motiejus/config
1
Fork 0
Code Packages Releases Activity

mtworx: enable s1

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-11-17 09:38:48 +00:00
parent 56a10fcffa
commit 8969829d19
4 changed files with 39 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/mtworx/configuration.nix
View File

@@ -24,6 +24,7 @@ in
syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age; syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age; syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age; kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age;
s1-site-token.file = ../../secrets/mtworx/s1-site-token.age;
ssh8022-client = { ssh8022-client = {
file = ../../secrets/ssh8022.age; file = ../../secrets/ssh8022.age;
@@ -90,6 +91,12 @@ in
}; };
services = { services = {
sentinelone = {
enable = true;
customerId = "motiejus.jakstys@chronosphere.io-mtworx";
sentinelOneManagementTokenPath = config.age.secrets.s1-site-token.path;
};
ssh8022.client = { ssh8022.client = {
enable = true; enable = true;
keyfile = config.age.secrets.ssh8022-client.path; keyfile = config.age.secrets.ssh8022-client.path;

8
modules/services/sentinelone/default.nix
View File

@@ -6,7 +6,7 @@
}: }:
with lib; with lib;
let let
cfg = config.services.sentinelone; cfg = config.mj.services.sentinelone;
initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" '' initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" ''
#!/bin/bash #!/bin/bash
@@ -45,9 +45,7 @@ let
''; '';
in in
{ {
options = { options.mj.services.sentinelone = {
services = {
sentinelone = {
enable = mkEnableOption "SentinelOne Service"; enable = mkEnableOption "SentinelOne Service";
package = mkPackageOption pkgs "sentinelone" { }; package = mkPackageOption pkgs "sentinelone" { };
@@ -67,8 +65,6 @@ in
default = "/var/lib/sentinelone"; default = "/var/lib/sentinelone";
}; };
}; };
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users.sentinelone = { users.users.sentinelone = {

1
secrets.nix
View File

@@ -41,6 +41,7 @@ in
"secrets/mtworx/syncthing/key.pem.age" "secrets/mtworx/syncthing/key.pem.age"
"secrets/mtworx/syncthing/cert.pem.age" "secrets/mtworx/syncthing/cert.pem.age"
"secrets/mtworx/kolide-launcher.age" "secrets/mtworx/kolide-launcher.age"
"secrets/mtworx/s1-site-token.age"
] ]
// mk ([ vno3-nk ] ++ motiejus) [ // mk ([ vno3-nk ] ++ motiejus) [
"secrets/vno3-nk/syncthing/key.pem.age" "secrets/vno3-nk/syncthing/key.pem.age"

13
secrets/mtworx/s1-site-token.age Normal file
View File

@@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 rwwqgg 0kxvVsmFl2fLzcKnU28MXgUf1OhUhKwRjKryXJzUyFo
2sZjWR5GJmK8OnbmDQt4WLBoi5YnBu7opfWuqdrCvsA
-> X25519 lJVz6Ex2LW6ymuZorlkt6fydeBMhrEBXz+0O2Kw0pFA
o2EkFqfefPzvV4mS4Bp0Z8opdHxMS/13bzOMi0tUp18
-> X25519 0iGpIwBiYLoXfSZ4dKuiqUiYSsh75kqtn1eA9OUcdB8
wNentLz83W7bJVzilSciSQhF7vGgMRKjnZmUm1NIKzM
-> piv-p256 +y2G/w A+Blohgie4b5mlGE4M2KEtaGZ+36o2zawvdlZ0F1jIbi
Ssp+gGbxK0ExBmhVQgx4IASORbxMUU4jy3vom926i8U
-> piv-p256 jNqd3A AmlODBsPSpOZgUWyDq2nn9bdvQxacb2ni+waur4rM+8p
6l4oWA+b/U4hY8FmcuH85qTMjjMvYq80XFUbmHL8+Wc
--- f0WWd+LJ9Ny7xIkEoqSLO8JciDJGdfPkf6vhEMiPR3E
Œ²8CØf,oìÑ~K—1Œ|Ütý¢†±å‡8ìõ„ È} N‰lªqÓäe3QÄs”¤Õ¿ÄÄNsÆømQœp“mÃ'6Fd;<ù†Œå@¬°ÓûuS|%áºà‰ÅêZƧɱß<C2B1>GÚî7ˆ#æLÓ)[º¬a Ÿùp<C3B9>áä  I<>‡A ®€¶pkÀ„¸žm:ò†Ó<ÍS<C38D>Ìj×nCê©ËXªÃ,wN§ ²zNÔÔ