mtworx: configure kolide-launcher

flake.lock

@@ -125,6 +125,27 @@
         "type": "github"
       }
     },
+    "kolide-launcher": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733156752,
+        "narHash": "sha256-zTQNU0u0eF+B7HeYAIQI3KQj8Jwd6dZ0AG1KsjEOXkA=",
+        "owner": "kolide",
+        "repo": "nix-agent",
+        "rev": "d154b67a88e9cf8a6c10fd589afd51b299f7faca",
+        "type": "github"
+      },
+      "original": {
+        "owner": "kolide",
+        "ref": "main",
+        "repo": "nix-agent",
+        "type": "github"
+      }
+    },
     "nix-index-database": {
       "inputs": {
         "nixpkgs": [
@@ -268,6 +289,7 @@
         "flake-utils": "flake-utils",
         "gitignore": "gitignore",
         "home-manager": "home-manager",
+        "kolide-launcher": "kolide-launcher",
         "nix-index-database": "nix-index-database",
         "nixgl": "nixgl",
         "nixos-hardware": "nixos-hardware",

flake.nix

@@ -47,6 +47,11 @@
       };
     };
 
+    kolide-launcher = {
+      url = "github:/kolide/nix-agent/main";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     nix-index-database.url = "github:Mic92/nix-index-database";
     nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -85,6 +90,7 @@
       nur,
       zig,
       nixgl,
+      kolide-launcher,
       ...
     }@inputs:
     let
@@ -147,6 +153,7 @@
             nixos-hardware.nixosModules.lenovo-thinkpad-x1-11th-gen
             nix-index-database.nixosModules.nix-index
             agenix.nixosModules.default
+            kolide-launcher.nixosModules.kolide-launcher
           ];
 
           specialArgs = {

hosts/mtworx/configuration.nix

@@ -23,6 +23,7 @@ in
 
     syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
     syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
+    kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age;
 
     ssh8022-client = {
       file = ../../secrets/ssh8022.age;
@@ -178,11 +179,18 @@ in
         STOP_CHARGE_THRESH_BAT0 = 87;
       };
     };
+    kolide-launcher.enable = true;
   };
 
   users.extraGroups.vboxusers.members = [ "motiejus" ];
 
-  environment.systemPackages = with pkgs; [ dnsmasq ];
+  environment = {
+    systemPackages = with pkgs; [ dnsmasq ];
+    etc."kolide-k2/secret" = {
+      mode = "600";
+      source = config.age.secrets.kolide-launcher.path;
+    };
+  };
 
   security.tpm2.enable = true;
 

secrets.nix

@@ -35,7 +35,7 @@ in
 
   "secrets/mtworx/syncthing/key.pem.age"
   "secrets/mtworx/syncthing/cert.pem.age"
-  "secrets/mtworx/kolide.age"
+  "secrets/mtworx/kolide-launcher.age"
 ]
 // mk ([ vno1-gdrx ] ++ motiejus) [
   "secrets/vno1-gdrx/syncthing/key.pem.age"