From c264db7f13f89dfa201cf5a01cf89071055f52fe Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Sun, 15 Sep 2024 05:31:47 +0700
Subject: [PATCH] :memo: add documentation to verify flake module

---
 nix/verify/default.nix         |  2 +-
 nix/verify/module.nix          | 28 ------------------
 nix/verify/modules/closed.nix  | 53 ++++++++++++++++++++++++++++++++++
 nix/verify/modules/default.nix |  8 +++++
 4 files changed, 62 insertions(+), 29 deletions(-)
 delete mode 100644 nix/verify/module.nix
 create mode 100644 nix/verify/modules/closed.nix
 create mode 100644 nix/verify/modules/default.nix

diff --git a/nix/verify/default.nix b/nix/verify/default.nix
index ac0e1d4..4a2f61c 100644
--- a/nix/verify/default.nix
+++ b/nix/verify/default.nix
@@ -3,7 +3,7 @@
   imports = [ ];
 
   flake.nixosModules.verify = {
-    imports = [ ./module.nix ];
+    imports = [ ./modules ];
   };
 
   perSystem =
diff --git a/nix/verify/module.nix b/nix/verify/module.nix
deleted file mode 100644
index 90116e3..0000000
--- a/nix/verify/module.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ lib, ... }:
-with lib;
-with types;
-{
-  # todo add commad option
-  # todo add remote command option
-  options.verify.closed = mkOption {
-    default = { };
-    type = attrsOf (submodule {
-      options = {
-        domain = mkOption {
-          type = str;
-          description = ''
-            domain to scan
-          '';
-        };
-        # todo: make this an attrs so I know why port xyz should be closed.
-        ports = mkOption {
-          default = { };
-          type = attrsOf (listOf int);
-          description = ''
-            ports that should be closed
-          '';
-        };
-      };
-    });
-  };
-}
diff --git a/nix/verify/modules/closed.nix b/nix/verify/modules/closed.nix
new file mode 100644
index 0000000..94e6c72
--- /dev/null
+++ b/nix/verify/modules/closed.nix
@@ -0,0 +1,53 @@
+{ lib, ... }:
+with lib;
+with types;
+{
+  options.verify.closed = mkOption {
+    default = { };
+    example = {
+      public = {
+        domain = "example.com";
+        ports = {
+          arr = [
+            7878
+            8989
+            8686
+          ];
+        };
+      };
+      work_vpn = {
+        domain = "10.1.1.100";
+        ports = {
+          arr = [
+            7878
+            8989
+            8686
+          ];
+        };
+      };
+    };
+    description = ''
+      Verify that ports the defined ports are closed for a specific interface.
+      Verification is done by rustscan.
+    '';
+    type = attrsOf (submodule {
+      options = {
+        domain = mkOption {
+          type = str;
+          description = ''
+            The host against which the rustscan will be done.
+            Needed because we have more than interface on the machine.
+          '';
+        };
+        ports = mkOption {
+          default = { };
+          type = attrsOf (listOf int);
+          description = ''
+            service -> [port, ... ]
+            Ports that should be verified as beeing closed.
+          '';
+        };
+      };
+    });
+  };
+}
diff --git a/nix/verify/modules/default.nix b/nix/verify/modules/default.nix
new file mode 100644
index 0000000..a0cffac
--- /dev/null
+++ b/nix/verify/modules/default.nix
@@ -0,0 +1,8 @@
+{ lib, ... }:
+with lib;
+with types;
+{
+  # todo add commad option
+  # todo add remote command option
+  imports = [ ./closed.nix ];
+}