diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 977ca2518ec..b835907c82f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -61,6 +61,7 @@ ./security/pam.nix ./security/pam_usb.nix ./security/polkit.nix + ./security/prey.nix ./security/rngd.nix ./security/rtkit.nix ./security/setuid-wrappers.nix diff --git a/nixos/modules/security/prey.nix b/nixos/modules/security/prey.nix new file mode 100644 index 00000000000..75b95d5fbb0 --- /dev/null +++ b/nixos/modules/security/prey.nix @@ -0,0 +1,42 @@ +{config, pkgs, ...}: + +with pkgs.lib; + +let + cfg = config.services.prey; + myPrey = pkgs."prey-bash-client".override { + apiKey = cfg.apiKey; + deviceKey = cfg.deviceKey; + }; +in { + options = { + + services.prey = { + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enables http://preyproject.com/ bash client. Be sure to specify api and device keys. + Once setup, cronjob will run evert 15 minutes and report status. + ''; + }; + + deviceKey = mkOption { + type = types.string; + description = "Device Key obtained from https://panel.preyproject.com/devices (and clicking on the device)"; + }; + + apiKey = mkOption { + type = types.string; + description = "API key obtained from https://panel.preyproject.com/profile"; + }; + }; + + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ myPrey ]; + services.cron.systemCronJobs = [ "*/15 * * * * root ${myPrey}/prey.sh" ]; + }; + +} diff --git a/pkgs/tools/security/prey/default.nix b/pkgs/tools/security/prey/default.nix new file mode 100644 index 00000000000..37416b4da1a --- /dev/null +++ b/pkgs/tools/security/prey/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils, makeWrapper, coreutils +, apiKey ? null +, deviceKey ? null }: + +# TODO: this should assert keys are set, somehow if set through .override assertion fails +#assert apiKey != null; +#assert deviceKey != null; + +let + modulesSrc = fetchgit { + url = "git://github.com/prey/prey-bash-client-modules.git"; + rev = "aba260ef110834cb2e92923a31f50c15970639ee"; + }; +in stdenv.mkDerivation rec { + name = "prey-bash-client-${version}"; + version = "0.6.0"; + + src = fetchurl { + url = "https://github.com/prey/prey-bash-client/archive/v${version}.tar.gz"; + sha256 = "09cb15jh4jdwvix9nx048ajkw2r5jaflk68y3rkha541n8n0qwh0"; + }; + + buildInputs = [ curl scrot imagemagick xawtv makeWrapper ]; + + phases = "unpackPhase installPhase"; + + installPhase = '' + substituteInPlace config --replace api_key=\'\' "api_key='${apiKey}'" + substituteInPlace config --replace device_key=\'\' "device_key='${deviceKey}'" + + substituteInPlace prey.sh --replace /bin/bash $(type -Pp bash) + mkdir -p $out/modules + cp -R . $out + cp -R ${modulesSrc}/* $out/modules/ + wrapProgram "$out/prey.sh" \ + --prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \ + --set CURL_CA_BUNDLE "/etc/ssl/certs/ca-bundle.crt" + ''; + + meta = with stdenv.lib; { + homepage = http://preyproject.com; + description = "Proven tracking software that helps you find, lock and recover your devices when stolen or missing"; + maintainers = with maintainers; [ iElectric ]; + license = licenses.gpl3; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index df0f1a38aa4..bdef89202b7 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1597,6 +1597,8 @@ let pptp = callPackage ../tools/networking/pptp {}; + "prey-bash-client" = callPackage ../tools/security/prey { }; + proxychains = callPackage ../tools/networking/proxychains { }; proxytunnel = callPackage ../tools/misc/proxytunnel { };