nixos/tests/ulogd/ulogd.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ulogd / ulogd.nix
at 25.11-pre 1.5 kB view raw
 1import ../make-test-python.nix (
 2  { pkgs, lib, ... }:
 3  {
 4    name = "ulogd";
 5
 6    meta.maintainers = with lib.maintainers; [ p-h ];
 7
 8    nodes.machine =
 9      { ... }:
10      {
11        networking.firewall.enable = false;
12        networking.nftables.enable = true;
13        networking.nftables.ruleset = ''
14          table inet filter {
15            chain input {
16              type filter hook input priority 0;
17              icmp type { echo-request, echo-reply } log group 2 accept
18            }
19
20            chain output {
21              type filter hook output priority 0; policy accept;
22              icmp type { echo-request, echo-reply } log group 2 accept
23            }
24
25            chain forward {
26              type filter hook forward priority 0; policy drop;
27            }
28
29          }
30        '';
31        services.ulogd = {
32          enable = true;
33          settings = {
34            global = {
35              logfile = "/var/log/ulogd.log";
36              stack = [
37                "log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU"
38                "log1:NFLOG,base1:BASE,pcap1:PCAP"
39              ];
40            };
41
42            log1.group = 2;
43
44            pcap1 = {
45              sync = 1;
46              file = "/var/log/ulogd.pcap";
47            };
48
49            emu1 = {
50              sync = 1;
51              file = "/var/log/ulogd_pkts.log";
52            };
53          };
54        };
55
56        environment.systemPackages = with pkgs; [ tcpdump ];
57      };
58
59    testScript = lib.readFile ./ulogd.py;
60  }
61)