Merge pull request #285298 from SuperSandro2000/govee2mqtt

govee2mqtt: init at 2024.01.21-088d4ca8, nixos/govee2mqtt: init

nixos/modules/module-list.nix

@@ -579,6 +579,7 @@
   ./services/home-automation/ebusd.nix
   ./services/home-automation/esphome.nix
   ./services/home-automation/evcc.nix
+  ./services/home-automation/govee2mqtt.nix
   ./services/home-automation/home-assistant.nix
   ./services/home-automation/homeassistant-satellite.nix
   ./services/home-automation/zigbee2mqtt.nix

nixos/modules/services/home-automation/govee2mqtt.nix

@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.govee2mqtt;
+in {
+  meta.maintainers = with lib.maintainers; [ SuperSandro2000 ];
+
+  options.services.govee2mqtt = {
+    enable = lib.mkEnableOption "Govee2MQTT";
+
+    package = lib.mkPackageOption pkgs "govee2mqtt" { };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = "govee2mqtt";
+      description = "User under which Govee2MQTT should run.";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "govee2mqtt";
+      description = "Group under which Govee2MQTT should run.";
+    };
+
+    environmentFile = lib.mkOption {
+      type = lib.types.path;
+      example = "/var/lib/govee2mqtt/govee2mqtt.env";
+      description = ''
+        Environment file as defined in {manpage}`systemd.exec(5)`.
+
+        See upstream documentation <https://github.com/wez/govee2mqtt/blob/main/docs/CONFIG.md>.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users = {
+      groups.${cfg.group} = { };
+      users.${cfg.user} = {
+        description = "Govee2MQTT service user";
+        inherit (cfg) group;
+        isSystemUser = true;
+      };
+    };
+
+    systemd.services.govee2mqtt = {
+      description = "Govee2MQTT Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "networking.target" ];
+      serviceConfig = {
+        CacheDirectory = "govee2mqtt";
+        Environment = [
+          "GOVEE_CACHE_DIR=/var/cache/govee2mqtt"
+        ];
+        EnvironmentFile = cfg.environmentFile;
+        ExecStart = "${lib.getExe cfg.package} serve --govee-iot-key=/var/lib/govee2mqtt/iot.key --govee-iot-cert=/var/lib/govee2mqtt/iot.cert"
+          + " --amazon-root-ca=${pkgs.cacert.unbundled}/etc/ssl/certs/Amazon_Root_CA_1:66c9fcf99bf8c0a39e2f0788a43e696365bca.crt";
+        Group = cfg.group;
+        Restart = "on-failure";
+        StateDirectory = "govee2mqtt";
+        User = cfg.user;
+
+        # Hardening
+        AmbientCapabilities = "";
+        CapabilityBoundingSet = "";
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateMounts = true;
+        PrivateTmp = true;
+        PrivateUsers = true;
+        ProcSubset = "pid";
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+      };
+    };
+  };
+}

pkgs/by-name/go/govee2mqtt/dont-vendor-openssl.diff

@@ -0,0 +1,41 @@
+diff --git a/Cargo.lock b/Cargo.lock
+index 303f6f8..952a7ff 100644
+--- a/Cargo.lock
++++ b/Cargo.lock
+@@ -1373,15 +1373,6 @@ version = "0.1.5"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+ 
+-[[package]]
+-name = "openssl-src"
+-version = "300.2.1+3.2.0"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "3fe476c29791a5ca0d1273c697e96085bbabbbea2ef7afd5617e78a4b40332d3"
+-dependencies = [
+- "cc",
+-]
+-
+ [[package]]
+ name = "openssl-sys"
+ version = "0.9.98"
+@@ -1390,7 +1381,6 @@ checksum = "c1665caf8ab2dc9aef43d1c0023bd904633a6a05cb30b0ad59bec2ae986e57a7"
+ dependencies = [
+  "cc",
+  "libc",
+- "openssl-src",
+  "pkg-config",
+  "vcpkg",
+ ]
+diff --git a/Cargo.toml b/Cargo.toml
+index a4cf25c..42fde6d 100644
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -44,7 +44,7 @@ parking_lot = "0.12.1"
+ 
+ [dependencies.mosquitto-rs]
+ version="0.11.1"
+-features = ["vendored-openssl"]
++features = ["router"]
+ #path = "../mosquitto-rs/mosquitto-rs"
+ 
+ [dev-dependencies]

pkgs/by-name/go/govee2mqtt/package.nix

@@ -0,0 +1,56 @@
+{ rustPlatform
+, lib
+, fetchFromGitHub
+, fetchpatch
+, openssl
+, pkg-config
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "govee2mqtt";
+  version = "2024.01.24-ea3cd430";
+
+  src = fetchFromGitHub {
+    owner = "wez";
+    repo = "govee2mqtt";
+    rev = version;
+    hash = "sha256-iGOj0a4+wLd8QlM1tr+NYfd2tuwgHV+u5dt0zf+WscY=";
+  };
+
+  cargoPatches = [
+    ./dont-vendor-openssl.diff
+  ];
+
+  patches = [
+    # update test fixtures https://github.com/wez/govee2mqtt/pull/120
+    (fetchpatch {
+      url = "https://github.com/wez/govee2mqtt/commit/0c2dc3e1cc1ccd44ddf98ead34e081ac4b4335f1.patch";
+      hash = "sha256-0TNYyvRRcMkE9FYPcVoKburejhAn/cVYM3eaobS4nx8=";
+    })
+  ];
+
+  postPatch = ''
+    substituteInPlace src/service/http.rs \
+      --replace '"assets"' '"${placeholder "out"}/share/govee2mqtt/assets"'
+  '';
+
+  cargoHash = "sha256-wApf+H5T7HPkCGQwv8ePoDnStUn04oVvv3eIJ8aKVUw=";
+
+  nativeBuildInputs = [ pkg-config ];
+
+  buildInputs = [ openssl ];
+
+  postInstall = ''
+    mkdir -p $out/share/govee2mqtt/
+    cp -r assets $out/share/govee2mqtt/
+  '';
+
+  meta = with lib; {
+    description = "Connect Govee lights and devices to Home Assistant";
+    homepage = "https://github.com/wez/govee2mqtt";
+    changelog = "https://github.com/wez/govee2mqtt/blob/${src.rev}/addon/CHANGELOG.md";
+    license = licenses.mit;
+    maintainers = with maintainers; [ SuperSandro2000 ];
+    mainProgram = "govee";
+  };
+}