nixos/intune: init
This commit is contained in:
parent
3f81c313c6
commit
295a32a6b1
@ -1201,6 +1201,7 @@
|
||||
./services/security/hologram-agent.nix
|
||||
./services/security/hologram-server.nix
|
||||
./services/security/infnoise.nix
|
||||
./services/security/intune.nix
|
||||
./services/security/jitterentropy-rngd.nix
|
||||
./services/security/kanidm.nix
|
||||
./services/security/munge.nix
|
||||
|
32
nixos/modules/services/security/intune.nix
Normal file
32
nixos/modules/services/security/intune.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.intune;
|
||||
in
|
||||
{
|
||||
options.services.intune = {
|
||||
enable = lib.mkEnableOption (lib.mdDoc "Microsoft Intune");
|
||||
};
|
||||
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.microsoft-identity-broker = {
|
||||
group = "microsoft-identity-broker";
|
||||
isSystemUser = true;
|
||||
};
|
||||
|
||||
users.groups.microsoft-identity-broker = { };
|
||||
environment.systemPackages = [ pkgs.microsoft-identity-broker pkgs.intune-portal ];
|
||||
systemd.packages = [ pkgs.microsoft-identity-broker pkgs.intune-portal ];
|
||||
|
||||
systemd.tmpfiles.packages = [ pkgs.intune-portal ];
|
||||
services.dbus.packages = [ pkgs.microsoft-identity-broker ];
|
||||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ rhysmdnz ];
|
||||
};
|
||||
}
|
@ -425,6 +425,7 @@ in {
|
||||
inspircd = handleTest ./inspircd.nix {};
|
||||
installer = handleTest ./installer.nix {};
|
||||
installer-systemd-stage-1 = handleTest ./installer-systemd-stage-1.nix {};
|
||||
intune = handleTest ./intune.nix {};
|
||||
invoiceplane = handleTest ./invoiceplane.nix {};
|
||||
iodine = handleTest ./iodine.nix {};
|
||||
ipv6 = handleTest ./ipv6.nix {};
|
||||
|
56
nixos/tests/intune.nix
Normal file
56
nixos/tests/intune.nix
Normal file
@ -0,0 +1,56 @@
|
||||
import ./make-test-python.nix ({ pkgs, ...} : {
|
||||
name = "intune";
|
||||
meta = {
|
||||
maintainers = with pkgs.lib.maintainers; [ rhysmdnz ];
|
||||
};
|
||||
enableOCR = true;
|
||||
|
||||
nodes.machine =
|
||||
{ nodes, ... }:
|
||||
let user = nodes.machine.users.users.alice;
|
||||
in {
|
||||
services.intune.enable=true;
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
imports = [ ./common/user-account.nix ./common/x11.nix ];
|
||||
test-support.displayManager.auto.user = user.name;
|
||||
environment = {
|
||||
variables.DBUS_SESSION_BUS_ADDRESS = "unix:path=/run/user/${builtins.toString user.uid}/bus";
|
||||
};
|
||||
};
|
||||
nodes.pam =
|
||||
{ nodes, ... }:
|
||||
let user = nodes.machine.users.users.alice;
|
||||
in {
|
||||
services.intune.enable=true;
|
||||
imports = [ ./common/user-account.nix ];
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
start_all()
|
||||
|
||||
# Check System Daemons successfully start
|
||||
machine.succeed("systemctl start microsoft-identity-device-broker.service")
|
||||
machine.succeed("systemctl start intune-daemon.service")
|
||||
|
||||
# Check User Daemons and intune-portal execurtable works
|
||||
# Going any further than starting it would require internet access and a microsoft account
|
||||
machine.wait_for_x()
|
||||
# TODO: This needs an unlocked user keychain before it will work
|
||||
#machine.succeed("su - alice -c 'systemctl start --user microsoft-identity-broker.service'")
|
||||
machine.succeed("su - alice -c 'systemctl start --user intune-agent.service'")
|
||||
machine.succeed("su - alice -c intune-portal >&2 &")
|
||||
machine.wait_for_text("Intune Agent")
|
||||
|
||||
# Check logging in creates password file
|
||||
def login_as_alice():
|
||||
pam.wait_until_tty_matches("1", "login: ")
|
||||
pam.send_chars("alice\n")
|
||||
pam.wait_until_tty_matches("1", "Password: ")
|
||||
pam.send_chars("foobar\n")
|
||||
pam.wait_until_tty_matches("1", "alice\@pam")
|
||||
|
||||
pam.wait_for_unit("multi-user.target")
|
||||
login_as_alice()
|
||||
pam.wait_for_file("/run/intune/1000/pwquality")
|
||||
'';
|
||||
})
|
@ -19,6 +19,7 @@
|
||||
, msalsdk-dbusclient
|
||||
, pam
|
||||
, dbus
|
||||
, nixosTests
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "intune-portal";
|
||||
@ -97,7 +98,10 @@ stdenv.mkDerivation rec {
|
||||
# Without this network requests fail
|
||||
dontPatchELF = true;
|
||||
|
||||
passthru.updateScript = ./update.sh;
|
||||
passthru = {
|
||||
updateScript = ./update.sh;
|
||||
tests = { inherit (nixosTests) intune; };
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Microsoft Intune Portal allows you to securely access corporate apps, data, and resources";
|
||||
|
@ -90,6 +90,7 @@ stdenv.mkDerivation rec {
|
||||
|
||||
passthru = {
|
||||
updateScript = ./update.sh;
|
||||
tests = { inherit (nixosTests) intune; };
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
|
Loading…
Reference in New Issue
Block a user