From f07205812cc90d15bea0b06a313b1c6720416bb5 Mon Sep 17 00:00:00 2001
From: Neyts Zupan <zupo@users.noreply.github.com>
Date: Thu, 24 Apr 2025 11:12:40 +0100
Subject: [PATCH] paretosecurity: 0.1.9 -> 0.2.12

Also:
* enable tray icon by default when nixos module is enabled
* install desktop entry
* install paretosecurity:// URL handler
* install app icon
---
 .../services/security/paretosecurity.nix      |  6 ++++-
 nixos/tests/paretosecurity.nix                | 16 +++++++++---
 pkgs/by-name/pa/paretosecurity/package.nix    | 26 ++++++++++++++-----
 3 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/nixos/modules/services/security/paretosecurity.nix b/nixos/modules/services/security/paretosecurity.nix
index 822fe76ec6af..d942fe67c62a 100644
--- a/nixos/modules/services/security/paretosecurity.nix
+++ b/nixos/modules/services/security/paretosecurity.nix
@@ -12,7 +12,11 @@ in
   options.services.paretosecurity = {
     enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper";
     package = lib.mkPackageOption pkgs "paretosecurity" { };
-    trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity";
+    trayIcon = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Set to false to disable the tray icon and run as a CLI tool only.";
+    };
   };
 
   config = lib.mkIf cfg.enable {
diff --git a/nixos/tests/paretosecurity.nix b/nixos/tests/paretosecurity.nix
index 051903696119..bafdffaddecb 100644
--- a/nixos/tests/paretosecurity.nix
+++ b/nixos/tests/paretosecurity.nix
@@ -46,10 +46,7 @@
     {
       imports = [ ./common/user-account.nix ];
 
-      services.paretosecurity = {
-        enable = true;
-        trayIcon = true;
-      };
+      services.paretosecurity.enable = true;
 
       services.xserver.enable = true;
       services.xserver.displayManager.lightdm.enable = true;
@@ -119,5 +116,16 @@
     xfce.wait_for_text("Pareto Security")
     xfce.succeed("xdotool click 1")
     xfce.wait_for_text("Run Checks")
+
+    # Test 5: paretosecurity:// URL handler is registered
+    xfce.succeed("su - alice -c 'xdg-open paretosecurity://foo'")
+
+    # Test 6: Desktop entry
+    xfce.succeed("xdotool mousemove 10 10")
+    xfce.succeed("xdotool click 1")  # hide the tray icon window
+    xfce.succeed("xdotool click 1")  # show the Applications menu
+    xfce.succeed("xdotool mousemove 10 200")
+    xfce.succeed("xdotool click 1")
+    xfce.wait_for_text("Pareto Security")
   '';
 }
diff --git a/pkgs/by-name/pa/paretosecurity/package.nix b/pkgs/by-name/pa/paretosecurity/package.nix
index 65101cc442fd..ae4d21ec133e 100644
--- a/pkgs/by-name/pa/paretosecurity/package.nix
+++ b/pkgs/by-name/pa/paretosecurity/package.nix
@@ -17,16 +17,16 @@ buildGoModule (finalAttrs: {
     webkitgtk_4_1
   ];
   pname = "paretosecurity";
-  version = "0.1.9";
+  version = "0.2.12";
 
   src = fetchFromGitHub {
     owner = "ParetoSecurity";
     repo = "agent";
     rev = finalAttrs.version;
-    hash = "sha256-KJs4xC3EtGG4116UE+oIEwAMcuDWIm9gqgZY+Bv14ac=";
+    hash = "sha256-skBxDPC+C8JU1CW6g3SA2C4IawaoPzVi8pdl5BCutUY=";
   };
 
-  vendorHash = "sha256-3plpvwLe32AsGuVzdM2fSmTPkKwRFmhi651NEIRdOxw=";
+  vendorHash = "sha256-YnyACP/hJYxi4AWMwr0We4YUTbWwahKAIYN6RnHmzls=";
   proxyVendor = true;
 
   ldflags = [
@@ -51,6 +51,17 @@ buildGoModule (finalAttrs: {
     install -Dm444 ${finalAttrs.src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service
     substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \
         --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"
+
+    # Install .desktop files
+    install -Dm444 ${finalAttrs.src}/apt/ParetoSecurity.desktop $out/share/applications/ParetoSecurity.desktop
+    substituteInPlace $out/share/applications/ParetoSecurity.desktop \
+        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"
+    install -Dm444 ${finalAttrs.src}/apt/ParetoSecurityLink.desktop $out/share/applications/ParetoSecurityLink.desktop
+    substituteInPlace $out/share/applications/ParetoSecurityLink.desktop \
+        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"
+
+    # Install icon
+    install -Dm444 ${finalAttrs.src}/assets/icon.png $out/share/icons/hicolor/512x512/apps/ParetoSecurity.png
   '';
 
   passthru.tests = {
@@ -74,10 +85,11 @@ buildGoModule (finalAttrs: {
       root helper that allows you to run the checker in userspace. Some checks
       require root permissions, and the checker asks the helper to run those.
 
-      Additionally, if you enable `services.paretosecurity.trayIcon`, you get a
-      little Vilfredo Pareto living in your systray showing your the current
-      status of checks. This will also enable a systemd timer to update the
-      status of checks once per hour.
+      Additionally, using the NixOS module gets you a little Vilfredo Pareto
+      living in your systray showing your the current status of checks. The
+      NixOS Module also installs a systemd timer to update the status of checks
+      once per hour. If you want to use just the CLI mode, set
+      `services.paretosecurity.trayIcon` to `false`.
 
       Finally, you can run `paretosecurity link` to configure the agent
       to send the status of checks to https://dash.paretosecurity.com to make