2 files changed, 93 insertions, 0 deletions
diff --git a/modules/by-name/sy/system-info/module.nix b/modules/by-name/sy/system-info/module.nix
new file mode 100644
index 0000000..de75e29
--- /dev/null
+++ b/modules/by-name/sy/system-info/module.nix
@@ -0,0 +1,68 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  mkVirtualHostDisplay = name: value: let
+    aliases =
+      if value.serverAliases != []
+      then
+        ": "
+        + builtins.concatStringsSep " " value.serverAliases
+      else "";
+  in ''
+    ${name}${aliases}
+  '';
+  vHosts = builtins.concatStringsSep "" (builtins.attrValues (builtins.mapAttrs mkVirtualHostDisplay config.services.nginx.virtualHosts));
+
+  mkOpenPortDisplay = mode: port: let
+    checkEnabled = service: name:
+      if config.vhack.${service}.enable
+      then name
+      else "<port is '${name}' but service 'vhack.${service}' is not enabled.>";
+    mappings = {
+      "22" = checkEnabled "openssh" "ssh";
+      "80" = checkEnabled "nginx" "http";
+      "443" = checkEnabled "nginx" "https";
+
+      "24" = checkEnabled "mail" "mail-lmtp";
+      "465" = checkEnabled "mail" "mail-smtp-tls";
+      "25" = checkEnabled "mail" "mail-smtp";
+      "993" = checkEnabled "mail" "mail-imap-tls";
+      "995" = checkEnabled "mail" "mail-pop3-tls";
+
+      # TODO(@bpeetz): Check which service opens these ports: <2025-01-28>
+      "64738" = "???";
+    };
+  in ''
+    ${mode} ${builtins.toString port}: ${mappings.${builtins.toString port}}
+  '';
+
+  # TODO(@bpeetz): This should probably also include the allowed TCP/UDP port ranges. <2025-01-28>
+  openTCPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "TCP") config.networking.firewall.allowedTCPPorts);
+  openUDPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "UDP") config.networking.firewall.allowedUDPPorts);
+
+  markdown = pkgs.writeText "${config.networking.hostName}-system-info.md" ''
+    ## Virtual Hosts
+    ${vHosts}
+    ## Open ports
+    ${openTCPPorts}
+    ${openUDPPorts}
+  '';
+in {
+  options.vhack.system-info = {
+    markdown = lib.mkOption {
+      type = lib.types.package;
+      description = ''
+        A derivation, that builds a markdown file, showing relevant system
+        information for this host.
+      '';
+      readOnly = true;
+    };
+  };
+
+  config.vhack.system-info = {
+    inherit markdown;
+  };
+}
diff --git a/scripts/system_info.sh b/scripts/system_info.sh
new file mode 100755
index 0000000..940406a
--- /dev/null
+++ b/scripts/system_info.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env sh
+
+# Take a host name and return the nix store path to the host's system info.
+# Type
+# _system_info :: String -> Path
+_system_info() {
+    nix --option warn-dirty false build .#nixosConfigurations."$1".config.vhack.system-info.markdown --print-out-paths --no-link
+}
+
+_glow() {
+    if command -v glow >/dev/null; then
+        glow --width 0
+    else
+        cat
+    fi
+}
+
+# The expression is not meant to be expanded by the shell
+# shellcheck disable=SC2016
+nix eval --expr '"${builtins.concatStringsSep "\n" (builtins.attrNames (builtins.fromTOML (builtins.readFile ./hosts/host-names.toml)))}\n"' --impure --raw | while read -r host; do
+    echo "# $host" | _glow
+    _glow <"$(_system_info "$host")"
+done
+
+# vim: ft=sh