about summary refs log tree commit diff stats
path: root/modules/by-name/sy/system-info/module.nix
diff options
Diffstat (limited to 'modules/by-name/sy/system-info/module.nix')
1 files changed, 70 insertions, 0 deletions
diff --git a/modules/by-name/sy/system-info/module.nix b/modules/by-name/sy/system-info/module.nix
new file mode 100644
index 0000000..f04eb49
--- /dev/null
+++ b/modules/by-name/sy/system-info/module.nix
@@ -0,0 +1,70 @@
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  mkVirtualHostDisplay = name: value: let
+    aliases =
+      if value.serverAliases != []
+      then
+        ": "
+        + builtins.concatStringsSep " " value.serverAliases
+      else "";
+  in ''
+    ${name}${aliases}
+  '';
+  vHosts = builtins.concatStringsSep "" (builtins.attrValues (builtins.mapAttrs mkVirtualHostDisplay config.services.nginx.virtualHosts));
+  mkOpenPortDisplay = mode: port: let
+    checkEnabled = service: name:
+      if config.vhack.${service}.enable
+      then name
+      else "<port is '${name}' but service 'vhack.${service}' is not enabled.>";
+    mappings = {
+      "22" = checkEnabled "openssh" "ssh";
+      "80" = checkEnabled "nginx" "http";
+      "443" = checkEnabled "nginx" "https";
+      "53" = checkEnabled "dns" "dns";
+      "24" = checkEnabled "mail" "mail-lmtp";
+      "465" = checkEnabled "mail" "mail-smtp-tls";
+      "25" = checkEnabled "mail" "mail-smtp";
+      "993" = checkEnabled "mail" "mail-imap-tls";
+      "995" = checkEnabled "mail" "mail-pop3-tls";
+      # TODO(@bpeetz): Check which service opens these ports: <2025-01-28>
+      "64738" = "???";
+    };
+  in ''
+    ${mode} ${builtins.toString port}: ${mappings.${builtins.toString port}}
+  '';
+  # TODO(@bpeetz): This should probably also include the allowed TCP/UDP port ranges. <2025-01-28>
+  openTCPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "TCP") config.networking.firewall.allowedTCPPorts);
+  openUDPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "UDP") config.networking.firewall.allowedUDPPorts);
+  markdown = pkgs.writeText "${config.networking.hostName}-system-info.md" ''
+    ## Virtual Hosts
+    ${vHosts}
+    ## Open ports
+    ${openTCPPorts}
+    ${openUDPPorts}
+  '';
+in {
+  options.vhack.system-info = {
+    markdown = lib.mkOption {
+      type = lib.types.package;
+      description = ''
+        A derivation, that builds a markdown file, showing relevant system
+        information for this host.
+      '';
+      readOnly = true;
+    };
+  };
+  config.vhack.system-info = {
+    inherit markdown;
+  };