📝 add documentation to verify flake module

2024-09-15 05:31:47 +07:00 · 2024-09-15 05:31:47 +07:00 · c264db7f13
commit c264db7f13
parent 577003f607
4 changed files with 62 additions and 29 deletions
--- a/nix/verify/default.nix
+++ b/nix/verify/default.nix
@ -3,7 +3,7 @@
  imports = [ ];
  flake.nixosModules.verify = {
-    imports = [ ./module.nix ];
+    imports = [ ./modules ];
  };
  perSystem =
--- a/nix/verify/module.nix
+++ b/nix/verify/module.nix
@ -1,28 +0,0 @@
 { lib, ... }:
 with lib;
 with types;
 {
  # todo add commad option
  # todo add remote command option
  options.verify.closed = mkOption {
    default = { };
    type = attrsOf (submodule {
      options = {
        domain = mkOption {
          type = str;
          description = ''
            domain to scan
          '';
        };
        # todo: make this an attrs so I know why port xyz should be closed.
        ports = mkOption {
          default = { };
          type = attrsOf (listOf int);
          description = ''
            ports that should be closed
          '';
        };
      };
    });
  };
 }
--- a/nix/verify/modules/closed.nix
+++ b/nix/verify/modules/closed.nix
@ -0,0 +1,53 @@
 { lib, ... }:
 with lib;
 with types;
 {
  options.verify.closed = mkOption {
    default = { };
    example = {
      public = {
        domain = "example.com";
        ports = {
          arr = [
            7878
            8989
            8686
          ];
        };
      };
      work_vpn = {
        domain = "10.1.1.100";
        ports = {
          arr = [
            7878
            8989
            8686
          ];
        };
      };
    };
    description = ''
      Verify that ports the defined ports are closed for a specific interface.
      Verification is done by rustscan.
    '';
    type = attrsOf (submodule {
      options = {
        domain = mkOption {
          type = str;
          description = ''
            The host against which the rustscan will be done.
            Needed because we have more than interface on the machine.
          '';
        };
        ports = mkOption {
          default = { };
          type = attrsOf (listOf int);
          description = ''
            service -> [port, ... ]
            Ports that should be verified as beeing closed.
          '';
        };
      };
    });
  };
 }
--- a/nix/verify/modules/default.nix
+++ b/nix/verify/modules/default.nix
@ -0,0 +1,8 @@
 { lib, ... }:
 with lib;
 with types;
 {
  # todo add commad option
  # todo add remote command option
  imports = [ ./closed.nix ];
 }