diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-06-16 21:31:24 +0200 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2021-06-16 21:31:24 +0200 |
commit | 36659d1efa4f745787026b5892f3f045293573ff (patch) | |
tree | 3985f2da7503a929da3d9a7a9ad4ca70284e37c0 /nixos/tests | |
parent | 14c798bc16aa5d472e69eba60a5c32bba1aee0ed (diff) | |
download | nixlib-36659d1efa4f745787026b5892f3f045293573ff.tar nixlib-36659d1efa4f745787026b5892f3f045293573ff.tar.gz nixlib-36659d1efa4f745787026b5892f3f045293573ff.tar.bz2 nixlib-36659d1efa4f745787026b5892f3f045293573ff.tar.lz nixlib-36659d1efa4f745787026b5892f3f045293573ff.tar.xz nixlib-36659d1efa4f745787026b5892f3f045293573ff.tar.zst nixlib-36659d1efa4f745787026b5892f3f045293573ff.zip |
nixos/home-assistant: update hardening
This makes access to serial devices contingent on using certain components and restricts the default setup even further.
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/home-assistant.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix index c75dd248ecb3..f8f8e9fd183f 100644 --- a/nixos/tests/home-assistant.nix +++ b/nixos/tests/home-assistant.nix @@ -45,6 +45,7 @@ in { payload_on = "let_there_be_light"; payload_off = "off"; }]; + # tests component-based capability assignment (CAP_NET_BIND_SERVICE) emulated_hue = { host_ip = "127.0.0.1"; listen_port = 80; @@ -100,6 +101,7 @@ in { assert "let_there_be_light" in output_log with subtest("Check systemd unit hardening"): + hass.log(hass.succeed("systemctl show home-assistant.service")) hass.log(hass.succeed("systemd-analyze security home-assistant.service")) ''; }) |