From 7ce0e5e66b7d966bb506e66f93788413ed29e1c7 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 20 Oct 2024 23:25:51 +0100 Subject: [PATCH] totoro: add matrix2mqtt --- ops/nixos/totoro/home-assistant.nix | 34 +++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/ops/nixos/totoro/home-assistant.nix b/ops/nixos/totoro/home-assistant.nix index f5f6c6e813..9426d8f964 100644 --- a/ops/nixos/totoro/home-assistant.nix +++ b/ops/nixos/totoro/home-assistant.nix @@ -233,4 +233,38 @@ in { withNpmAndGcc = true; port = 1880; }; + + systemd.services.matrix2mqtt = { + wantedBy = [ "multi-user.target" ]; + unitConfig = { + StartLimitIntervalSec = "0"; + }; + serviceConfig = { + ExecStart = "${depot.rust.matrix2mqtt}/bin/matrix2mqtt"; + User = "matrix2mqtt"; + PrivateTmp = true; + PrivateDevices = true; + RestrictNamespaces = true; + RestrictRealtime = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + ProtectHostname = true; + ProtectHome = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectClock = true; + CapabilityBoundingSet = ""; + LockPersonality = true; + PrivateUsers = true; + RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + + DynamicUser = true; + Restart = "always"; + RestartSec = "100ms"; + RestartSteps = 10; + RestartMaxDelaySec = "1min"; + }; + }; }