From e983d9f571f6f90e2a57dc24a7e8bba7404bb63a Mon Sep 17 00:00:00 2001
From: Moritz Vogel <moritzv7@gmail.com>
Date: Fri, 1 Nov 2024 00:16:49 +0100
Subject: [PATCH] nixos/ebusd: fix device access

---
 nixos/modules/services/home-automation/ebusd.nix | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/home-automation/ebusd.nix b/nixos/modules/services/home-automation/ebusd.nix
index b04da56b6d14cb..1adfaea4979958 100644
--- a/nixos/modules/services/home-automation/ebusd.nix
+++ b/nixos/modules/services/home-automation/ebusd.nix
@@ -155,7 +155,11 @@ in
 
   config =
     let
-      usesDev = lib.hasPrefix "/" cfg.device;
+      usesDev = lib.any (prefix: lib.hasPrefix prefix cfg.device) [
+        "/"
+        "ens:/"
+        "enh:/"
+      ];
     in
     lib.mkIf cfg.enable {
       systemd.services.ebusd = {
@@ -200,7 +204,9 @@ in
 
           # Hardening
           CapabilityBoundingSet = "";
-          DeviceAllow = lib.optionals usesDev [ cfg.device ];
+          DeviceAllow = lib.optionals usesDev [
+            (lib.removePrefix "ens:" (lib.removePrefix "enh:" cfg.device))
+          ];
           DevicePolicy = "closed";
           LockPersonality = true;
           MemoryDenyWriteExecute = false;