nixos/tests/ulogd/ulogd.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / ulogd / ulogd.nix
at master 1.4 kB view raw
 1{ pkgs, lib, ... }:
 2{
 3  name = "ulogd";
 4
 5  meta.maintainers = with lib.maintainers; [ p-h ];
 6
 7  nodes.machine =
 8    { ... }:
 9    {
10      networking.firewall.enable = false;
11      networking.nftables.enable = true;
12      networking.nftables.ruleset = ''
13        table inet filter {
14          chain input {
15            type filter hook input priority 0;
16            icmp type { echo-request, echo-reply } log group 2 accept
17          }
18
19          chain output {
20            type filter hook output priority 0; policy accept;
21            icmp type { echo-request, echo-reply } log group 2 accept
22          }
23
24          chain forward {
25            type filter hook forward priority 0; policy drop;
26          }
27
28        }
29      '';
30      services.ulogd = {
31        enable = true;
32        settings = {
33          global = {
34            logfile = "/var/log/ulogd.log";
35            stack = [
36              "log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU"
37              "log1:NFLOG,base1:BASE,pcap1:PCAP"
38            ];
39          };
40
41          log1.group = 2;
42
43          pcap1 = {
44            sync = 1;
45            file = "/var/log/ulogd.pcap";
46          };
47
48          emu1 = {
49            sync = 1;
50            file = "/var/log/ulogd_pkts.log";
51          };
52        };
53      };
54
55      environment.systemPackages = with pkgs; [ tcpdump ];
56    };
57
58  testScript = lib.readFile ./ulogd.py;
59}