2024-09-13 09:32:10 +02:00
|
|
|
{ self, ... }:
|
|
|
|
|
{
|
|
|
|
|
imports = [ ];
|
|
|
|
|
|
2024-09-13 09:36:17 +02:00
|
|
|
flake.nixosModules.verify = {
|
2024-09-13 09:32:10 +02:00
|
|
|
imports = [ ./module.nix ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
perSystem =
|
|
|
|
|
{
|
|
|
|
|
pkgs,
|
|
|
|
|
self',
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
with lib;
|
|
|
|
|
{
|
2024-09-13 09:36:17 +02:00
|
|
|
apps.verify = {
|
2024-09-13 09:32:10 +02:00
|
|
|
type = "app";
|
|
|
|
|
program =
|
|
|
|
|
let
|
|
|
|
|
ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
|
|
|
|
|
domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
|
|
|
|
|
in
|
2024-09-13 09:36:17 +02:00
|
|
|
|
|
|
|
|
# todo : create an alert if one of the ports should not be accessible
|
|
|
|
|
pkgs.writers.writeBashBin "verify" ''
|
2024-09-13 09:32:10 +02:00
|
|
|
${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
