cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/home-assistant: allow capset with components using ping command

Browse source
This commit is contained in:
Martin Weinelt 2022-01-25 18:29:16 +01:00
parent a6e45b0893
commit d4061dcc6e
No known key found for this signature in database
GPG key ID: 87C1E9888F856759
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/services/misc/home-assistant.nix
View file

@ -278,6 +278,11 @@ in {
"bluetooth_tracker"
"bluetooth_le_tracker"
];
componentsUsingPing = [
# Components that require the capset syscall for the ping wrapper
"ping"
"wake_on_lan"
];
componentsUsingSerialDevices = [
# Components that require access to serial devices (/dev/tty*)
# List generated from home-assistant documentation:
@ -382,6 +387,8 @@ in {
SystemCallFilter = [
"@system-service"
"~@privileged"
] ++ optionals (any useComponent componentsUsingPing) [
"capset"
];
UMask = "0077";
};