From 0c1feac497d4c8c9743cca5f7187515ff680a211 Mon Sep 17 00:00:00 2001
From: Moritz Vogel <moritzv7@gmail.com>
Date: Fri, 1 Nov 2024 00:16:49 +0100
Subject: [PATCH] nixos/ebusd: fix device access

---
 nixos/modules/services/home-automation/ebusd.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/home-automation/ebusd.nix b/nixos/modules/services/home-automation/ebusd.nix
index b04da56b6d14c..a0bff26e2ae3a 100644
--- a/nixos/modules/services/home-automation/ebusd.nix
+++ b/nixos/modules/services/home-automation/ebusd.nix
@@ -155,7 +155,11 @@ in
 
   config =
     let
-      usesDev = lib.hasPrefix "/" cfg.device;
+      usesDev = lib.any (prefix: lib.hasPrefix prefix cfg.device) [
+        "/"
+        "ens:/"
+        "enh:/"
+      ];
     in
     lib.mkIf cfg.enable {
       systemd.services.ebusd = {
@@ -200,12 +204,14 @@ in
 
           # Hardening
           CapabilityBoundingSet = "";
-          DeviceAllow = lib.optionals usesDev [ cfg.device ];
+          DeviceAllow = lib.optionals usesDev [
+            (lib.removePrefix "ens:" (lib.removePrefix "enh:" cfg.device))
+          ];
           DevicePolicy = "closed";
           LockPersonality = true;
           MemoryDenyWriteExecute = false;
           NoNewPrivileges = true;
-          PrivateDevices = usesDev;
+          PrivateDevices = !usesDev;
           PrivateUsers = true;
           PrivateTmp = true;
           ProtectClock = true;