b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #159538 from abbradar/ntopng-redis

Browse source 
ntopng: bump, use a separate user and redis instance
This commit is contained in:
Nikolay Amiantov 2022-02-19 15:27:56 +03:00 committed by GitHub
parent 1b84c95133 a347d52074
commit 6786ceb9af
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 86 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -413,6 +413,15 @@
<literal>virtualisation.docker.daemon.settings</literal>.
</para>
</listitem>
<listitem>
<para>
Ntopng (<literal>services.ntopng</literal>) is updated to
5.2.1 and uses a separate Redis instance if
<literal>system.stateVersion</literal> is at least
<literal>22.05</literal>. Existing setups shouldnt be
affected.
</para>
</listitem>
<listitem>
<para>
The backward compatibility in

2
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -136,6 +136,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
- Ntopng (`services.ntopng`) is updated to 5.2.1 and uses a separate Redis instance if `system.stateVersion` is at least `22.05`. Existing setups shouldn't be affected.
- The backward compatibility in `services.wordpress` to configure sites with
the old interface has been removed. Please use `services.wordpress.sites`
instead.

63
nixos/modules/services/networking/ntopng.nix
View file

@ -6,7 +6,13 @@ let
cfg = config.services.ntopng;
opt = options.services.ntopng;
redisCfg = config.services.redis;
createRedis = cfg.redis.createInstance != null;
redisService =
if cfg.redis.createInstance == "" then
"redis.service"
else
"redis-${cfg.redis.createInstance}.service";
configFile = if cfg.configText != "" then
pkgs.writeText "ntopng.conf" ''
@ -15,8 +21,10 @@ let
else
pkgs.writeText "ntopng.conf" ''
${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
--http-port=${toString cfg.http-port}
--redis=localhost:${toString redisCfg.port}
--http-port=${toString cfg.httpPort}
--redis=${cfg.redis.address}
--data-dir=/var/lib/ntopng
--user=ntopng
${cfg.extraConfig}
'';
@ -24,6 +32,10 @@ in
{
imports = [
(mkRenamedOptionModule [ "services" "ntopng" "http-port" ] [ "services" "ntopng" "httpPort" ])
];
options = {
services.ntopng = {
@ -56,7 +68,7 @@ in
'';
};
http-port = mkOption {
httpPort = mkOption {
default = 3000;
type = types.int;
description = ''
@ -64,6 +76,24 @@ in
'';
};
redis.address = mkOption {
type = types.str;
example = literalExpression "config.services.redis.ntopng.unixSocket";
description = ''
Redis address - may be a Unix socket or a network host and port.
'';
};
redis.createInstance = mkOption {
type = types.nullOr types.str;
default = if versionAtLeast config.system.stateVersion "22.05" then "ntopng" else "";
description = ''
Local Redis instance name. Set to <literal>null</literal> to disable
local Redis instance. Defaults to <literal>""</literal> for
<literal>system.stateVersion</literal> older than 22.05.
'';
};
configText = mkOption {
default = "";
example = ''
@ -95,23 +125,36 @@ in
config = mkIf cfg.enable {
# ntopng uses redis for data storage
services.redis.enable = true;
services.ntopng.redis.address =
mkIf createRedis config.services.redis.servers.${cfg.redis.createInstance}.unixSocket;
services.redis.servers = mkIf createRedis {
${cfg.redis.createInstance} = {
enable = true;
user = mkIf (cfg.redis.createInstance == "ntopng") "ntopng";
};
};
# nice to have manual page and ntopng command in PATH
environment.systemPackages = [ pkgs.ntopng ];
systemd.tmpfiles.rules = [ "d /var/lib/ntopng 0700 ntopng ntopng -" ];
systemd.services.ntopng = {
description = "Ntopng Network Monitor";
requires = [ "redis.service" ];
after = [ "network.target" "redis.service" ];
requires = optional createRedis redisService;
after = [ "network.target" ] ++ optional createRedis redisService;
wantedBy = [ "multi-user.target" ];
preStart = "mkdir -p /var/lib/ntopng/";
serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
unitConfig.Documentation = "man:ntopng(8)";
};
# ntopng drops priveleges to user "nobody" and that user is already defined
# in users-groups.nix.
users.extraUsers.ntopng = {
group = "ntopng";
isSystemUser = true;
};
users.extraGroups.ntopng = { };
};
}

12
pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch
View file

@ -1,12 +0,0 @@
diff --git a/src/Prefs.cpp b/src/Prefs.cpp
index 76385c4..db8d20d 100755
--- a/src/Prefs.cpp
+++ b/src/Prefs.cpp
@@ -795,7 +795,6 @@ int Prefs::checkOptions() {
ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to create log %s", path);
}
- free(data_dir); data_dir = strdup(ntop->get_install_dir());
docs_dir = ntop->getValidPath(docs_dir);
scripts_dir = ntop->getValidPath(scripts_dir);
callbacks_dir = ntop->getValidPath(callbacks_dir);

14
pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch
View file

@ -1,14 +0,0 @@
diff --git a/src/Ntop.cpp b/src/Ntop.cpp
index 8de92a9..510418f 100644
--- a/src/Ntop.cpp
+++ b/src/Ntop.cpp
@@ -197,8 +197,7 @@ void Ntop::registerPrefs(Prefs *_prefs) {
}
if(stat(prefs->get_callbacks_dir(), &statbuf)
- || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */
- || (!(statbuf.st_mode & S_IWRITE)) /* It's not writable */) {
+ || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */) {
ntop->getTrace()->traceEvent(TRACE_ERROR, "Invalid directory %s specified",
prefs->get_callbacks_dir());
_exit(-1);

34
pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch
View file

@ -1,34 +0,0 @@
From 9cb650ea96c0e5063775071cfdae072e92c553b8 Mon Sep 17 00:00:00 2001
From: emanuele-f <faranda@ntop.org>
Date: Tue, 18 Sep 2018 12:49:57 +0200
Subject: [PATCH] Compilation fix with new libpcap
SOCKET and INVALID_SOCKET are now defined in pcap.h
---
third-party/mongoose/mongoose.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/third-party/mongoose/mongoose.c b/third-party/mongoose/mongoose.c
index 6a61cea9b..634c142e3 100644
--- a/third-party/mongoose/mongoose.c
+++ b/third-party/mongoose/mongoose.c
@@ -247,7 +247,9 @@ struct pollfd {
#define mg_rename(x, y) rename(x, y)
#define mg_sleep(x) usleep((x) * 1000)
#define ERRNO errno
+#ifndef INVALID_SOCKET
#define INVALID_SOCKET (-1)
+#endif
/* ntop */
#if ((ULONG_MAX) == (UINT_MAX))
@@ -270,7 +272,9 @@ struct pollfd {
#endif
//#define INT64_FMT PRId64
+#ifndef SOCKET
typedef int SOCKET;
+#endif
#define WINCDECL
#endif // End of Windows and UNIX specific includes

60
pkgs/tools/networking/ntopng/default.nix
View file

@ -1,62 +1,46 @@
{ lib, stdenv, fetchurl, libpcap,/* gnutls, libgcrypt,*/ libxml2, glib
, geoip, geolite-legacy, sqlite, which, autoreconfHook, git
, pkg-config, groff, curl, json_c, luajit, zeromq, rrdtool
{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, bash, autoreconfHook
, zeromq, ndpi, json_c, openssl, libpcap, libcap, curl, libmaxminddb
, rrdtool, sqlite, libmysqlclient, expat, net-snmp
}:
# ntopng includes LuaJIT, mongoose, rrdtool and zeromq in its third-party/
# directory, but we use luajit, zeromq, and rrdtool from nixpkgs
stdenv.mkDerivation rec {
pname = "ntopng";
version = "2.0";
version = "5.2.1";
src = fetchurl {
urls = [
"mirror://sourceforge/project/ntop/ntopng/old/ntopng-${version}.tar.gz"
"mirror://sourceforge/project/ntop/ntopng/ntopng-${version}.tar.gz"
];
sha256 = "0l82ivh05cmmqcvs26r6y69z849d28njipphqzvnakf43ggddgrw";
src = fetchFromGitHub {
owner = "ntop";
repo = "ntopng";
rev = version;
sha256 = "sha256-FeRERSq8F3HEelUCkA6pgNNcP94xrWy6EbJgk+cEdqc=";
};
patches = [
./0001-Undo-weird-modification-of-data_dir.patch
./0002-Remove-requirement-to-have-writeable-callback-dir.patch
./0003-New-libpcap-defines-SOCKET.patch
(fetchpatch {
url = "https://github.com/ntop/ntopng/commit/0aa580e1a45f248fffe6d11729ce40571f08e187.patch";
sha256 = "sha256-xqEVwfGgkNS+akbJnLZsVvEQdp9GxxUen8VkFomtcPI=";
})
];
buildInputs = [ libpcap/* gnutls libgcrypt*/ libxml2 glib geoip geolite-legacy
sqlite which autoreconfHook git pkg-config groff curl json_c luajit zeromq
rrdtool ];
nativeBuildInputs = [ bash autoreconfHook pkg-config ];
buildInputs = [
zeromq ndpi json_c openssl libpcap curl libmaxminddb rrdtool sqlite
libmysqlclient expat net-snmp libcap
];
autoreconfPhase = ''
substituteInPlace autogen.sh --replace "/bin/rm" "rm"
substituteInPlace nDPI/autogen.sh --replace "/bin/rm" "rm"
$shell autogen.sh
'';
autoreconfPhase = "bash autogen.sh";
preConfigure = ''
substituteInPlace Makefile.in --replace "/bin/rm" "rm"
'';
preBuild = ''
substituteInPlace src/Ntop.cpp --replace "/usr/local" "$out"
sed -e "s|\(#define CONST_DEFAULT_DATA_DIR\).*|\1 \"/var/lib/ntopng\"|g" \
-e "s|\(#define CONST_DEFAULT_DOCS_DIR\).*|\1 \"$out/share/ntopng/httpdocs\"|g" \
-e "s|\(#define CONST_DEFAULT_SCRIPTS_DIR\).*|\1 \"$out/share/ntopng/scripts\"|g" \
-e "s|\(#define CONST_DEFAULT_CALLBACKS_DIR\).*|\1 \"$out/share/ntopng/scripts/callbacks\"|g" \
-e "s|\(#define CONST_DEFAULT_INSTALL_DIR\).*|\1 \"$out/share/ntopng\"|g" \
sed -e "s|\(#define CONST_BIN_DIR \).*|\1\"$out/bin\"|g" \
-e "s|\(#define CONST_SHARE_DIR \).*|\1\"$out/share\"|g" \
-i include/ntop_defines.h
rm -rf httpdocs/geoip
ln -s ${geolite-legacy}/share/GeoIP httpdocs/geoip
'' + lib.optionalString stdenv.isDarwin ''
sed 's|LIBS += -lstdc++.6||' -i Makefile
'';
NIX_CFLAGS_COMPILE = "-fpermissive"
+ lib.optionalString stdenv.cc.isClang " -Wno-error=reserved-user-defined-literal";
enableParallelBuilding = true;
meta = with lib; {
description = "High-speed web-based traffic analysis and flow collection tool";