totoro: add matrix2mqtt

ops/nixos/totoro/home-assistant.nix

@@ -233,4 +233,38 @@ in {
     withNpmAndGcc = true;
     port = 1880;
   };
+
+  systemd.services.matrix2mqtt = {
+    wantedBy = [ "multi-user.target" ];
+    unitConfig = {
+      StartLimitIntervalSec = "0";
+    };
+    serviceConfig = {
+      ExecStart = "${depot.rust.matrix2mqtt}/bin/matrix2mqtt";
+      User = "matrix2mqtt";
+      PrivateTmp = true;
+      PrivateDevices = true;
+      RestrictNamespaces = true;
+      RestrictRealtime = true;
+      ProtectKernelLogs = true;
+      ProtectControlGroups = true;
+      ProtectHostname = true;
+      ProtectHome = true;
+      ProtectProc = "invisible";
+      ProcSubset = "pid";
+      ProtectKernelTunables = true;
+      ProtectKernelModules = true;
+      ProtectClock = true;
+      CapabilityBoundingSet = "";
+      LockPersonality = true;
+      PrivateUsers = true;
+      RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
+
+      DynamicUser = true;
+      Restart = "always";
+      RestartSec = "100ms";
+      RestartSteps = 10;
+      RestartMaxDelaySec = "1min";
+    };
+  };
 }