{modules/system-info,scripts/system_info}: Init
HEAD mainThis collects relevant information for each host in an informative
markdown file.
An example (generated via `./scripts/system_info.sh`):
# server2
## Virtual Hosts
etebase.vhack.eu: dav.vhack.eu
gallery.s-schoeffel.de
git.foss-syndicate.org
invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li
issues.foss-syndicate.org
libreddit.vhack.eu
redlib.vhack.eu
source.foss-syndicate.org
source.vhack.eu
## Open ports
TCP 22: ssh
TCP 25: mail-smtp
TCP 80: http
TCP 443: https
TCP 465: mail-smtp-tls
TCP 993: mail-imap-tls
TCP 995: mail-pop3-tls
# server3
## Virtual Hosts
b-peetz.de
mastodon.vhack.eu
matrix.vhack.eu
miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu
openpgpkey.b-peetz.de
openpgpkey.s-schoeffel.de
openpgpkey.sils.li
openpgpkey.vhack.eu
peertube.vhack.eu
trinitrix.vhack.eu
vhack.eu
## Open ports
TCP 22: ssh
TCP 80: http
TCP 443: https
TCP 64738: ???
UDP 64738: ???
2 files changed, 93 insertions, 0 deletions
diff --git a/modules/by-name/sy/system-info/module.nix b/modules/by-name/sy/system-info/module.nix
new file mode 100644
index 0000000..de75e29
--- /dev/null
+++ b/modules/by-name/sy/system-info/module.nix
@@ -0,0 +1,68 @@
+{
+ lib,
+ config,
+ pkgs,
+ ...
+}: let
+ mkVirtualHostDisplay = name: value: let
+ aliases =
+ if value.serverAliases != []
+ then
+ ": "
+ + builtins.concatStringsSep " " value.serverAliases
+ else "";
+ in ''
+ ${name}${aliases}
+ '';
+ vHosts = builtins.concatStringsSep "" (builtins.attrValues (builtins.mapAttrs mkVirtualHostDisplay config.services.nginx.virtualHosts));
+
+ mkOpenPortDisplay = mode: port: let
+ checkEnabled = service: name:
+ if config.vhack.${service}.enable
+ then name
+ else "<port is '${name}' but service 'vhack.${service}' is not enabled.>";
+ mappings = {
+ "22" = checkEnabled "openssh" "ssh";
+ "80" = checkEnabled "nginx" "http";
+ "443" = checkEnabled "nginx" "https";
+
+ "24" = checkEnabled "mail" "mail-lmtp";
+ "465" = checkEnabled "mail" "mail-smtp-tls";
+ "25" = checkEnabled "mail" "mail-smtp";
+ "993" = checkEnabled "mail" "mail-imap-tls";
+ "995" = checkEnabled "mail" "mail-pop3-tls";
+
+ # TODO(@bpeetz): Check which service opens these ports: <2025-01-28>
+ "64738" = "???";
+ };
+ in ''
+ ${mode} ${builtins.toString port}: ${mappings.${builtins.toString port}}
+ '';
+
+ # TODO(@bpeetz): This should probably also include the allowed TCP/UDP port ranges. <2025-01-28>
+ openTCPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "TCP") config.networking.firewall.allowedTCPPorts);
+ openUDPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "UDP") config.networking.firewall.allowedUDPPorts);
+
+ markdown = pkgs.writeText "${config.networking.hostName}-system-info.md" ''
+ ## Virtual Hosts
+ ${vHosts}
+ ## Open ports
+ ${openTCPPorts}
+ ${openUDPPorts}
+ '';
+in {
+ options.vhack.system-info = {
+ markdown = lib.mkOption {
+ type = lib.types.package;
+ description = ''
+ A derivation, that builds a markdown file, showing relevant system
+ information for this host.
+ '';
+ readOnly = true;
+ };
+ };
+
+ config.vhack.system-info = {
+ inherit markdown;
+ };
+}
diff --git a/scripts/system_info.sh b/scripts/system_info.sh
new file mode 100755
index 0000000..940406a
--- /dev/null
+++ b/scripts/system_info.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env sh
+
+# Take a host name and return the nix store path to the host's system info.
+# Type
+# _system_info :: String -> Path
+_system_info() {
+ nix --option warn-dirty false build .#nixosConfigurations."$1".config.vhack.system-info.markdown --print-out-paths --no-link
+}
+
+_glow() {
+ if command -v glow >/dev/null; then
+ glow --width 0
+ else
+ cat
+ fi
+}
+
+# The expression is not meant to be expanded by the shell
+# shellcheck disable=SC2016
+nix eval --expr '"${builtins.concatStringsSep "\n" (builtins.attrNames (builtins.fromTOML (builtins.readFile ./hosts/host-names.toml)))}\n"' --impure --raw | while read -r host; do
+ echo "# $host" | _glow
+ _glow <"$(_system_info "$host")"
+done
+
+# vim: ft=sh
|
