pyrox.dev / nixpkgs
lol
fork atom

paretosecurity: 0.0.89 -> 0.0.91, nixos/paretosecurity: add trayIcon option (#391799)

authored by Arian van Putten and committed by GitHub e4684ee5 4c153856

+50 -9
unified split
+8
nixos/modules/services/security/paretosecurity.nix
··· 9 options.services.paretosecurity = { 10 enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; 11 package = lib.mkPackageOption pkgs "paretosecurity" { }; 12 }; 13 14 config = lib.mkIf config.services.paretosecurity.enable { ··· 36 ProtectHome = true; 37 StandardOutput = "journal"; 38 StandardError = "journal"; 39 }; 40 }; 41
··· 9 options.services.paretosecurity = { 10 enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; 11 package = lib.mkPackageOption pkgs "paretosecurity" { }; 12 + trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity"; 13 }; 14 15 config = lib.mkIf config.services.paretosecurity.enable { ··· 37 ProtectHome = true; 38 StandardOutput = "journal"; 39 StandardError = "journal"; 40 + }; 41 + }; 42 + 43 + systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { 44 + wantedBy = [ "graphical-session.target" ]; 45 + serviceConfig = { 46 + ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; 47 }; 48 }; 49
+34 -5
nixos/tests/paretosecurity.nix
··· 3 name = "paretosecurity"; 4 meta.maintainers = [ lib.maintainers.zupo ]; 5 6 - nodes.machine = 7 { config, pkgs, ... }: 8 { 9 services.paretosecurity.enable = true; 10 11 - users.users.alice = { 12 - isNormalUser = true; 13 }; 14 }; 15 16 testScript = '' 17 - machine.succeed( 18 "su -- alice -c 'paretosecurity check" 19 - 20 # Disable some checks that need intricate test setup so that this test 21 # remains simple and fast. Tests for all checks and edge cases available 22 # at https://github.com/ParetoSecurity/agent/tree/main/test/integration ··· 27 + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed 28 + "'" 29 ) 30 ''; 31 }
··· 3 name = "paretosecurity"; 4 meta.maintainers = [ lib.maintainers.zupo ]; 5 6 + nodes.terminal = 7 { config, pkgs, ... }: 8 { 9 + imports = [ ./common/user-account.nix ]; 10 + 11 services.paretosecurity.enable = true; 12 + }; 13 + 14 + nodes.xfce = 15 + { config, pkgs, ... }: 16 + { 17 + imports = [ ./common/user-account.nix ]; 18 19 + services.paretosecurity = { 20 + enable = true; 21 + trayIcon = true; 22 + }; 23 + 24 + services.xserver.enable = true; 25 + services.xserver.displayManager.lightdm.enable = true; 26 + services.xserver.desktopManager.xfce.enable = true; 27 + 28 + services.displayManager.autoLogin = { 29 + enable = true; 30 + user = "alice"; 31 }; 32 + 33 + environment.systemPackages = [ pkgs.xdotool ]; 34 + environment.variables.XAUTHORITY = "/home/alice/.Xauthority"; 35 + 36 }; 37 + 38 + enableOCR = true; 39 40 testScript = '' 41 + terminal.succeed( 42 "su -- alice -c 'paretosecurity check" 43 # Disable some checks that need intricate test setup so that this test 44 # remains simple and fast. Tests for all checks and edge cases available 45 # at https://github.com/ParetoSecurity/agent/tree/main/test/integration ··· 50 + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed 51 + "'" 52 ) 53 + 54 + xfce.wait_for_x() 55 + xfce.succeed("xdotool mousemove 850 10") 56 + xfce.wait_for_text("Pareto Security") 57 + xfce.succeed("xdotool click 1") 58 + xfce.wait_for_text("Run Checks") 59 ''; 60 }
+8 -4
pkgs/by-name/pa/paretosecurity/package.nix
··· 9 10 buildGoModule rec { 11 pname = "paretosecurity"; 12 - version = "0.0.89"; 13 14 src = fetchFromGitHub { 15 owner = "ParetoSecurity"; 16 repo = "agent"; 17 rev = version; 18 - hash = "sha256-qZMJFrkHRurUvltDVubyfol5IHKxfyDbNE2XFo/KXF8="; 19 }; 20 21 - vendorHash = "sha256-HReQu23sHLaxc5N8h2vYv64ruJPmY4HM9whAEKV+3Eo="; 22 proxyVendor = true; 23 24 subPackages = [ ··· 53 root helper, so that you can run the checker in userspace. Some checks 54 require root permissions, and the checker asks the helper to run those. 55 56 - Additionally, you can run `paretosecurity link` to configure the agent 57 to send the status of checks to https://dash.paretosecurity.com to make 58 compliance people happy. No sending happens until your device is linked. 59 '';
··· 9 10 buildGoModule rec { 11 pname = "paretosecurity"; 12 + version = "0.0.91"; 13 14 src = fetchFromGitHub { 15 owner = "ParetoSecurity"; 16 repo = "agent"; 17 rev = version; 18 + hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; 19 }; 20 21 + vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; 22 proxyVendor = true; 23 24 subPackages = [ ··· 53 root helper, so that you can run the checker in userspace. Some checks 54 require root permissions, and the checker asks the helper to run those. 55 56 + Additionally, if you enable `services.paretosecurity.trayIcon`, you get a 57 + little Vilfredo Pareto living in your systray showing your the current 58 + status of checks. 59 + 60 + Finally, you can run `paretosecurity link` to configure the agent 61 to send the status of checks to https://dash.paretosecurity.com to make 62 compliance people happy. No sending happens until your device is linked. 63 '';