summary refs log tree commit diff
path: root/nixos/tests/home-assistant.nix
diff options
context:
space:
mode:
authorMartin Weinelt <hexa@darmstadt.ccc.de>2021-06-16 21:31:24 +0200
committerMartin Weinelt <hexa@darmstadt.ccc.de>2021-06-16 21:31:24 +0200
commit36659d1efa4f745787026b5892f3f045293573ff (patch)
tree3985f2da7503a929da3d9a7a9ad4ca70284e37c0 /nixos/tests/home-assistant.nix
parent14c798bc16aa5d472e69eba60a5c32bba1aee0ed (diff)
downloadnixpkgs-36659d1efa4f745787026b5892f3f045293573ff.tar
nixpkgs-36659d1efa4f745787026b5892f3f045293573ff.tar.gz
nixpkgs-36659d1efa4f745787026b5892f3f045293573ff.tar.bz2
nixpkgs-36659d1efa4f745787026b5892f3f045293573ff.tar.lz
nixpkgs-36659d1efa4f745787026b5892f3f045293573ff.tar.xz
nixpkgs-36659d1efa4f745787026b5892f3f045293573ff.tar.zst
nixpkgs-36659d1efa4f745787026b5892f3f045293573ff.zip
nixos/home-assistant: update hardening
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
Diffstat (limited to 'nixos/tests/home-assistant.nix')
-rw-r--r--nixos/tests/home-assistant.nix2
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix
index c75dd248ecb..f8f8e9fd183 100644
--- a/nixos/tests/home-assistant.nix
+++ b/nixos/tests/home-assistant.nix
@@ -45,6 +45,7 @@ in {
           payload_on = "let_there_be_light";
           payload_off = "off";
         }];
+        # tests component-based capability assignment (CAP_NET_BIND_SERVICE)
         emulated_hue = {
           host_ip = "127.0.0.1";
           listen_port = 80;
@@ -100,6 +101,7 @@ in {
         assert "let_there_be_light" in output_log
 
     with subtest("Check systemd unit hardening"):
+        hass.log(hass.succeed("systemctl show home-assistant.service"))
         hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
   '';
 })
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-04 21:04:08 +0000