Loading nixos/modules/services/security/paretosecurity.nix +8 −0 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ options.services.paretosecurity = { enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; package = lib.mkPackageOption pkgs "paretosecurity" { }; trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity"; }; config = lib.mkIf config.services.paretosecurity.enable { Loading Loading @@ -39,5 +40,12 @@ }; }; systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { wantedBy = [ "graphical-session.target" ]; serviceConfig = { ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; }; }; }; } nixos/tests/paretosecurity.nix +34 −5 Original line number Diff line number Diff line Loading @@ -3,20 +3,43 @@ name = "paretosecurity"; meta.maintainers = [ lib.maintainers.zupo ]; nodes.machine = nodes.terminal = { config, pkgs, ... }: { imports = [ ./common/user-account.nix ]; services.paretosecurity.enable = true; }; users.users.alice = { isNormalUser = true; nodes.xfce = { config, pkgs, ... }: { imports = [ ./common/user-account.nix ]; services.paretosecurity = { enable = true; trayIcon = true; }; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.xfce.enable = true; services.displayManager.autoLogin = { enable = true; user = "alice"; }; environment.systemPackages = [ pkgs.xdotool ]; environment.variables.XAUTHORITY = "/home/alice/.Xauthority"; }; enableOCR = true; testScript = '' machine.succeed( terminal.succeed( "su -- alice -c 'paretosecurity check" # Disable some checks that need intricate test setup so that this test # remains simple and fast. Tests for all checks and edge cases available # at https://github.com/ParetoSecurity/agent/tree/main/test/integration Loading @@ -27,5 +50,11 @@ + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed + "'" ) xfce.wait_for_x() xfce.succeed("xdotool mousemove 850 10") xfce.wait_for_text("Pareto Security") xfce.succeed("xdotool click 1") xfce.wait_for_text("Run Checks") ''; } pkgs/by-name/pa/paretosecurity/package.nix +8 −4 Original line number Diff line number Diff line Loading @@ -9,16 +9,16 @@ buildGoModule rec { pname = "paretosecurity"; version = "0.0.89"; version = "0.0.91"; src = fetchFromGitHub { owner = "ParetoSecurity"; repo = "agent"; rev = version; hash = "sha256-qZMJFrkHRurUvltDVubyfol5IHKxfyDbNE2XFo/KXF8="; hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; }; vendorHash = "sha256-HReQu23sHLaxc5N8h2vYv64ruJPmY4HM9whAEKV+3Eo="; vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; proxyVendor = true; subPackages = [ Loading Loading @@ -53,7 +53,11 @@ buildGoModule rec { root helper, so that you can run the checker in userspace. Some checks require root permissions, and the checker asks the helper to run those. Additionally, you can run `paretosecurity link` to configure the agent Additionally, if you enable `services.paretosecurity.trayIcon`, you get a little Vilfredo Pareto living in your systray showing your the current status of checks. Finally, you can run `paretosecurity link` to configure the agent to send the status of checks to https://dash.paretosecurity.com to make compliance people happy. No sending happens until your device is linked. ''; Loading Loading
nixos/modules/services/security/paretosecurity.nix +8 −0 Original line number Diff line number Diff line Loading @@ -9,6 +9,7 @@ options.services.paretosecurity = { enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; package = lib.mkPackageOption pkgs "paretosecurity" { }; trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity"; }; config = lib.mkIf config.services.paretosecurity.enable { Loading Loading @@ -39,5 +40,12 @@ }; }; systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { wantedBy = [ "graphical-session.target" ]; serviceConfig = { ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; }; }; }; }
nixos/tests/paretosecurity.nix +34 −5 Original line number Diff line number Diff line Loading @@ -3,20 +3,43 @@ name = "paretosecurity"; meta.maintainers = [ lib.maintainers.zupo ]; nodes.machine = nodes.terminal = { config, pkgs, ... }: { imports = [ ./common/user-account.nix ]; services.paretosecurity.enable = true; }; users.users.alice = { isNormalUser = true; nodes.xfce = { config, pkgs, ... }: { imports = [ ./common/user-account.nix ]; services.paretosecurity = { enable = true; trayIcon = true; }; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.xfce.enable = true; services.displayManager.autoLogin = { enable = true; user = "alice"; }; environment.systemPackages = [ pkgs.xdotool ]; environment.variables.XAUTHORITY = "/home/alice/.Xauthority"; }; enableOCR = true; testScript = '' machine.succeed( terminal.succeed( "su -- alice -c 'paretosecurity check" # Disable some checks that need intricate test setup so that this test # remains simple and fast. Tests for all checks and edge cases available # at https://github.com/ParetoSecurity/agent/tree/main/test/integration Loading @@ -27,5 +50,11 @@ + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed + "'" ) xfce.wait_for_x() xfce.succeed("xdotool mousemove 850 10") xfce.wait_for_text("Pareto Security") xfce.succeed("xdotool click 1") xfce.wait_for_text("Run Checks") ''; }
pkgs/by-name/pa/paretosecurity/package.nix +8 −4 Original line number Diff line number Diff line Loading @@ -9,16 +9,16 @@ buildGoModule rec { pname = "paretosecurity"; version = "0.0.89"; version = "0.0.91"; src = fetchFromGitHub { owner = "ParetoSecurity"; repo = "agent"; rev = version; hash = "sha256-qZMJFrkHRurUvltDVubyfol5IHKxfyDbNE2XFo/KXF8="; hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; }; vendorHash = "sha256-HReQu23sHLaxc5N8h2vYv64ruJPmY4HM9whAEKV+3Eo="; vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; proxyVendor = true; subPackages = [ Loading Loading @@ -53,7 +53,11 @@ buildGoModule rec { root helper, so that you can run the checker in userspace. Some checks require root permissions, and the checker asks the helper to run those. Additionally, you can run `paretosecurity link` to configure the agent Additionally, if you enable `services.paretosecurity.trayIcon`, you get a little Vilfredo Pareto living in your systray showing your the current status of checks. Finally, you can run `paretosecurity link` to configure the agent to send the status of checks to https://dash.paretosecurity.com to make compliance people happy. No sending happens until your device is linked. ''; Loading
