2024-09-13 09:32:10 +02:00
|
|
|
{ self, ... }:
|
|
|
|
|
{
|
|
|
|
|
imports = [ ];
|
|
|
|
|
|
2024-09-13 09:36:17 +02:00
|
|
|
flake.nixosModules.verify = {
|
2024-09-13 09:32:10 +02:00
|
|
|
imports = [ ./module.nix ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
perSystem =
|
|
|
|
|
{
|
|
|
|
|
pkgs,
|
|
|
|
|
self',
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
with lib;
|
|
|
|
|
{
|
2024-09-13 09:36:17 +02:00
|
|
|
apps.verify = {
|
2024-09-13 09:32:10 +02:00
|
|
|
type = "app";
|
|
|
|
|
program =
|
|
|
|
|
let
|
2024-09-14 01:02:32 +02:00
|
|
|
command = service: domain: ports: ''
|
|
|
|
|
echo "verify closed ports for ${service}"
|
|
|
|
|
${pkgs.rustscan}/bin/rustscan \
|
|
|
|
|
--ports ${concatStringsSep "," (map toString ports)} \
|
|
|
|
|
--addresses ${domain} \
|
|
|
|
|
--greppable
|
|
|
|
|
'';
|
2024-09-13 09:32:10 +02:00
|
|
|
domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
|
2024-09-14 01:02:32 +02:00
|
|
|
commands =
|
|
|
|
|
machine:
|
|
|
|
|
mapAttrsToList (
|
|
|
|
|
service: ports: command service (domain machine) ports
|
|
|
|
|
) self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
|
2024-09-13 09:32:10 +02:00
|
|
|
in
|
2024-09-14 01:02:32 +02:00
|
|
|
pkgs.writers.writeBashBin "verify" (concatStringsSep "\n\n" (commands "orbi"));
|
2024-09-13 09:32:10 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
