movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

nixos/home-assistant: update hardening

Browse source 
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
This commit is contained in:
Martin Weinelt 2021-06-16 21:31:24 +02:00
parent 14c798bc16
commit 36659d1efa
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
2 changed files with 54 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/tests/home-assistant.nix
View file

@ -45,6 +45,7 @@ in {
payload_on = "let_there_be_light";
payload_off = "off";
}];
# tests component-based capability assignment (CAP_NET_BIND_SERVICE)
emulated_hue = {
host_ip = "127.0.0.1";
listen_port = 80;
@ -100,6 +101,7 @@ in {
assert "let_there_be_light" in output_log
with subtest("Check systemd unit hardening"):
hass.log(hass.succeed("systemctl show home-assistant.service"))
hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
'';
})