diff --git a/flake.nix b/flake.nix index c64a913..dd7a0bf 100644 --- a/flake.nix +++ b/flake.nix @@ -172,7 +172,7 @@ ++ [ ./machines/${name}/configuration.nix nix-topology.nixosModules.default - self.nixosModules.scan + self.nixosModules.verify ]; }; @@ -377,7 +377,7 @@ clan-core.flakeModules.default ./nix/formatter.nix ./nix/packages - ./nix/scan + ./nix/verify ./nix/topology ]; diff --git a/nix/scan/default.nix b/nix/verify/default.nix similarity index 77% rename from nix/scan/default.nix rename to nix/verify/default.nix index 70a76ee..08d56a6 100644 --- a/nix/scan/default.nix +++ b/nix/verify/default.nix @@ -2,7 +2,7 @@ { imports = [ ]; - flake.nixosModules.scan = { + flake.nixosModules.verify = { imports = [ ./module.nix ]; }; @@ -15,14 +15,16 @@ }: with lib; { - apps.scan = { + apps.verify = { type = "app"; program = let ports = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.ports; domain = machine: self.nixosConfigurations.${machine}.options.verify.closed.value.public.domain; in - pkgs.writers.writeBashBin "scan" '' + + # todo : create an alert if one of the ports should not be accessible + pkgs.writers.writeBashBin "verify" '' ${pkgs.rustscan}/bin/rustscan --ports ${concatStringsSep "," (map toString (ports "orbi"))} --addresses ${domain "orbi"} --greppable ''; }; diff --git a/nix/scan/module.nix b/nix/verify/module.nix similarity index 85% rename from nix/scan/module.nix rename to nix/verify/module.nix index 6996a40..1ecaa10 100644 --- a/nix/scan/module.nix +++ b/nix/verify/module.nix @@ -12,6 +12,7 @@ with types; domain to scan ''; }; + # todo: make this an attrs so I know why port xyz should be closed. ports = mkOption { type = listOf int; description = ''