{ config, lib, pkgs, inputs, ... }: with lib; let cfg = config.nixfiles.modules.nmap; in { options.nixfiles.modules.nmap.enable = mkEnableOption "Nmap"; config = mkIf cfg.enable { hm = { home = { file = { ".nmap/scripts/vulners".source = inputs.nmap-vulners; ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; }; packages = with pkgs; [nmap nmap-formatter]; activation.regenerateNmapScripts = with pkgs; '' ${getExe' nmap "nmap"} --script-updatedb ''; }; programs.bash = { shellAliases = { nmap-vulners = "nmap -sV --script=vulners/vulners.nse"; nmap-vulscan = "nmap -sV --script=vulscan/vulscan.nse"; }; initExtra = mkAfter '' _complete_alias nmap-vulners _nmap nmap _complete_alias nmap-vulscan _nmap nmap ''; }; systemd.user = { services.update-nmap-vulscan-lists = { Service = { ExecStart = let pkg = with pkgs; writeShellApplication { name = "update-nmap-vulscan-lists"; runtimeInputs = [curl]; text = '' declare -a vulscandbs=( "cve" "exploitdb" "openvas" "osvdb" "scipvuldb" "securityfocus" "securitytracker" "xforce" ) for i in "''${vulscandbs[@]}"; do ${getExe curl} \ -o "${config.my.home}/.nmap/scripts/vulscan/$i.csv" \ "https://www.computec.ch/projekte/vulscan/download/$i.csv" done ''; }; in getExe pkg; }; }; timers.update-nmap-vulscan-lists = { # TODO Figure out how to check for network-online.target for user # timers. Timer = { OnCalendar = "daily"; Persistent = true; Unit = "update-nmap-vulscan-lists.service"; }; Install.WantedBy = ["timers.target"]; }; }; }; }; }