From 277a462031b82e7511a226bd127717fe2d2bde18 Mon Sep 17 00:00:00 2001
From: matt1432 <matt@nelim.org>
Date: Thu, 6 Feb 2025 16:42:44 -0500
Subject: [PATCH] refactor(esphome): use normal user for systemd unit
---
modules/esphome-plus/default.nix | 25 +++++++++++--------------
1 file changed, 11 insertions(+), 14 deletions(-)
diff --git a/modules/esphome-plus/default.nix b/modules/esphome-plus/default.nix
index bfe42487..ed2cf724 100644
--- a/modules/esphome-plus/default.nix
+++ b/modules/esphome-plus/default.nix
@@ -12,12 +12,7 @@
cfg = config.services.esphome;
- stateDir = "/var/lib/private/esphome";
- esphomeParams =
- if cfg.enableUnixSocket
- then "--socket /run/esphome/esphome.sock"
- else "--address ${cfg.address} --port ${toString cfg.port}";
-
+ stateDir = "/var/lib/esphome";
format = pkgs.formats.yaml {};
# Adapted from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/home-automation/home-assistant.nix
@@ -52,10 +47,17 @@ in {
};
config = mkIf cfg.enable {
+ users = {
+ users.esphome = {
+ isNormalUser = true;
+ group = "esphome";
+ home = stateDir;
+ };
+ groups.esphome = {};
+ };
+
# https://github.com/NixOS/nixpkgs/issues/339557
systemd.services.esphome = {
- environment.PLATFORMIO_CORE_DIR = mkForce "${stateDir}/.platformio";
-
serviceConfig =
(optionalAttrs (cfg.firmwareConfigs != {}) {
ExecStartPre = getExe (pkgs.writeShellApplication {
@@ -66,10 +68,6 @@ in {
];
text = ''
- if [[ ! -d ${stateDir} ]]; then
- mkdir -p ${stateDir}
- fi
-
${optionalString
(cfg.secretsFile != null)
# bash
@@ -96,8 +94,7 @@ in {
});
})
// {
- ExecStart = mkForce "${cfg.package}/bin/esphome dashboard ${esphomeParams} ${stateDir}";
- WorkingDirectory = mkForce stateDir;
+ DynamicUser = mkForce "off";
};
};
};