about summary refs log tree commit diff stats
path: root/modules/by-name/sy/system-info/module.nix
blob: f04eb495a75859829d6c139dbd675319f4ceafa5 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70

{
  lib,
  config,
  pkgs,
  ...
}: let
  mkVirtualHostDisplay = name: value: let
    aliases =
      if value.serverAliases != []
      then
        ": "
        + builtins.concatStringsSep " " value.serverAliases
      else "";
  in ''
    ${name}${aliases}
  '';
  vHosts = builtins.concatStringsSep "" (builtins.attrValues (builtins.mapAttrs mkVirtualHostDisplay config.services.nginx.virtualHosts));

  mkOpenPortDisplay = mode: port: let
    checkEnabled = service: name:
      if config.vhack.${service}.enable
      then name
      else "<port is '${name}' but service 'vhack.${service}' is not enabled.>";
    mappings = {
      "22" = checkEnabled "openssh" "ssh";
      "80" = checkEnabled "nginx" "http";
      "443" = checkEnabled "nginx" "https";

      "53" = checkEnabled "dns" "dns";

      "24" = checkEnabled "mail" "mail-lmtp";
      "465" = checkEnabled "mail" "mail-smtp-tls";
      "25" = checkEnabled "mail" "mail-smtp";
      "993" = checkEnabled "mail" "mail-imap-tls";
      "995" = checkEnabled "mail" "mail-pop3-tls";

      # TODO(@bpeetz): Check which service opens these ports: <2025-01-28>
      "64738" = "???";
    };
  in ''
    ${mode} ${builtins.toString port}: ${mappings.${builtins.toString port}}
  '';

  # TODO(@bpeetz): This should probably also include the allowed TCP/UDP port ranges. <2025-01-28>
  openTCPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "TCP") config.networking.firewall.allowedTCPPorts);
  openUDPPorts = builtins.concatStringsSep "" (builtins.map (mkOpenPortDisplay "UDP") config.networking.firewall.allowedUDPPorts);

  markdown = pkgs.writeText "${config.networking.hostName}-system-info.md" ''
    ## Virtual Hosts
    ${vHosts}
    ## Open ports
    ${openTCPPorts}
    ${openUDPPorts}
  '';
in {
  options.vhack.system-info = {
    markdown = lib.mkOption {
      type = lib.types.package;
      description = ''
        A derivation, that builds a markdown file, showing relevant system
        information for this host.
      '';
      readOnly = true;
    };
  };

  config.vhack.system-info = {
    inherit markdown;
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-12 19:37:43 +0000