diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..c63c0ad --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1701362232, + "narHash": "sha256-GVdzxL0lhEadqs3hfRLuj+L1OJFGiL/L7gCcelgBlsw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d2332963662edffacfddfad59ff4f709dde80ffe", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..ebb6a16 --- /dev/null +++ b/flake.nix @@ -0,0 +1,51 @@ +{ + description = "Kolide launcher"; + + inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + + outputs = { self, nixpkgs }: { + packages.x86_64-linux.kolide-launcher = + with import nixpkgs { system = "x86_64-linux"; }; + stdenv.mkDerivation { + name = "kolide-launcher"; + version = "1.2.1-11-g8c04686"; + + src = fetchzip { + url = "https://dl.kolide.co/kolide/launcher/linux/amd64/launcher-1.2.1-11-g8c04686.tar.gz"; + sha256 = "sha256-sNw+c6gASo8vesJ+KOrNkvKEF4iKA3tM3li3vRYEoPc="; + name = "launcher"; + }; + + osqSrc = fetchzip { + url = "https://dl.kolide.co/kolide/osqueryd/linux/amd64/osqueryd-5.10.2.tar.gz"; + sha256 = "sha256-z8GNNsAeFptCzPbHs/CFaLrCtuYCXwT5QTJaEAH6ncA="; + name = "osqueryd"; + }; + + nativeBuildInputs = [ + autoPatchelfHook + ]; + + buildInputs = []; + + installPhase = '' + mkdir -p $out/bin + cp launcher $out/bin + cp $osqSrc/osqueryd $out/bin + ''; + + meta = with lib; { + homepage = "https://www.kolide.com"; + description = "Kolide Endpoint Agent"; + platforms = [ "x86_64-linux" ]; + license = licenses.unfree; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + maintainers = with stdenv.lib.maintainers; [ RebeccaMahany ]; + }; + }; + + packages.x86_64-linux.default = self.packages.x86_64-linux.kolide-launcher; + + nixosModules.kolide-launcher = import ./modules/kolide-launcher self; + }; +} diff --git a/modules/kolide-launcher/default.nix b/modules/kolide-launcher/default.nix new file mode 100644 index 0000000..49d1930 --- /dev/null +++ b/modules/kolide-launcher/default.nix @@ -0,0 +1,55 @@ +flake: { config, lib, pkgs, ... }: + +let + inherit (lib) types mkEnableOption mkOption mkIf; + inherit (flake.packages.x86_64-linux) kolide-launcher; + cfg = config.services.kolide-launcher; +in +{ + imports = []; + + options.services.kolide-launcher = { + enable = mkEnableOption '' + Kolide launcher agent. + ''; + }; + + config = mkIf cfg.enable { + systemd.services.kolide-launcher = { + description = "The Kolide Launcher"; + after = [ "network.service" "syslog.service" ]; + wantedBy = [ "multi-user.target" ]; + + path = with pkgs; [ patchelf ]; + + preStart = '' + mkdir -p /var/lib/kolide-k2/k2device-preprod.kolide.com + + if [ ! -d "/etc/kolide-k2" ]; then + mkdir -p /etc/kolide-k2 + echo -n 'secret' > /etc/kolide-k2/secret + + osquerydPath=${flake.packages.x86_64-linux.kolide-launcher}/bin/osqueryd + tee /etc/kolide-k2/launcher.flags <