♻️ refactor the options interface
This commit is contained in:
parent
f49730a0a9
commit
4c1a3ef72f
4 changed files with 16 additions and 9 deletions
|
@ -73,7 +73,7 @@
|
||||||
|
|
||||||
verify.closed.wg0.domain = "10.100.0.1";
|
verify.closed.wg0.domain = "10.100.0.1";
|
||||||
verify.closed.public.domain = "orbi.public";
|
verify.closed.public.domain = "orbi.public";
|
||||||
verify.closed.public.ports = [ 4317 ];
|
verify.closed.public.ports.opentelemetry = [ 4317 ];
|
||||||
|
|
||||||
# chungus rsync
|
# chungus rsync
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
8686
|
8686
|
||||||
];
|
];
|
||||||
|
|
||||||
verify.closed.public.ports = [
|
verify.closed.public.ports.arr = [
|
||||||
7878
|
7878
|
||||||
8989
|
8989
|
||||||
8686
|
8686
|
||||||
|
|
|
@ -19,14 +19,21 @@
|
||||||
type = "app";
|
type = "app";
|
||||||
program =
|
program =
|
||||||
let
|
let
|
||||||
ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
|
command = service: domain: ports: ''
|
||||||
|
echo "verify closed ports for ${service}"
|
||||||
|
${pkgs.rustscan}/bin/rustscan \
|
||||||
|
--ports ${concatStringsSep "," (map toString ports)} \
|
||||||
|
--addresses ${domain} \
|
||||||
|
--greppable
|
||||||
|
'';
|
||||||
domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
|
domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain;
|
||||||
|
commands =
|
||||||
|
machine:
|
||||||
|
mapAttrsToList (
|
||||||
|
service: ports: command service (domain machine) ports
|
||||||
|
) self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports;
|
||||||
in
|
in
|
||||||
|
pkgs.writers.writeBashBin "verify" (concatStringsSep "\n\n" (commands "orbi"));
|
||||||
# todo : create an alert if one of the ports should not be accessible
|
|
||||||
pkgs.writers.writeBashBin "verify" ''
|
|
||||||
${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ with types;
|
||||||
};
|
};
|
||||||
# todo: make this an attrs so I know why port xyz should be closed.
|
# todo: make this an attrs so I know why port xyz should be closed.
|
||||||
ports = mkOption {
|
ports = mkOption {
|
||||||
type = listOf int;
|
type = attrsOf (listOf int);
|
||||||
description = ''
|
description = ''
|
||||||
ports that should be closed
|
ports that should be closed
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue