pyrox.dev / nixpkgs
lol
fork atom

paretosecurity: 0.1.3 -> 0.1.9 (#397890)

Domen Kožar fee1e9db b8705839

options
unified split
Changed files
+63 -63
nixos
modules
services
security
paretosecurity.nix
tests
paretosecurity.nix
pkgs
by-name
pa
paretosecurity
package.nix
+16 -15
nixos/modules/services/security/paretosecurity.nix 
···

       
4

       
4

       
 

       
  pkgs,


     

       
5

       
5

       
 

       
  ...


     

       
6

       
6

       
 

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  cfg = config.services.paretosecurity;


     

       

       
9

       
+

       
in


     

       
7

       
10

       
 

       
{


     

       
8

       
11

       
 

       



     

       
9

       
12

       
 

       
  options.services.paretosecurity = {


     
···

       
12

       
15

       
 

       
    trayIcon = lib.mkEnableOption "tray icon for ParetoSecurity";


     

       
13

       
16

       
 

       
  };


     

       
14

       
17

       
 

       



     

       
15

       

       
-

       
  config = lib.mkIf config.services.paretosecurity.enable {


     

       
16

       

       
-

       
    environment.systemPackages = [ config.services.paretosecurity.package ];


     

       
17

       

       
-

       
    systemd.packages = [ config.services.paretosecurity.package ];


     

       

       
18

       
+

       
  config = lib.mkIf cfg.enable {


     

       

       
19

       
+

       
    environment.systemPackages = [ cfg.package ];


     

       

       
20

       
+

       
    systemd.packages = [ cfg.package ];


     

       
18

       
21

       
 

       



     

       
19

       
22

       
 

       
    # In traditional Linux distributions, systemd would read the [Install] section from


     

       
20

       
23

       
 

       
    # unit files and automatically create the appropriate symlinks to enable services.


     
···

       
36

       
39

       
 

       
    ];


     

       
37

       
40

       
 

       



     

       
38

       
41

       
 

       
    # Enable the tray icon and timer services if the trayIcon option is enabled


     

       
39

       

       
-

       
    systemd.user = lib.mkIf config.services.paretosecurity.trayIcon {


     

       
40

       

       
-

       
      services.paretosecurity-trayicon = {


     

       
41

       

       
-

       
        wantedBy = [ "graphical-session.target" ];


     

       

       
42

       
+

       
    systemd.user = lib.mkIf cfg.trayIcon {


     

       

       
43

       
+

       
      services = {


     

       

       
44

       
+

       
        paretosecurity-trayicon.wantedBy = [ "graphical-session.target" ];


     

       

       
45

       
+

       
        paretosecurity-user = {


     

       

       
46

       
+

       
          wantedBy = [ "graphical-session.target" ];


     

       

       
47

       
+

       
          serviceConfig.Environment = [


     

       

       
48

       
+

       
            "PATH=${config.system.path}/bin:${config.system.path}/sbin"


     

       

       
49

       
+

       
          ];


     

       

       
50

       
+

       
        };


     

       
42

       
51

       
 

       
      };


     

       
43

       

       
-

       
      services.paretosecurity-user = {


     

       
44

       

       
-

       
        wantedBy = [ "graphical-session.target" ];


     

       
45

       

       
-

       
        serviceConfig.Environment = [


     

       
46

       

       
-

       
          "PATH=${config.system.path}/bin:${config.system.path}/sbin"


     

       
47

       

       
-

       
        ];


     

       
48

       

       
-

       
      };


     

       
49

       

       
-

       
      timers.paretosecurity-user = {


     

       
50

       

       
-

       
        wantedBy = [ "timers.target" ];


     

       
51

       

       
-

       
      };


     

       

       
52

       
+

       
      timers.paretosecurity-user.wantedBy = [ "timers.target" ];


     

       
52

       
53

       
 

       
    };


     

       
53

       
54

       
 

       
  };


     

       
54

       
55

       
 

       
}
+25 -34
nixos/tests/paretosecurity.nix 
···

       
4

       
4

       
 

       
  meta.maintainers = [ lib.maintainers.zupo ];


     

       
5

       
5

       
 

       



     

       
6

       
6

       
 

       
  nodes.terminal =


     

       
7

       

       
-

       
    {


     

       
8

       

       
-

       
      config,


     

       
9

       

       
-

       
      pkgs,


     

       
10

       

       
-

       
      lib,


     

       
11

       

       
-

       
      ...


     

       
12

       

       
-

       
    }:


     

       
13

       

       
-

       
    let


     

       
14

       

       
-

       
      # Create a patched version of the package that points to the local dashboard


     

       
15

       

       
-

       
      # for easier testing


     

       
16

       

       
-

       
      patchedPareto = pkgs.paretosecurity.overrideAttrs (oldAttrs: {


     

       
17

       

       
-

       
        postPatch = ''


     

       
18

       

       
-

       
          substituteInPlace team/report.go \


     

       
19

       

       
-

       
            --replace-warn 'const reportURL = "https://dash.paretosecurity.com"' \


     

       
20

       

       
-

       
                           'const reportURL = "http://dashboard"'


     

       
21

       

       
-

       
        '';


     

       
22

       

       
-

       
      });


     

       
23

       

       
-

       
    in


     

       

       
7

       
+

       
    { pkgs, ... }:


     

       
24

       
8

       
 

       
    {


     

       
25

       
9

       
 

       
      imports = [ ./common/user-account.nix ];


     

       
26

       
10

       
 

       



     

       

       
11

       
+

       
      networking.firewall.enable = true;


     

       
27

       
12

       
 

       
      services.paretosecurity = {


     

       
28

       
13

       
 

       
        enable = true;


     

       
29

       

       
-

       
        package = patchedPareto;


     

       

       
14

       
+

       



     

       

       
15

       
+

       
        # Create a patched version of the package that points to the local dashboard


     

       

       
16

       
+

       
        # for easier testing


     

       

       
17

       
+

       
        package = pkgs.paretosecurity.overrideAttrs (oldAttrs: {


     

       

       
18

       
+

       
          postPatch =


     

       

       
19

       
+

       
            oldAttrs.postPatch or ""


     

       

       
20

       
+

       
            + ''


     

       

       
21

       
+

       
              substituteInPlace team/report.go \


     

       

       
22

       
+

       
                --replace-warn 'const reportURL = "https://dash.paretosecurity.com"' \


     

       

       
23

       
+

       
                               'const reportURL = "http://dashboard"'


     

       

       
24

       
+

       
            '';


     

       

       
25

       
+

       
        });


     

       
30

       
26

       
 

       
      };


     

       
31

       

       
-

       



     

       
32

       

       
-

       
      networking.firewall.enable = true;


     

       
33

       
27

       
 

       



     

       
34

       
28

       
 

       
    };


     

       
35

       
29

       
 

       



     

       
36

       

       
-

       
  nodes.dashboard =


     

       
37

       

       
-

       
    { config, pkgs, ... }:


     

       
38

       

       
-

       
    {


     

       
39

       

       
-

       
      networking.firewall.allowedTCPPorts = [ 80 ];


     

       

       
30

       
+

       
  nodes.dashboard = {


     

       

       
31

       
+

       
    networking.firewall.allowedTCPPorts = [ 80 ];


     

       
40

       
32

       
 

       



     

       
41

       

       
-

       
      services.nginx = {


     

       
42

       

       
-

       
        enable = true;


     

       
43

       

       
-

       
        virtualHosts."dashboard" = {


     

       
44

       

       
-

       
          locations."/api/v1/team/".extraConfig = ''


     

       
45

       

       
-

       
            add_header Content-Type application/json;


     

       
46

       

       
-

       
            return 200 '{"message": "Linked device."}';


     

       
47

       

       
-

       
          '';


     

       
48

       

       
-

       
        };


     

       

       
33

       
+

       
    services.nginx = {


     

       

       
34

       
+

       
      enable = true;


     

       

       
35

       
+

       
      virtualHosts."dashboard" = {


     

       

       
36

       
+

       
        locations."/api/v1/team/".extraConfig = ''


     

       

       
37

       
+

       
          add_header Content-Type application/json;


     

       

       
38

       
+

       
          return 200 '{"message": "Linked device."}';


     

       

       
39

       
+

       
        '';


     

       
49

       
40

       
 

       
      };


     

       
50

       
41

       
 

       
    };


     

       

       
42

       
+

       
  };


     

       
51

       
43

       
 

       



     

       
52

       
44

       
 

       
  nodes.xfce =


     

       
53

       

       
-

       
    { config, pkgs, ... }:


     

       

       
45

       
+

       
    { pkgs, ... }:


     

       
54

       
46

       
 

       
    {


     

       
55

       
47

       
 

       
      imports = [ ./common/user-account.nix ];


     

       
56

       
48

       
 

       



     
···

       
76

       
68

       
 

       



     

       
77

       
69

       
 

       
      environment.systemPackages = [ pkgs.xdotool ];


     

       
78

       
70

       
 

       
      environment.variables.XAUTHORITY = "/home/alice/.Xauthority";


     

       
79

       

       
-

       



     

       
80

       
71

       
 

       
    };


     

       
81

       
72

       
 

       



     

       
82

       
73

       
 

       
  enableOCR = true;
+22 -14
pkgs/by-name/pa/paretosecurity/package.nix 
···

       
5

       
5

       
 

       
  testers,


     

       
6

       
6

       
 

       
  paretosecurity,


     

       
7

       
7

       
 

       
  nixosTests,


     

       

       
8

       
+

       
  pkg-config,


     

       

       
9

       
+

       
  gtk3,


     

       

       
10

       
+

       
  webkitgtk_4_1,


     

       
8

       
11

       
 

       
}:


     

       
9

       
12

       
 

       



     

       
10

       

       
-

       
buildGoModule rec {


     

       

       
13

       
+

       
buildGoModule (finalAttrs: {


     

       

       
14

       
+

       
  nativeBuildInputs = [ pkg-config ];


     

       

       
15

       
+

       
  buildInputs = [


     

       

       
16

       
+

       
    gtk3


     

       

       
17

       
+

       
    webkitgtk_4_1


     

       

       
18

       
+

       
  ];


     

       
11

       
19

       
 

       
  pname = "paretosecurity";


     

       
12

       

       
-

       
  version = "0.1.3";


     

       

       
20

       
+

       
  version = "0.1.9";


     

       
13

       
21

       
 

       



     

       
14

       
22

       
 

       
  src = fetchFromGitHub {


     

       
15

       
23

       
 

       
    owner = "ParetoSecurity";


     

       
16

       
24

       
 

       
    repo = "agent";


     

       
17

       

       
-

       
    rev = version;


     

       
18

       

       
-

       
    hash = "sha256-ovyfHqLCf5U3UR1HfoA+UQhqLZ6IaILcpqptPRQsb60=";


     

       

       
25

       
+

       
    rev = finalAttrs.version;


     

       

       
26

       
+

       
    hash = "sha256-KJs4xC3EtGG4116UE+oIEwAMcuDWIm9gqgZY+Bv14ac=";


     

       
19

       
27

       
 

       
  };


     

       
20

       
28

       
 

       



     

       
21

       

       
-

       
  vendorHash = "sha256-7mKAFkKGpBOjXc3J/sfF3k3pJF53tFybXZgbfJInuSY=";


     

       

       
29

       
+

       
  vendorHash = "sha256-3plpvwLe32AsGuVzdM2fSmTPkKwRFmhi651NEIRdOxw=";


     

       
22

       
30

       
 

       
  proxyVendor = true;


     

       
23

       
31

       
 

       



     

       
24

       
32

       
 

       
  ldflags = [


     

       
25

       
33

       
 

       
    "-s"


     

       
26

       

       
-

       
    "-X=github.com/ParetoSecurity/agent/shared.Version=${version}"


     

       
27

       

       
-

       
    "-X=github.com/ParetoSecurity/agent/shared.Commit=${src.rev}"


     

       

       
34

       
+

       
    "-X=github.com/ParetoSecurity/agent/shared.Version=${finalAttrs.version}"


     

       

       
35

       
+

       
    "-X=github.com/ParetoSecurity/agent/shared.Commit=${finalAttrs.src.rev}"


     

       
28

       
36

       
 

       
    "-X=github.com/ParetoSecurity/agent/shared.Date=1970-01-01T00:00:00Z"


     

       
29

       
37

       
 

       
  ];


     

       
30

       
38

       
 

       



     

       
31

       
39

       
 

       
  postInstall = ''


     

       
32

       
40

       
 

       
    # Install global systemd files


     

       
33

       

       
-

       
    install -Dm400 ${src}/apt/paretosecurity.socket $out/lib/systemd/system/paretosecurity.socket


     

       
34

       

       
-

       
    install -Dm400 ${src}/apt/paretosecurity.service $out/lib/systemd/system/paretosecurity.service


     

       

       
41

       
+

       
    install -Dm400 ${finalAttrs.src}/apt/paretosecurity.socket $out/lib/systemd/system/paretosecurity.socket


     

       

       
42

       
+

       
    install -Dm400 ${finalAttrs.src}/apt/paretosecurity.service $out/lib/systemd/system/paretosecurity.service


     

       
35

       
43

       
 

       
    substituteInPlace $out/lib/systemd/system/paretosecurity.service \


     

       
36

       
44

       
 

       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"


     

       
37

       
45

       
 

       



     

       
38

       
46

       
 

       
    # Install user systemd files


     

       
39

       

       
-

       
    install -Dm444 ${src}/apt/paretosecurity-user.timer $out/lib/systemd/user/paretosecurity-user.timer


     

       
40

       

       
-

       
    install -Dm444 ${src}/apt/paretosecurity-user.service $out/lib/systemd/user/paretosecurity-user.service


     

       

       
47

       
+

       
    install -Dm444 ${finalAttrs.src}/apt/paretosecurity-user.timer $out/lib/systemd/user/paretosecurity-user.timer


     

       

       
48

       
+

       
    install -Dm444 ${finalAttrs.src}/apt/paretosecurity-user.service $out/lib/systemd/user/paretosecurity-user.service


     

       
41

       
49

       
 

       
    substituteInPlace $out/lib/systemd/user/paretosecurity-user.service \


     

       
42

       
50

       
 

       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"


     

       
43

       

       
-

       
    install -Dm444 ${src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service


     

       

       
51

       
+

       
    install -Dm444 ${finalAttrs.src}/apt/paretosecurity-trayicon.service $out/lib/systemd/user/paretosecurity-trayicon.service


     

       
44

       
52

       
 

       
    substituteInPlace $out/lib/systemd/user/paretosecurity-trayicon.service \


     

       
45

       
53

       
 

       
        --replace-fail "/usr/bin/paretosecurity" "$out/bin/paretosecurity"


     

       
46

       
54

       
 

       
  '';


     

       
47

       
55

       
 

       



     

       
48

       
56

       
 

       
  passthru.tests = {


     

       
49

       
57

       
 

       
    version = testers.testVersion {


     

       
50

       

       
-

       
      version = "${version}";


     

       

       
58

       
+

       
      inherit (finalAttrs) version;


     

       
51

       
59

       
 

       
      package = paretosecurity;


     

       
52

       
60

       
 

       
    };


     

       
53

       
61

       
 

       
    integration_test = nixosTests.paretosecurity;


     
···

       
80

       
88

       
 

       
    maintainers = with lib.maintainers; [ zupo ];


     

       
81

       
89

       
 

       
    mainProgram = "paretosecurity";


     

       
82

       
90

       
 

       
  };


     

       
83

       

       
-

       
}


     

       

       
91

       
+

       
})