nixos/modules/services/networking/ntopng.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / ntopng.nix
at 23.11-pre 4.6 kB view raw
  1{ config, lib, options, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.ntopng;
  8  opt = options.services.ntopng;
  9
 10  createRedis = cfg.redis.createInstance != null;
 11  redisService =
 12    if cfg.redis.createInstance == "" then
 13      "redis.service"
 14    else
 15      "redis-${cfg.redis.createInstance}.service";
 16
 17  configFile = if cfg.configText != "" then
 18    pkgs.writeText "ntopng.conf" ''
 19      ${cfg.configText}
 20    ''
 21    else
 22    pkgs.writeText "ntopng.conf" ''
 23      ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
 24      --http-port=${toString cfg.httpPort}
 25      --redis=${cfg.redis.address}
 26      --data-dir=/var/lib/ntopng
 27      --user=ntopng
 28      ${cfg.extraConfig}
 29    '';
 30
 31in
 32
 33{
 34
 35  imports = [
 36    (mkRenamedOptionModule [ "services" "ntopng" "http-port" ] [ "services" "ntopng" "httpPort" ])
 37  ];
 38
 39  options = {
 40
 41    services.ntopng = {
 42
 43      enable = mkOption {
 44        default = false;
 45        type = types.bool;
 46        description = lib.mdDoc ''
 47          Enable ntopng, a high-speed web-based traffic analysis and flow
 48          collection tool.
 49
 50          With the default configuration, ntopng monitors all network
 51          interfaces and displays its findings at http://localhost:''${toString
 52          config.${opt.http-port}}. Default username and password is admin/admin.
 53
 54          See the ntopng(8) manual page and http://www.ntop.org/products/ntop/
 55          for more info.
 56
 57          Note that enabling ntopng will also enable redis (key-value
 58          database server) for persistent data storage.
 59        '';
 60      };
 61
 62      interfaces = mkOption {
 63        default = [ "any" ];
 64        example = [ "eth0" "wlan0" ];
 65        type = types.listOf types.str;
 66        description = lib.mdDoc ''
 67          List of interfaces to monitor. Use "any" to monitor all interfaces.
 68        '';
 69      };
 70
 71      httpPort = mkOption {
 72        default = 3000;
 73        type = types.int;
 74        description = lib.mdDoc ''
 75          Sets the HTTP port of the embedded web server.
 76        '';
 77      };
 78
 79      redis.address = mkOption {
 80        type = types.str;
 81        example = literalExpression "config.services.redis.ntopng.unixSocket";
 82        description = lib.mdDoc ''
 83          Redis address - may be a Unix socket or a network host and port.
 84        '';
 85      };
 86
 87      redis.createInstance = mkOption {
 88        type = types.nullOr types.str;
 89        default = optionalString (versionAtLeast config.system.stateVersion "22.05") "ntopng";
 90        description = lib.mdDoc ''
 91          Local Redis instance name. Set to `null` to disable
 92          local Redis instance. Defaults to `""` for
 93          `system.stateVersion` older than 22.05.
 94        '';
 95      };
 96
 97      configText = mkOption {
 98        default = "";
 99        example = ''
100          --interface=any
101          --http-port=3000
102          --disable-login
103        '';
104        type = types.lines;
105        description = lib.mdDoc ''
106          Overridable configuration file contents to use for ntopng. By
107          default, use the contents automatically generated by NixOS.
108        '';
109      };
110
111      extraConfig = mkOption {
112        default = "";
113        type = types.lines;
114        description = lib.mdDoc ''
115          Configuration lines that will be appended to the generated ntopng
116          configuration file. Note that this mechanism does not work when the
117          manual {option}`configText` option is used.
118        '';
119      };
120
121    };
122
123  };
124
125  config = mkIf cfg.enable {
126
127    # ntopng uses redis for data storage
128    services.ntopng.redis.address =
129      mkIf createRedis config.services.redis.servers.${cfg.redis.createInstance}.unixSocket;
130
131    services.redis.servers = mkIf createRedis {
132      ${cfg.redis.createInstance} = {
133        enable = true;
134        user = mkIf (cfg.redis.createInstance == "ntopng") "ntopng";
135      };
136    };
137
138    # nice to have manual page and ntopng command in PATH
139    environment.systemPackages = [ pkgs.ntopng ];
140
141    systemd.tmpfiles.rules = [ "d /var/lib/ntopng 0700 ntopng ntopng -" ];
142
143    systemd.services.ntopng = {
144      description = "Ntopng Network Monitor";
145      requires = optional createRedis redisService;
146      after = [ "network.target" ] ++ optional createRedis redisService;
147      wantedBy = [ "multi-user.target" ];
148      serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
149      unitConfig.Documentation = "man:ntopng(8)";
150    };
151
152    users.extraUsers.ntopng = {
153      group = "ntopng";
154      isSystemUser = true;
155    };
156
157    users.extraGroups.ntopng = { };
158  };
159
160}