diff --git a/ops/nixos/totoro/home-assistant.nix b/ops/nixos/totoro/home-assistant.nix index f5f6c6e813..9426d8f964 100644 --- a/ops/nixos/totoro/home-assistant.nix +++ b/ops/nixos/totoro/home-assistant.nix @@ -233,4 +233,38 @@ in { withNpmAndGcc = true; port = 1880; }; + + systemd.services.matrix2mqtt = { + wantedBy = [ "multi-user.target" ]; + unitConfig = { + StartLimitIntervalSec = "0"; + }; + serviceConfig = { + ExecStart = "${depot.rust.matrix2mqtt}/bin/matrix2mqtt"; + User = "matrix2mqtt"; + PrivateTmp = true; + PrivateDevices = true; + RestrictNamespaces = true; + RestrictRealtime = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectHome = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectClock = true; + CapabilityBoundingSet = ""; + LockPersonality = true; + PrivateUsers = true; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + + DynamicUser = true; + Restart = "always"; + RestartSec = "100ms"; + RestartSteps = 10; + RestartMaxDelaySec = "1min"; + }; + }; }