✨ create verify.http options
This commit is contained in:
parent
c584bb39ce
commit
e43f4514bc
9 changed files with 130 additions and 126 deletions
|
@ -30,24 +30,10 @@
|
|||
};
|
||||
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
|
||||
verify.localCommands.paperless =
|
||||
let
|
||||
domain = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
grepString = "paperless.chungus.private";
|
||||
in
|
||||
''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
verify.http.paperless = {
|
||||
url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
|
||||
expectedContent = "paperless.chungus.private";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
|
||||
serverAliases = [ "paperless.ingolf-wagner.de" ];
|
||||
|
|
|
@ -16,27 +16,17 @@
|
|||
8989
|
||||
8686
|
||||
];
|
||||
verify.localCommands =
|
||||
let
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
|
||||
command = domain: grepString: ''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
in
|
||||
{
|
||||
sonarr = command "sonarr.ingolf-wagner.de" "Sonarr";
|
||||
radarr = command "radarr.ingolf-wagner.de" "Radarr";
|
||||
verify.http = {
|
||||
sonarr = {
|
||||
url = "sonarr.ingolf-wagner.de";
|
||||
expectedContent = "Sonarr";
|
||||
};
|
||||
radarr = {
|
||||
url = "radarr.ingolf-wagner.de";
|
||||
expectedContent = "Radarr";
|
||||
};
|
||||
};
|
||||
|
||||
# download series
|
||||
services.sonarr = {
|
||||
|
|
|
@ -35,23 +35,10 @@ in
|
|||
443
|
||||
];
|
||||
|
||||
verify.localCommands.nextcloud =
|
||||
let
|
||||
domain = "https://nextcloud.ingolf-wagner.de/login";
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
in
|
||||
''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "Login"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String 'Login'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String 'Login' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
verify.http.nextcloud = {
|
||||
url = "https://nextcloud.ingolf-wagner.de/login";
|
||||
expectedContent = "Login";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -6,24 +6,10 @@
|
|||
}:
|
||||
{
|
||||
|
||||
verify.localCommands.forgejo =
|
||||
let
|
||||
domain = "https://git.ingolf-wagner.de/explore/repos";
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
grepString = "palo/nixos-config";
|
||||
in
|
||||
''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
verify.http.forgejjo = {
|
||||
url = "https://git.ingolf-wagner.de/explore/repos";
|
||||
expectedContent = "palo/nixos-config";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -33,24 +33,10 @@
|
|||
};
|
||||
|
||||
verify.closed.public.ports.nix-serve = [ config.services.nix-serve.port ];
|
||||
verify.localCommands.nix-serve =
|
||||
let
|
||||
domain = "cache.${config.networking.hostName}.wg0/nix-cache-info";
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
grepString = "Priority: 50";
|
||||
in
|
||||
''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
verify.http.nix-serve = {
|
||||
url = "cache.${config.networking.hostName}.wg0/nix-cache-info";
|
||||
expectedContent = "Priority: 50";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
|
|
@ -17,24 +17,10 @@ in
|
|||
# networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];
|
||||
|
||||
verify.closed.public.ports.photoprism = [ photoprismPort ];
|
||||
verify.localCommands.photoprism =
|
||||
let
|
||||
domain = "http://10.100.0.1:2342/library/login";
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
grepString = "AI-Powered Photos App";
|
||||
in
|
||||
''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
verify.http.photoprism = {
|
||||
url = "http://10.100.0.1:2342/library/login";
|
||||
expectedContent = "AI-Powered Photos App";
|
||||
};
|
||||
|
||||
containers.photoprism = {
|
||||
privateNetwork = false;
|
||||
|
|
|
@ -8,24 +8,10 @@
|
|||
{
|
||||
|
||||
verify.closed.public.ports.taskchampion = [ config.services.taskchampion-sync-server.port ];
|
||||
verify.localCommands.taskchampion =
|
||||
let
|
||||
domain = "http://orbi.private:10222";
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
grepString = "TaskChampion sync server";
|
||||
in
|
||||
''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
||||
else
|
||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
||||
fi
|
||||
else
|
||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
||||
fi
|
||||
'';
|
||||
verify.http.taskchampion = {
|
||||
url = "http://orbi.private:10222";
|
||||
expectedContent = "TaskChampion sync server";
|
||||
};
|
||||
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
||||
config.services.taskchampion-sync-server.port
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
flake.nixosModules.verify = {
|
||||
imports = [
|
||||
./modules/closedPorts.nix
|
||||
./modules/http.nix
|
||||
./modules/localCommands.nix
|
||||
];
|
||||
};
|
||||
|
|
96
nix/verify/modules/http.nix
Normal file
96
nix/verify/modules/http.nix
Normal file
|
@ -0,0 +1,96 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
options.verify.http = mkOption {
|
||||
default = { };
|
||||
description = ''
|
||||
Verify that ports the defined ports are closed for a specific interface.
|
||||
Verification is done by rustscan.
|
||||
'';
|
||||
type = attrsOf (submodule {
|
||||
options = {
|
||||
url = mkOption {
|
||||
type = str;
|
||||
description = ''
|
||||
URL to analyze.
|
||||
'';
|
||||
};
|
||||
responseCode = mkOption {
|
||||
type = int;
|
||||
default = 200;
|
||||
description = ''
|
||||
expected response code
|
||||
'';
|
||||
};
|
||||
expectedContent = mkOption {
|
||||
type = nullOr str;
|
||||
description = ''
|
||||
expected string in the response
|
||||
'';
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
verify.localCommands =
|
||||
let
|
||||
curl = lib.getExe pkgs.curl;
|
||||
grep = lib.getExe pkgs.gnugrep;
|
||||
scriptWithExpectedContent = url: responseCode: expectedContent: ''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${url} | ${grep} -q "${toString responseCode}"; then
|
||||
if ${curl} -s ${url} | ${grep} -q "${expectedContent}"; then
|
||||
echo -n ""
|
||||
#echo " [ OK ] Die Seite hat Statuscode ${toString responseCode} und enthält den String '${expectedContent}'."
|
||||
else
|
||||
echo " [Fail] Der Statuscode ist 200, aber die Seite enthält den String '${expectedContent}' nicht."
|
||||
fi
|
||||
else
|
||||
echo " [Fail] Die Seite hat keinen Statuscode ${toString responseCode}."
|
||||
fi
|
||||
'';
|
||||
|
||||
scriptWithoutExpectedContent = url: responseCode: ''
|
||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${url} | ${grep} -q "${toString responseCode}"; then
|
||||
echo -n ""
|
||||
#echo " [ OK ] Die Seite hat Statuscode ${toString responseCode}."
|
||||
else
|
||||
echo " [Fail] Die Seite hat keinen Statuscode ${toString responseCode}."
|
||||
fi
|
||||
'';
|
||||
script =
|
||||
url: responeCode: expectedContent:
|
||||
if (expectedContent == null) then
|
||||
scriptWithExpectedContent url responeCode expectedContent
|
||||
else
|
||||
scriptWithoutExpectedContent url responeCode;
|
||||
|
||||
in
|
||||
mapAttrs' (
|
||||
service:
|
||||
{
|
||||
url,
|
||||
responseCode,
|
||||
expectedContent,
|
||||
}:
|
||||
nameValuePair ("http_" + service) (script url responseCode expectedContent)
|
||||
|
||||
) config.verify.http;
|
||||
|
||||
# verify.localCommands.taskchampion =
|
||||
# let
|
||||
# domain = "http://orbi.private:10222";
|
||||
# grepString = "TaskChampion sync server";
|
||||
# in
|
||||
#
|
||||
|
||||
};
|
||||
|
||||
}
|
Loading…
Reference in a new issue