···

       
12
       
 
       
  options.services.paretosecurity = {

     

       
13
       
 
       
    enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper";

     

       
14
       
 
       
    package = lib.mkPackageOption pkgs "paretosecurity" { };

     

       
15
       
-
       
    trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity";

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
16
       
 
       
  };

     

       
17
       
 
       


     

       
18
       
 
       
  config = lib.mkIf cfg.enable {

     

···

       
12
       
 
       
  options.services.paretosecurity = {

     

       
13
       
 
       
    enable = lib.mkEnableOption "[ParetoSecurity](https://paretosecurity.com) [agent](https://github.com/ParetoSecurity/agent) and its root helper";

     

       
14
       
 
       
    package = lib.mkPackageOption pkgs "paretosecurity" { };

     

       
15
       
+
       
    trayIcon = lib.mkOption {

     

       
16
       
+
       
      type = lib.types.bool;

     

       
17
       
+
       
      default = true;

     

       
18
       
+
       
      description = "Set to false to disable the tray icon and run as a CLI tool only.";

     

       
19
       
+
       
    };

     

       
20
       
 
       
  };

     

       
21
       
 
       


     

       
22
       
 
       
  config = lib.mkIf cfg.enable {

     

···

       
46
       
 
       
    {

     

       
47
       
 
       
      imports = [ ./common/user-account.nix ];

     

       
48
       
 
       


     

       
49
       
-
       
      services.paretosecurity = {

     

       
50
       
-
       
        enable = true;

     

       
51
       
-
       
        trayIcon = true;

     

       
52
       
-
       
      };

     

       
53
       
 
       


     

       
54
       
 
       
      services.xserver.enable = true;

     

       
55
       
 
       
      services.xserver.displayManager.lightdm.enable = true;

     
···

       
119
       
 
       
    xfce.wait_for_text("Pareto Security")

     

       
120
       
 
       
    xfce.succeed("xdotool click 1")

     

       
121
       
 
       
    xfce.wait_for_text("Run Checks")

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
122
       
 
       
  '';

     

       
123
       
 
       
}

     

···

       
46
       
 
       
    {

     

       
47
       
 
       
      imports = [ ./common/user-account.nix ];

     

       
48
       
 
       


     

       
49
       
+
       
      services.paretosecurity.enable = true;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
50
       
 
       


     

       
51
       
 
       
      services.xserver.enable = true;

     

       
52
       
 
       
      services.xserver.displayManager.lightdm.enable = true;

     
···

       
116
       
 
       
    xfce.wait_for_text("Pareto Security")

     

       
117
       
 
       
    xfce.succeed("xdotool click 1")

     

       
118
       
 
       
    xfce.wait_for_text("Run Checks")

     

       
119
       
+
       


     

       
120
       
+
       
    # Test 5: paretosecurity:// URL handler is registered

     

       
121
       
+
       
    xfce.succeed("su - alice -c 'xdg-open paretosecurity://foo'")

     

       
122
       
+
       


     

       
123
       
+
       
    # Test 6: Desktop entry

     

       
124
       
+
       
    xfce.succeed("xdotool mousemove 10 10")

     

       
125
       
+
       
    xfce.succeed("xdotool click 1")  # hide the tray icon window

     

       
126
       
+
       
    xfce.succeed("xdotool click 1")  # show the Applications menu

     

       
127
       
+
       
    xfce.succeed("xdotool mousemove 10 200")

     

       
128
       
+
       
    xfce.succeed("xdotool click 1")

     

       
129
       
+
       
    xfce.wait_for_text("Pareto Security")

     

       
130
       
 
       
  '';

     

       
131
       
 
       
}

     

···

       
17
       
 
       
    webkitgtk_4_1

     

       
18
       
 
       
  ];

     

       
19
       
 
       
  pname = "paretosecurity";

     

       
20
       
-
       
  version = "0.1.9";

     

       
21
       
 
       


     

       
22
       
 
       
  src = fetchFromGitHub {

     

       
23
       
 
       
    owner = "ParetoSecurity";

     

       
24
       
 
       
    repo = "agent";

     

       
25
       
 
       
    rev = finalAttrs.version;

     

       
26
       
-
       
    hash = "sha256-KJs4xC3EtGG4116UE+oIEwAMcuDWIm9gqgZY+Bv14ac=";

     

       
27
       
 
       
  };

     

       
28
       
 
       


     

       
29
       
-
       
  vendorHash = "sha256-3plpvwLe32AsGuVzdM2fSmTPkKwRFmhi651NEIRdOxw=";

     

       
30
       
 
       
  proxyVendor = true;

     

       
31
       
 
       


     

       
32
       
 
       
  ldflags = [

     
···

       
51
       
 
       
    install -Dm444 ${finalAttrs.src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service

     

       
52
       
 
       
    substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \

     

       
53
       
 
       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
54
       
 
       
  '';

     

       
55
       
 
       


     

       
56
       
 
       
  passthru.tests = {

     
···

       
74
       
 
       
      root helper that allows you to run the checker in userspace. Some checks

     

       
75
       
 
       
      require root permissions, and the checker asks the helper to run those.

     

       
76
       
 
       


     

       
77
       
-
       
      Additionally, if you enable `services.paretosecurity.trayIcon`, you get a

     

       
78
       
-
       
      little Vilfredo Pareto living in your systray showing your the current

     

       
79
       
-
       
      status of checks. This will also enable a systemd timer to update the

     

       
80
       
-
       
      status of checks once per hour.

     

       
0
       
 
       

     

       
81
       
 
       


     

       
82
       
 
       
      Finally, you can run `paretosecurity link` to configure the agent

     

       
83
       
 
       
      to send the status of checks to https://dash.paretosecurity.com to make

     

···

       
17
       
 
       
    webkitgtk_4_1

     

       
18
       
 
       
  ];

     

       
19
       
 
       
  pname = "paretosecurity";

     

       
20
       
+
       
  version = "0.2.12";

     

       
21
       
 
       


     

       
22
       
 
       
  src = fetchFromGitHub {

     

       
23
       
 
       
    owner = "ParetoSecurity";

     

       
24
       
 
       
    repo = "agent";

     

       
25
       
 
       
    rev = finalAttrs.version;

     

       
26
       
+
       
    hash = "sha256-skBxDPC+C8JU1CW6g3SA2C4IawaoPzVi8pdl5BCutUY=";

     

       
27
       
 
       
  };

     

       
28
       
 
       


     

       
29
       
+
       
  vendorHash = "sha256-YnyACP/hJYxi4AWMwr0We4YUTbWwahKAIYN6RnHmzls=";

     

       
30
       
 
       
  proxyVendor = true;

     

       
31
       
 
       


     

       
32
       
 
       
  ldflags = [

     
···

       
51
       
 
       
    install -Dm444 ${finalAttrs.src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service

     

       
52
       
 
       
    substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \

     

       
53
       
 
       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"

     

       
54
       
+
       


     

       
55
       
+
       
    # Install .desktop files

     

       
56
       
+
       
    install -Dm444 ${finalAttrs.src}/apt/ParetoSecurity.desktop $out/share/applications/ParetoSecurity.desktop

     

       
57
       
+
       
    substituteInPlace $out/share/applications/ParetoSecurity.desktop \

     

       
58
       
+
       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"

     

       
59
       
+
       
    install -Dm444 ${finalAttrs.src}/apt/ParetoSecurityLink.desktop $out/share/applications/ParetoSecurityLink.desktop

     

       
60
       
+
       
    substituteInPlace $out/share/applications/ParetoSecurityLink.desktop \

     

       
61
       
+
       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"

     

       
62
       
+
       


     

       
63
       
+
       
    # Install icon

     

       
64
       
+
       
    install -Dm444 ${finalAttrs.src}/assets/icon.png $out/share/icons/hicolor/512x512/apps/ParetoSecurity.png

     

       
65
       
 
       
  '';

     

       
66
       
 
       


     

       
67
       
 
       
  passthru.tests = {

     
···

       
85
       
 
       
      root helper that allows you to run the checker in userspace. Some checks

     

       
86
       
 
       
      require root permissions, and the checker asks the helper to run those.

     

       
87
       
 
       


     

       
88
       
+
       
      Additionally, using the NixOS module gets you a little Vilfredo Pareto

     

       
89
       
+
       
      living in your systray showing your the current status of checks. The

     

       
90
       
+
       
      NixOS Module also installs a systemd timer to update the status of checks

     

       
91
       
+
       
      once per hour. If you want to use just the CLI mode, set

     

       
92
       
+
       
      `services.paretosecurity.trayIcon` to `false`.

     

       
93
       
 
       


     

       
94
       
 
       
      Finally, you can run `paretosecurity link` to configure the agent

     

       
95
       
 
       
      to send the status of checks to https://dash.paretosecurity.com to make