nixos/tests/home-assistant: add comments & reformat

This commit is contained in:
Martin Weinelt 2022-01-30 02:29:45 +01:00
parent 9896247fb6
commit 05640ec19d
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759

View File

@ -10,6 +10,7 @@ in {
nodes.hass = { pkgs, ... }: { nodes.hass = { pkgs, ... }: {
environment.systemPackages = with pkgs; [ mosquitto ]; environment.systemPackages = with pkgs; [ mosquitto ];
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
listeners = [ { listeners = [ {
@ -21,14 +22,18 @@ in {
}; };
} ]; } ];
}; };
services.home-assistant = { services.home-assistant = {
inherit configDir;
enable = true; enable = true;
inherit configDir;
# tests loading components by overriding the package
package = (pkgs.home-assistant.override { package = (pkgs.home-assistant.override {
extraComponents = [ "zha" ]; extraComponents = [ "zha" ];
}).overrideAttrs (oldAttrs: { }).overrideAttrs (oldAttrs: {
doInstallCheck = false; doInstallCheck = false;
}); });
config = { config = {
homeassistant = { homeassistant = {
name = "Home"; name = "Home";
@ -37,34 +42,56 @@ in {
longitude = "0.0"; longitude = "0.0";
elevation = 0; elevation = 0;
}; };
# we can't load default_config, because the updater requires
# network access and would cause an error, so load frontend
# here explicitly.
# https://www.home-assistant.io/integrations/frontend/
frontend = {}; frontend = {};
# configure an mqtt broker connection
# https://www.home-assistant.io/integrations/mqtt
mqtt = { mqtt = {
broker = "127.0.0.1"; broker = "127.0.0.1";
username = mqttUsername; username = mqttUsername;
password = mqttPassword; password = mqttPassword;
}; };
binary_sensor = [{
# create a mqtt sensor that syncs state with its mqtt topic
# https://www.home-assistant.io/integrations/sensor.mqtt/
binary_sensor = [ {
platform = "mqtt"; platform = "mqtt";
state_topic = "home-assistant/test"; state_topic = "home-assistant/test";
payload_on = "let_there_be_light"; payload_on = "let_there_be_light";
payload_off = "off"; payload_off = "off";
}]; } ];
# set up a wake-on-lan switch to test capset capability required
# for the ping suid wrapper
# https://www.home-assistant.io/integrations/wake_on_lan/
wake_on_lan = {}; wake_on_lan = {};
switch = [{ switch = [ {
platform = "wake_on_lan"; platform = "wake_on_lan";
mac = "00:11:22:33:44:55"; mac = "00:11:22:33:44:55";
host = "127.0.0.1"; host = "127.0.0.1";
}]; } ];
# tests component-based capability assignment (CAP_NET_BIND_SERVICE)
# test component-based capability assignment (CAP_NET_BIND_SERVICE)
# https://www.home-assistant.io/integrations/emulated_hue/
emulated_hue = { emulated_hue = {
host_ip = "127.0.0.1"; host_ip = "127.0.0.1";
listen_port = 80; listen_port = 80;
}; };
# show mqtt interaction in the log
# https://www.home-assistant.io/integrations/logger/
logger = { logger = {
default = "info"; default = "info";
logs."homeassistant.components.mqtt" = "debug"; logs."homeassistant.components.mqtt" = "debug";
}; };
}; };
# configure the sample lovelace dashboard
lovelaceConfig = { lovelaceConfig = {
title = "My Awesome Home"; title = "My Awesome Home";
views = [{ views = [{
@ -82,33 +109,38 @@ in {
testScript = '' testScript = ''
start_all() start_all()
hass.wait_for_unit("home-assistant.service") hass.wait_for_unit("home-assistant.service")
with subtest("Check that YAML configuration file is in place"): with subtest("Check that YAML configuration file is in place"):
hass.succeed("test -L ${configDir}/configuration.yaml") hass.succeed("test -L ${configDir}/configuration.yaml")
with subtest("lovelace config is copied because lovelaceConfigWritable = true"):
with subtest("Check the lovelace config is copied because lovelaceConfigWritable = true"):
hass.succeed("test -f ${configDir}/ui-lovelace.yaml") hass.succeed("test -f ${configDir}/ui-lovelace.yaml")
with subtest("Check that Home Assistant's web interface and API can be reached"): with subtest("Check that Home Assistant's web interface and API can be reached"):
hass.wait_until_succeeds("journalctl -u home-assistant.service | grep -q 'Home Assistant initialized in'")
hass.wait_for_open_port(8123) hass.wait_for_open_port(8123)
hass.succeed("curl --fail http://localhost:8123/lovelace") hass.succeed("curl --fail http://localhost:8123/lovelace")
with subtest("Toggle a binary sensor using MQTT"): with subtest("Toggle a binary sensor using MQTT"):
hass.wait_for_open_port(1883) hass.wait_for_open_port(1883)
hass.succeed( hass.succeed(
"mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light" "mosquitto_pub -V mqttv5 -t home-assistant/test -u ${mqttUsername} -P '${mqttPassword}' -m let_there_be_light"
) )
with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"): with subtest("Check that capabilities are passed for emulated_hue to bind to port 80"):
hass.wait_for_open_port(80) hass.wait_for_open_port(80)
hass.succeed("curl --fail http://localhost:80/description.xml") hass.succeed("curl --fail http://localhost:80/description.xml")
with subtest("Check extra components are considered in systemd unit hardening"): with subtest("Check extra components are considered in systemd unit hardening"):
hass.succeed("systemctl show -p DeviceAllow home-assistant.service | grep -q char-ttyUSB") hass.succeed("systemctl show -p DeviceAllow home-assistant.service | grep -q char-ttyUSB")
with subtest("Print log to ease debugging"): with subtest("Print log to ease debugging"):
output_log = hass.succeed("cat ${configDir}/home-assistant.log") output_log = hass.succeed("cat ${configDir}/home-assistant.log")
print("\n### home-assistant.log ###\n") print("\n### home-assistant.log ###\n")
print(output_log + "\n") print(output_log + "\n")
# wait for home-assistant to fully boot
hass.sleep(30)
hass.wait_for_unit("home-assistant.service")
with subtest("Check that no errors were logged"): with subtest("Check that no errors were logged"):
assert "ERROR" not in output_log assert "ERROR" not in output_log
@ -117,7 +149,7 @@ in {
assert "let_there_be_light" in output_log assert "let_there_be_light" in output_log
with subtest("Check systemd unit hardening"): with subtest("Check systemd unit hardening"):
hass.log(hass.succeed("systemctl show home-assistant.service")) hass.log(hass.succeed("systemctl cat home-assistant.service"))
hass.log(hass.succeed("systemd-analyze security home-assistant.service")) hass.log(hass.succeed("systemd-analyze security home-assistant.service"))
''; '';
}) })