diff --git a/machines/orbi/media-nextcloud.nix b/machines/orbi/media-nextcloud.nix index e9054cd..e199dbb 100644 --- a/machines/orbi/media-nextcloud.nix +++ b/machines/orbi/media-nextcloud.nix @@ -1,5 +1,6 @@ { pkgs, + lib, config, factsGenerator, components, @@ -34,6 +35,24 @@ in 443 ]; + verify.localCommands.nextcloud = + let + domain = "https://nextcloud.ingolf-wagner.de/login"; + curl = lib.getExe pkgs.curl; + grep = lib.getExe pkgs.gnugrep; + in + '' + if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then + if ${curl} -s ${domain} | ${grep} -q "Login"; then + echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String 'Login'." + else + echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String 'Login' nicht." + fi + else + echo "[Fail] Die Seite hat keinen Statuscode 200." + fi + ''; + services.nginx = { enable = true; recommendedProxySettings = true; diff --git a/nix/verify/default.nix b/nix/verify/default.nix index 32faed1..0d01c3c 100644 --- a/nix/verify/default.nix +++ b/nix/verify/default.nix @@ -24,6 +24,27 @@ machine: configuration: builtins.hasAttr "verify" configuration.options ) self.nixosConfigurations; + verifyLocalCommands = + nixosConfiguration: + let + + localCommands = nixosConfiguration.options.verify.localCommands.value; + + commands = mapAttrsToList ( + serviceName: serviceCommand: + let + # todo handle exit code and stderr and such properly + script = pkgs.writers.writeBash "${serviceName}" serviceCommand; + in + '' + echo "verify service ${serviceName} (local command)" + ${script} + '' + ) localCommands; + + in + flatten commands; + verifyClosedCommands = nixosConfiguration: let @@ -52,6 +73,7 @@ verify = machineName: nixosConfiguration: '' echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi ${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)} + ${concatStringsSep "\n" (verifyLocalCommands nixosConfiguration)} ''; allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify); diff --git a/nix/verify/modules/closed.nix b/nix/verify/modules/closedPorts.nix similarity index 85% rename from nix/verify/modules/closed.nix rename to nix/verify/modules/closedPorts.nix index 6d3ca15..1c2c442 100644 --- a/nix/verify/modules/closed.nix +++ b/nix/verify/modules/closedPorts.nix @@ -2,6 +2,8 @@ with lib; with types; { + # todo add remote command option + options.verify.closed = mkOption { default = { }; example = { @@ -15,16 +17,6 @@ with types; ]; }; }; - work_vpn = { - host = "10.1.1.100"; - ports = { - arr = [ - 7878 - 8989 - 8686 - ]; - }; - }; }; description = '' Verify that ports the defined ports are closed for a specific interface. @@ -50,4 +42,5 @@ with types; }; }); }; + } diff --git a/nix/verify/modules/default.nix b/nix/verify/modules/default.nix index a0cffac..3fd7831 100644 --- a/nix/verify/modules/default.nix +++ b/nix/verify/modules/default.nix @@ -1,8 +1,8 @@ -{ lib, ... }: -with lib; -with types; { - # todo add commad option - # todo add remote command option - imports = [ ./closed.nix ]; + + imports = [ + ./closedPorts.nix + ./localCommands.nix + ]; + } diff --git a/nix/verify/modules/localCommands.nix b/nix/verify/modules/localCommands.nix new file mode 100644 index 0000000..fa4d31e --- /dev/null +++ b/nix/verify/modules/localCommands.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +with lib; +with types; +{ + + options.verify.localCommands = mkOption { + default = { }; + type = attrsOf str; + description = '' + service -> command + command to run on local machine to test remote server. + ''; + }; + +}