✨ create verify.http options
This commit is contained in:
parent
c584bb39ce
commit
e43f4514bc
9 changed files with 130 additions and 126 deletions
|
@ -30,24 +30,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
|
networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
|
||||||
verify.localCommands.paperless =
|
verify.http.paperless = {
|
||||||
let
|
url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
|
||||||
domain = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
|
expectedContent = "paperless.chungus.private";
|
||||||
curl = lib.getExe pkgs.curl;
|
};
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
grepString = "paperless.chungus.private";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
|
||||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
|
||||||
else
|
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
|
services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
|
||||||
serverAliases = [ "paperless.ingolf-wagner.de" ];
|
serverAliases = [ "paperless.ingolf-wagner.de" ];
|
||||||
|
|
|
@ -16,26 +16,16 @@
|
||||||
8989
|
8989
|
||||||
8686
|
8686
|
||||||
];
|
];
|
||||||
verify.localCommands =
|
|
||||||
let
|
|
||||||
curl = lib.getExe pkgs.curl;
|
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
|
|
||||||
command = domain: grepString: ''
|
verify.http = {
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
sonarr = {
|
||||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
url = "sonarr.ingolf-wagner.de";
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
expectedContent = "Sonarr";
|
||||||
else
|
};
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
radarr = {
|
||||||
fi
|
url = "radarr.ingolf-wagner.de";
|
||||||
else
|
expectedContent = "Radarr";
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
};
|
||||||
fi
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
|
||||||
sonarr = command "sonarr.ingolf-wagner.de" "Sonarr";
|
|
||||||
radarr = command "radarr.ingolf-wagner.de" "Radarr";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# download series
|
# download series
|
||||||
|
|
|
@ -35,23 +35,10 @@ in
|
||||||
443
|
443
|
||||||
];
|
];
|
||||||
|
|
||||||
verify.localCommands.nextcloud =
|
verify.http.nextcloud = {
|
||||||
let
|
url = "https://nextcloud.ingolf-wagner.de/login";
|
||||||
domain = "https://nextcloud.ingolf-wagner.de/login";
|
expectedContent = "Login";
|
||||||
curl = lib.getExe pkgs.curl;
|
};
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
in
|
|
||||||
''
|
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
|
||||||
if ${curl} -s ${domain} | ${grep} -q "Login"; then
|
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String 'Login'."
|
|
||||||
else
|
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String 'Login' nicht."
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -6,24 +6,10 @@
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
|
|
||||||
verify.localCommands.forgejo =
|
verify.http.forgejjo = {
|
||||||
let
|
url = "https://git.ingolf-wagner.de/explore/repos";
|
||||||
domain = "https://git.ingolf-wagner.de/explore/repos";
|
expectedContent = "palo/nixos-config";
|
||||||
curl = lib.getExe pkgs.curl;
|
};
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
grepString = "palo/nixos-config";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
|
||||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
|
||||||
else
|
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -33,24 +33,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
verify.closed.public.ports.nix-serve = [ config.services.nix-serve.port ];
|
verify.closed.public.ports.nix-serve = [ config.services.nix-serve.port ];
|
||||||
verify.localCommands.nix-serve =
|
verify.http.nix-serve = {
|
||||||
let
|
url = "cache.${config.networking.hostName}.wg0/nix-cache-info";
|
||||||
domain = "cache.${config.networking.hostName}.wg0/nix-cache-info";
|
expectedContent = "Priority: 50";
|
||||||
curl = lib.getExe pkgs.curl;
|
};
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
grepString = "Priority: 50";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
|
||||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
|
||||||
else
|
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -17,24 +17,10 @@ in
|
||||||
# networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];
|
# networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];
|
||||||
|
|
||||||
verify.closed.public.ports.photoprism = [ photoprismPort ];
|
verify.closed.public.ports.photoprism = [ photoprismPort ];
|
||||||
verify.localCommands.photoprism =
|
verify.http.photoprism = {
|
||||||
let
|
url = "http://10.100.0.1:2342/library/login";
|
||||||
domain = "http://10.100.0.1:2342/library/login";
|
expectedContent = "AI-Powered Photos App";
|
||||||
curl = lib.getExe pkgs.curl;
|
};
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
grepString = "AI-Powered Photos App";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
|
||||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
|
||||||
else
|
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
containers.photoprism = {
|
containers.photoprism = {
|
||||||
privateNetwork = false;
|
privateNetwork = false;
|
||||||
|
|
|
@ -8,24 +8,10 @@
|
||||||
{
|
{
|
||||||
|
|
||||||
verify.closed.public.ports.taskchampion = [ config.services.taskchampion-sync-server.port ];
|
verify.closed.public.ports.taskchampion = [ config.services.taskchampion-sync-server.port ];
|
||||||
verify.localCommands.taskchampion =
|
verify.http.taskchampion = {
|
||||||
let
|
url = "http://orbi.private:10222";
|
||||||
domain = "http://orbi.private:10222";
|
expectedContent = "TaskChampion sync server";
|
||||||
curl = lib.getExe pkgs.curl;
|
};
|
||||||
grep = lib.getExe pkgs.gnugrep;
|
|
||||||
grepString = "TaskChampion sync server";
|
|
||||||
in
|
|
||||||
''
|
|
||||||
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
|
|
||||||
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
|
|
||||||
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
|
|
||||||
else
|
|
||||||
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "[Fail] Die Seite hat keinen Statuscode 200."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
|
|
||||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
||||||
config.services.taskchampion-sync-server.port
|
config.services.taskchampion-sync-server.port
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
flake.nixosModules.verify = {
|
flake.nixosModules.verify = {
|
||||||
imports = [
|
imports = [
|
||||||
./modules/closedPorts.nix
|
./modules/closedPorts.nix
|
||||||
|
./modules/http.nix
|
||||||
./modules/localCommands.nix
|
./modules/localCommands.nix
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
96
nix/verify/modules/http.nix
Normal file
96
nix/verify/modules/http.nix
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
with types;
|
||||||
|
{
|
||||||
|
options.verify.http = mkOption {
|
||||||
|
default = { };
|
||||||
|
description = ''
|
||||||
|
Verify that ports the defined ports are closed for a specific interface.
|
||||||
|
Verification is done by rustscan.
|
||||||
|
'';
|
||||||
|
type = attrsOf (submodule {
|
||||||
|
options = {
|
||||||
|
url = mkOption {
|
||||||
|
type = str;
|
||||||
|
description = ''
|
||||||
|
URL to analyze.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
responseCode = mkOption {
|
||||||
|
type = int;
|
||||||
|
default = 200;
|
||||||
|
description = ''
|
||||||
|
expected response code
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
expectedContent = mkOption {
|
||||||
|
type = nullOr str;
|
||||||
|
description = ''
|
||||||
|
expected string in the response
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
|
||||||
|
verify.localCommands =
|
||||||
|
let
|
||||||
|
curl = lib.getExe pkgs.curl;
|
||||||
|
grep = lib.getExe pkgs.gnugrep;
|
||||||
|
scriptWithExpectedContent = url: responseCode: expectedContent: ''
|
||||||
|
if ${curl} -s -o /dev/null -w "%{http_code}" ${url} | ${grep} -q "${toString responseCode}"; then
|
||||||
|
if ${curl} -s ${url} | ${grep} -q "${expectedContent}"; then
|
||||||
|
echo -n ""
|
||||||
|
#echo " [ OK ] Die Seite hat Statuscode ${toString responseCode} und enthält den String '${expectedContent}'."
|
||||||
|
else
|
||||||
|
echo " [Fail] Der Statuscode ist 200, aber die Seite enthält den String '${expectedContent}' nicht."
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo " [Fail] Die Seite hat keinen Statuscode ${toString responseCode}."
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
|
||||||
|
scriptWithoutExpectedContent = url: responseCode: ''
|
||||||
|
if ${curl} -s -o /dev/null -w "%{http_code}" ${url} | ${grep} -q "${toString responseCode}"; then
|
||||||
|
echo -n ""
|
||||||
|
#echo " [ OK ] Die Seite hat Statuscode ${toString responseCode}."
|
||||||
|
else
|
||||||
|
echo " [Fail] Die Seite hat keinen Statuscode ${toString responseCode}."
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
script =
|
||||||
|
url: responeCode: expectedContent:
|
||||||
|
if (expectedContent == null) then
|
||||||
|
scriptWithExpectedContent url responeCode expectedContent
|
||||||
|
else
|
||||||
|
scriptWithoutExpectedContent url responeCode;
|
||||||
|
|
||||||
|
in
|
||||||
|
mapAttrs' (
|
||||||
|
service:
|
||||||
|
{
|
||||||
|
url,
|
||||||
|
responseCode,
|
||||||
|
expectedContent,
|
||||||
|
}:
|
||||||
|
nameValuePair ("http_" + service) (script url responseCode expectedContent)
|
||||||
|
|
||||||
|
) config.verify.http;
|
||||||
|
|
||||||
|
# verify.localCommands.taskchampion =
|
||||||
|
# let
|
||||||
|
# domain = "http://orbi.private:10222";
|
||||||
|
# grepString = "TaskChampion sync server";
|
||||||
|
# in
|
||||||
|
#
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue