feat(gs/yeren): Add Kolide r/2455

Add kolide, the endpoint monitoring system / MDM we're using at work, to
the system derivation for my work computer.

I hate MDMs almost universally, and this one is no different, but SOC2
waits for no one.

Change-Id: I99bcb5341182a81512699d50b279efd9e1b2194b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2903
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>

3 files changed, 50 insertions, 0 deletions

diff --git a/users/glittershark/system/system/machines/yeren.nix b/users/glittershark/system/system/machines/yeren.nix
index a8f7df5dc512..444ea91e84b7 100644
--- a/users/glittershark/system/system/machines/yeren.nix
+++ b/users/glittershark/system/system/machines/yeren.nix
@@ -10,6 +10,7 @@
     ../modules/sound.nix
     ../modules/tvl.nix
     ../modules/development.nix
+    ../modules/work/kolide.nix
   ];
 
   networking.hostName = "yeren";
diff --git a/users/glittershark/system/system/modules/work/kolide.deb b/users/glittershark/system/system/modules/work/kolide.deb
new file mode 100644
index 000000000000..a319a5806fca
--- /dev/null
+++ b/users/glittershark/system/system/modules/work/kolide.deb
Binary files differdiff --git a/users/glittershark/system/system/modules/work/kolide.nix b/users/glittershark/system/system/modules/work/kolide.nix
new file mode 100644
index 000000000000..29ee0a0d7ce4
--- /dev/null
+++ b/users/glittershark/system/system/modules/work/kolide.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+let
+  deb = ./kolide.deb;
+
+  kolide = pkgs.runCommand "kolide-data" {
+    buildInputs = [ pkgs.binutils-unwrapped ];
+  } ''
+    cp ${deb} ./kolide.deb
+    ar x kolide.deb
+    mkdir result
+    tar xzf data.tar.gz -C result
+    patchelf \
+      --set-interpreter ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 \
+      --set-rpath "${lib.makeLibraryPath (with pkgs; [
+        zlib
+      ])}" \
+      result/usr/local/kolide-k2/bin/osqueryd
+    mv result $out
+  '';
+
+in {
+  systemd.services."launcher.kolide-k2" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" "syslog.service" ];
+    description = "The Kolide Launcher";
+    serviceConfig = {
+      ExecStart = ''
+        ${kolide}/usr/local/kolide-k2/bin/launcher \
+          -config \
+          ${pkgs.writeText "launcher.flags" ''
+            with_initial_runner
+            control
+            autoupdate
+            root_directory /var/lib/kolide
+            osqueryd_path ${kolide}/usr/local/kolide-k2/bin/osqueryd
+            enroll_secret_path ${kolide}/etc/kolide-k2/secret
+            control_hostname k2control.kolide.com
+            update_channel stable
+            transport jsonrpc
+            hostname k2device.kolide.com
+          ''}
+      '';
+      StateDirectory = "kolide";
+      Restart = "on-failure";
+      RestartSec = 3;
+    };
+  };
+}