Loading nixos/modules/services/security/paretosecurity.nix +14 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,17 @@ # dependencies here. This creates the necessary symlinks in the proper locations. systemd.sockets.paretosecurity.wantedBy = [ "sockets.target" ]; # In NixOS, systemd services are configured with minimal PATH. However, # paretosecurity helper looks for installed software to do its job, so # it needs the full system PATH. For example, it runs `iptables` to see if # firewall is configured. And it looks for various password managers to see # if one is installed. # The `paretosecurity-user` timer service that is configured lower has # the same need. systemd.services.paretosecurity.serviceConfig.Environment = [ "PATH=${config.system.path}/bin:${config.system.path}/sbin" ]; # Enable the tray icon and timer services if the trayIcon option is enabled systemd.user = lib.mkIf config.services.paretosecurity.trayIcon { services.paretosecurity-trayicon = { Loading @@ -31,6 +42,9 @@ }; services.paretosecurity-user = { wantedBy = [ "graphical-session.target" ]; serviceConfig.Environment = [ "PATH=${config.system.path}/bin:${config.system.path}/sbin" ]; }; timers.paretosecurity-user = { wantedBy = [ "timers.target" ]; Loading nixos/tests/paretosecurity.nix +9 −2 Original line number Diff line number Diff line Loading @@ -29,6 +29,8 @@ package = patchedPareto; }; networking.firewall.enable = true; }; nodes.dashboard = Loading Loading @@ -64,6 +66,12 @@ services.displayManager.autoLogin = { enable = true; user = "alice"; }; virtualisation.resolution = { x = 640; y = 480; }; environment.systemPackages = [ pkgs.xdotool ]; Loading Loading @@ -94,7 +102,6 @@ + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed + " --skip 2e46c89a-5461-4865-a92e-3b799c12034a" # Firewall is enabled + "'" ) Loading @@ -117,7 +124,7 @@ ]: status, out = xfce.systemctl("is-enabled " + unit, "alice") assert status == 0, f"Unit {unit} is not enabled (status: {status}): {out}" xfce.succeed("xdotool mousemove 850 10") xfce.succeed("xdotool mousemove 460 10") xfce.wait_for_text("Pareto Security") xfce.succeed("xdotool click 1") xfce.wait_for_text("Run Checks") Loading pkgs/by-name/pa/paretosecurity/package.nix +3 −3 Original line number Diff line number Diff line Loading @@ -9,16 +9,16 @@ buildGoModule rec { pname = "paretosecurity"; version = "0.0.96"; version = "0.1.3"; src = fetchFromGitHub { owner = "ParetoSecurity"; repo = "agent"; rev = version; hash = "sha256-SyeIGSDvrnOvyOJ0zC8CulpaMa+iZeRaMTJUSydz2tw="; hash = "sha256-ovyfHqLCf5U3UR1HfoA+UQhqLZ6IaILcpqptPRQsb60="; }; vendorHash = "sha256-O/OF3Y6HiiikMxf657k9eIM7UfkicIImAUxVVf/TgR8="; vendorHash = "sha256-7mKAFkKGpBOjXc3J/sfF3k3pJF53tFybXZgbfJInuSY="; proxyVendor = true; ldflags = [ Loading Loading
nixos/modules/services/security/paretosecurity.nix +14 −0 Original line number Diff line number Diff line Loading @@ -24,6 +24,17 @@ # dependencies here. This creates the necessary symlinks in the proper locations. systemd.sockets.paretosecurity.wantedBy = [ "sockets.target" ]; # In NixOS, systemd services are configured with minimal PATH. However, # paretosecurity helper looks for installed software to do its job, so # it needs the full system PATH. For example, it runs `iptables` to see if # firewall is configured. And it looks for various password managers to see # if one is installed. # The `paretosecurity-user` timer service that is configured lower has # the same need. systemd.services.paretosecurity.serviceConfig.Environment = [ "PATH=${config.system.path}/bin:${config.system.path}/sbin" ]; # Enable the tray icon and timer services if the trayIcon option is enabled systemd.user = lib.mkIf config.services.paretosecurity.trayIcon { services.paretosecurity-trayicon = { Loading @@ -31,6 +42,9 @@ }; services.paretosecurity-user = { wantedBy = [ "graphical-session.target" ]; serviceConfig.Environment = [ "PATH=${config.system.path}/bin:${config.system.path}/sbin" ]; }; timers.paretosecurity-user = { wantedBy = [ "timers.target" ]; Loading
nixos/tests/paretosecurity.nix +9 −2 Original line number Diff line number Diff line Loading @@ -29,6 +29,8 @@ package = patchedPareto; }; networking.firewall.enable = true; }; nodes.dashboard = Loading Loading @@ -64,6 +66,12 @@ services.displayManager.autoLogin = { enable = true; user = "alice"; }; virtualisation.resolution = { x = 640; y = 480; }; environment.systemPackages = [ pkgs.xdotool ]; Loading Loading @@ -94,7 +102,6 @@ + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed + " --skip 2e46c89a-5461-4865-a92e-3b799c12034a" # Firewall is enabled + "'" ) Loading @@ -117,7 +124,7 @@ ]: status, out = xfce.systemctl("is-enabled " + unit, "alice") assert status == 0, f"Unit {unit} is not enabled (status: {status}): {out}" xfce.succeed("xdotool mousemove 850 10") xfce.succeed("xdotool mousemove 460 10") xfce.wait_for_text("Pareto Security") xfce.succeed("xdotool click 1") xfce.wait_for_text("Run Checks") Loading
pkgs/by-name/pa/paretosecurity/package.nix +3 −3 Original line number Diff line number Diff line Loading @@ -9,16 +9,16 @@ buildGoModule rec { pname = "paretosecurity"; version = "0.0.96"; version = "0.1.3"; src = fetchFromGitHub { owner = "ParetoSecurity"; repo = "agent"; rev = version; hash = "sha256-SyeIGSDvrnOvyOJ0zC8CulpaMa+iZeRaMTJUSydz2tw="; hash = "sha256-ovyfHqLCf5U3UR1HfoA+UQhqLZ6IaILcpqptPRQsb60="; }; vendorHash = "sha256-O/OF3Y6HiiikMxf657k9eIM7UfkicIImAUxVVf/TgR8="; vendorHash = "sha256-7mKAFkKGpBOjXc3J/sfF3k3pJF53tFybXZgbfJInuSY="; proxyVendor = true; ldflags = [ Loading
