Add support for Plasma6

.github/workflows/integration.yml

@@ -20,6 +20,7 @@ jobs:
             pwd-manager,
             firewall,
             screenlock,
+            screenlock-plasma5,
             secureboot,
             luks,
             zfs,

checks/linux/password_unlock.go

@@ -93,10 +93,14 @@ func (f *PasswordToUnlock) Run() error {
 	}
 
 	// Check if running KDE
-	if _, err := lookPath("kreadconfig5"); err == nil {
+	if _, err := lookPath("kreadconfig6"); err == nil {
+		// Plasma 6 detected
+		f.passed = f.checkKDE5() // Same config format, just different tools
+	} else if _, err := lookPath("kreadconfig5"); err == nil {
+		// Plasma 5 detected
 		f.passed = f.checkKDE5()
 	} else {
-		log.Debug("KDE environment(5) not detected for screensaver lock check")
+		log.Debug("KDE environment not detected for screensaver lock check")
 	}
 
 	// Check if running Sway

flake.nix

@@ -1,20 +1,25 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs-2411.url = "github:NixOS/nixpkgs/nixos-24.11";
   };
 
   outputs =
     inputs@{
       flake-parts,
       nixpkgs,
+      nixpkgs-2411,
       ...
     }:
     flake-parts.lib.mkFlake { inherit inputs; } {
       systems = nixpkgs.lib.systems.flakeExposed;
 
       perSystem =
-        { pkgs, ... }:
+        { pkgs, system, ... }:
         let
+          # Create pkgs from nixpkgs-24.11 for Plasma 5 testing
+          pkgs2411 = import nixpkgs-2411 { inherit system; };
+
           # Extend pkgs with our paretosecurity overlay
           pkgsOverlayed = pkgs.extend (
             final: prev: {
@@ -33,17 +38,32 @@
           packages.default = pkgsOverlayed.paretosecurity;
 
           checks = {
+            autologin = pkgsOverlayed.testers.runNixOSTest ./test/integration/autologin.nix;
             cli = pkgsOverlayed.testers.runNixOSTest ./test/integration/cli.nix;
             firewall = pkgsOverlayed.testers.runNixOSTest ./test/integration/firewall.nix;
             help = pkgsOverlayed.testers.runNixOSTest ./test/integration/help.nix;
             luks = pkgsOverlayed.testers.runNixOSTest ./test/integration/luks.nix;
-            zfs = pkgsOverlayed.testers.runNixOSTest ./test/integration/zfs.nix;
             pwd-manager = pkgsOverlayed.testers.runNixOSTest ./test/integration/pwd-manager.nix;
-            screenlock = pkgsOverlayed.testers.runNixOSTest ./test/integration/screenlock.nix;
             secureboot = pkgsOverlayed.testers.runNixOSTest ./test/integration/secureboot.nix;
             trayicon = pkgsOverlayed.testers.runNixOSTest ./test/integration/trayicon.nix;
             xfce = pkgsOverlayed.testers.runNixOSTest ./test/integration/desktop/xfce.nix;
-            autologin = pkgsOverlayed.testers.runNixOSTest ./test/integration/autologin.nix;
+            zfs = pkgsOverlayed.testers.runNixOSTest ./test/integration/zfs.nix;
+
+            screenlock = pkgsOverlayed.testers.runNixOSTest ./test/integration/screenlock.nix;
+            screenlock-plasma5 =
+              let
+                # Extend pkgs2411 with our paretosecurity overlay
+                pkgs2411Overlayed = pkgs2411.extend (
+                  _: _: {
+                    inherit (pkgsOverlayed) paretosecurity;
+                  }
+                );
+              in
+              pkgs2411Overlayed.testers.runNixOSTest (
+                import ./test/integration/screenlock-plasma5.nix {
+                  inherit pkgsOverlayed;
+                }
+              );
           };
         };
     };

test/integration/autologin.nix

@@ -118,9 +118,9 @@ in
         ];
         services.paretosecurity.enable = true;
         services.xserver.enable = true;
-        services.xserver.desktopManager.plasma5.enable = true;
+        services.desktopManager.plasma6.enable = true;
         services.displayManager.sddm.enable = true;
-        services.displayManager.defaultSession = "plasma";
+        services.displayManager.defaultSession = "plasmax11";
         services.displayManager.autoLogin = {
           enable = true;
           user = "testuser";

test/integration/cli.nix

@@ -36,7 +36,7 @@ in
         "  • Access Security: SSH keys have password protection > [DISABLED] No private keys found in ~/.ssh directory\n"
         "  • Access Security: SSH keys have sufficient algorithm strength > [DISABLED] No private keys found in the ~/.ssh directory\n"
         "  • System Integrity: SecureBoot is enabled > [FAIL] System is not running in UEFI mode\n"
-        "  • Application Updates: Apps are up to date > [OK] All packages are up to date\n"
+        "  • [root] Application Updates: Apps are up to date > [OK] All packages are up to date\n"
         "  • Firewall & Sharing: Sharing printers is off > [OK] Sharing printers is off\n"
         "  • [root] System Integrity: Filesystem encryption is enabled > [FAIL] Block device encryption is disabled\n"
         "  • Firewall & Sharing: Remote login is disabled > [OK] No remote access services found running\n"

test/integration/screenlock-plasma5.nix

@@ -0,0 +1,35 @@
+# Test for KDE Plasma 5 using nixpkgs-24.11
+# This is separate because Plasma 5 was removed from newer nixpkgs
+{ pkgsOverlayed }:
+{
+  name = "Screen Lock - Plasma 5";
+  interactive.sshBackdoor.enable = true;
+
+  nodes = {
+    kde5 =
+      { ... }:
+      {
+        services.paretosecurity.enable = true;
+        services.paretosecurity.package = pkgsOverlayed.paretosecurity;
+
+        # Install KDE Plasma 5 Desktop Environment
+        services.xserver.enable = true;
+        services.xserver.desktopManager.plasma5.enable = true;
+        services.displayManager.sddm.enable = true;
+        services.colord.enable = false;
+      };
+  };
+
+  testScript = ''
+    # Test KDE Plasma 5
+    # Test 1: Check passes with lock enabled
+    kde5.succeed("kwriteconfig5 --file kscreenlockerrc --group Daemon --key LockOnResume true")
+    out = kde5.succeed("paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8")
+    assert "[OK] Password after sleep or screensaver is on" in out, f"Expected check to pass, got \n{out}"
+
+    # Test 2: Check fails when lock is disabled
+    kde5.succeed("kwriteconfig5 --file kscreenlockerrc --group Daemon --key LockOnResume false")
+    status, out = kde5.execute("paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8")
+    assert "[FAIL] Password after sleep or screensaver is off" in out, f"Expected check to fail, got \n{out}"
+  '';
+}

test/integration/screenlock.nix

@@ -8,19 +8,36 @@
       {
         services.paretosecurity.enable = true;
         # Install GNOME Desktop Environment
-        services.xserver.desktopManager.gnome.enable = true;
-        services.xserver.displayManager.gdm.enable = true;
+        services.desktopManager.gnome.enable = true;
+        services.displayManager.gdm.enable = true;
       };
 
     kde =
-      { ... }:
+      { pkgs, ... }:
       {
         services.paretosecurity.enable = true;
-        # Install KDE Plasma 5 Desktop Environment
+        # Install KDE Plasma 6 Desktop Environment
         services.xserver.enable = true;
-        services.xserver.desktopManager.plasma5.enable = true;
-        services.xserver.displayManager.sddm.enable = true;
+        services.desktopManager.plasma6.enable = true;
+        services.displayManager.sddm.enable = true;
+        services.displayManager.autoLogin.enable = true;
+        services.displayManager.autoLogin.user = "alice";
         services.colord.enable = false;
+
+        # Increase memory for Plasma 6
+        virtualisation.memorySize = 2048;
+
+        # Create alice user
+        users.users.alice = {
+          isNormalUser = true;
+          extraGroups = [ "wheel" ];
+          password = "alice";
+        };
+
+        # Add kconfig package which includes kwriteconfig6 and kreadconfig6
+        environment.systemPackages = with pkgs; [
+          kdePackages.kconfig
+        ];
       };
 
     sway =
@@ -171,15 +188,23 @@
     status, out = gnome.execute("paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8")
     assert "[FAIL] Password after sleep or screensaver is off" in out, f"Expected check to fail, got \n{out}"
 
-    # Test KDE
-    # Test 1: Check passes with lock enabled
-    kde.succeed("kwriteconfig5 --file kscreenlockerrc --group Daemon --key LockOnResume true")
-    out = kde.succeed("paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8")
+    # Test KDE Plasma 6
+    # Wait for KDE to start and alice to be logged in
+    kde.wait_for_unit("graphical.target")
+
+    # First ensure lock is enabled (Plasma 6 might have different defaults)
+    # Run as alice user
+    kde.succeed("su - alice -c 'kwriteconfig6 --file kscreenlockerrc --group Daemon --key LockOnResume true'")
+    kde.succeed("su - alice -c 'kwriteconfig6 --file kscreenlockerrc --group Daemon --key Autolock true'")
+
+    # Test 1: Check passes with lock enabled (run as alice)
+    out = kde.succeed("su - alice -c 'paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8'")
     assert "[OK] Password after sleep or screensaver is on" in out, f"Expected check to pass, got \n{out}"
 
     # Test 2: Check fails when lock is disabled
-    kde.succeed("kwriteconfig5 --file kscreenlockerrc --group Daemon --key LockOnResume false")
-    status, out = kde.execute("paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8")
+    kde.succeed("su - alice -c 'kwriteconfig6 --file kscreenlockerrc --group Daemon --key LockOnResume false'")
+    kde.succeed("su - alice -c 'kwriteconfig6 --file kscreenlockerrc --group Daemon --key Autolock false'")
+    status, out = kde.execute("su - alice -c 'paretosecurity check --only 37dee029-605b-4aab-96b9-5438e5aa44d8'")
     assert "[FAIL] Password after sleep or screensaver is off" in out, f"Expected check to fail, got \n{out}"
 
     # Test Sway

test/integration/trayicon.nix

@@ -17,8 +17,8 @@ in
         services.paretosecurity.enable = true;
 
         services.xserver.enable = true;
-        services.xserver.displayManager.gdm.enable = true;
-        services.xserver.desktopManager.gnome.enable = true;
+        services.displayManager.gdm.enable = true;
+        services.desktopManager.gnome.enable = true;
         services.displayManager.defaultSession = "gnome";
 
         # Add AppIndicator extension for system tray support