add local command to verify

This commit is contained in:
Ingolf Wagner 2024-09-15 06:32:21 +07:00
parent 7e8c3d41c9
commit 614a1d8e37
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
5 changed files with 65 additions and 16 deletions

View file

@ -1,5 +1,6 @@
{ {
pkgs, pkgs,
lib,
config, config,
factsGenerator, factsGenerator,
components, components,
@ -34,6 +35,24 @@ in
443 443
]; ];
verify.localCommands.nextcloud =
let
domain = "https://nextcloud.ingolf-wagner.de/login";
curl = lib.getExe pkgs.curl;
grep = lib.getExe pkgs.gnugrep;
in
''
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
if ${curl} -s ${domain} | ${grep} -q "Login"; then
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String 'Login'."
else
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String 'Login' nicht."
fi
else
echo "[Fail] Die Seite hat keinen Statuscode 200."
fi
'';
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;

View file

@ -24,6 +24,27 @@
machine: configuration: builtins.hasAttr "verify" configuration.options machine: configuration: builtins.hasAttr "verify" configuration.options
) self.nixosConfigurations; ) self.nixosConfigurations;
verifyLocalCommands =
nixosConfiguration:
let
localCommands = nixosConfiguration.options.verify.localCommands.value;
commands = mapAttrsToList (
serviceName: serviceCommand:
let
# todo handle exit code and stderr and such properly
script = pkgs.writers.writeBash "${serviceName}" serviceCommand;
in
''
echo "verify service ${serviceName} (local command)"
${script}
''
) localCommands;
in
flatten commands;
verifyClosedCommands = verifyClosedCommands =
nixosConfiguration: nixosConfiguration:
let let
@ -52,6 +73,7 @@
verify = machineName: nixosConfiguration: '' verify = machineName: nixosConfiguration: ''
echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi
${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)} ${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)}
${concatStringsSep "\n" (verifyLocalCommands nixosConfiguration)}
''; '';
allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify); allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify);

View file

@ -2,6 +2,8 @@
with lib; with lib;
with types; with types;
{ {
# todo add remote command option
options.verify.closed = mkOption { options.verify.closed = mkOption {
default = { }; default = { };
example = { example = {
@ -15,16 +17,6 @@ with types;
]; ];
}; };
}; };
work_vpn = {
host = "10.1.1.100";
ports = {
arr = [
7878
8989
8686
];
};
};
}; };
description = '' description = ''
Verify that ports the defined ports are closed for a specific interface. Verify that ports the defined ports are closed for a specific interface.
@ -50,4 +42,5 @@ with types;
}; };
}); });
}; };
} }

View file

@ -1,8 +1,8 @@
{ lib, ... }:
with lib;
with types;
{ {
# todo add commad option
# todo add remote command option imports = [
imports = [ ./closed.nix ]; ./closedPorts.nix
./localCommands.nix
];
} }

View file

@ -0,0 +1,15 @@
{ lib, ... }:
with lib;
with types;
{
options.verify.localCommands = mkOption {
default = { };
type = attrsOf str;
description = ''
service -> command
command to run on local machine to test remote server.
'';
};
}