♻️ refactor the options interface

2024-09-14 06:02:32 +07:00 · 2024-09-14 06:02:32 +07:00 · 4c1a3ef72f
commit 4c1a3ef72f
parent f49730a0a9
4 changed files with 16 additions and 9 deletions
--- a/machines/orbi/configuration.nix
+++ b/machines/orbi/configuration.nix
@ -73,7 +73,7 @@

  verify.closed.wg0.domain = "10.100.0.1";
  verify.closed.public.domain = "orbi.public";
-  verify.closed.public.ports = [ 4317 ];
+  verify.closed.public.ports.opentelemetry = [ 4317 ];

  # chungus rsync
  users.users.root.openssh.authorizedKeys.keys = [
--- a/machines/orbi/media-arr.nix
+++ b/machines/orbi/media-arr.nix
@ -6,7 +6,7 @@
    8686
  ];

-  verify.closed.public.ports = [
+  verify.closed.public.ports.arr = [
    7878
    8989
    8686
--- a/nix/verify/default.nix
+++ b/nix/verify/default.nix
@ -19,14 +19,21 @@
        type = "app";
        program =
          let
-            ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
+            command = service: domain: ports: ''
+              echo "verify closed ports for ${service}"
+              ${pkgs.rustscan}/bin/rustscan \
+                  --ports ${concatStringsSep "," (map toString ports)} \
+                  --addresses ${domain} \
+                  --greppable
+            '';
            domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
+            commands =
+              machine:
+              mapAttrsToList (
+                service: ports: command service (domain machine) ports
+              ) self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
          in
-
-          # todo : create an alert if one of the ports should not be accessible
-          pkgs.writers.writeBashBin "verify" ''
-            ${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable
-          '';
+          pkgs.writers.writeBashBin "verify" (concatStringsSep "\n\n" (commands "orbi"));
      };
    };

--- a/nix/verify/module.nix
+++ b/nix/verify/module.nix
@ -14,7 +14,7 @@ with types;
        };
        # todo: make this an attrs so I know why port xyz should be closed.
        ports = mkOption {
-          type = listOf int;
+          type = attrsOf (listOf int);
          description = ''
            ports that should be closed
          '';