nixos/tests/ulogd/ulogd.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ulogd / ulogd.nix
at 23.11-beta 1.4 kB view raw
 1import ../make-test-python.nix ({ pkgs, lib, ... }: {
 2  name = "ulogd";
 3
 4  meta.maintainers = with lib.maintainers; [ p-h ];
 5
 6  nodes.machine = { ... }: {
 7    networking.firewall.enable = false;
 8    networking.nftables.enable = true;
 9    networking.nftables.ruleset = ''
10      table inet filter {
11        chain input {
12          type filter hook input priority 0;
13          icmp type { echo-request, echo-reply } log group 2 accept
14        }
15
16        chain output {
17          type filter hook output priority 0; policy accept;
18          icmp type { echo-request, echo-reply } log group 2 accept
19        }
20
21        chain forward {
22          type filter hook forward priority 0; policy drop;
23        }
24
25      }
26    '';
27    services.ulogd = {
28      enable = true;
29      settings = {
30        global = {
31          logfile = "/var/log/ulogd.log";
32          stack = [
33            "log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU"
34            "log1:NFLOG,base1:BASE,pcap1:PCAP"
35          ];
36        };
37
38        log1.group = 2;
39
40        pcap1 = {
41          sync = 1;
42          file = "/var/log/ulogd.pcap";
43        };
44
45        emu1 = {
46          sync = 1;
47          file = "/var/log/ulogd_pkts.log";
48        };
49      };
50    };
51
52    environment.systemPackages = with pkgs; [ tcpdump ];
53  };
54
55  testScript = lib.readFile ./ulogd.py;
56})