From 8e61db0a3780b6fa00e46acaf68ffca4a1a8211b Mon Sep 17 00:00:00 2001
From: Jens Nolte <git@queezle.net>
Date: Thu, 7 Apr 2022 22:56:49 +0200
Subject: [PATCH] Add gpsd module (not functional)

---
 layers/gpsd.nix | 68 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 layers/gpsd.nix

diff --git a/layers/gpsd.nix b/layers/gpsd.nix
new file mode 100644
index 0000000..d2d75e1
--- /dev/null
+++ b/layers/gpsd.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+let
+  uid = config.ids.uids.gpsd;
+  gid = config.ids.gids.gpsd;
+  cfg = config.services.gpsd;
+in {
+  # An attempt at creating a secure hotplug-capable gpsd configuration
+
+  # TODO: for not running as root, chronys SHM segments have to be configured to be writable from chrony
+  # (e.g. `refclock SHM 1:perm=0664 refid GPS2`, started with an appropriate group)
+  # The same applies to crony .sock files (they are only writeable by root by default)
+
+  # New service unit to use --sockfile feature
+  systemd.services.gpsd = {
+    serviceConfig = {
+      ExecStart = "${pkgs.gpsd}/bin/gpsd --foreground --sockfile /run/gpsd/gpsd.sock --nowait --debug 0";
+      Type = "exec";
+      #User = "gpsd";
+      #Group = "gpsd";
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectControlGroups = true;
+      CapabilityBoundingSet = "CAP_SYS_TIME CAP_IPC_LOCK CAP_SETUID CAP_SETGID";
+      RuntimeDirectory = "gpsd";
+    };
+  };
+
+  # Per-device service unit to load devices
+  systemd.services."gpsd-add-device@" = {
+    requires = [ "gpsd.service" ];
+    after = [ "gpsd.service" ];
+    serviceConfig = {
+      ExecStartPre = "${pkgs.setserial}/bin/setserial /dev/%I low_latency";
+      ExecStart = "${pkgs.gpsd}/bin/gpsdctl add /dev/%I";
+      ExecStop = ''${pkgs.zsh}/bin/zsh -c "[[ -e /dev/%I ]] && ${pkgs.gpsd}/bin/gpsdctl remove /dev/%I"'';
+      RemainAfterExit = true;
+      Environment = "GPSD_SOCKET=/run/gpsd/gpsd.sock";
+      Type = "oneshot";
+      #User = "gpsd";
+      #Group = "gpsd";
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      ProtectKernelTunables = true;
+      ProtectControlGroups = true;
+      CapabilityBoundingSet = "";
+    };
+  };
+
+  services.udev.packages = lib.singleton (pkgs.writeTextFile {
+    name = "gpsmouse-udev-rules";
+    destination = "/etc/udev/rules.d/90-gpsmouse.rules";
+    text = ''
+      SUBSYSTEM=="tty", ATTRS{idVendor}=="1546", ATTRS{idProduct}=="01a7", GROUP="dialout", TAG+="systemd", ENV{SYSTEMD_WANTS}="gpsd-add-device@$name.service"
+    '';
+  });
+
+  # User config replicated from nixpkgs gpsd.nix
+  users.users.gpsd =
+    { inherit uid;
+      group = "gpsd";
+      description = "gpsd daemon user";
+      home = "/var/empty";
+    };
+
+  users.groups.gpsd = { inherit gid; };
+}
-- 
GitLab