summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/iana-etc.nix55
2 files changed, 56 insertions, 0 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 42df3f053..48cf7971b 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -24,6 +24,7 @@ let
./go.nix
./hidden-ssh.nix
./htgen.nix
+ ./iana-etc.nix
./iptables.nix
./kapacitor.nix
./monit.nix
diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix
new file mode 100644
index 000000000..f6d47f27e
--- /dev/null
+++ b/krebs/3modules/iana-etc.nix
@@ -0,0 +1,55 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: {
+
+ options.krebs.iana-etc.services = mkOption {
+ default = {};
+ type = types.attrsOf (types.submodule ({ config, ... }: {
+ options = {
+ port = mkOption {
+ default = config._module.args.name;
+ type = types.addCheck types.str (test "[1-9][0-9]*");
+ };
+ } // genAttrs ["tcp" "udp"] (protocol: mkOption {
+ default = null;
+ type = types.nullOr (types.submodule {
+ options = {
+ name = mkOption {
+ type = types.str;
+ };
+ };
+ });
+ });
+ }));
+ };
+
+ config.environment.etc = mkIf (config.krebs.iana-etc.services != {}) {
+ services.source = mkForce (pkgs.runCommand "krebs-iana-etc" {} ''
+ exec < ${pkgs.iana_etc}/etc/services
+ exec > $out
+ awk -F '[ /]+' '
+ BEGIN {
+ port=0
+ }
+ ${concatMapStringsSep "\n" (entry: ''
+ $2 == ${entry.port} {
+ port=$2
+ next
+ }
+ port == ${entry.port} {
+ ${concatMapStringsSep "\n"
+ (proto: let
+ s = "${entry.${proto}.name} ${entry.port}/${proto}";
+ in
+ "print ${toJSON s}")
+ (filter (proto: entry.${proto} != null) ["tcp" "udp"])}
+ port=0
+ }
+ '') (attrValues config.krebs.iana-etc.services)}
+ {
+ print $0
+ }
+ '
+ '');
+ };
+
+}