From 8ab7fc11076373fee3e5cc842176e6fb8c5705b3 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 25 Apr 2021 14:44:51 +0200
Subject: [PATCH] nixos/tests/home-assistant: test capability passing

Configures the emulated_hue component and expects CAP_NET_BIND_SERVICE
to be passed in order to be able to bind to 80/tcp.

Also print the systemd security analysis, so we can spot changes more
quickly.
---
 nixos/tests/home-assistant.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/nixos/tests/home-assistant.nix b/nixos/tests/home-assistant.nix
index 3b7295324a1..2224403961e 100644
--- a/nixos/tests/home-assistant.nix
+++ b/nixos/tests/home-assistant.nix
@@ -47,6 +47,10 @@ in {
           payload_on = "let_there_be_light";
           payload_off = "off";
         }];
+        emulated_hue = {
+          host_ip = "127.0.0.1";
+          listen_port = 80;
+        };
         logger = {
           default = "info";
           logs."homeassistant.components.mqtt" = "debug";
@@ -82,6 +86,9 @@ in {
         hass.succeed(
             "mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"
         )
+    with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
+        hass.wait_for_open_port(80)
+        hass.succeed("curl --fail http://localhost:80/description.xml")
     with subtest("Print log to ease debugging"):
         output_log = hass.succeed("cat ${configDir}/home-assistant.log")
         print("\n### home-assistant.log ###\n")
@@ -93,5 +100,8 @@ in {
     # example line: 2020-06-20 10:01:32 DEBUG (MainThread) [homeassistant.components.mqtt] Received message on home-assistant/test: b'let_there_be_light'
     with subtest("Check we received the mosquitto message"):
         assert "let_there_be_light" in output_log
+
+    with subtest("Check systemd unit hardening"):
+        hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
   '';
 })