diff --git a/nixos/modules/services/security/paretosecurity.nix b/nixos/modules/services/security/paretosecurity.nix index 66d5258b3880..cfcb89fb8f62 100644 --- a/nixos/modules/services/security/paretosecurity.nix +++ b/nixos/modules/services/security/paretosecurity.nix @@ -9,6 +9,7 @@ options.services.paretosecurity = { enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper"; package = lib.mkPackageOption pkgs "paretosecurity" { }; + trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity"; }; config = lib.mkIf config.services.paretosecurity.enable { @@ -39,5 +40,12 @@ }; }; + systemd.user.services."paretosecurity-trayicon" = lib.mkIf config.services.paretosecurity.trayIcon { + wantedBy = [ "graphical-session.target" ]; + serviceConfig = { + ExecStart = "${config.services.paretosecurity.package}/bin/paretosecurity trayicon"; + }; + }; + }; } diff --git a/nixos/tests/paretosecurity.nix b/nixos/tests/paretosecurity.nix index f4866359bd72..176b6768270b 100644 --- a/nixos/tests/paretosecurity.nix +++ b/nixos/tests/paretosecurity.nix @@ -3,20 +3,43 @@ name = "paretosecurity"; meta.maintainers = [ lib.maintainers.zupo ]; - nodes.machine = + nodes.terminal = { config, pkgs, ... }: { - services.paretosecurity.enable = true; + imports = [ ./common/user-account.nix ]; - users.users.alice = { - isNormalUser = true; - }; + services.paretosecurity.enable = true; }; - testScript = '' - machine.succeed( - "su -- alice -c 'paretosecurity check" + nodes.xfce = + { config, pkgs, ... }: + { + imports = [ ./common/user-account.nix ]; + services.paretosecurity = { + enable = true; + trayIcon = true; + }; + + services.xserver.enable = true; + services.xserver.displayManager.lightdm.enable = true; + services.xserver.desktopManager.xfce.enable = true; + + services.displayManager.autoLogin = { + enable = true; + user = "alice"; + }; + + environment.systemPackages = [ pkgs.xdotool ]; + environment.variables.XAUTHORITY = "/home/alice/.Xauthority"; + + }; + + enableOCR = true; + + testScript = '' + terminal.succeed( + "su -- alice -c 'paretosecurity check" # Disable some checks that need intricate test setup so that this test # remains simple and fast. Tests for all checks and edge cases available # at https://github.com/ParetoSecurity/agent/tree/main/test/integration @@ -27,5 +50,11 @@ + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed + "'" ) + + xfce.wait_for_x() + xfce.succeed("xdotool mousemove 850 10") + xfce.wait_for_text("Pareto Security") + xfce.succeed("xdotool click 1") + xfce.wait_for_text("Run Checks") ''; } diff --git a/pkgs/by-name/pa/paretosecurity/package.nix b/pkgs/by-name/pa/paretosecurity/package.nix index 6a31b5b01783..824def6c114e 100644 --- a/pkgs/by-name/pa/paretosecurity/package.nix +++ b/pkgs/by-name/pa/paretosecurity/package.nix @@ -9,16 +9,16 @@ buildGoModule rec { pname = "paretosecurity"; - version = "0.0.89"; + version = "0.0.91"; src = fetchFromGitHub { owner = "ParetoSecurity"; repo = "agent"; rev = version; - hash = "sha256-qZMJFrkHRurUvltDVubyfol5IHKxfyDbNE2XFo/KXF8="; + hash = "sha256-/kGwV96Jp7U08jh/wPQMcoV48zQe9ixY7gpNdtFyOkk="; }; - vendorHash = "sha256-HReQu23sHLaxc5N8h2vYv64ruJPmY4HM9whAEKV+3Eo="; + vendorHash = "sha256-kGrYoN0dGcSuQW47Y4LUFdHQYAoY74NOM1LLPdhmLhc="; proxyVendor = true; subPackages = [ @@ -53,7 +53,11 @@ buildGoModule rec { root helper, so that you can run the checker in userspace. Some checks require root permissions, and the checker asks the helper to run those. - Additionally, you can run `paretosecurity link` to configure the agent + Additionally, if you enable `services.paretosecurity.trayIcon`, you get a + little Vilfredo Pareto living in your systray showing your the current + status of checks. + + Finally, you can run `paretosecurity link` to configure the agent to send the status of checks to https://dash.paretosecurity.com to make compliance people happy. No sending happens until your device is linked. '';