diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-09 14:31:45 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2025-03-09 14:31:45 +0100 |
| commit | aaca929782720c266fe21778a55d744101f83a04 (patch) | |
| tree | dc00329340a4e6e7912e8793d2f14b6b977bb677 /modules/by-name | |
| parent | hosts/server2: Use new back config (diff) | |
| download | nixos-server-aaca929782720c266fe21778a55d744101f83a04.zip | |
{modules/system-info,scripts/system_info}: Init
This collects relevant information for each host in an informative
markdown file.
An example (generated via `./scripts/system_info.sh`):
# server2
## Virtual Hosts
etebase.vhack.eu: dav.vhack.eu
gallery.s-schoeffel.de
git.foss-syndicate.org
invidious-router.vhack.eu: video.fosswelt.org invidious-router.sils.li
issues.foss-syndicate.org
libreddit.vhack.eu
redlib.vhack.eu
source.foss-syndicate.org
source.vhack.eu
## Open ports
TCP 22: ssh
TCP 25: mail-smtp
TCP 80: http
TCP 443: https
TCP 465: mail-smtp-tls
TCP 993: mail-imap-tls
TCP 995: mail-pop3-tls
# server3
## Virtual Hosts
b-peetz.de
mastodon.vhack.eu
matrix.vhack.eu
miniflux.foss-syndicate.org: rss.foss-syndicate.org rss.vhack.eu miniflux.vhack.eu
openpgpkey.b-peetz.de
openpgpkey.s-schoeffel.de
openpgpkey.sils.li
openpgpkey.vhack.eu
peertube.vhack.eu
trinitrix.vhack.eu
vhack.eu
## Open ports
TCP 22: ssh
TCP 80: http
TCP 443: https
TCP 64738: ???
UDP 64738: ???
Diffstat (limited to 'modules/by-name')
| -rw-r--r-- | modules/by-name/sy/system-info/module.nix | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/modules/by-name/sy/system-info/module.nix b/modules/by-name/sy/system-info/module.nix new file mode 100644 index 0000000..de75e29 --- /dev/null +++ b/modules/by-name/sy/system-info/module.nix @@ -0,0 +1,68 @@ +{ + lib, + config, + pkgs, + ... +}: let + mkVirtualHostDisplay = name: value: let + aliases = + if value.serverAliases != [] + then + ": " + + builtins.concatStringsSep " " value.serverAliases + else ""; + in '' + ${name}${aliases} + ''; + vHosts = builtins.concatStringsSep "" (builtins.attrValues (builtins.mapAttrs mkVirtualHostDisplay config.services.nginx.virtualHosts)); + + mkOpenPortDisplay = mode: port: let + checkEnabled = service: name: + if config.vhack.${service}.enable + then name + else "<port is '${name}' but service 'vhack.${service}' is not enabled.>"; + mappings = { + "22" = checkEnabled "openssh" "ssh"; + "80" = checkEnabled "nginx" "http"; + "443" = checkEnabled "nginx" "https"; + + "24" = checkEnabled "mail" "mail-lmtp"; + "465" = checkEnabled "mail" "mail-smtp-tls"; + "25" = checkEnabled "mail" "mail-smtp"; + "993" = checkEnabled "mail" "mail-imap-tls"; + "995" = checkEnabled "mail" "mail-pop3-tls"; + + # TODO(@bpeetz): Check which service opens these ports: <2025-01-28> + "64738" = "???"; + }; + in '' + ${mode} ${builtins.toString port}: ${mappings.${builtins.toString port}} + ''; + + # TODO(@bpeetz): This should probably also include the allowed TCP/UDP port ranges. <2025-01-28> + openTCPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "TCP") config.networking.firewall.allowedTCPPorts); + openUDPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "UDP") config.networking.firewall.allowedUDPPorts); + + markdown = pkgs.writeText "${config.networking.hostName}-system-info.md" '' + ## Virtual Hosts + ${vHosts} + ## Open ports + ${openTCPPorts} + ${openUDPPorts} + ''; +in { + options.vhack.system-info = { + markdown = lib.mkOption { + type = lib.types.package; + description = '' + A derivation, that builds a markdown file, showing relevant system + information for this host. + ''; + readOnly = true; + }; + }; + + config.vhack.system-info = { + inherit markdown; + }; +} |