diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 078ea225e16..684850df2ae 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -170,6 +170,7 @@ ./services/networking/minidlna.nix ./services/networking/nat.nix ./services/networking/networkmanager.nix + ./services/networking/ntopng.nix ./services/networking/ntpd.nix ./services/networking/oidentd.nix ./services/networking/openfire.nix diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix new file mode 100644 index 00000000000..156a6b32a6a --- /dev/null +++ b/nixos/modules/services/networking/ntopng.nix @@ -0,0 +1,116 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.ntopng; + redisCfg = config.services.redis; + + configFile = if cfg.configText != "" then + pkgs.writeText "ntopng.conf" '' + ${cfg.configText} + '' + else + pkgs.writeText "ntopng.conf" '' + ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)} + --http-port=${toString cfg.http-port} + --redis=localhost:${toString redisCfg.port} + ${cfg.extraConfig} + ''; + +in + +{ + + options = { + + services.ntopng = { + + enable = mkOption { + default = false; + type = types.bool; + description = '' + Enable ntopng, a high-speed web-based traffic analysis and flow + collection tool. + + With the default configuration, ntopng monitors all network + interfaces and displays its findings at http://localhost:${toString + cfg.http-port}. Default username and password is admin/admin. + + See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ + for more info. + + Note that enabling ntopng will also enable redis (key-value + database server) for persistent data storage. + ''; + }; + + interfaces = mkOption { + default = [ "any" ]; + example = [ "eth0" "wlan0" ]; + type = types.listOf types.str; + description = '' + List of interfaces to monitor. Use "any" to monitor all interfaces. + ''; + }; + + http-port = mkOption { + default = 3000; + type = types.uniq types.int; + description = '' + Sets the HTTP port of the embedded web server. + ''; + }; + + configText = mkOption { + default = ""; + example = '' + --interface=any + --http-port=3000 + --disable-login + ''; + type = types.lines; + description = '' + Overridable configuration file contents to use for ntopng. By + default, use the contents automatically generated by NixOS. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = types.lines; + description = '' + Configuration lines that will be appended to the generated ntopng + configuration file. Note that this mechanism does not work when the + manual option is used. + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + # ntopng uses redis for data storage + services.redis.enable = true; + + # nice to have manual page and ntopng command in PATH + environment.systemPackages = [ pkgs.ntopng ]; + + systemd.services.ntopng = { + description = "Ntopng Network Monitor"; + requires = [ "redis.service" ]; + after = [ "network.target" "redis.service" ]; + wantedBy = [ "multi-user.target" ]; + preStart = "mkdir -p /var/lib/ntopng/"; + serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}"; + unitConfig.Documentation = "man:ntopng(8)"; + }; + + # ntopng drops priveleges to user "nobody" and that user is already defined + # in users-groups.nix. + }; + +}