mtworx: enable s1

hosts/mtworx/configuration.nix

@@ -24,6 +24,7 @@ in
     syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
     syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
     kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age;
+    s1-site-token.file = ../../secrets/mtworx/s1-site-token.age;
 
     ssh8022-client = {
       file = ../../secrets/ssh8022.age;
@@ -90,6 +91,12 @@ in
     };
 
     services = {
+      sentinelone = {
+        enable = true;
+        customerId = "motiejus.jakstys@chronosphere.io-mtworx";
+        sentinelOneManagementTokenPath = config.age.secrets.s1-site-token.path;
+      };
+
       ssh8022.client = {
         enable = true;
         keyfile = config.age.secrets.ssh8022-client.path;

modules/services/sentinelone/default.nix

@@ -6,7 +6,7 @@
 }:
 with lib;
 let
-  cfg = config.services.sentinelone;
+  cfg = config.mj.services.sentinelone;
   initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" ''
     #!/bin/bash
 
@@ -45,28 +45,24 @@ let
   '';
 in
 {
-  options = {
-    services = {
-      sentinelone = {
-        enable = mkEnableOption "SentinelOne Service";
-        package = mkPackageOption pkgs "sentinelone" { };
+  options.mj.services.sentinelone = {
+    enable = mkEnableOption "SentinelOne Service";
+    package = mkPackageOption pkgs "sentinelone" { };
 
-        customerId = mkOption {
-          type = types.nullOr types.str;
-          description = ''
-            Set a customer specific identifier for the host.
-          '';
-          example = "me@gmail.com-FTXYZWW";
-        };
-        sentinelOneManagementTokenPath = mkOption {
-          type = types.path;
-          example = "/run/secrets/s1_mgmt_token";
-        };
-        dataDir = mkOption {
-          type = types.path;
-          default = "/var/lib/sentinelone";
-        };
-      };
+    customerId = mkOption {
+      type = types.nullOr types.str;
+      description = ''
+        Set a customer specific identifier for the host.
+      '';
+      example = "me@gmail.com-FTXYZWW";
+    };
+    sentinelOneManagementTokenPath = mkOption {
+      type = types.path;
+      example = "/run/secrets/s1_mgmt_token";
+    };
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/sentinelone";
     };
   };
 

secrets.nix

@@ -41,6 +41,7 @@ in
   "secrets/mtworx/syncthing/key.pem.age"
   "secrets/mtworx/syncthing/cert.pem.age"
   "secrets/mtworx/kolide-launcher.age"
+  "secrets/mtworx/s1-site-token.age"
 ]
 // mk ([ vno3-nk ] ++ motiejus) [
   "secrets/vno3-nk/syncthing/key.pem.age"

secrets/mtworx/s1-site-token.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 rwwqgg 0kxvVsmFl2fLzcKnU28MXgUf1OhUhKwRjKryXJzUyFo
+2sZjWR5GJmK8OnbmDQt4WLBoi5YnBu7opfWuqdrCvsA
+-> X25519 lJVz6Ex2LW6ymuZorlkt6fydeBMhrEBXz+0O2Kw0pFA
+o2EkFqfefPzvV4mS4Bp0Z8opdHxMS/13bzOMi0tUp18
+-> X25519 0iGpIwBiYLoXfSZ4dKuiqUiYSsh75kqtn1eA9OUcdB8
+wNentLz83W7bJVzilSciSQhF7vGgMRKjnZmUm1NIKzM
+-> piv-p256 +y2G/w A+Blohgie4b5mlGE4M2KEtaGZ+36o2zawvdlZ0F1jIbi
+Ssp+gGbxK0ExBmhVQgx4IASORbxMUU4jy3vom926i8U
+-> piv-p256 jNqd3A AmlODBsPSpOZgUWyDq2nn9bdvQxacb2ni+waur4rM+8p
+6l4oWA+b/U4hY8FmcuH85qTMjjMvYq80XFUbmHL8+Wc
+--- f0WWd+LJ9Ny7xIkEoqSLO8JciDJGdfPkf6vhEMiPR3E
+<EFBFBD><EFBFBD>8C<EFBFBD>f,o<><16>~K<>1<EFBFBD>|<7C>t<EFBFBD><74><EFBFBD><06><05><>8<EFBFBD><38><EFBFBD><EFBFBD>	<09>}N<>l<EFBFBD>q<EFBFBD><15>e3Q<33>s<EFBFBD><73>տ<EFBFBD><D5BF>Ns<4E><73>mQ<6D>p<EFBFBD>m<EFBFBD>'6Fd;<<3C><><EFBFBD><EFBFBD>@<40><19><><EFBFBD>u<EFBFBD>S|%<1F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ZƧɱߐG<DF90><47>7<>#<23>L<EFBFBD>)[<5B><>a<0B><>p<EFBFBD><70><EFBFBD><1C>	I<><49>A<14><><EFBFBD><EFBFBD>pk<><6B><EFBFBD><EFBFBD>m:<3A><><EFBFBD><<3C>S<EFBFBD><53>j<>nC<6E><43><EFBFBD>XA<><0F><>,wN<77> <20>zN<7A><4E>