nixos-config/nix/verify/default.nix

{ self, ... }:
{
  imports = [ ];

  flake.nixosModules.verify = {
    imports = [ ./modules ];
  };

  perSystem =
    {
      pkgs,
      self',
      lib,
      ...
    }:
    with lib;
    {
      apps.verify = {
        type = "app";
        program =
          let

            nixosConfigurationsToVerify = filterAttrs (
              machine: configuration: builtins.hasAttr "verify" configuration.options
            ) self.nixosConfigurations;

            verifyClosedCommands =
              nixosConfiguration:
              let

                command = serviceName: interfaceName: host: ports: ''
                  echo "verify ${interfaceName} ports are closed for ${serviceName}"
                  ${pkgs.rustscan}/bin/rustscan \
                      --ports ${concatStringsSep "," (map toString ports)} \
                      --addresses ${host} \
                      --greppable
                '';

                interfaces = nixosConfiguration.options.verify.closed.value;

                interfaceCommands = mapAttrsToList (
                  interfaceName: interfaceConfiguration:
                  mapAttrsToList (
                    serviceName: servicePorts:
                    command serviceName interfaceName interfaceConfiguration.host servicePorts
                  ) interfaceConfiguration.ports
                ) interfaces;

              in
              flatten interfaceCommands;

            verify = machineName: nixosConfiguration: ''
              echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi
              ${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)}
            '';

            allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify);

          in
          pkgs.writers.writeBashBin "verify" allCommands;
      };
    };

}
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00			`{ self, ... }:`
			`{`
			`imports = [ ];`

:truck: renaming 2024-09-13 09:36:17 +02:00			`flake.nixosModules.verify = {`
:memo: add documentation to verify flake module 2024-09-15 00:31:47 +02:00			`imports = [ ./modules ];`
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00			`};`

			`perSystem =`
			`{`
			`pkgs,`
			`self',`
			`lib,`
			`...`
			`}:`
			`with lib;`
			`{`
:truck: renaming 2024-09-13 09:36:17 +02:00			`apps.verify = {`
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00			`type = "app";`
			`program =`
			`let`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00
:children_crossing: improve verify flake 2024-09-15 01:09:53 +02:00			`nixosConfigurationsToVerify = filterAttrs (`
			`machine: configuration: builtins.hasAttr "verify" configuration.options`
			`) self.nixosConfigurations;`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00
:children_crossing: improve verify flake 2024-09-15 01:09:53 +02:00			`verifyClosedCommands =`
			`nixosConfiguration:`
			`let`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00
:children_crossing: improve verify flake 2024-09-15 01:09:53 +02:00			`command = serviceName: interfaceName: host: ports: ''`
			`echo "verify ${interfaceName} ports are closed for ${serviceName}"`
			`${pkgs.rustscan}/bin/rustscan \`
			`--ports ${concatStringsSep "," (map toString ports)} \`
			`--addresses ${host} \`
			`--greppable`
			`'';`

			`interfaces = nixosConfiguration.options.verify.closed.value;`

			`interfaceCommands = mapAttrsToList (`
			`interfaceName: interfaceConfiguration:`
			`mapAttrsToList (`
			`serviceName: servicePorts:`
			`command serviceName interfaceName interfaceConfiguration.host servicePorts`
			`) interfaceConfiguration.ports`
			`) interfaces;`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00
:children_crossing: improve verify flake 2024-09-15 01:09:53 +02:00			`in`
			`flatten interfaceCommands;`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00
:children_crossing: improve verify flake 2024-09-15 01:09:53 +02:00			`verify = machineName: nixosConfiguration: ''`
			`echo "${machineName}" \| ${pkgs.boxes}/bin/boxes -d ansi`
			`${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)}`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00			`'';`

:children_crossing: improve verify flake 2024-09-15 01:09:53 +02:00			`allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify);`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00			`in`
:sparkles: verify closed ports script kinda works now. 2024-09-14 02:09:41 +02:00			`pkgs.writers.writeBashBin "verify" allCommands;`
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00			`};`
			`};`

			`}`