pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / tests / paretosecurity.nix
at master 3.5 kB view raw
1{ lib, ... }: 2{ 3 name = "paretosecurity"; 4 meta.maintainers = [ lib.maintainers.zupo ]; 5 6 nodes.terminal = 7 { pkgs, ... }: 8 { 9 imports = [ ./common/user-account.nix ]; 10 11 services.paretosecurity.enable = true; 12 services.paretosecurity.users.alice.inviteId = "test-invite-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"; 13 }; 14 15 nodes.xfce = 16 { pkgs, ... }: 17 { 18 imports = [ ./common/user-account.nix ]; 19 20 services.paretosecurity.enable = true; 21 22 services.xserver.enable = true; 23 services.xserver.displayManager.lightdm.enable = true; 24 services.xserver.desktopManager.xfce.enable = true; 25 26 services.displayManager.autoLogin = { 27 enable = true; 28 user = "alice"; 29 30 }; 31 32 virtualisation.resolution = { 33 x = 640; 34 y = 480; 35 }; 36 37 environment.systemPackages = [ pkgs.xdotool ]; 38 environment.variables.XAUTHORITY = "/home/alice/.Xauthority"; 39 }; 40 41 enableOCR = true; 42 43 testScript = '' 44 # Test setup 45 terminal.succeed("su - alice -c 'mkdir -p /home/alice/.config'") 46 terminal.systemctl("start network-online.target") 47 terminal.wait_for_unit("network-online.target") 48 49 with subtest("Test the systemd socket is installed & enabled"): 50 terminal.succeed('systemctl is-enabled paretosecurity.socket') 51 52 with subtest("Test running checks"): 53 terminal.succeed( 54 "su - alice -c 'paretosecurity check" 55 # Disable some checks that need intricate test setup so that this test 56 # remains simple and fast. Tests for all checks and edge cases available 57 # at https://github.com/ParetoSecurity/agent/tree/main/test/integration 58 + " --skip c96524f2-850b-4bb9-abc7-517051b6c14e" # SecureBoot 59 + " --skip 37dee029-605b-4aab-96b9-5438e5aa44d8" # Screen lock 60 + " --skip 21830a4e-84f1-48fe-9c5b-beab436b2cdb" # Disk encryption 61 + " --skip 44e4754a-0b42-4964-9cc2-b88b2023cb1e" # Pareto Security is up to date 62 + " --skip f962c423-fdf5-428a-a57a-827abc9b253e" # Password manager installed 63 + "'" 64 ) 65 66 with subtest("Test linking to Pareto Cloud"): 67 # The linking service will fail because there is no Internet, 68 # but we can check that it tried 69 terminal.succeed('systemctl list-units --type=service | grep paretosecurity-link-alice') 70 terminal.succeed('journalctl -u paretosecurity-link-alice.service | grep "Linking device to Pareto Cloud for user alice"') 71 72 with subtest("Test 3: Test the tray icon"): 73 xfce.wait_for_x() 74 for unit in [ 75 'paretosecurity-trayicon', 76 'paretosecurity-user', 77 'paretosecurity-user.timer' 78 ]: 79 status, out = xfce.systemctl("is-enabled " + unit, "alice") 80 assert status == 0, f"Unit {unit} is not enabled (status: {status}): {out}" 81 xfce.succeed("xdotool mousemove 460 10") 82 xfce.wait_for_text("Pareto Security") 83 xfce.succeed("xdotool click 1") 84 xfce.wait_for_text("Run Checks") 85 86 with subtest("Test 4: Desktop entry"): 87 xfce.succeed("xdotool mousemove 10 10") 88 xfce.succeed("xdotool click 1") # hide the tray icon window 89 xfce.succeed("xdotool click 1") # show the Applications menu 90 xfce.succeed("xdotool mousemove 10 200") 91 xfce.succeed("xdotool click 1") 92 xfce.wait_for_text("Pareto Security") 93 94 with subtest("Test 5: paretosecurity:// URL handler is registered"): 95 xfce.succeed("su - alice -c 'xdg-open paretosecurity://foo'") 96 ''; 97}