palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Projects Releases Wiki Activity
nixos-config/nix/verify/default.nix
Ingolf Wagner 774b26b798
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
add local command to verify
2024-09-15 06:51:19 +07:00

90 lines
2.8 KiB
Nix
Raw Blame History

{ self, ... }:
{
imports = [ ];
flake.nixosModules.verify = {
imports = [ ./modules ];
};
perSystem =
{
pkgs,
self',
lib,
...
}:
with lib;
{
apps.verify = {
type = "app";
program =
let
nixosConfigurationsToVerify = filterAttrs (
machine: configuration: builtins.hasAttr "verify" configuration.options
) self.nixosConfigurations;
verifyLocalCommands =
nixosConfiguration:
let
interfaces = nixosConfiguration.options.verify.value;
interfaceCommands = mapAttrsToList (
interfaceName: interfaceConfiguration:
mapAttrsToList (
serviceName: serviceCommand:
let
# todo handle exit code and stderr and such properly
script = pkgs.writers.writeBash "${interfaceName}-${serviceName}" serviceCommand;
in
''
echo "verify ${interfaceName} service ${serviceName} (local command)"
${script}
''
) interfaceConfiguration.localCommands
) interfaces;
in
flatten interfaceCommands;
verifyClosedCommands =
nixosConfiguration:
let
command = serviceName: interfaceName: host: ports: ''
echo "verify ${interfaceName} ports are closed for ${serviceName}"
${pkgs.rustscan}/bin/rustscan \
--ports ${concatStringsSep "," (map toString ports)} \
--addresses ${host} \
--greppable
'';
interfaces = nixosConfiguration.options.verify.value;
interfaceCommands = mapAttrsToList (
interfaceName: interfaceConfiguration:
mapAttrsToList (
serviceName: servicePorts:
command serviceName interfaceName interfaceConfiguration.host servicePorts
) interfaceConfiguration.closedPorts
) interfaces;
in
flatten interfaceCommands;
verify = machineName: nixosConfiguration: ''
echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi
${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)}
${concatStringsSep "\n" (verifyLocalCommands nixosConfiguration)}
'';
allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify);
in
pkgs.writers.writeBashBin "verify" allCommands;
};
};
}
Reference in a new issue View git blame Copy permalink