diff options
Diffstat (limited to 'nixos/tests/home-assistant.nix')
| -rw-r--r-- | nixos/tests/home-assistant.nix | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index a93a28d877a..699be8fd7dc 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -1,4 +1,4 @@ -import ./make-test-python.nix ({ pkgs, ... }: +import ./make-test-python.nix ({ pkgs, lib, ... }: let configDir = "/var/lib/foobar"; @@ -6,17 +6,16 @@ let mqttPassword = "secret"; in { name = "home-assistant"; - meta = with pkgs.stdenv.lib; { - maintainers = with maintainers; [ dotlambda ]; - }; + meta.maintainers = lib.teams.home-assistant.members; nodes.hass = { pkgs, ... }: { environment.systemPackages = with pkgs; [ mosquitto ]; services.mosquitto = { enable = true; + checkPasswords = true; users = { "${mqttUsername}" = { - acl = [ "pattern readwrite #" ]; + acl = [ "topic readwrite #" ]; password = mqttPassword; }; }; @@ -44,6 +43,11 @@ in { payload_on = "let_there_be_light"; payload_off = "off"; }]; + # tests component-based capability assignment (CAP_NET_BIND_SERVICE) + emulated_hue = { + host_ip = "127.0.0.1"; + listen_port = 80; + }; logger = { default = "info"; logs."homeassistant.components.mqtt" = "debug"; @@ -75,13 +79,13 @@ in { hass.wait_for_open_port(8123) hass.succeed("curl --fail http://localhost:8123/lovelace") with subtest("Toggle a binary sensor using MQTT"): - # wait for broker to become available - hass.wait_until_succeeds( - "mosquitto_sub -V mqttv311 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -W 1 -t '*'" - ) + hass.wait_for_open_port(1883) hass.succeed( - "mosquitto_pub -V mqttv311 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light" + "mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light" ) + with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"): + hass.wait_for_open_port(80) + hass.succeed("curl --fail http://localhost:80/description.xml") with subtest("Print log to ease debugging"): output_log = hass.succeed("cat ${configDir}/home-assistant.log") print("\n### home-assistant.log ###\n") @@ -93,5 +97,9 @@ in { # example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light' with subtest("Check we received the mosquitto message"): assert "let_there_be_light" in output_log + + with subtest("Check systemd unit hardening"): + hass.log(hass.succeed("systemctl show home-assistant.service")) + hass.log(hass.succeed("systemd-analyze security home-assistant.service")) ''; }) |