nixos/modules/services/networking/ntopng.nix at release-16.03-start · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / ntopng.nix
at release-16.03-start 3.1 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.ntopng;
  8  redisCfg = config.services.redis;
  9
 10  configFile = if cfg.configText != "" then
 11    pkgs.writeText "ntopng.conf" ''
 12      ${cfg.configText}
 13    ''
 14    else
 15    pkgs.writeText "ntopng.conf" ''
 16      ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
 17      --http-port=${toString cfg.http-port}
 18      --redis=localhost:${toString redisCfg.port}
 19      ${cfg.extraConfig}
 20    '';
 21
 22in
 23
 24{
 25
 26  options = {
 27
 28    services.ntopng = {
 29
 30      enable = mkOption {
 31        default = false;
 32        type = types.bool;
 33        description = ''
 34          Enable ntopng, a high-speed web-based traffic analysis and flow
 35          collection tool.
 36
 37          With the default configuration, ntopng monitors all network
 38          interfaces and displays its findings at http://localhost:${toString
 39          cfg.http-port}. Default username and password is admin/admin.
 40
 41          See the ntopng(8) manual page and http://www.ntop.org/products/ntop/
 42          for more info.
 43
 44          Note that enabling ntopng will also enable redis (key-value
 45          database server) for persistent data storage.
 46        '';
 47      };
 48
 49      interfaces = mkOption {
 50        default = [ "any" ];
 51        example = [ "eth0" "wlan0" ];
 52        type = types.listOf types.str;
 53        description = ''
 54          List of interfaces to monitor. Use "any" to monitor all interfaces.
 55        '';
 56      };
 57
 58      http-port = mkOption {
 59        default = 3000;
 60        type = types.int;
 61        description = ''
 62          Sets the HTTP port of the embedded web server.
 63        '';
 64      };
 65
 66      configText = mkOption {
 67        default = "";
 68        example = ''
 69          --interface=any
 70          --http-port=3000
 71          --disable-login
 72        '';
 73        type = types.lines;
 74        description = ''
 75          Overridable configuration file contents to use for ntopng. By
 76          default, use the contents automatically generated by NixOS.
 77        '';
 78      };
 79
 80      extraConfig = mkOption {
 81        default = "";
 82        type = types.lines;
 83        description = ''
 84          Configuration lines that will be appended to the generated ntopng
 85          configuration file. Note that this mechanism does not work when the
 86          manual <option>configText</option> option is used.
 87        '';
 88      };
 89
 90    };
 91
 92  };
 93
 94  config = mkIf cfg.enable {
 95
 96    # ntopng uses redis for data storage
 97    services.redis.enable = true;
 98
 99    # nice to have manual page and ntopng command in PATH
100    environment.systemPackages = [ pkgs.ntopng ];
101
102    systemd.services.ntopng = {
103      description = "Ntopng Network Monitor";
104      requires = [ "redis.service" ];
105      after = [ "network.target" "redis.service" ];
106      wantedBy = [ "multi-user.target" ];
107      preStart = "mkdir -p /var/lib/ntopng/";
108      serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
109      unitConfig.Documentation = "man:ntopng(8)";
110    };
111
112    # ntopng drops priveleges to user "nobody" and that user is already defined
113    # in users-groups.nix.
114  };
115
116}