2025-03-17 22:56:10 +00:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
options.services.paretosecurity = {
|
|
|
|
|
enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper";
|
|
|
|
|
package = lib.mkPackageOption pkgs "paretosecurity" { };
|
2025-03-20 23:32:49 +00:00
|
|
|
trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity";
|
2025-03-17 22:56:10 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf config.services.paretosecurity.enable {
|
|
|
|
|
environment.systemPackages = [ config.services.paretosecurity.package ];
|
|
|
|
|
|
|
|
|
|
systemd.sockets."paretosecurity" = {
|
|
|
|
|
wantedBy = [ "sockets.target" ];
|
|
|
|
|
socketConfig = {
|
|
|
|
|
ListenStream = "/var/run/paretosecurity.sock";
|
|
|
|
|
SocketMode = "0666";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services."paretosecurity" = {
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity helper";
|
|
|
|
|
User = "root";
|
|
|
|
|
Group = "root";
|
|
|
|
|
StandardInput = "socket";
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
RemainAfterExit = "no";
|
|
|
|
|
StartLimitInterval = "1s";
|
|
|
|
|
StartLimitBurst = 100;
|
|
|
|
|
ProtectSystem = "full";
|
|
|
|
|
ProtectHome = true;
|
|
|
|
|
StandardOutput = "journal";
|
|
|
|
|
StandardError = "journal";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-03-20 23:32:49 +00:00
|
|
|
systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon {
|
|
|
|
|
wantedBy = [ "graphical-session.target" ];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-03-17 22:56:10 +00:00
|
|
|
};
|
|
|
|
|
}
|
