
default = "/dev/ttyUSB0";
|
||||||
description = "Device to read data from";
|
description = "Serial port device to read data from";
|
||||||
};
|
};
|
||||||
|
|
||||||
environmentFile = mkOption {
|
environmentFile = mkOption {
|
||||||
|
@ -128,6 +129,33 @@ in {
|
||||||
WorkingDirectory = "${cfg.settings.dataDir}";
|
WorkingDirectory = "${cfg.settings.dataDir}";
|
||||||
ExecStart = "${lib.getExe cfg.package}";
|
ExecStart = "${lib.getExe cfg.package}";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
|
|
||||||
|
# Hardening
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
DeviceAllow = [cfg.settings.serialPort];
|
||||||
|
DevicePolicy = "closed";
|
||||||
|
DynamicUser = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = false;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectControlGroups = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
RemoveIPC = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
UMask = "0077";
|
||||||
|
SystemCallFilter = [
|
||||||
|
"@system-service @pkey"
|
||||||
|
"~@privileged @resources"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,55 +2,73 @@
|
||||||
nixosTest,
|
nixosTest,
|
||||||
self,
|
self,
|
||||||
...
|
...
|
||||||
}:
|
}: let
|
||||||
nixosTest {
|
serialPort = "/dev/ttyS0";
|
||||||
name = "basic";
|
in
|
||||||
|
nixosTest {
|
||||||
|
name = "basic";
|
||||||
|
|
||||||
nodes = {
|
nodes = {
|
||||||
client = {pkgs, ...}: {
|
client = {pkgs, ...}: {
|
||||||
imports = [../profiles/test-setup.nix];
|
imports = [../profiles/test-setup.nix];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
netcat
|
netcat
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
server = {pkgs, ...}: {
|
|
||||||
imports = [
|
|
||||||
../profiles/test-setup.nix
|
|
||||||
self.nixosModules.pi-air-quality-monitor
|
|
||||||
];
|
|
||||||
|
|
||||||
users.users.test = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = ["wheel"];
|
|
||||||
packages = with pkgs; [
|
|
||||||
tree
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.pi-air-quality-monitor = {
|
server = {pkgs, ...}: {
|
||||||
enable = true;
|
imports = [
|
||||||
openFirewall = true;
|
../profiles/test-setup.nix
|
||||||
|
self.nixosModules.pi-air-quality-monitor
|
||||||
|
];
|
||||||
|
|
||||||
settings = {
|
users.users.test = {
|
||||||
port = 8080;
|
isNormalUser = true;
|
||||||
user = "pi-aqm";
|
extraGroups = ["wheel"];
|
||||||
group = "pi-aqm";
|
packages = with pkgs; [
|
||||||
|
tree
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.pi-air-quality-monitor = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
port = 8080;
|
||||||
|
user = "pi-aqm";
|
||||||
|
group = "pi-aqm";
|
||||||
|
inherit serialPort;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.11";
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
testScript = ''
|
testScript = ''
|
||||||
server.wait_for_unit("default.target")
|
server.start()
|
||||||
server.succeed("ls -lah /dev/ttyUSB0")
|
|
||||||
#server.succeed('systemctl status pi-air-quality-monitor | grep \"Active: active (running)\" || return 0')
|
|
||||||
#server.succeed('nc -vz server 8080')
|
|
||||||
|
|
||||||
#client.wait_for_unit("default.target")
|
server.wait_for_unit("default.target")
|
||||||
#client.succeed("nc -vz server 8080")
|
log.info("Checking if configured serial port exists")
|
||||||
'';
|
server.succeed("ls -lah ${serialPort}")
|
||||||
}
|
|
||||||
|
log.info("Check if unit is running correctly")
|
||||||
|
server.wait_for_unit("pi-air-quality-monitor.service")
|
||||||
|
server.succeed("systemctl status pi-air-quality-monitor.service | grep 'Active: active (running)' >&2")
|
||||||
|
server.succeed("journalctl -u pi-air-quality-monitor.service >&2")
|
||||||
|
|
||||||
|
log.info("Showing units content")
|
||||||
|
server.succeed("systemctl status pi-air-quality-monitor.service >&2")
|
||||||
|
server.succeed("systemctl cat pi-air-quality-monitor.service >&2")
|
||||||
|
server.succeed("systemctl cat pi-air-quality-monitor.socket >&2")
|
||||||
|
|
||||||
|
log.info("Checking if service is accessible locally")
|
||||||
|
server.succeed("nc -vz localhost 8080")
|
||||||
|
|
||||||
|
client.start()
|
||||||
|
client.wait_for_unit("default.target")
|
||||||
|
#client.succeed("nc -vz server 8080")
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue