mtworx: enable s1

2025-11-17 09:38:48 +00:00
parent 56a10fcffa
commit 8969829d19
4 changed files with 39 additions and 22 deletions
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -24,6 +24,7 @@ in
    syncthing-key.file = ../../secrets/mtworx/syncthing/key.pem.age;
    syncthing-cert.file = ../../secrets/mtworx/syncthing/cert.pem.age;
    kolide-launcher.file = ../../secrets/mtworx/kolide-launcher.age;
+    s1-site-token.file = ../../secrets/mtworx/s1-site-token.age;

    ssh8022-client = {
      file = ../../secrets/ssh8022.age;
@@ -90,6 +91,12 @@ in
    };

    services = {
+      sentinelone = {
+        enable = true;
+        customerId = "motiejus.jakstys@chronosphere.io-mtworx";
+        sentinelOneManagementTokenPath = config.age.secrets.s1-site-token.path;
+      };
+
      ssh8022.client = {
        enable = true;
        keyfile = config.age.secrets.ssh8022-client.path;
--- a/modules/services/sentinelone/default.nix
+++ b/modules/services/sentinelone/default.nix
@@ -6,7 +6,7 @@
 }:
 with lib;
 let
-  cfg = config.services.sentinelone;
+  cfg = config.mj.services.sentinelone;
  initScript = pkgs.writeShellScriptBin "sentinelone-init.sh" ''
    #!/bin/bash

@@ -45,28 +45,24 @@ let
  '';
 in
 {
-  options = {
-    services = {
-      sentinelone = {
-        enable = mkEnableOption "SentinelOne Service";
-        package = mkPackageOption pkgs "sentinelone" { };
+  options.mj.services.sentinelone = {
+    enable = mkEnableOption "SentinelOne Service";
+    package = mkPackageOption pkgs "sentinelone" { };

-        customerId = mkOption {
-          type = types.nullOr types.str;
-          description = ''
-            Set a customer specific identifier for the host.
-          '';
-          example = "me@gmail.com-FTXYZWW";
-        };
-        sentinelOneManagementTokenPath = mkOption {
-          type = types.path;
-          example = "/run/secrets/s1_mgmt_token";
-        };
-        dataDir = mkOption {
-          type = types.path;
-          default = "/var/lib/sentinelone";
-        };
-      };
+    customerId = mkOption {
+      type = types.nullOr types.str;
+      description = ''
+        Set a customer specific identifier for the host.
+      '';
+      example = "me@gmail.com-FTXYZWW";
+    };
+    sentinelOneManagementTokenPath = mkOption {
+      type = types.path;
+      example = "/run/secrets/s1_mgmt_token";
+    };
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/sentinelone";
    };
  };

--- a/secrets.nix
+++ b/secrets.nix
@@ -41,6 +41,7 @@ in
  "secrets/mtworx/syncthing/key.pem.age"
  "secrets/mtworx/syncthing/cert.pem.age"
  "secrets/mtworx/kolide-launcher.age"
+  "secrets/mtworx/s1-site-token.age"
 ]
 // mk ([ vno3-nk ] ++ motiejus) [
  "secrets/vno3-nk/syncthing/key.pem.age"
--- a/secrets/mtworx/s1-site-token.age
+++ b/secrets/mtworx/s1-site-token.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 rwwqgg 0kxvVsmFl2fLzcKnU28MXgUf1OhUhKwRjKryXJzUyFo
+2sZjWR5GJmK8OnbmDQt4WLBoi5YnBu7opfWuqdrCvsA
+-> X25519 lJVz6Ex2LW6ymuZorlkt6fydeBMhrEBXz+0O2Kw0pFA
+o2EkFqfefPzvV4mS4Bp0Z8opdHxMS/13bzOMi0tUp18
+-> X25519 0iGpIwBiYLoXfSZ4dKuiqUiYSsh75kqtn1eA9OUcdB8
+wNentLz83W7bJVzilSciSQhF7vGgMRKjnZmUm1NIKzM
+-> piv-p256 +y2G/w A+Blohgie4b5mlGE4M2KEtaGZ+36o2zawvdlZ0F1jIbi
+Ssp+gGbxK0ExBmhVQgx4IASORbxMUU4jy3vom926i8U
+-> piv-p256 jNqd3A AmlODBsPSpOZgUWyDq2nn9bdvQxacb2ni+waur4rM+8p
+6l4oWA+b/U4hY8FmcuH85qTMjjMvYq80XFUbmHL8+Wc
+--- f0WWd+LJ9Ny7xIkEoqSLO8JciDJGdfPkf6vhEMiPR3E
+Œ²8CØf,oìÑ~K—1Œ|Ütý¢†±å‡8ì–õ„	È}N‰lªqÓäe3QÄs”¤Õ¿ÄÄNsÆømQœp“mÃ'6Fd;<ù†Œå@¬°Óûu‚S|%áºà‰ÅêZÆ§É±ß<C2B1>GÚî7ˆ#æLÓ)[º¬aŸùp<C3B9>áä 	I<>‡A ®€¶pkÀ„¸žm:ò†Ó<ÍS<C38D>Ìj×nCê©ËXAÂªÃ,wN§ ²zNÔÔ