Create wrapper script

2024-11-21 12:09:05 +01:00
parent fa6704f5cd
commit 8b04a55af0
2 changed files with 76 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -16,10 +16,11 @@
      "x86_64-linux"
    ];
  in {
-    packages = eachSystem (system: rec {
-      hcpy = default;
-      default = dream2nix.lib.evalModules {
-        packageSets.nixpkgs = nixpkgs.legacyPackages.${system};
+    packages = eachSystem (system: let
+      pkgs = nixpkgs.legacyPackages.${system};
+    in rec {
+      hcpy-raw = dream2nix.lib.evalModules {
+        packageSets.nixpkgs = pkgs;
        modules = [
          ./package.nix
          {
@@ -29,6 +30,10 @@
          }
        ];
      };
+
+      hcpy = pkgs.callPackage ./wrapper.nix {inherit hcpy-raw;};
+
+      default = hcpy;
    });
  };
 }
--- a/wrapper.nix
+++ b/wrapper.nix
@@ -0,0 +1,67 @@
+{
+  pkgs,
+  hcpy-raw,
+  ...
+}:
+pkgs.writeShellApplication rec {
+  name = "hcpy";
+  runtimeInputs = with pkgs; [gnugrep coreutils-full];
+  text = ''
+    #/ Usage: ${name} <ACTION> [ARGUMENTS] [OPTIONS]
+    #/
+    #/ This is a very, very beta interface for Bosch-Siemens Home Connect
+    #/ devices through their local network connection.  Unlike most
+    #/ IoT devices that have a reputation for very bad security, BSG seem to have
+    #/ done a decent job of designing their system, especially since
+    #/ they allow a no-cloud local control configuration.  The protocols
+    #/ seem sound, use well tested cryptographic libraries (TLS PSK with
+    #/ modern ciphres) or well understood primitives (AES-CBC with HMAC),
+    #/ and should prevent most any random attacker on your network from being able to
+    #/ [take over your appliances to mine cryptocurrency](http://www.antipope.org/charlie/blog-static/2013/12/trust-me.html).
+    #/
+    #/ Actions:
+    #/ - login <USERNAME> <PASSWORD> <OUTPUT-FILE> - initializes the JSON <OUTPUT-FILE> which contains a list of devices assigned to specified account.
+    #/ - run                                       - starts the bridge connection between appliances and MQTT broker
+    #/
+    #/ Options for 'run' action:
+    #/   -d, --devices_file - file generated by "login" action, default="config/devices.json"
+    #/   -h, --mqtt_host    - MQTT broker host, default="localhost"
+    #/   -p, --mqtt_prefix  - MQTT broker prefix, default="homeconnect/"
+    #/   --mqtt_port        - MQTT broker port, default=1883
+    #/   --mqtt_username    - MQTT client username
+    #/   --mqtt_password    - MQTT client password
+    #/   --mqtt_ssl         - use SSL connection to MQTT broker
+    #/   --mqtt_cafile      - CA certifications file for SSL connection
+    #/   --mqtt_certfile    - certification file for SSL connection
+    #/   --mqtt_keyfile     - certification key file for SSL connection
+    #/   --mqtt_clientname" - name of MQTT broker client, default="hcpy1"
+    #/   --domain_suffix    - the suffix of the domain, default=""
+    #/   --debug/--no-debug - enable debug mode
+    #/   --ha-discovery     - enable HomeAssistant discovery
+
+    usage() { grep '^#/' "''${BASH_SOURCE[0]}" | cut -c4- ; exit 0 ; }
+    expr "$*" : ".*--help" > /dev/null && usage
+
+    if [ "$#" -eq 0 ]; then
+      echo "Expected action: login or run." >&2;
+      usage
+    fi
+
+    action="$1";
+    shift;
+
+    case "$action" in
+      login)
+        exec ${hcpy-raw}/bin/hc-login "$@";
+        ;;
+
+      run)
+        exec ${hcpy-raw}/bin/hc2mqtt "$@";
+        ;;
+
+      *)
+        echo "Expected action: login or run." >&2;
+        usage
+    esac
+  '';
+}