NixOS support for Kolide launcher (#1)

kolide · Dec 28, 2023 · 7f97867 · 7f97867
1 parent d34ac1b
commit 7f97867
Show file tree

Hide file tree

Showing 3 changed files with 133 additions and 0 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,51 @@
+{
+  description = "Kolide launcher";
+
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+
+  outputs = { self, nixpkgs }: {
+    packages.x86_64-linux.kolide-launcher =
+      with import nixpkgs { system = "x86_64-linux"; };
+      stdenv.mkDerivation {
+        name = "kolide-launcher";
+        version = "1.2.1-11-g8c04686";
+
+        src = fetchzip {
+          url = "https://dl.kolide.co/kolide/launcher/linux/amd64/launcher-1.2.1-11-g8c04686.tar.gz";
+          sha256 = "sha256-sNw+c6gASo8vesJ+KOrNkvKEF4iKA3tM3li3vRYEoPc=";
+          name = "launcher";
+        };
+
+        osqSrc = fetchzip {
+          url = "https://dl.kolide.co/kolide/osqueryd/linux/amd64/osqueryd-5.10.2.tar.gz";
+          sha256 = "sha256-z8GNNsAeFptCzPbHs/CFaLrCtuYCXwT5QTJaEAH6ncA=";
+          name = "osqueryd";
+        };
+
+        nativeBuildInputs = [
+          autoPatchelfHook
+        ];
+
+        buildInputs = [];
+
+        installPhase = ''
+          mkdir -p $out/bin
+          cp launcher $out/bin
+          cp $osqSrc/osqueryd $out/bin
+        '';
+
+        meta = with lib; {
+          homepage = "https://www.kolide.com";
+          description = "Kolide Endpoint Agent";
+          platforms = [ "x86_64-linux" ];
+          license = licenses.unfree;
+          sourceProvenance = with sourceTypes; [ binaryNativeCode ];
+          maintainers = with stdenv.lib.maintainers; [ RebeccaMahany ];
+        };
+      };
+
+    packages.x86_64-linux.default = self.packages.x86_64-linux.kolide-launcher;
+
+    nixosModules.kolide-launcher = import ./modules/kolide-launcher self;
+  };
+}
diff --git a/modules/kolide-launcher/default.nix b/modules/kolide-launcher/default.nix
@@ -0,0 +1,55 @@
+flake: { config, lib, pkgs, ... }:
+
+let
+  inherit (lib) types mkEnableOption mkOption mkIf;
+  inherit (flake.packages.x86_64-linux) kolide-launcher;
+  cfg = config.services.kolide-launcher;
+in
+{
+  imports = [];
+
+  options.services.kolide-launcher = {
+    enable = mkEnableOption ''
+      Kolide launcher agent.
+    '';
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.kolide-launcher = {
+      description = "The Kolide Launcher";
+      after = [ "network.service" "syslog.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      path = with pkgs; [ patchelf ];
+
+      preStart = ''
+      mkdir -p /var/lib/kolide-k2/k2device-preprod.kolide.com
+
+      if [ ! -d "/etc/kolide-k2" ]; then
+        mkdir -p /etc/kolide-k2
+        echo -n 'secret' > /etc/kolide-k2/secret
+
+        osquerydPath=${flake.packages.x86_64-linux.kolide-launcher}/bin/osqueryd
+        tee /etc/kolide-k2/launcher.flags <<EOF
+with_initial_runner
+autoupdate
+transport jsonrpc
+hostname k2device-preprod.kolide.com
+root_directory /var/lib/kolide-k2/k2device-preprod.kolide.com
+osqueryd_path $osquerydPath
+enroll_secret_path /etc/kolide-k2/secret
+update_channel nightly
+debug
+EOF
+      fi
+'';
+
+      serviceConfig = {
+        Environment = "PATH=/run/wrappers/bin:/bin:/sbin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin";
+        ExecStart = "${flake.packages.x86_64-linux.kolide-launcher}/bin/launcher -config /etc/kolide-k2/launcher.flags";
+        Restart = "on-failure";
+        RestartSec = 3;
+      };
+    };
+  };
+}