diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix index 651fb64..aebc790 100644 --- a/hosts/mtworx/configuration.nix +++ b/hosts/mtworx/configuration.nix @@ -24,6 +24,7 @@ in syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age; syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age; kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age; + s1-site-token.file = ../../secrets/mtworx/s1-site-token.age; ssh8022-client = { file = ../../secrets/ssh8022.age; @@ -90,6 +91,12 @@ in }; services = { + sentinelone = { + enable = true; + customerId = "motiejus.jakstys@chronosphere.io-mtworx"; + sentinelOneManagementTokenPath = config.age.secrets.s1-site-token.path; + }; + ssh8022.client = { enable = true; keyfile = config.age.secrets.ssh8022-client.path; diff --git a/modules/services/sentinelone/default.nix b/modules/services/sentinelone/default.nix index 74fbbaa..c79bdce 100644 --- a/modules/services/sentinelone/default.nix +++ b/modules/services/sentinelone/default.nix @@ -6,7 +6,7 @@ }: with lib; let - cfg = config.services.sentinelone; + cfg = config.mj.services.sentinelone; initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" '' #!/bin/bash @@ -45,28 +45,24 @@ let ''; in { - options = { - services = { - sentinelone = { - enable = mkEnableOption "SentinelOne Service"; - package = mkPackageOption pkgs "sentinelone" { }; + options.mj.services.sentinelone = { + enable = mkEnableOption "SentinelOne Service"; + package = mkPackageOption pkgs "sentinelone" { }; - customerId = mkOption { - type = types.nullOr types.str; - description = '' - Set a customer specific identifier for the host. - ''; - example = "me@gmail.com-FTXYZWW"; - }; - sentinelOneManagementTokenPath = mkOption { - type = types.path; - example = "/run/secrets/s1_mgmt_token"; - }; - dataDir = mkOption { - type = types.path; - default = "/var/lib/sentinelone"; - }; - }; + customerId = mkOption { + type = types.nullOr types.str; + description = '' + Set a customer specific identifier for the host. + ''; + example = "me@gmail.com-FTXYZWW"; + }; + sentinelOneManagementTokenPath = mkOption { + type = types.path; + example = "/run/secrets/s1_mgmt_token"; + }; + dataDir = mkOption { + type = types.path; + default = "/var/lib/sentinelone"; }; }; diff --git a/secrets.nix b/secrets.nix index b2a88a0..ba1dc29 100644 --- a/secrets.nix +++ b/secrets.nix @@ -41,6 +41,7 @@ in "secrets/mtworx/syncthing/key.pem.age" "secrets/mtworx/syncthing/cert.pem.age" "secrets/mtworx/kolide-launcher.age" + "secrets/mtworx/s1-site-token.age" ] // mk ([ vno3-nk ] ++ motiejus) [ "secrets/vno3-nk/syncthing/key.pem.age" diff --git a/secrets/mtworx/s1-site-token.age b/secrets/mtworx/s1-site-token.age new file mode 100644 index 0000000..01b478d --- /dev/null +++ b/secrets/mtworx/s1-site-token.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 rwwqgg 0kxvVsmFl2fLzcKnU28MXgUf1OhUhKwRjKryXJzUyFo +2sZjWR5GJmK8OnbmDQt4WLBoi5YnBu7opfWuqdrCvsA +-> X25519 lJVz6Ex2LW6ymuZorlkt6fydeBMhrEBXz+0O2Kw0pFA +o2EkFqfefPzvV4mS4Bp0Z8opdHxMS/13bzOMi0tUp18 +-> X25519 0iGpIwBiYLoXfSZ4dKuiqUiYSsh75kqtn1eA9OUcdB8 +wNentLz83W7bJVzilSciSQhF7vGgMRKjnZmUm1NIKzM +-> piv-p256 +y2G/w A+Blohgie4b5mlGE4M2KEtaGZ+36o2zawvdlZ0F1jIbi +Ssp+gGbxK0ExBmhVQgx4IASORbxMUU4jy3vom926i8U +-> piv-p256 jNqd3A AmlODBsPSpOZgUWyDq2nn9bdvQxacb2ni+waur4rM+8p +6l4oWA+b/U4hY8FmcuH85qTMjjMvYq80XFUbmHL8+Wc +--- f0WWd+LJ9Ny7xIkEoqSLO8JciDJGdfPkf6vhEMiPR3E +Œ²8CØf,oìÑ~K—1Œ|Ütý¢†±å‡8ì–õ„ È} N‰lªqÓäe3QÄs”¤Õ¿ÄÄNsÆømQœp“mÃ'6Fd;<ù†Œå@¬°Óûu‚S|%áºà‰ÅêZƧɱßGÚî7ˆ#æLÓ)[º¬a Ÿùpáä  I‡A ®€¶pkÀ„¸žm:ò†Ó<ÍSÌj×nCê©ËXAªÃ,wN§ ²zNÔÔ ÀºH—2–ù“Å&’ €Š¤“[ \ No newline at end of file