diff options
author | Bjørn Forsman <bjorn.forsman@gmail.com> | 2013-12-05 22:21:12 +0100 |
---|---|---|
committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2013-12-09 21:35:01 +0100 |
commit | 9474fbae65556933538076709332f11d40234b2e (patch) | |
tree | a5a4d65780660674895926ed0eca00f34eeaf2d4 /nixos/modules/services/networking | |
parent | 3cff0a80149003620405d841d441119a64936e32 (diff) | |
download | nixlib-9474fbae65556933538076709332f11d40234b2e.tar nixlib-9474fbae65556933538076709332f11d40234b2e.tar.gz nixlib-9474fbae65556933538076709332f11d40234b2e.tar.bz2 nixlib-9474fbae65556933538076709332f11d40234b2e.tar.lz nixlib-9474fbae65556933538076709332f11d40234b2e.tar.xz nixlib-9474fbae65556933538076709332f11d40234b2e.tar.zst nixlib-9474fbae65556933538076709332f11d40234b2e.zip |
nixos: add ntopng service
ntopng is a high-speed web-based traffic analysis and flow collection tool. Enable it by adding this to configuration.nix: services.ntopng.enable = true; Open a browser at http://localhost:3000 and login with the default username/password: admin/admin.
Diffstat (limited to 'nixos/modules/services/networking')
-rw-r--r-- | nixos/modules/services/networking/ntopng.nix | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix new file mode 100644 index 000000000000..156a6b32a6ab --- /dev/null +++ b/nixos/modules/services/networking/ntopng.nix @@ -0,0 +1,116 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.ntopng; + redisCfg = config.services.redis; + + configFile = if cfg.configText != "" then + pkgs.writeText "ntopng.conf" '' + ${cfg.configText} + '' + else + pkgs.writeText "ntopng.conf" '' + ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)} + --http-port=${toString cfg.http-port} + --redis=localhost:${toString redisCfg.port} + ${cfg.extraConfig} + ''; + +in + +{ + + options = { + + services.ntopng = { + + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enable ntopng, a high-speed web-based traffic analysis and flow + collection tool. + + With the default configuration, ntopng monitors all network + interfaces and displays its findings at http://localhost:${toString + cfg.http-port}. Default username and password is admin/admin. + + See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ + for more info. + + Note that enabling ntopng will also enable redis (key-value + database server) for persistent data storage. + ''; + }; + + interfaces = mkOption { + default = [ "any" ]; + example = [ "eth0" "wlan0" ]; + type = types.listOf types.str; + description = '' + List of interfaces to monitor. Use "any" to monitor all interfaces. + ''; + }; + + http-port = mkOption { + default = 3000; + type = types.uniq types.int; + description = '' + Sets the HTTP port of the embedded web server. + ''; + }; + + configText = mkOption { + default = ""; + example = '' + --interface=any + --http-port=3000 + --disable-login + ''; + type = types.lines; + description = '' + Overridable configuration file contents to use for ntopng. By + default, use the contents automatically generated by NixOS. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + Configuration lines that will be appended to the generated ntopng + configuration file. Note that this mechanism does not work when the + manual <option>configText</option> option is used. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + # ntopng uses redis for data storage + services.redis.enable = true; + + # nice to have manual page and ntopng command in PATH + environment.systemPackages = [ pkgs.ntopng ]; + + systemd.services.ntopng = { + description = "Ntopng Network Monitor"; + requires = [ "redis.service" ]; + after = [ "network.target" "redis.service" ]; + wantedBy = [ "multi-user.target" ]; + preStart = "mkdir -p /var/lib/ntopng/"; + serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}"; + unitConfig.Documentation = "man:ntopng(8)"; + }; + + # ntopng drops priveleges to user "nobody" and that user is already defined + # in users-groups.nix. + }; + +} |