From 4a10bae8665fb6d7060c8c109dd16fbce9542c65 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Mon, 30 Sep 2024 12:05:17 +0900 Subject: [PATCH] :heavy_plus_sign: use nixos-healthchecks instead of verify --- flake.lock | 104 +++++++++++++++++++++---- flake.nix | 14 ++-- machines/cherry/syncthing.nix | 2 +- machines/chungus/media-syncthing.nix | 2 +- machines/chungus/service-forgejo.nix | 2 +- machines/chungus/service-paperless.nix | 2 +- machines/orbi/configuration.nix | 6 +- machines/orbi/media-arr.nix | 4 +- machines/orbi/media-nextcloud.nix | 2 +- machines/orbi/media-syncthing.nix | 2 +- machines/orbi/media-transmission2.nix | 2 +- machines/orbi/service-forgejo.nix | 2 +- machines/orbi/service-nix-cache.nix | 4 +- machines/orbi/service-photoprism.nix | 4 +- machines/orbi/service-surrealdb.nix | 2 +- machines/orbi/service-taskchampion.nix | 4 +- machines/orbi/service-taskwarrior.nix | 2 +- machines/orbi/service-vaultwarden.nix | 2 +- machines/orbi/service-vikunja.nix | 2 +- machines/orbi/service-wastebin.nix | 2 +- nix/verify/default.nix | 92 ---------------------- nix/verify/modules/closedPorts.nix | 46 ----------- nix/verify/modules/http.nix | 92 ---------------------- nix/verify/modules/localCommands.nix | 15 ---- 24 files changed, 122 insertions(+), 289 deletions(-) delete mode 100644 nix/verify/default.nix delete mode 100644 nix/verify/modules/closedPorts.nix delete mode 100644 nix/verify/modules/http.nix delete mode 100644 nix/verify/modules/localCommands.nix diff --git a/flake.lock b/flake.lock index ae153be..f6e954d 100644 --- a/flake.lock +++ b/flake.lock @@ -253,6 +253,24 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nixos-anywhere", @@ -273,9 +291,9 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1722555600, @@ -291,9 +309,9 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_3" + "nixpkgs-lib": "nixpkgs-lib_4" }, "locked": { "lastModified": 1726153070, @@ -469,6 +487,28 @@ "type": "github" } }, + "healthchecks": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1727664262, + "narHash": "sha256-8Q1YJCoVax+Mb80Fhtu7eZe8ewS3Syjce74wOy/8b3Y=", + "owner": "mrvandalo", + "repo": "nixos-healthchecks", + "rev": "64415df72d72c9c1f41223694dbe099e4a10f001", + "type": "github" + }, + "original": { + "owner": "mrvandalo", + "repo": "nixos-healthchecks", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -576,11 +616,11 @@ "nixos-anywhere": { "inputs": { "disko": "disko_2", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "nixos-images": "nixos-images_2", "nixos-stable": "nixos-stable", "nixpkgs": "nixpkgs_3", - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix_3" }, "locked": { "lastModified": 1727450368, @@ -768,6 +808,18 @@ } }, "nixpkgs-lib_2": { + "locked": { + "lastModified": 1726442928, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + } + }, + "nixpkgs-lib_3": { "locked": { "lastModified": 1722555339, "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", @@ -779,7 +831,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" } }, - "nixpkgs-lib_3": { + "nixpkgs-lib_4": { "locked": { "lastModified": 1725233747, "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", @@ -969,11 +1021,11 @@ }, "private-parts": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nixpkgs" ], - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" }, "locked": { "lastModified": 1727519047, @@ -1010,6 +1062,7 @@ "clan-core": "clan-core", "clan-fact-generators": "clan-fact-generators", "flake-parts": "flake-parts_2", + "healthchecks": "healthchecks", "home-manager": "home-manager", "home-manager-utils": "home-manager-utils", "kmonad": "kmonad", @@ -1029,7 +1082,7 @@ "srvos": "srvos", "stylix": "stylix", "taskwarrior": "taskwarrior", - "treefmt-nix": "treefmt-nix_5" + "treefmt-nix": "treefmt-nix_6" } }, "sops-nix": { @@ -1207,12 +1260,12 @@ }, "taskwarrior": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "nixpkgs": [ "nixpkgs" ], "taskshell": "taskshell", - "treefmt-nix": "treefmt-nix_4" + "treefmt-nix": "treefmt-nix_5" }, "locked": { "lastModified": 1727417586, @@ -1298,6 +1351,27 @@ } }, "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "healthchecks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1727431250, + "narHash": "sha256-uGRlRT47ecicF9iLD1G3g43jn2e+b5KaMptb59LHnvM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "879b29ae9a0378904fbbefe0dadaed43c8905754", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { "inputs": { "nixpkgs": [ "nixos-anywhere", @@ -1318,7 +1392,7 @@ "type": "github" } }, - "treefmt-nix_3": { + "treefmt-nix_4": { "inputs": { "nixpkgs": [ "private-parts", @@ -1339,7 +1413,7 @@ "type": "github" } }, - "treefmt-nix_4": { + "treefmt-nix_5": { "inputs": { "nixpkgs": [ "taskwarrior", @@ -1360,7 +1434,7 @@ "type": "github" } }, - "treefmt-nix_5": { + "treefmt-nix_6": { "inputs": { "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 4a5301e..66dfb59 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,9 @@ clan-fact-generators.url = "github:mrvandalo/clan-fact-generators"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; flake-parts.url = "github:hercules-ci/flake-parts"; + healthchecks.inputs.nixpkgs.follows = "nixpkgs"; + #healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck"; + healthchecks.url = "github:mrvandalo/nixos-healthchecks"; home-manager-utils.inputs.home-manager.follows = "home-manager"; home-manager-utils.url = "github:mrvandalo/home-manager-utils"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -38,8 +41,8 @@ stylix.inputs.nixpkgs.follows = "nixpkgs"; stylix.url = "github:danth/stylix"; taskwarrior.inputs.nixpkgs.follows = "nixpkgs"; - taskwarrior.url = "github:mrvandalo/taskwarrior-flake"; #taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake"; + taskwarrior.url = "github:mrvandalo/taskwarrior-flake"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; treefmt-nix.url = "github:numtide/treefmt-nix"; @@ -77,6 +80,7 @@ stylix, taskwarrior, treefmt-nix, + healthchecks, }: let @@ -379,9 +383,9 @@ systems = [ "x86_64-linux" ]; imports = [ clan-core.flakeModules.default + healthchecks.flakeModule ./nix/formatter.nix ./nix/packages - ./nix/verify ./nix/topology ]; @@ -418,7 +422,7 @@ name = "cherry"; host = "cherry.bear"; modules = [ - self.nixosModules.verify + healthchecks.nixosModules.default zerotierModules nixos-hardware.nixosModules.framework-13th-gen-intel retiolum.nixosModules.retiolum @@ -440,7 +444,7 @@ name = "chungus"; host = "chungus.bear"; modules = [ - self.nixosModules.verify + healthchecks.nixosModules.default zerotierModules zerotierControllerModule homeManagerModules @@ -462,7 +466,7 @@ host = "orbi.bear"; #host = "95.216.66.212"; modules = [ - self.nixosModules.verify + healthchecks.nixosModules.default homeManagerModules stylixModules zerotierModules diff --git a/machines/cherry/syncthing.nix b/machines/cherry/syncthing.nix index af25327..27338a8 100644 --- a/machines/cherry/syncthing.nix +++ b/machines/cherry/syncthing.nix @@ -6,7 +6,7 @@ }: { - verify.http.syncthing-gui = { + healthchecks.http.syncthing-gui = { url = config.services.syncthing.guiAddress; expectedContent = "syncthing"; }; diff --git a/machines/chungus/media-syncthing.nix b/machines/chungus/media-syncthing.nix index ca3b719..e266204 100644 --- a/machines/chungus/media-syncthing.nix +++ b/machines/chungus/media-syncthing.nix @@ -6,7 +6,7 @@ }: { - verify.http.syncthing-gui = { + healthchecks.http.syncthing-gui = { url = config.services.syncthing.guiAddress; expectedContent = "syncthing"; }; diff --git a/machines/chungus/service-forgejo.nix b/machines/chungus/service-forgejo.nix index aa63e03..49dc36f 100644 --- a/machines/chungus/service-forgejo.nix +++ b/machines/chungus/service-forgejo.nix @@ -5,7 +5,7 @@ ... }: { - verify.http.forgejjo = { + healthchecks.http.forgejjo = { url = "http://git.chungus.private/explore/repos"; expectedContent = "nixinate"; }; diff --git a/machines/chungus/service-paperless.nix b/machines/chungus/service-paperless.nix index 10d91bc..96adbfe 100644 --- a/machines/chungus/service-paperless.nix +++ b/machines/chungus/service-paperless.nix @@ -30,7 +30,7 @@ }; networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ]; - verify.http.paperless = { + healthchecks.http.paperless = { url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/"; expectedContent = "paperless.chungus.private"; }; diff --git a/machines/orbi/configuration.nix b/machines/orbi/configuration.nix index cf30dfe..bd74047 100644 --- a/machines/orbi/configuration.nix +++ b/machines/orbi/configuration.nix @@ -67,13 +67,13 @@ components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ]; - verify.closed.public.ports.opentelemetry = [ 4317 ]; + healthchecks.closed.public.ports.opentelemetry = [ 4317 ]; security.acme.acceptTerms = true; security.acme.defaults.email = "contact@ingolf-wagner.de"; - verify.closed.wg0.host = "10.100.0.1"; - verify.closed.public.host = "orbi.public"; + healthchecks.closed.wg0.host = "10.100.0.1"; + healthchecks.closed.public.host = "orbi.public"; # chungus rsync users.users.root.openssh.authorizedKeys.keys = [ diff --git a/machines/orbi/media-arr.nix b/machines/orbi/media-arr.nix index 5c9b73c..a23838f 100644 --- a/machines/orbi/media-arr.nix +++ b/machines/orbi/media-arr.nix @@ -11,13 +11,13 @@ 8686 ]; - verify.closed.public.ports.arr = [ + healthchecks.closed.public.ports.arr = [ 7878 8989 8686 ]; - verify.http = { + healthchecks.http = { sonarr = { url = "sonarr.ingolf-wagner.de"; expectedContent = "Sonarr"; diff --git a/machines/orbi/media-nextcloud.nix b/machines/orbi/media-nextcloud.nix index bbe56f6..e648559 100644 --- a/machines/orbi/media-nextcloud.nix +++ b/machines/orbi/media-nextcloud.nix @@ -35,7 +35,7 @@ in 443 ]; - verify.http.nextcloud = { + healthchecks.http.nextcloud = { url = "https://nextcloud.ingolf-wagner.de/login"; expectedContent = "Login"; }; diff --git a/machines/orbi/media-syncthing.nix b/machines/orbi/media-syncthing.nix index 5c48796..becb7b2 100644 --- a/machines/orbi/media-syncthing.nix +++ b/machines/orbi/media-syncthing.nix @@ -6,7 +6,7 @@ }: { - verify.http.syncthing-gui = { + healthchecks.http.syncthing-gui = { url = config.services.syncthing.guiAddress; expectedContent = "syncthing"; }; diff --git a/machines/orbi/media-transmission2.nix b/machines/orbi/media-transmission2.nix index b019628..d8aeb0d 100644 --- a/machines/orbi/media-transmission2.nix +++ b/machines/orbi/media-transmission2.nix @@ -130,7 +130,7 @@ in allowedUDPPorts = [ 51413 ]; }; - verify.closed.public.ports.transmission2 = [ uiPort ]; + healthchecks.closed.public.ports.transmission2 = [ uiPort ]; # host nginx setup # ---------------- diff --git a/machines/orbi/service-forgejo.nix b/machines/orbi/service-forgejo.nix index e464c8a..97a7179 100644 --- a/machines/orbi/service-forgejo.nix +++ b/machines/orbi/service-forgejo.nix @@ -6,7 +6,7 @@ }: { - verify.http.forgejjo = { + healthchecks.http.forgejjo = { url = "https://git.ingolf-wagner.de/explore/repos"; expectedContent = "palo/nixos-config"; }; diff --git a/machines/orbi/service-nix-cache.nix b/machines/orbi/service-nix-cache.nix index 26337c5..2fd37a0 100644 --- a/machines/orbi/service-nix-cache.nix +++ b/machines/orbi/service-nix-cache.nix @@ -32,8 +32,8 @@ port = 5005; }; - verify.closed.public.ports.nix-serve = [ config.services.nix-serve.port ]; - verify.http.nix-serve = { + healthchecks.closed.public.ports.nix-serve = [ config.services.nix-serve.port ]; + healthchecks.http.nix-serve = { url = "cache.${config.networking.hostName}.wg0/nix-cache-info"; expectedContent = "Priority: 50"; }; diff --git a/machines/orbi/service-photoprism.nix b/machines/orbi/service-photoprism.nix index 07a4a4e..8765090 100644 --- a/machines/orbi/service-photoprism.nix +++ b/machines/orbi/service-photoprism.nix @@ -16,8 +16,8 @@ in networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ]; # networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ]; - verify.closed.public.ports.photoprism = [ photoprismPort ]; - verify.http.photoprism = { + healthchecks.closed.public.ports.photoprism = [ photoprismPort ]; + healthchecks.http.photoprism = { url = "http://10.100.0.1:2342/library/login"; expectedContent = "AI-Powered Photos App"; }; diff --git a/machines/orbi/service-surrealdb.nix b/machines/orbi/service-surrealdb.nix index a6eea27..868b0fd 100644 --- a/machines/orbi/service-surrealdb.nix +++ b/machines/orbi/service-surrealdb.nix @@ -14,7 +14,7 @@ in { networking.firewall.interfaces.wg0.allowedTCPPorts = [ surrealdbPort ]; - verify.closed.public.ports.surrealdb = [ surrealdbPort ]; + healthchecks.closed.public.ports.surrealdb = [ surrealdbPort ]; containers.surrealdb = { privateNetwork = false; diff --git a/machines/orbi/service-taskchampion.nix b/machines/orbi/service-taskchampion.nix index b99b358..282c7e2 100644 --- a/machines/orbi/service-taskchampion.nix +++ b/machines/orbi/service-taskchampion.nix @@ -7,8 +7,8 @@ }: { - verify.closed.public.ports.taskchampion = [ config.services.taskchampion-sync-server.port ]; - verify.http.taskchampion = { + healthchecks.closed.public.ports.taskchampion = [ config.services.taskchampion-sync-server.port ]; + healthchecks.http.taskchampion = { url = "http://orbi.private:10222"; expectedContent = "TaskChampion sync server"; }; diff --git a/machines/orbi/service-taskwarrior.nix b/machines/orbi/service-taskwarrior.nix index 652ecc2..ea464a6 100644 --- a/machines/orbi/service-taskwarrior.nix +++ b/machines/orbi/service-taskwarrior.nix @@ -48,7 +48,7 @@ in networking.firewall.interfaces.wg0.allowedTCPPorts = [ uiPort ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ uiPort ]; - verify.closed.public.ports.taskserver-webui = [ uiPort ]; + healthchecks.closed.public.ports.taskserver-webui = [ uiPort ]; # host nginx setup # ---------------- diff --git a/machines/orbi/service-vaultwarden.nix b/machines/orbi/service-vaultwarden.nix index 1e6c50f..d50c13d 100644 --- a/machines/orbi/service-vaultwarden.nix +++ b/machines/orbi/service-vaultwarden.nix @@ -6,7 +6,7 @@ }: { - verify.http.vaultwarden = { + healthchecks.http.vaultwarden = { url = config.services.vaultwarden.config.domain; expectedContent = "BOOOOM"; # fixme: seems this part is not working }; diff --git a/machines/orbi/service-vikunja.nix b/machines/orbi/service-vikunja.nix index 9004944..1aa60ec 100644 --- a/machines/orbi/service-vikunja.nix +++ b/machines/orbi/service-vikunja.nix @@ -13,7 +13,7 @@ in { networking.firewall.interfaces.wg0.allowedTCPPorts = [ vikunjaPort ]; - verify.closed.public.ports.vikunja = [ vikunjaPort ]; + healthchecks.closed.public.ports.vikunja = [ vikunjaPort ]; containers.vikunja = { privateNetwork = false; diff --git a/machines/orbi/service-wastebin.nix b/machines/orbi/service-wastebin.nix index ab4e377..a29da22 100644 --- a/machines/orbi/service-wastebin.nix +++ b/machines/orbi/service-wastebin.nix @@ -4,7 +4,7 @@ let in { - verify.http.wastebin = { + healthchecks.http.wastebin = { url = "https://paste.ingolf-wagner.de"; expectedContent = "BOOOOM"; # fixme: seems this part is not working }; diff --git a/nix/verify/default.nix b/nix/verify/default.nix deleted file mode 100644 index 582d34e..0000000 --- a/nix/verify/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ self, ... }: -{ - imports = [ ]; - - flake.nixosModules.verify = { - imports = [ - ./modules/closedPorts.nix - ./modules/http.nix - ./modules/localCommands.nix - ]; - }; - - perSystem = - { - pkgs, - self', - lib, - ... - }: - with lib; - { - apps.verify = { - type = "app"; - program = - let - - nixosConfigurationsToVerify = filterAttrs ( - machine: configuration: builtins.hasAttr "verify" configuration.options - ) self.nixosConfigurations; - - verifyLocalCommands = - nixosConfiguration: - let - - localCommands = nixosConfiguration.options.verify.localCommands.value; - - commands = mapAttrsToList ( - serviceName: serviceCommand: - let - # todo handle exit code and stderr and such properly - script = pkgs.writers.writeBash "${serviceName}" serviceCommand; - #title = if title != null then title else "verify service ${serviceName}"; - title = "verify service ${serviceName}"; - in - '' - echo "${title}" - ${script} - '' - ) localCommands; - - in - flatten commands; - - verifyClosedCommands = - nixosConfiguration: - let - - command = serviceName: interfaceName: host: ports: '' - echo "verify ${interfaceName} ports are closed for ${serviceName}" - ${pkgs.rustscan}/bin/rustscan \ - --ports ${concatStringsSep "," (map toString ports)} \ - --addresses ${host} \ - --greppable - ''; - - interfaces = nixosConfiguration.options.verify.closed.value; - - interfaceCommands = mapAttrsToList ( - interfaceName: interfaceConfiguration: - mapAttrsToList ( - serviceName: servicePorts: - command serviceName interfaceName interfaceConfiguration.host servicePorts - ) interfaceConfiguration.ports - ) interfaces; - - in - flatten interfaceCommands; - - verify = machineName: nixosConfiguration: '' - echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi - ${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)} - ${concatStringsSep "\n" (verifyLocalCommands nixosConfiguration)} - ''; - - allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify); - - in - pkgs.writers.writeBashBin "verify" allCommands; - }; - }; - -} diff --git a/nix/verify/modules/closedPorts.nix b/nix/verify/modules/closedPorts.nix deleted file mode 100644 index 1c2c442..0000000 --- a/nix/verify/modules/closedPorts.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ lib, ... }: -with lib; -with types; -{ - # todo add remote command option - - options.verify.closed = mkOption { - default = { }; - example = { - public = { - host = "example.com"; - ports = { - arr = [ - 7878 - 8989 - 8686 - ]; - }; - }; - }; - description = '' - Verify that ports the defined ports are closed for a specific interface. - Verification is done by rustscan. - ''; - type = attrsOf (submodule { - options = { - host = mkOption { - type = str; - description = '' - The host against which the rustscan will be done. - Needed because we have more than interface on the machine. - ''; - }; - ports = mkOption { - default = { }; - type = attrsOf (listOf int); - description = '' - service -> [port, ... ] - Ports that should be verified as beeing closed. - ''; - }; - }; - }); - }; - -} diff --git a/nix/verify/modules/http.nix b/nix/verify/modules/http.nix deleted file mode 100644 index 8cd357d..0000000 --- a/nix/verify/modules/http.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; -with types; -{ - options.verify.http = mkOption { - default = { }; - example = { - github = { - url = "https://github.com"; - expectedContent = "GitHub"; - }; - }; - description = '' - Run curl commands to verify if response code is as expected and expectedContent is part of the body. - ''; - type = attrsOf (submodule { - options = { - url = mkOption { - type = str; - description = '' - URL to analyze. - ''; - }; - responseCode = mkOption { - type = int; - default = 200; - description = '' - Expected response code - ''; - }; - expectedContent = mkOption { - type = nullOr str; - description = '' - Expected string in the response - ''; - }; - }; - }); - }; - - config = { - - verify.localCommands = - let - curl = lib.getExe pkgs.curl; - grep = lib.getExe pkgs.gnugrep; - scriptWithExpectedContent = url: responseCode: expectedContent: '' - if ${curl} -s -o /dev/null -w "%{http_code}" ${url} | ${grep} -q "${toString responseCode}"; then - if ${curl} -s ${url} | ${grep} -q "${expectedContent}"; then - echo -n "" - else - echo " [Fail] ${url} did return ${toString responseCode}, but did not contain the string '${expectedContent}'." - fi - else - echo " [Fail] ${url} did not return ${toString responseCode}." - fi - ''; - - scriptWithoutExpectedContent = url: responseCode: '' - if ${curl} -s -o /dev/null -w "%{http_code}" ${url} | ${grep} -q "${toString responseCode}"; then - echo -n "" - else - echo " [Fail] ${url} did not return ${toString responseCode}." - fi - ''; - script = - url: responeCode: expectedContent: - if (expectedContent == null) then - scriptWithExpectedContent url responeCode expectedContent - else - scriptWithoutExpectedContent url responeCode; - - in - mapAttrs' ( - service: - { - url, - responseCode, - expectedContent, - }: - nameValuePair ("http_" + service) (script url responseCode expectedContent) - - ) config.verify.http; - - }; - -} diff --git a/nix/verify/modules/localCommands.nix b/nix/verify/modules/localCommands.nix deleted file mode 100644 index fa4d31e..0000000 --- a/nix/verify/modules/localCommands.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: -with lib; -with types; -{ - - options.verify.localCommands = mkOption { - default = { }; - type = attrsOf str; - description = '' - service -> command - command to run on local machine to test remote server. - ''; - }; - -}