| 8 Jul 2021 |
 @hexa:lossy.network | meh, I want a home-assistant staging branch 😫 | 12:44:30 |
 CRTified | In reply to @etu:semi.social
That was previously discussed here I think instantepiphany was the one who wanted to start such a project and wrote a feature list for a MVP here. Maybe some dedicated channel or GH project or something might make sense sooner than expected, just to have a location to keep track of this - even if it's only thinking about ideas and concepts | 12:32:00 |
 Mic92 (Old) | hexa: I don't think anything is stopping you from it. | 12:49:14 |
| @hexa:lossy.network | yup, true | 12:49:53 |
| @hexa:lossy.network | Fabian Affolter, dotlambda: there is now a home-assistat branch you can target | 12:54:27 |
| @hexa:lossy.network | or … well. push to. | 12:54:37 |
 iclanzan | In reply to @hexa:lossy.network
for the serial access for zwave I'll provide the fix with todays update I am using the original zwave integration. Let me know when the fix lands. | 13:56:25 |
| @hexa:lossy.network | iclanzan: this is the fix fwiw: https://github.com/NixOS/nixpkgs/pull/129644/commits/d57f643a434f3cd3a65f89268a40075845bea04c | 13:57:04 |
| iclanzan | Thanks! Do you have any ideas of what I could prod at next regarding the file permission issue? | 13:59:07 |
| @hexa:lossy.network | I'm not sure what your setup is trying to do honestly | 14:00:11 |
| @hexa:lossy.network | but yeah, allowlist_external_dirs is required for ReadWritePaths | 14:02:15 |
| @hexa:lossy.network | maybe you can check the resulting systemd unit, whether it includes that path? systemctl cat home-assistant.service | 14:02:34 |
| iclanzan | The unit does include the path. My setup is that I have a directory with images, and in response to MQTT messages a specific image is being assigned to a camera entity using the local_file.update_file_path service. | 14:11:44 |
| iclanzan | Your zwave fix works for me! | 14:14:17 |
| @hexa:lossy.network | iclanzan: can you try to access the file using sudo -u hass <cmd>? | 14:48:35 |
| @hexa:lossy.network | things like ls, stat | 14:48:42 |
| @hexa:lossy.network | so we can find out if this is indeed hardening related | 14:48:52 |
| iclanzan | Bingo... I am getting a permission denied. | 14:51:32 |
| iclanzan | I can ls the folder but not individual images inside it. | 14:52:16 |
| iclanzan | The images are owned by hass:hass and have permission 644 though | 14:52:42 |
| iclanzan | Interestingly random images under /nix/store are accessible by the home-assistant.service. Shouldn’t hardening prevent that? | 14:58:37 |
| iclanzan | Fixed my issue! The folder was missing the execute permission 🤦♂️ | 15:11:23 |
| @hexa:lossy.network | awesome :) | 15:33:09 |
| @hexa:lossy.network | these things happening, and I'm amazed by the hardening actually being very comfortable and not breaking many things | 15:33:29 |
| @hexa:lossy.network | while taking your home-assistant configuration into consideration, so it can get even tighter depending on your use case | 15:33:51 |
| iclanzan | Found another regression. My ffmpeg camera streams are missing audio, at least in the front-end. Testing the ffmpeg command manually does produce a stream with audio... | 15:50:26 |
| @hexa:lossy.network | can you link the relevant component? | 15:53:17 |
| iclanzan | camera = [
{
platform = "ffmpeg";
name = "foo";
input = "-i ${cameraUrl}";
}
];
# in lovelaceConfig
cards = [
{
type = "picture-glance";
title = "Some title";
entities = [];
camera_image = "camera.foo";
}
];
| 15:58:04 |
| iclanzan | Clicking on the card opens a popover with the video stream, but it is lacking audio (and the audio toggle icon is disabled). | 15:59:12 |
| @hexa:lossy.network | and that camera is a local /dev/something? | 16:14:04 |
