diff --git a/modules/kolide-launcher/default.nix b/modules/kolide-launcher/default.nix index a1dc515..93da602 100644 --- a/modules/kolide-launcher/default.nix +++ b/modules/kolide-launcher/default.nix @@ -62,6 +62,22 @@ in Initial autoupdater subprocess delay. ''; }; + + insecureTransport = mkOption { + type = types.bool; + default = false; + description = '' + Do not use TLS for transport layer. + ''; + }; + + insecureTLS = mkOption { + type = types.bool; + default = false; + description = '' + Do not verify TLS certs for outgoing connections. + ''; + }; }; config = mkIf cfg.enable { @@ -87,6 +103,8 @@ in --enroll_secret_path ${cfg.enrollSecretDirectory}/secret \ --update_channel ${cfg.updateChannel} \ --transport jsonrpc \ + --insecure ${cfg.insecureTLS} \ + --insecure_transport ${cfg.insecureTransport} \ --autoupdate \ --autoupdate_interval ${cfg.autoupdateInterval} \ --autoupdater_initial_delay ${cfg.autoupdaterInitialDelay} diff --git a/tests/kolide-launcher.nix b/tests/kolide-launcher.nix index 432e445..33b8598 100644 --- a/tests/kolide-launcher.nix +++ b/tests/kolide-launcher.nix @@ -11,36 +11,57 @@ in pkgs.nixosTest { name = "kolide-launcher"; - nodes.machine = { config, pkgs, ... }: { - imports = [ - flake.nixosModules.kolide-launcher - ]; - - users.users.alice = { - isNormalUser = true; - description = "Alice Test"; - password = "alicetest"; - uid = 1000; - }; + nodes = { + machine = { config, pkgs, ... }: { + imports = [ + flake.nixosModules.kolide-launcher + ]; + + users.users.alice = { + isNormalUser = true; + description = "Alice Test"; + password = "alicetest"; + uid = 1000; + }; - services.xserver.enable = true; - services.xserver.displayManager = { - lightdm.enable = true; - autoLogin = { - enable = true; - user = "alice"; + services.xserver.enable = true; + services.xserver.displayManager = { + lightdm.enable = true; + autoLogin = { + enable = true; + user = "alice"; + }; }; - }; - services.xserver.desktopManager.mate.enable = true; - services.xserver.desktopManager.mate.debug = true; + services.xserver.desktopManager.mate.enable = true; + services.xserver.desktopManager.mate.debug = true; + + # This just quiets some log spam we don't care about + hardware.pulseaudio.enable = true; - # This just quiets some log spam we don't care about - hardware.pulseaudio.enable = true; + services.kolide-launcher.enable = true; + services.kolide-launcher.kolideHostname = "app.kolide.test:80"; + services.kolide-launcher.insecureTransport = true; + services.kolide-launcher.insecureTLS = true; - services.kolide-launcher.enable = true; - services.kolide-launcher.kolideHostname = "k2device-preprod.kolide.com"; + system.stateVersion = "23.11"; + }; - system.stateVersion = "23.11"; + k2server = { config, pkgs, ... }: { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services.nginx = { + enable = true; + virtualHosts."app.kolide.test" = { + locations = { + "/" = { + return = ''200 "{}"''; + }; + }; + addSSL = false; + default = true; + }; + }; + }; }; enableOCR = true; @@ -54,6 +75,11 @@ pkgs.nixosTest { in '' if "${ci}": + # Wait for mock k2 server to be online + k2server.start() + k2server.wait_for_unit("nginx.service") + + # Start VM for test launcher installation machine.start() with subtest("log in to MATE"): @@ -90,7 +116,7 @@ pkgs.nixosTest { machine.wait_for_file("/var/kolide-k2/k2device.kolide.com/menu.json") machine.screenshot("test-screen4.png") - with subtest("launcher doctor + flare"): + with subtest("launcher flare"): _, launcher_find_stdout = machine.execute("ls /nix/store | grep kolide-launcher-") machine.execute("/nix/store/" + launcher_find_stdout.strip() + "/bin/launcher flare --save local")