From cf8b6e7ba157d7e2d90496aad9aa040716388700 Mon Sep 17 00:00:00 2001
From: Madeleine Sydney <lomiskiam@gmail.com>
Date: Fri, 21 Feb 2025 21:14:41 -0700
Subject: [PATCH] feat: port-tools

Very unfinished, but it's useful as-is!
---
 .gitignore                            |  1 +
 hosts/nixos-testbed/configuration.nix | 10 ++--
 scripts/port-tools/.envrc             |  1 +
 scripts/port-tools/bb.edn             |  0
 scripts/port-tools/default.nix        |  7 +++
 scripts/port-tools/ports              | 80 +++++++++++++++++++++++++++
 scripts/port-tools/result             |  1 +
 scripts/port-tools/shell.nix          |  8 +++
 8 files changed, 103 insertions(+), 5 deletions(-)
 create mode 100644 scripts/port-tools/.envrc
 create mode 100644 scripts/port-tools/bb.edn
 create mode 100644 scripts/port-tools/default.nix
 create mode 100755 scripts/port-tools/ports
 create mode 120000 scripts/port-tools/result
 create mode 100644 scripts/port-tools/shell.nix

diff --git a/.gitignore b/.gitignore
index e69feae..785cdbb 100755
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /users/crumb/programs/emacs/eln-cache
 /users/crumb/programs/emacs/auto-save-list
+.direnv
diff --git a/hosts/nixos-testbed/configuration.nix b/hosts/nixos-testbed/configuration.nix
index 4705379..ea2eac7 100755
--- a/hosts/nixos-testbed/configuration.nix
+++ b/hosts/nixos-testbed/configuration.nix
@@ -73,15 +73,15 @@
   services.xserver.xkb.layout = "us";
   services.xserver.xkb.options = "caps:escape";
 
-  environment.systemPackages = with pkgs; [
-    neovim
-    git
-    git-annex
+  environment.systemPackages = [
+    pkgs.neovim
+    pkgs.git
     sydnix-cli.packages.x86_64-linux.default
+    (import ../../scripts/port-tools { inherit pkgs; })
 
     # Waypipe provides the equivalent of X11 forwarding for Wayland.  This is a
     # VM, so it's very handy.
-    waypipe
+    pkgs.waypipe
   ];
 
   services.openssh = {
diff --git a/scripts/port-tools/.envrc b/scripts/port-tools/.envrc
new file mode 100644
index 0000000..1d953f4
--- /dev/null
+++ b/scripts/port-tools/.envrc
@@ -0,0 +1 @@
+use nix
diff --git a/scripts/port-tools/bb.edn b/scripts/port-tools/bb.edn
new file mode 100644
index 0000000..e69de29
diff --git a/scripts/port-tools/default.nix b/scripts/port-tools/default.nix
new file mode 100644
index 0000000..1804226
--- /dev/null
+++ b/scripts/port-tools/default.nix
@@ -0,0 +1,7 @@
+{ pkgs ? import <nixpkgs> {}
+}:
+
+pkgs.writeShellScriptBin "ports" ''
+  ${pkgs.babashka}/bin/bb --init "${./ports}" -m port-tools -- "$@" || exit=$?
+  exit $exit
+''
diff --git a/scripts/port-tools/ports b/scripts/port-tools/ports
new file mode 100755
index 0000000..7f357ac
--- /dev/null
+++ b/scripts/port-tools/ports
@@ -0,0 +1,80 @@
+#!/usr/bin/env sh
+:$(); -*- mode: clojure -*-
+:$(); bb --init "$0" -- "$@" || exit=$?
+:$(); exit $exit
+(ns port-tools
+  (:require [babashka.cli :as cli]
+            [babashka.process :as p]))
+
+(defn adorn-with-help-option [spec]
+  (letfn [(fn-with-help [opts]
+            ;; TODO: Implement
+            ((:fn spec) opts))]
+    (-> spec
+        (assoc-in [:spec :help]
+                  {:help {:coerce :bool}})
+        (assoc :fn fn-with-help))))
+
+(defn ip46tables [& args]
+  (try
+    (apply p/shell "iptables" args)
+    (apply p/shell "ip6tables" args)
+    (catch Exception e
+      (println "ip6?tables failed!"))))
+
+(defn open-port [{{:keys [ports]} :opts
+                  :as opts}]
+  (doseq [port ports]
+    (ip46tables
+     "-I" "nixos-fw" "1" "-p" "tcp" "--dport" port "-j" "nixos-fw-accept")
+    (binding [*out* *err*]
+      (printf "Opened port %d\n" port))))
+
+(defn close-port [{:keys [ports] :as opts}]
+  (doseq [port ports]
+    (ip46tables
+     "-D" "nixos-fw" "-p" "tcp" "--dport" port "-j" "nixos-fw-accept")
+    (binding [*out* *err*]
+      (printf "Closed port %d\n" port))))
+
+(defn run-with-port [opts]
+  (let [[ports [_ & cmd]] (split-with #(not= % "--") (:args opts))]
+    (throw (ex-info "TODO: Implement me!" {}))))
+
+(defn port? [x]
+  (and (nat-int? x)
+       (<= x 65535)))
+
+(defn parse-port [x]
+  (when-let [x* (parse-long x)]
+    (and (<= 0 x* 65535) x*)))
+
+(defn help [opts]
+  (prn 'help))
+
+(def port-option
+  {:ports {:coerce [parse-port]
+           :alias :p
+           :ref "PORT"}})
+
+(def cli-table
+  (map adorn-with-help-option
+       [{:cmds ["open"]
+         :fn open-port
+         :spec port-option
+         :args->opts [:ports]}
+        {:cmds ["close"]
+         :spec port-option
+         :fn close-port
+         :args->opts [:ports]}
+        {:cmds ["run-with-port"]
+         :spec port-option
+         :fn run-with-port}
+        {:cmds []
+         :fn help}]))
+
+(defn -main [& args]
+  (cli/dispatch cli-table args))
+
+#_
+(apply -main *command-line-args*)
diff --git a/scripts/port-tools/result b/scripts/port-tools/result
new file mode 120000
index 0000000..3d1e4ab
--- /dev/null
+++ b/scripts/port-tools/result
@@ -0,0 +1 @@
+/nix/store/vnfvgwnkx6jf2cmla3lsmj3kpnxmyv7k-ports
\ No newline at end of file
diff --git a/scripts/port-tools/shell.nix b/scripts/port-tools/shell.nix
new file mode 100644
index 0000000..98eff45
--- /dev/null
+++ b/scripts/port-tools/shell.nix
@@ -0,0 +1,8 @@
+{ pkgs ? import <nixpkgs> {}
+}:
+
+pkgs.mkShell {
+  packages = [
+    pkgs.babashka
+  ];
+}