motiejus/config
1
Fork 0
Code Packages Releases Activity

mtworx: enable s1

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-11-17 09:38:48 +00:00
parent 56a10fcffa
commit 8969829d19
4 changed files with 39 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/mtworx/configuration.nix
View File

@@ -24,6 +24,7 @@ in
syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age; syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age; syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age; kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age;
s1-site-token.file = ../../secrets/mtworx/s1-site-token.age;
ssh8022-client = { ssh8022-client = {
file = ../../secrets/ssh8022.age; file = ../../secrets/ssh8022.age;
@@ -90,6 +91,12 @@ in
}; };
services = { services = {
sentinelone = {
enable = true;
customerId = "motiejus.jakstys@chronosphere.io-mtworx";
sentinelOneManagementTokenPath = config.age.secrets.s1-site-token.path;
};
ssh8022.client = { ssh8022.client = {
enable = true; enable = true;
keyfile = config.age.secrets.ssh8022-client.path; keyfile = config.age.secrets.ssh8022-client.path;

8
modules/services/sentinelone/default.nix
View File

@@ -6,7 +6,7 @@
}: }:
with lib; with lib;
let let
cfg = config.services.sentinelone; cfg = config.mj.services.sentinelone;
initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" '' initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" ''
#!/bin/bash #!/bin/bash
@@ -45,9 +45,7 @@ let
''; '';
in in
{ {
options = { options.mj.services.sentinelone = {
services = {
sentinelone = {
enable = mkEnableOption "SentinelOne Service"; enable = mkEnableOption "SentinelOne Service";
package = mkPackageOption pkgs "sentinelone" { }; package = mkPackageOption pkgs "sentinelone" { };
@@ -67,8 +65,6 @@ in
default = "/var/lib/sentinelone"; default = "/var/lib/sentinelone";
}; };
}; };
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users.sentinelone = { users.users.sentinelone = {

1
secrets.nix
View File

@@ -41,6 +41,7 @@ in
"secrets/mtworx/syncthing/key.pem.age" "secrets/mtworx/syncthing/key.pem.age"
"secrets/mtworx/syncthing/cert.pem.age" "secrets/mtworx/syncthing/cert.pem.age"
"secrets/mtworx/kolide-launcher.age" "secrets/mtworx/kolide-launcher.age"
"secrets/mtworx/s1-site-token.age"
] ]
// mk ([ vno3-nk ] ++ motiejus) [ // mk ([ vno3-nk ] ++ motiejus) [
"secrets/vno3-nk/syncthing/key.pem.age" "secrets/vno3-nk/syncthing/key.pem.age"

13
secrets/mtworx/s1-site-token.age Normal file
View File

@@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 rwwqgg 0kxvVsmFl2fLzcKnU28MXgUf1OhUhKwRjKryXJzUyFo
2sZjWR5GJmK8OnbmDQt4WLBoi5YnBu7opfWuqdrCvsA
-> X25519 lJVz6Ex2LW6ymuZorlkt6fydeBMhrEBXz+0O2Kw0pFA
o2EkFqfefPzvV4mS4Bp0Z8opdHxMS/13bzOMi0tUp18
-> X25519 0iGpIwBiYLoXfSZ4dKuiqUiYSsh75kqtn1eA9OUcdB8
wNentLz83W7bJVzilSciSQhF7vGgMRKjnZmUm1NIKzM
-> piv-p256 +y2G/w A+Blohgie4b5mlGE4M2KEtaGZ+36o2zawvdlZ0F1jIbi
Ssp+gGbxK0ExBmhVQgx4IASORbxMUU4jy3vom926i8U
-> piv-p256 jNqd3A AmlODBsPSpOZgUWyDq2nn9bdvQxacb2ni+waur4rM+8p
6l4oWA+b/U4hY8FmcuH85qTMjjMvYq80XFUbmHL8+Wc
--- f0WWd+LJ9Ny7xIkEoqSLO8JciDJGdfPkf6vhEMiPR3E
<EFBFBD><EFBFBD>8C<EFBFBD>f,o<><16>~K<>1<EFBFBD>|<7C>t<EFBFBD><74><EFBFBD><06><05><>8<EFBFBD><38><EFBFBD><EFBFBD> <09>} N<>l<EFBFBD>q<EFBFBD><15>e3Q<33>s<EFBFBD><73>տ<EFBFBD><D5BF>Ns<4E><73>mQ<6D>p<EFBFBD>m<EFBFBD>'6Fd;<<3C><><EFBFBD><EFBFBD>@<40><19><><EFBFBD>u<EFBFBD>S|%<1F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ZƧɱߐG<DF90><47>7<>#<23>L<EFBFBD>)[<5B><>a <0B><>p<EFBFBD><70><EFBFBD><1C> I<><49>A<14><><EFBFBD><EFBFBD>pk<><6B><EFBFBD><EFBFBD>m:<3A><><EFBFBD><<3C>S<EFBFBD><53>j<>nC<6E><43><EFBFBD>XA<><0F><>,wN<77> <20>zN<7A><4E>