nilsherzig · October 4, 2024 10:55
diff --git a/README.md b/README.md
diff --git a/falcon-default.nix b/falcon-default.nix
 { stdenv, lib, dpkg, buildFHSUserEnv, ... }:

 let
  pname = "falcon-sensor";
  version = "7.18.0-17106";
  arch = "amd64";
  src = /opt/CrowdStrike + "/${pname}_${version}_${arch}.deb";

  falcon-sensor = stdenv.mkDerivation {
    inherit version arch src;
    buildInputs = [ dpkg ];
    name = pname;
    sourceRoot = ".";

    unpackCmd = ''
      dpkg-deb -x "$src" .
    '';

    installPhase = ''
      cp -r ./ $out/
      realpath $out
    '';

    meta = with lib; {
      description = "Crowdstrike Falcon Sensor";
      homepage = "https://www.crowdstrike.com/";
      license = licenses.unfree;
      platforms = platforms.linux;
      maintainers = with maintainers; [ nilsherzig ];
    };
  };
 in buildFHSUserEnv {
  name = "fs-bash";
  targetPkgs = pkgs: [ pkgs.libnl pkgs.openssl pkgs.zlib ];

  extraInstallCommands = ''
    ln -s ${falcon-sensor}/* $out/
  '';

  runScript = "bash";
 }
diff --git a/falcon.nix b/falcon.nix
 { pkgs, ... }:
 let
  falcon = pkgs.callPackage ./falcon-default.nix { };
  startPreScript = pkgs.writeScript "init-falcon" ''
    #! ${pkgs.bash}/bin/sh
    /run/current-system/sw/bin/mkdir -p /opt/CrowdStrike
    ln -sf ${falcon}/opt/CrowdStrike/* /opt/CrowdStrike
    if [ -z "$COMPANYID" ]; then
      echo "Error: COMPANYID environment variable is not set"
      exit 1
    fi
    ${falcon}/bin/fs-bash -c "${falcon}/opt/CrowdStrike/falconctl -g --cid $COMPANYID"
  '';
 in {
  systemd.services.falcon-sensor = {
    enable = true;
    description = "CrowdStrike Falcon Sensor";
    unitConfig.DefaultDependencies = false;
    after = [ "local-fs.target" ];
    conflicts = [ "shutdown.target" ];
    before = [ "sysinit.target" "shutdown.target" ];
    serviceConfig = {
      ExecStartPre = "${startPreScript}";
      ExecStart =
        ''${falcon}/bin/fs-bash -c "${falcon}/opt/CrowdStrike/falcond"'';
      Type = "forking";
      PIDFile = "/run/falcond.pid";
      Restart = "no";
      TimeoutStopSec = "60s";
      KillMode = "process";
      EnvironmentFile = "/etc/falcon-sensor.env";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
	{ stdenv, lib, dpkg, buildFHSUserEnv, ... }:

	let
	pname = "falcon-sensor";
	version = "7.18.0-17106";
	arch = "amd64";
	src = /opt/CrowdStrike + "/${pname}_${version}_${arch}.deb";

	falcon-sensor = stdenv.mkDerivation {
	inherit version arch src;
	buildInputs = [ dpkg ];
	name = pname;
	sourceRoot = ".";

	unpackCmd = ''
	dpkg-deb -x "$src" .
	'';

	installPhase = ''
	cp -r ./ $out/
	realpath $out
	'';

	meta = with lib; {
	description = "Crowdstrike Falcon Sensor";
	homepage = "https://www.crowdstrike.com/";
	license = licenses.unfree;
	platforms = platforms.linux;
	maintainers = with maintainers; [ nilsherzig ];
	};
	};
	in buildFHSUserEnv {
	name = "fs-bash";
	targetPkgs = pkgs: [ pkgs.libnl pkgs.openssl pkgs.zlib ];

	extraInstallCommands = ''
	ln -s ${falcon-sensor}/* $out/
	'';

	runScript = "bash";
	}
	{ pkgs, ... }:
	let
	falcon = pkgs.callPackage ./falcon-default.nix { };
	startPreScript = pkgs.writeScript "init-falcon" ''
	#! ${pkgs.bash}/bin/sh
	/run/current-system/sw/bin/mkdir -p /opt/CrowdStrike
	ln -sf ${falcon}/opt/CrowdStrike/* /opt/CrowdStrike
	if [ -z "$COMPANYID" ]; then
	echo "Error: COMPANYID environment variable is not set"
	exit 1
	fi
	${falcon}/bin/fs-bash -c "${falcon}/opt/CrowdStrike/falconctl -g --cid $COMPANYID"
	'';
	in {
	systemd.services.falcon-sensor = {
	enable = true;
	description = "CrowdStrike Falcon Sensor";
	unitConfig.DefaultDependencies = false;
	after = [ "local-fs.target" ];
	conflicts = [ "shutdown.target" ];
	before = [ "sysinit.target" "shutdown.target" ];
	serviceConfig = {
	ExecStartPre = "${startPreScript}";
	ExecStart =
	''${falcon}/bin/fs-bash -c "${falcon}/opt/CrowdStrike/falcond"'';
	Type = "forking";
	PIDFile = "/run/falcond.pid";
	Restart = "no";
	TimeoutStopSec = "60s";
	KillMode = "process";
	EnvironmentFile = "/etc/falcon-sensor.env";
	};
	wantedBy = [ "multi-user.target" ];
	};
	}