{ config, lib, pkgs, buildPythonPackage, ... }: with import <stockholm/lib>; let pkg = pkgs.ampel; home = "/var/lib/ampel"; sec = "${toString <secrets>}/google-muell.json"; ampelsec = "${home}/google-muell.json"; cred = "${toString <secrets>}/google-muell-creds.json"; # TODO: generate this credential file locally ampelcred = "${home}/google-muell-creds.json"; esp = "192.168.8.204"; sleepval = "1800"; in { users.users.ampel = { uid = genid "ampel"; createHome = true; isSystemUser = true; inherit home; }; systemd.services.google-muell-ampel = { description = "Send led change to rgb cubes"; after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' install -m600 -o ampel ${sec} ${ampelsec} install -m600 -o ampel ${cred} ${ampelcred} ''; ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; PrivateTmp = true; }; }; }