From b2367dbdd10f025e793df41f25bb5a94d2325268 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 4 Aug 2022 12:23:21 +0200 Subject: nixos/home-assistant: update hardening for bluetooth components A larger number of bluetooth components were introduced in 2022.8.0. To make them work we need to add a hardening exception, so they can discover and use bluetooth devices. --- nixos/modules/services/home-automation/home-assistant.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/home-automation/home-assistant.nix b/nixos/modules/services/home-automation/home-assistant.nix index 6324965c621cf..2b81283836313 100644 --- a/nixos/modules/services/home-automation/home-assistant.nix +++ b/nixos/modules/services/home-automation/home-assistant.nix @@ -411,12 +411,12 @@ in { ; serviceConfig = let # List of capabilities to equip home-assistant with, depending on configured components - capabilities = [ + capabilities = lib.unique ([ # Empty string first, so we will never accidentally have an empty capability bounding set # https://github.com/NixOS/nixpkgs/issues/120617#issuecomment-830685115 "" - ] ++ (unique (optionals (useComponent "bluetooth_tracker" || useComponent "bluetooth_le_tracker") [ - # Required for interaction with hci devices and bluetooth sockets + ] ++ lib.optionals (builtins.any useComponent [ "bluetooth" "bluetooth_le_tracker" "bluetooth_tracker" "eq3btsmart" "fjaraskupan" "govee_ble" "homekit_controller" "inkbird" "moat" "sensorpush" "switchbot" "xiaomi_ble" ]) [ + # Required for interaction with hci devices and bluetooth sockets, identified by bluetooth-adapters dependency # https://www.home-assistant.io/integrations/bluetooth_le_tracker/#rootless-setup-on-core-installs "CAP_NET_ADMIN" "CAP_NET_RAW" @@ -429,7 +429,7 @@ in { "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" "CAP_NET_RAW" - ])); + ]); componentsUsingBluetooth = [ # Components that require the AF_BLUETOOTH address family "bluetooth_tracker" -- cgit 1.4.1