2025-03-17 22:56:10 +00:00
|
|
|
{ lib, ... }:
|
|
|
|
{
|
|
|
|
name = "paretosecurity";
|
|
|
|
meta.maintainers = [ lib.maintainers.zupo ];
|
|
|
|
|
2025-03-20 23:32:49 +00:00
|
|
|
nodes.terminal =
|
2025-03-22 21:47:35 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
let
|
|
|
|
# Create a patched version of the package that points to the local dashboard
|
|
|
|
# for easier testing
|
|
|
|
patchedPareto = pkgs.paretosecurity.overrideAttrs (oldAttrs: {
|
|
|
|
postPatch = ''
|
|
|
|
substituteInPlace team/report.go \
|
|
|
|
--replace 'const reportURL = "https://dash.paretosecurity.com"' \
|
|
|
|
'const reportURL = "http://dashboard"'
|
|
|
|
'';
|
|
|
|
});
|
|
|
|
in
|
2025-03-17 22:56:10 +00:00
|
|
|
{
|
2025-03-20 23:32:49 +00:00
|
|
|
imports = [ ./common/user-account.nix ];
|
|
|
|
|
2025-03-22 21:47:35 +00:00
|
|
|
services.paretosecurity = {
|
|
|
|
enable = true;
|
|
|
|
package = patchedPareto;
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
nodes.dashboard =
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts."dashboard" = {
|
|
|
|
locations."/api/v1/team/".extraConfig = ''
|
|
|
|
add_header Content-Type application/json;
|
|
|
|
return 200 '{"message": "Linked device."}';
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
2025-03-20 23:32:49 +00:00
|
|
|
};
|
2025-03-20 17:07:29 +00:00
|
|
|
|
2025-03-20 23:32:49 +00:00
|
|
|
nodes.xfce =
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
|
|
imports = [ ./common/user-account.nix ];
|
|
|
|
|
|
|
|
services.paretosecurity = {
|
|
|
|
enable = true;
|
|
|
|
trayIcon = true;
|
2025-03-20 17:07:29 +00:00
|
|
|
};
|
2025-03-20 23:32:49 +00:00
|
|
|
|
|
|
|
services.xserver.enable = true;
|
|
|
|
services.xserver.displayManager.lightdm.enable = true;
|
|
|
|
services.xserver.desktopManager.xfce.enable = true;
|
|
|
|
|
|
|
|
services.displayManager.autoLogin = {
|
|
|
|
enable = true;
|
|
|
|
user = "alice";
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.systemPackages = [ pkgs.xdotool ];
|
|
|
|
environment.variables.XAUTHORITY = "/home/alice/.Xauthority";
|
|
|
|
|
2025-03-17 22:56:10 +00:00
|
|
|
};
|
|
|
|
|
2025-03-20 23:32:49 +00:00
|
|
|
enableOCR = true;
|
|
|
|
|
2025-03-17 22:56:10 +00:00
|
|
|
testScript = ''
|
2025-03-22 21:47:35 +00:00
|
|
|
# start networking
|
|
|
|
for m in [terminal, dashboard]:
|
|
|
|
m.systemctl("start network-online.target")
|
|
|
|
m.wait_for_unit("network-online.target")
|
|
|
|
|
|
|
|
# paretosecurity expects .config to exist
|
|
|
|
terminal.succeed("su -- alice -c 'mkdir /home/alice/.config'")
|
|
|
|
|
2025-03-20 23:32:49 +00:00
|
|
|
terminal.succeed(
|
2025-03-20 17:07:29 +00:00
|
|
|
"su -- alice -c 'paretosecurity check"
|
|
|
|
# Disable some checks that need intricate test setup so that this test
|
|
|
|
# remains simple and fast. Tests for all checks and edge cases available
|
|
|
|
# at https://github.com/ParetoSecurity/agent/tree/main/test/integration
|
|
|
|
+ " --skip c96524f2-850b-4bb9-abc7-517051b6c14e" # SecureBoot
|
|
|
|
+ " --skip 37dee029-605b-4aab-96b9-5438e5aa44d8" # Screen lock
|
|
|
|
+ " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption
|
|
|
|
+ " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date
|
|
|
|
+ " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed
|
|
|
|
+ "'"
|
|
|
|
)
|
2025-03-20 23:32:49 +00:00
|
|
|
|
2025-03-22 21:47:35 +00:00
|
|
|
terminal.succeed("su -- alice -c 'paretosecurity link"
|
|
|
|
+ " paretosecurity://enrollTeam/?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9."
|
|
|
|
+ "eyJ0b2tlbiI6ImR1bW15LXRva2VuIiwidGVhbUlEIjoiZHVtbXktdGVhbS1pZCIsImlhdCI6"
|
|
|
|
+ "MTcwMDAwMDAwMCwiZXhwIjoxOTAwMDAwMDAwfQ.WgnL6_S0EBJHwF1wEVUG8GtIcoVvK5IjWbZpUeZr4Qw'")
|
|
|
|
|
|
|
|
config = terminal.succeed("cat /home/alice/.config/pareto.toml")
|
|
|
|
assert 'AuthToken = "dummy-token"' in config
|
|
|
|
assert 'TeamID = "dummy-team-id"' in config
|
|
|
|
|
2025-03-20 23:32:49 +00:00
|
|
|
xfce.wait_for_x()
|
|
|
|
xfce.succeed("xdotool mousemove 850 10")
|
|
|
|
xfce.wait_for_text("Pareto Security")
|
|
|
|
xfce.succeed("xdotool click 1")
|
|
|
|
xfce.wait_for_text("Run Checks")
|
2025-03-17 22:56:10 +00:00
|
|
|
'';
|
|
|
|
}
|