add script to run command and temp open a port

hosts/lolcathost/default.nix

@@ -6,7 +6,7 @@
 }: let
   home-manager = builtins.fetchTarball {
     url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz";
-    sha256 = "0z94i2ig7wcm63fp1wkpp6r4458g2bj3r7ijlfapxihqybpgvng5";
+    sha256 = "1kk5qzfb87mkgy6vzm7x8z8akxr3k8k7839yjdy48z034pvidhsr";
   };
 in {
   imports = [

hosts/myputer/default.nix

@@ -7,7 +7,7 @@
 }: let
   home-manager = builtins.fetchTarball {
     url = "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz";
-    sha256 = "0z94i2ig7wcm63fp1wkpp6r4458g2bj3r7ijlfapxihqybpgvng5";
+    sha256 = "1kk5qzfb87mkgy6vzm7x8z8akxr3k8k7839yjdy48z034pvidhsr";
   };
 in {
   imports = [

scripts/nix-list-installed

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+nix-store -q --references /var/run/current-system/sw \
+  | cut -d'-' -f2-

scripts/openport

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# Credit: u/boxofrox https://discourse.nixos.org/u/boxofrox
+# Ref: https://discourse.nixos.org/t/how-to-temporarily-open-a-tcp-port-in-nixos/12306/3
+USAGE="[Usage] sudo withport <port> <cmd> <args...>"
+
+set -ueo pipefail
+
+open-port() {
+  local port=$1
+  iptables -A INPUT -p tcp --dport $port -j ACCEPT
+}
+
+close-port() {
+  local port=${1:-0}
+  iptables -D INPUT -p tcp --dport $port -j ACCEPT
+}
+
+PORT=$1
+if [[ -z "$PORT" ]]; then
+  echo -e "[!] Port not given\n$USAGE" >&2
+  exit 1
+fi
+shift;  # Drop port argument
+
+if [[ 0 -eq $# ]]; then
+  echo -e "[!] Command not given\n$USAGE" >&2
+  exit 1
+fi
+
+open-port $PORT
+# Ensure port closes if error occurs.
+trap "close-port $PORT" EXIT
+# Run the command as user, not root.
+runuser -u $SUDO_USER -- "$@"
+# Trap will close port.

scripts/testvps

@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+# Requires: systemctl
+
+set -u
+
+function match {
+  [[ "$1" =~ $2 ]]
+}
+
+function padlen {
+  local MAX=0
+  for KEY in "$@"; do
+    local LEN=${#KEY}
+    ((LEN > MAX)) && MAX=$LEN
+  done
+  echo $MAX
+}
+
+function pad {
+  local PAD="$1"
+  if [ -z "$PAD" ]; then
+    exit 1
+  fi
+  
+  for ((i=0; i<PAD; i++)); do
+    printf " "
+  done
+}
+
+function fmt_print {
+  set +u
+  local SERVICE=$1
+  local LPAD=$2
+  local ACTIVE=$3
+  local ENABLED=$4
+
+  if [ "$ACTIVE" = "NOTFOUND" ]; then
+    ACTIVE="\e[1m\e[31m$ACTIVE\e[0m"
+  elif [ "$ACTIVE" = "inactive" ]; then
+    ACTIVE="\e[1m\e[31m$ACTIVE\e[0m"
+  else
+    ACTIVE="\e[32m$ACTIVE\e[0m"
+  fi
+
+  if [ "$ENABLED" = "enabled" ]; then
+    ENABLED="[\e[32m$ENABLED\e[0m]"
+  elif [ "$ENABLED" = "disabled" ]; then
+    ENABLED="[\e[1m\e[33m$ENABLED\e[0m]"
+  fi
+  set -u
+  echo -e "\e[35m[*]\e[0m $SERVICE:$LPAD $ACTIVE $ENABLED"
+}
+
+function fmt_test_service (
+  local SERVICE=$1
+  local LPAD_SZ=$2 # service name lpad size
+  local LPAD=$(pad $LPAD_SZ)
+
+  local EXISTS=0
+  local STAT=$(systemctl status "$SERVICE" 2>/dev/null)
+  if [ -z "$STAT" ]; then
+    fmt_print "$SERVICE" "$LPAD" "NOTFOUND"
+    exit 1
+  fi
+
+  local STAT_LOADED=$(head -n2 <<< "$STAT" | tail -n1)
+  # NOTE: "active  " intentionally contains right padding
+  local ENABLED=$(match "$STAT_LOADED" "^\s*Loaded: loaded \(.*; enabled; .*\)" && echo "enabled" || echo "disabled")
+  local ACTIVE=$(match "$STAT" "\s*Active: active \(running\)" && echo "active  " || echo "inactive")
+  fmt_print "$SERVICE" "$LPAD" "$ACTIVE" "$ENABLED"
+)
+
+function test_services {
+  local PAD_ALIGN=$(padlen $@)
+  # fmt_test_service
+  for SERVICE in "$@"; do
+    local LPAD=$((PAD_ALIGN - ${#SERVICE}))
+    fmt_test_service "$SERVICE" $LPAD
+  done
+}
+
+test_services nginx forgejo vaultwarden