diff --git a/nixosModules/scripts.nix b/nixosModules/scripts.nix index 28099db..ddc33b7 100644 --- a/nixosModules/scripts.nix +++ b/nixosModules/scripts.nix @@ -12,5 +12,6 @@ in nix flake update --flake $FLAKE --impure sudo nixos-rebuild switch --flake $FLAKE#${hostName} --impure '') + (pkgs.writeShellScriptBin "test-dns" (builtins.readFile ../scripts/test-dns.sh)) ]; } \ No newline at end of file diff --git a/scripts/test-dns.sh b/scripts/test-dns.sh new file mode 100644 index 0000000..972d6f6 --- /dev/null +++ b/scripts/test-dns.sh @@ -0,0 +1,110 @@ +#!/usr/bin/env bash + +# Function to test DNS resolution for a subdomain +test_subdomain() { + local subdomain="$1" + local fqdn="${subdomain}.john-stream.com" + + echo "========================================" + echo "Testing DNS for: $fqdn" + echo "========================================" + echo "" + + # Test panoptes + echo "📍 Testing: panoptes" + result=$(dig @panoptes "$fqdn" +short +time=2 +tries=1 2>&1) + if [ -n "$result" ]; then + echo " ✅ Resolved to: $result" + dig @panoptes "$fqdn" +noall +answer +time=2 +tries=1 | sed 's/^/ /' + else + echo " ❌ Failed to resolve" + fi + echo "" + + # Test CoreDNS (192.168.1.107) + echo "📍 Testing: 192.168.1.107 (CoreDNS)" + result=$(dig @192.168.1.107 "$fqdn" +short +time=2 +tries=1 2>&1) + if [ -n "$result" ]; then + echo " ✅ Resolved to: $result" + dig @192.168.1.107 "$fqdn" +noall +answer +time=2 +tries=1 | sed 's/^/ /' + else + echo " ❌ Failed to resolve" + fi + echo "" + + # Test Cloudflare DNS (1.1.1.1) + echo "📍 Testing: 1.1.1.1 (Cloudflare DNS)" + result=$(dig @1.1.1.1 "$fqdn" +short +time=2 +tries=1 2>&1) + if [ -n "$result" ]; then + echo " ✅ Resolved to: $result" + dig @1.1.1.1 "$fqdn" +noall +answer +time=2 +tries=1 | sed 's/^/ /' + else + echo " ❌ Failed to resolve" + fi + echo "" +} + +# Function to check SSL certificate for the domain +check_ssl_cert() { + local subdomain="$1" + local fqdn="${subdomain}.john-stream.com" + + echo "========================================" + echo "SSL Certificate Check for: $fqdn" + echo "========================================" + echo "" + + # Check if openssl is available + if ! command -v openssl &> /dev/null; then + echo "❌ openssl command not found. Please install openssl to check SSL certificates." + return 1 + fi + + # Try to fetch SSL certificate information + echo "📍 Fetching SSL certificate information..." + cert_info=$(echo | openssl s_client -servername "$fqdn" -connect "$fqdn:443" 2>/dev/null | openssl x509 -noout -text 2>/dev/null) + + if [ -z "$cert_info" ]; then + echo " ❌ Failed to retrieve SSL certificate. The domain may not be accessible via HTTPS." + return 1 + fi + + # Extract and display key certificate information + echo " ✅ SSL certificate found!" + echo "" + + # Get certificate details + cert_details=$(echo | openssl s_client -servername "$fqdn" -connect "$fqdn:443" 2>/dev/null | openssl x509 -noout -subject -issuer -dates 2>/dev/null) + + echo "📋 Certificate Details:" + echo "$cert_details" | sed 's/^/ /' + echo "" + + # Check certificate expiration + expiry_date=$(echo | openssl s_client -servername "$fqdn" -connect "$fqdn:443" 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2) + + if [ -n "$expiry_date" ]; then + expiry_epoch=$(date -d "$expiry_date" +%s 2>/dev/null) + current_epoch=$(date +%s) + days_until_expiry=$(( ($expiry_epoch - $current_epoch) / 86400 )) + + if [ $days_until_expiry -lt 0 ]; then + echo "⚠️ Certificate Status: EXPIRED ($days_until_expiry days ago)" + elif [ $days_until_expiry -lt 30 ]; then + echo "⚠️ Certificate Status: Expiring soon ($days_until_expiry days remaining)" + else + echo "✅ Certificate Status: Valid ($days_until_expiry days remaining)" + fi + fi + echo "" +} + +# Test the subdomain +if [ -z "$1" ]; then + echo "Usage: $0 " + echo "Example: $0 appdaemon" + exit 1 +fi + +test_subdomain "$1" +check_ssl_cert "$1"