Ingolf Wagner
7e8c3d41c9
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
65 lines
1.8 KiB
Nix
65 lines
1.8 KiB
Nix
{ self, ... }:
|
|
{
|
|
imports = [ ];
|
|
|
|
flake.nixosModules.verify = {
|
|
imports = [ ./modules ];
|
|
};
|
|
|
|
perSystem =
|
|
{
|
|
pkgs,
|
|
self',
|
|
lib,
|
|
...
|
|
}:
|
|
with lib;
|
|
{
|
|
apps.verify = {
|
|
type = "app";
|
|
program =
|
|
let
|
|
|
|
nixosConfigurationsToVerify = filterAttrs (
|
|
machine: configuration: builtins.hasAttr "verify" configuration.options
|
|
) self.nixosConfigurations;
|
|
|
|
verifyClosedCommands =
|
|
nixosConfiguration:
|
|
let
|
|
|
|
command = serviceName: interfaceName: host: ports: ''
|
|
echo "verify ${interfaceName} ports are closed for ${serviceName}"
|
|
${pkgs.rustscan}/bin/rustscan \
|
|
--ports ${concatStringsSep "," (map toString ports)} \
|
|
--addresses ${host} \
|
|
--greppable
|
|
'';
|
|
|
|
interfaces = nixosConfiguration.options.verify.closed.value;
|
|
|
|
interfaceCommands = mapAttrsToList (
|
|
interfaceName: interfaceConfiguration:
|
|
mapAttrsToList (
|
|
serviceName: servicePorts:
|
|
command serviceName interfaceName interfaceConfiguration.host servicePorts
|
|
) interfaceConfiguration.ports
|
|
) interfaces;
|
|
|
|
in
|
|
flatten interfaceCommands;
|
|
|
|
verify = machineName: nixosConfiguration: ''
|
|
echo "${machineName}" | ${pkgs.boxes}/bin/boxes -d ansi
|
|
${concatStringsSep "\n" (verifyClosedCommands nixosConfiguration)}
|
|
'';
|
|
|
|
allCommands = concatStringsSep "\n\n" (mapAttrsToList verify nixosConfigurationsToVerify);
|
|
|
|
in
|
|
pkgs.writers.writeBashBin "verify" allCommands;
|
|
};
|
|
};
|
|
|
|
}
|