📝 add documentation to verify flake module

2024-09-15 05:31:47 +07:00 · 2024-09-15 05:31:47 +07:00 · c264db7f13
commit c264db7f13
parent 577003f607
4 changed files with 62 additions and 29 deletions
--- a/nix/verify/default.nix
+++ b/nix/verify/default.nix
@ -3,7 +3,7 @@
  imports = [ ];

  flake.nixosModules.verify = {
-    imports = [ ./module.nix ];
+    imports = [ ./modules ];
  };

  perSystem =
--- a/nix/verify/module.nix
+++ b/nix/verify/module.nix
@ -1,28 +0,0 @@
-{ lib, ... }:
-with lib;
-with types;
-{
-  # todo add commad option
-  # todo add remote command option
-  options.verify.closed = mkOption {
-    default = { };
-    type = attrsOf (submodule {
-      options = {
-        domain = mkOption {
-          type = str;
-          description = ''
-            domain to scan
-          '';
-        };
-        # todo: make this an attrs so I know why port xyz should be closed.
-        ports = mkOption {
-          default = { };
-          type = attrsOf (listOf int);
-          description = ''
-            ports that should be closed
-          '';
-        };
-      };
-    });
-  };
-}
--- a/nix/verify/modules/closed.nix
+++ b/nix/verify/modules/closed.nix
@ -0,0 +1,53 @@
+{ lib, ... }:
+with lib;
+with types;
+{
+  options.verify.closed = mkOption {
+    default = { };
+    example = {
+      public = {
+        domain = "example.com";
+        ports = {
+          arr = [
+            7878
+            8989
+            8686
+          ];
+        };
+      };
+      work_vpn = {
+        domain = "10.1.1.100";
+        ports = {
+          arr = [
+            7878
+            8989
+            8686
+          ];
+        };
+      };
+    };
+    description = ''
+      Verify that ports the defined ports are closed for a specific interface.
+      Verification is done by rustscan.
+    '';
+    type = attrsOf (submodule {
+      options = {
+        domain = mkOption {
+          type = str;
+          description = ''
+            The host against which the rustscan will be done.
+            Needed because we have more than interface on the machine.
+          '';
+        };
+        ports = mkOption {
+          default = { };
+          type = attrsOf (listOf int);
+          description = ''
+            service -> [port, ... ]
+            Ports that should be verified as beeing closed.
+          '';
+        };
+      };
+    });
+  };
+}
--- a/nix/verify/modules/default.nix
+++ b/nix/verify/modules/default.nix
@ -0,0 +1,8 @@
+{ lib, ... }:
+with lib;
+with types;
+{
+  # todo add commad option
+  # todo add remote command option
+  imports = [ ./closed.nix ];
+}