From d8c34e06d3d3a67b79903b421a4e24985e45f2b4 Mon Sep 17 00:00:00 2001
From: Rebecca Mahany-Horton <rebeccamahany@gmail.com>
Date: Thu, 4 Jan 2024 14:43:38 -0500
Subject: [PATCH 1/3] Don't hardcode PATH

---
 modules/kolide-launcher/default.nix | 32 ++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/modules/kolide-launcher/default.nix b/modules/kolide-launcher/default.nix
index 5d72561..24eaa93 100644
--- a/modules/kolide-launcher/default.nix
+++ b/modules/kolide-launcher/default.nix
@@ -1,7 +1,7 @@
 flake: { config, lib, pkgs, ... }:
 
 let
-  inherit (lib) types mkEnableOption mkOption mkIf;
+  inherit (lib) types mkEnableOption mkOption mkIf optional;
   inherit (flake.packages.x86_64-linux) kolide-launcher;
   cfg = config.services.kolide-launcher;
 in
@@ -54,10 +54,36 @@ in
       after = [ "network.service" "syslog.service" ];
       wantedBy = [ "multi-user.target" ];
 
-      path = with pkgs; [ patchelf ];
+      # Hard requirements should go in list; optional requirements should be added as optional.
+      # Intentionally not included because they aren't supported on Nix:
+      # CrowdStrike (falconctl, falcon-kernel-check), Carbon Black (repcli), dnf (dnf5 is available),
+      # x-www-browser (symlink created via `update-alternatives`, which isn't available),
+      # ifconfig (should be available via net-tools, but this fails with "undefined variable 'net-tools'", :shrug:)
+      path = with pkgs; [
+        patchelf # Required to auto-update successfully
+        systemd # Provides loginctl, systemctl; loginctl required to run desktop
+        xdg-utils # Provides xdg-open, required to open browser from notifications and menu bar app
+      ]
+      ++ optional (builtins.elem apt config.environment.systemPackages) apt
+      ++ optional (builtins.elem cryptsetup config.environment.systemPackages) cryptsetup
+      ++ optional (builtins.elem coreutils-full config.environment.systemPackages) coreutils-full # Provides echo
+      ++ optional (builtins.elem dpkg config.environment.systemPackages) dpkg
+      ++ optional (builtins.elem glib config.environment.systemPackages) glib # Provides gsettings
+      ++ optional (builtins.elem gnome.gnome-shell config.environment.systemPackages) gnome.gnome-shell # Provides gnome-extensions
+      ++ optional (builtins.elem iproute2 config.environment.systemPackages) iproute2 # Provides ip
+      ++ optional (builtins.elem libnotify config.environment.systemPackages) libnotify # Provides notify-send
+      ++ optional (builtins.elem lsof config.environment.systemPackages) lsof
+      ++ optional (builtins.elem networkmanager config.environment.systemPackages) networkmanager # Provides nmcli
+      ++ optional (builtins.elem pacman config.environment.systemPackages) pacman
+      ++ optional (builtins.elem procps config.environment.systemPackages) procps # Provides ps
+      ++ optional (builtins.elem rpm config.environment.systemPackages) rpm
+      ++ optional (builtins.elem xorg.xrdb config.environment.systemPackages) xorg.xrdb # Provides xrdb
+      ++ optional (builtins.elem util-linux config.environment.systemPackages) util-linux # Provides lsblk
+      ++ optional (builtins.elem zerotierone config.environment.systemPackages) zerotierone # Provides zerotier-cli
+      ++ optional (builtins.elem zfs config.environment.systemPackages) zfs # Provides zfs, zpool
+      ;
 
       serviceConfig = {
-        Environment = "PATH=/run/wrappers/bin:/bin:/sbin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin";
         ExecStart = ''
           ${flake.packages.x86_64-linux.kolide-launcher}/bin/launcher \
             --hostname ${cfg.kolideHostname} \

From cec5567f6caa0a2a246c24178f0dc7e44ba20083 Mon Sep 17 00:00:00 2001
From: Rebecca Mahany-Horton <rebeccamahany@gmail.com>
Date: Thu, 4 Jan 2024 15:32:53 -0500
Subject: [PATCH 2/3] nettools not net-tools

---
 modules/kolide-launcher/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/kolide-launcher/default.nix b/modules/kolide-launcher/default.nix
index 24eaa93..0ef2c00 100644
--- a/modules/kolide-launcher/default.nix
+++ b/modules/kolide-launcher/default.nix
@@ -57,8 +57,7 @@ in
       # Hard requirements should go in list; optional requirements should be added as optional.
       # Intentionally not included because they aren't supported on Nix:
       # CrowdStrike (falconctl, falcon-kernel-check), Carbon Black (repcli), dnf (dnf5 is available),
-      # x-www-browser (symlink created via `update-alternatives`, which isn't available),
-      # ifconfig (should be available via net-tools, but this fails with "undefined variable 'net-tools'", :shrug:)
+      # x-www-browser (symlink created via `update-alternatives`, which isn't available)
       path = with pkgs; [
         patchelf # Required to auto-update successfully
         systemd # Provides loginctl, systemctl; loginctl required to run desktop
@@ -73,6 +72,7 @@ in
       ++ optional (builtins.elem iproute2 config.environment.systemPackages) iproute2 # Provides ip
       ++ optional (builtins.elem libnotify config.environment.systemPackages) libnotify # Provides notify-send
       ++ optional (builtins.elem lsof config.environment.systemPackages) lsof
+      ++ optional (builtins.elem nettools config.environment.systemPackages) nettools # Provides ifconfig
       ++ optional (builtins.elem networkmanager config.environment.systemPackages) networkmanager # Provides nmcli
       ++ optional (builtins.elem pacman config.environment.systemPackages) pacman
       ++ optional (builtins.elem procps config.environment.systemPackages) procps # Provides ps

From 546288dd1ffdd88c80978de88dc3f649aa33b268 Mon Sep 17 00:00:00 2001
From: Rebecca Mahany-Horton <rebeccamahany@gmail.com>
Date: Thu, 4 Jan 2024 15:44:25 -0500
Subject: [PATCH 3/3] Update documentation

---
 modules/kolide-launcher/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/kolide-launcher/default.nix b/modules/kolide-launcher/default.nix
index 0ef2c00..f112677 100644
--- a/modules/kolide-launcher/default.nix
+++ b/modules/kolide-launcher/default.nix
@@ -56,8 +56,10 @@ in
 
       # Hard requirements should go in list; optional requirements should be added as optional.
       # Intentionally not included because they aren't supported on Nix:
-      # CrowdStrike (falconctl, falcon-kernel-check), Carbon Black (repcli), dnf (dnf5 is available),
-      # x-www-browser (symlink created via `update-alternatives`, which isn't available)
+      # - CrowdStrike (falconctl, falcon-kernel-check)
+      # - Carbon Black (repcli)
+      # - dnf (related libraries dnf5, libdnf, and microdnf are available, but nothing provides the dnf binary)
+      # - x-www-browser (symlink created via `update-alternatives`, which isn't available)
       path = with pkgs; [
         patchelf # Required to auto-update successfully
         systemd # Provides loginctl, systemctl; loginctl required to run desktop