commit 3a67e6d2d9c4dddbca731bf660d188710bcc3816 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

paretosecurity: 0.1.9 -> 0.2.12 (#401384)

authored by Domen Kožar and committed by GitHub 9 months ago 3a67e6d2 96a57ba7

+36 -12

3 changed files

expand all

unified split

nixos

modules

services

security

paretosecurity.nix

tests

paretosecurity.nix

pkgs

by-name

paretosecurity

package.nix

+5 -1

nixos/modules/services/security/paretosecurity.nix

··· 12 options.services.paretosecurity = { 13 enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; 14 package = lib.mkPackageOption pkgs "paretosecurity" { }; 15 - trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity"; 16 }; 17 18 config = lib.mkIf cfg.enable {

··· 12 options.services.paretosecurity = { 13 enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; 14 package = lib.mkPackageOption pkgs "paretosecurity" { }; 15 + trayIcon = lib.mkOption { 16 + type = lib.types.bool; 17 + default = true; 18 + description = "Set to false to disable the tray icon and run as a CLI tool only."; 19 + }; 20 }; 21 22 config = lib.mkIf cfg.enable {

+12 -4

nixos/tests/paretosecurity.nix

··· 46 { 47 imports = [ ./common/user-account.nix ]; 48 49 - services.paretosecurity = { 50 - enable = true; 51 - trayIcon = true; 52 - }; 53 54 services.xserver.enable = true; 55 services.xserver.displayManager.lightdm.enable = true; ··· 119 xfce.wait_for_text("Pareto Security") 120 xfce.succeed("xdotool click 1") 121 xfce.wait_for_text("Run Checks") 122 ''; 123 }

··· 46 { 47 imports = [ ./common/user-account.nix ]; 48 49 + services.paretosecurity.enable = true; 50 51 services.xserver.enable = true; 52 services.xserver.displayManager.lightdm.enable = true; ··· 116 xfce.wait_for_text("Pareto Security") 117 xfce.succeed("xdotool click 1") 118 xfce.wait_for_text("Run Checks") 119 + 120 + # Test 5: paretosecurity:// URL handler is registered 121 + xfce.succeed("su - alice -c 'xdg-open paretosecurity://foo'") 122 + 123 + # Test 6: Desktop entry 124 + xfce.succeed("xdotool mousemove 10 10") 125 + xfce.succeed("xdotool click 1") # hide the tray icon window 126 + xfce.succeed("xdotool click 1") # show the Applications menu 127 + xfce.succeed("xdotool mousemove 10 200") 128 + xfce.succeed("xdotool click 1") 129 + xfce.wait_for_text("Pareto Security") 130 ''; 131 }

+19 -7

pkgs/by-name/pa/paretosecurity/package.nix

··· 17 webkitgtk_4_1 18 ]; 19 pname = "paretosecurity"; 20 - version = "0.1.9"; 21 22 src = fetchFromGitHub { 23 owner = "ParetoSecurity"; 24 repo = "agent"; 25 rev = finalAttrs.version; 26 - hash = "sha256-KJs4xC3EtGG4116UE+oIEwAMcuDWIm9gqgZY+Bv14ac="; 27 }; 28 29 - vendorHash = "sha256-3plpvwLe32AsGuVzdM2fSmTPkKwRFmhi651NEIRdOxw="; 30 proxyVendor = true; 31 32 ldflags = [ ··· 51 install -Dm444 ${finalAttrs.src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service 52 substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \ 53 --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 54 ''; 55 56 passthru.tests = { ··· 74 root helper that allows you to run the checker in userspace. Some checks 75 require root permissions, and the checker asks the helper to run those. 76 77 - Additionally, if you enable `services.paretosecurity.trayIcon`, you get a 78 - little Vilfredo Pareto living in your systray showing your the current 79 - status of checks. This will also enable a systemd timer to update the 80 - status of checks once per hour. 81 82 Finally, you can run `paretosecurity link` to configure the agent 83 to send the status of checks to https://dash.paretosecurity.com to make

··· 17 webkitgtk_4_1 18 ]; 19 pname = "paretosecurity"; 20 + version = "0.2.12"; 21 22 src = fetchFromGitHub { 23 owner = "ParetoSecurity"; 24 repo = "agent"; 25 rev = finalAttrs.version; 26 + hash = "sha256-skBxDPC+C8JU1CW6g3SA2C4IawaoPzVi8pdl5BCutUY="; 27 }; 28 29 + vendorHash = "sha256-YnyACP/hJYxi4AWMwr0We4YUTbWwahKAIYN6RnHmzls="; 30 proxyVendor = true; 31 32 ldflags = [ ··· 51 install -Dm444 ${finalAttrs.src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service 52 substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \ 53 --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 54 + 55 + # Install .desktop files 56 + install -Dm444 ${finalAttrs.src}/apt/ParetoSecurity.desktop $out/share/applications/ParetoSecurity.desktop 57 + substituteInPlace $out/share/applications/ParetoSecurity.desktop \ 58 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 59 + install -Dm444 ${finalAttrs.src}/apt/ParetoSecurityLink.desktop $out/share/applications/ParetoSecurityLink.desktop 60 + substituteInPlace $out/share/applications/ParetoSecurityLink.desktop \ 61 + --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity" 62 + 63 + # Install icon 64 + install -Dm444 ${finalAttrs.src}/assets/icon.png $out/share/icons/hicolor/512x512/apps/ParetoSecurity.png 65 ''; 66 67 passthru.tests = { ··· 85 root helper that allows you to run the checker in userspace. Some checks 86 require root permissions, and the checker asks the helper to run those. 87 88 + Additionally, using the NixOS module gets you a little Vilfredo Pareto 89 + living in your systray showing your the current status of checks. The 90 + NixOS Module also installs a systemd timer to update the status of checks 91 + once per hour. If you want to use just the CLI mode, set 92 + `services.paretosecurity.trayIcon` to `false`. 93 94 Finally, you can run `paretosecurity link` to configure the agent 95 to send the status of checks to https://dash.paretosecurity.com to make