From 5d71617eda151d92a417ae71010068be4c6af1e0 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Wed, 7 Apr 2021 10:33:38 -0400
Subject: feat(gs/yeren): Add Kolide

Add kolide, the endpoint monitoring system / MDM we're using at work, to
the system derivation for my work computer.

I hate MDMs almost universally, and this one is no different, but SOC2
waits for no one.

Change-Id: I99bcb5341182a81512699d50b279efd9e1b2194b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2903
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
---
 .../system/system/modules/work/kolide.deb          | Bin 0 -> 25094998 bytes
 .../system/system/modules/work/kolide.nix          |  49 +++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 users/glittershark/system/system/modules/work/kolide.deb
 create mode 100644 users/glittershark/system/system/modules/work/kolide.nix

(limited to 'users/glittershark/system/system/modules')

diff --git a/users/glittershark/system/system/modules/work/kolide.deb b/users/glittershark/system/system/modules/work/kolide.deb
new file mode 100644
index 0000000000..a319a5806f
Binary files /dev/null and b/users/glittershark/system/system/modules/work/kolide.deb differ
diff --git a/users/glittershark/system/system/modules/work/kolide.nix b/users/glittershark/system/system/modules/work/kolide.nix
new file mode 100644
index 0000000000..29ee0a0d7c
--- /dev/null
+++ b/users/glittershark/system/system/modules/work/kolide.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+
+let
+  deb = ./kolide.deb;
+
+  kolide = pkgs.runCommand "kolide-data" {
+    buildInputs = [ pkgs.binutils-unwrapped ];
+  } ''
+    cp ${deb} ./kolide.deb
+    ar x kolide.deb
+    mkdir result
+    tar xzf data.tar.gz -C result
+    patchelf \
+      --set-interpreter ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 \
+      --set-rpath "${lib.makeLibraryPath (with pkgs; [
+        zlib
+      ])}" \
+      result/usr/local/kolide-k2/bin/osqueryd
+    mv result $out
+  '';
+
+in {
+  systemd.services."launcher.kolide-k2" = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" "syslog.service" ];
+    description = "The Kolide Launcher";
+    serviceConfig = {
+      ExecStart = ''
+        ${kolide}/usr/local/kolide-k2/bin/launcher \
+          -config \
+          ${pkgs.writeText "launcher.flags" ''
+            with_initial_runner
+            control
+            autoupdate
+            root_directory /var/lib/kolide
+            osqueryd_path ${kolide}/usr/local/kolide-k2/bin/osqueryd
+            enroll_secret_path ${kolide}/etc/kolide-k2/secret
+            control_hostname k2control.kolide.com
+            update_channel stable
+            transport jsonrpc
+            hostname k2device.kolide.com
+          ''}
+      '';
+      StateDirectory = "kolide";
+      Restart = "on-failure";
+      RestartSec = 3;
+    };
+  };
+}
-- 
cgit 1.4.1