nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 06:53:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/intune: init

Browse Source
This commit is contained in:
Rhys Davies 2023-03-17 21:39:03 +13:00
parent 3f81c313c6
commit 295a32a6b1
No known key found for this signature in database
6 changed files with 96 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/module-list.nix
View File

@ -1201,6 +1201,7 @@
./services/security/hologram-agent.nix ./services/security/hologram-agent.nix
./services/security/hologram-server.nix ./services/security/hologram-server.nix
./services/security/infnoise.nix ./services/security/infnoise.nix
./services/security/intune.nix
./services/security/jitterentropy-rngd.nix ./services/security/jitterentropy-rngd.nix
./services/security/kanidm.nix ./services/security/kanidm.nix
./services/security/munge.nix ./services/security/munge.nix

32
nixos/modules/services/security/intune.nix Normal file
View File

@ -0,0 +1,32 @@
{ config
, pkgs
, lib
, ...
}:
let
cfg = config.services.intune;
in
{
options.services.intune = {
enable = lib.mkEnableOption (lib.mdDoc "Microsoft Intune");
};
config = lib.mkIf cfg.enable {
users.users.microsoft-identity-broker = {
group = "microsoft-identity-broker";
isSystemUser = true;
};
users.groups.microsoft-identity-broker = { };
environment.systemPackages = [ pkgs.microsoft-identity-broker pkgs.intune-portal ];
systemd.packages = [ pkgs.microsoft-identity-broker pkgs.intune-portal ];
systemd.tmpfiles.packages = [ pkgs.intune-portal ];
services.dbus.packages = [ pkgs.microsoft-identity-broker ];
};
meta = {
maintainers = with lib.maintainers; [ rhysmdnz ];
};
}

1
nixos/tests/all-tests.nix
View File

@ -425,6 +425,7 @@ in {
inspircd = handleTest ./inspircd.nix {}; inspircd = handleTest ./inspircd.nix {};
installer = handleTest ./installer.nix {}; installer = handleTest ./installer.nix {};
installer-systemd-stage-1 = handleTest ./installer-systemd-stage-1.nix {}; installer-systemd-stage-1 = handleTest ./installer-systemd-stage-1.nix {};
intune = handleTest ./intune.nix {};
invoiceplane = handleTest ./invoiceplane.nix {}; invoiceplane = handleTest ./invoiceplane.nix {};
iodine = handleTest ./iodine.nix {}; iodine = handleTest ./iodine.nix {};
ipv6 = handleTest ./ipv6.nix {}; ipv6 = handleTest ./ipv6.nix {};

56
nixos/tests/intune.nix Normal file
View File

@ -0,0 +1,56 @@
import ./make-test-python.nix ({ pkgs, ...} : {
name = "intune";
meta = {
maintainers = with pkgs.lib.maintainers; [ rhysmdnz ];
};
enableOCR = true;
nodes.machine =
{ nodes, ... }:
let user = nodes.machine.users.users.alice;
in {
services.intune.enable=true;
services.gnome.gnome-keyring.enable = true;
imports = [ ./common/user-account.nix ./common/x11.nix ];
test-support.displayManager.auto.user = user.name;
environment = {
variables.DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${builtins.toString user.uid}/bus";
};
};
nodes.pam =
{ nodes, ... }:
let user = nodes.machine.users.users.alice;
in {
services.intune.enable=true;
imports = [ ./common/user-account.nix ];
};
testScript = ''
start_all()
# Check System Daemons successfully start
machine.succeed("systemctl start microsoft-identity-device-broker.service")
machine.succeed("systemctl start intune-daemon.service")
# Check User Daemons and intune-portal execurtable works
# Going any further than starting it would require internet access and a microsoft account
machine.wait_for_x()
# TODO: This needs an unlocked user keychain before it will work
#machine.succeed("su - alice -c 'systemctl start --user microsoft-identity-broker.service'")
machine.succeed("su - alice -c 'systemctl start --user intune-agent.service'")
machine.succeed("su - alice -c intune-portal >&2 &")
machine.wait_for_text("Intune Agent")
# Check logging in creates password file
def login_as_alice():
pam.wait_until_tty_matches("1", "login: ")
pam.send_chars("alice\n")
pam.wait_until_tty_matches("1", "Password: ")
pam.send_chars("foobar\n")
pam.wait_until_tty_matches("1", "alice\@pam")
pam.wait_for_unit("multi-user.target")
login_as_alice()
pam.wait_for_file("/run/intune/1000/pwquality")
'';
})

6
pkgs/by-name/in/intune-portal/package.nix
View File

@ -19,6 +19,7 @@
, msalsdk-dbusclient , msalsdk-dbusclient
, pam , pam
, dbus , dbus
, nixosTests
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "intune-portal"; pname = "intune-portal";
@ -97,7 +98,10 @@ stdenv.mkDerivation rec {
# Without this network requests fail # Without this network requests fail
dontPatchELF = true; dontPatchELF = true;
passthru.updateScript = ./update.sh; passthru = {
updateScript = ./update.sh;
tests = { inherit (nixosTests) intune; };
};
meta = with lib; { meta = with lib; {
description = "Microsoft Intune Portal allows you to securely access corporate apps, data, and resources"; description = "Microsoft Intune Portal allows you to securely access corporate apps, data, and resources";

1
pkgs/by-name/mi/microsoft-identity-broker/package.nix
View File

@ -90,6 +90,7 @@ stdenv.mkDerivation rec {
passthru = { passthru = {
updateScript = ./update.sh; updateScript = ./update.sh;
tests = { inherit (nixosTests) intune; };
}; };
meta = with lib; { meta = with lib; {