{ config, lib, pkgs, buildPythonPackage, ... }: with import <stockholm/lib>; let pkg = pkgs.ampel; home = "/var/lib/ampel"; sec = "${toString <secrets>}/ampel/google-muell.json"; ampelsec = "${home}/google-muell.json"; cred = "${toString <secrets>}/ampel/google-muell-creds.json"; # TODO: generate this credential file locally ampelcred = "${home}/google-muell-creds.json"; sleepval = "1800"; # default-color = "18,63,40"; default-color = "255,127,0"; config_json = toFile "config.json" (toJSON { mq_hostname = "localhost"; mq_port = 1883; mq_username = "sensor"; mq_topic = "/ham/flurlicht/cmnd/MEM1"; mq_password = replaceChars ["\n"] [""] (readFile "${toString <secrets>}/mqtt/sensor"); }); in { users.users.ampel = { uid = genid "ampel"; createHome = true; isSystemUser = true; inherit home; }; systemd.services.google-muell-ampel = { description = "Send led change to rgb cubes"; after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' install -m600 -o ampel ${sec} ${ampelsec} install -m600 -o ampel ${cred} ${ampelcred} ''; ExecStart = "${pkg}/bin/google-muell --config ${config_json} --default-color=${default-color} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; PrivateTmp = true; }; }; }