diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 078ea225e16..684850df2ae 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -170,6 +170,7 @@
./services/networking/minidlna.nix
./services/networking/nat.nix
./services/networking/networkmanager.nix
+ ./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/oidentd.nix
./services/networking/openfire.nix
diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix
new file mode 100644
index 00000000000..156a6b32a6a
--- /dev/null
+++ b/nixos/modules/services/networking/ntopng.nix
@@ -0,0 +1,116 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+ cfg = config.services.ntopng;
+ redisCfg = config.services.redis;
+
+ configFile = if cfg.configText != "" then
+ pkgs.writeText "ntopng.conf" ''
+ ${cfg.configText}
+ ''
+ else
+ pkgs.writeText "ntopng.conf" ''
+ ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
+ --http-port=${toString cfg.http-port}
+ --redis=localhost:${toString redisCfg.port}
+ ${cfg.extraConfig}
+ '';
+
+in
+
+{
+
+ options = {
+
+ services.ntopng = {
+
+ enable = mkOption {
+ default = false;
+ type = types.bool;
+ description = ''
+ Enable ntopng, a high-speed web-based traffic analysis and flow
+ collection tool.
+
+ With the default configuration, ntopng monitors all network
+ interfaces and displays its findings at http://localhost:${toString
+ cfg.http-port}. Default username and password is admin/admin.
+
+ See the ntopng(8) manual page and http://www.ntop.org/products/ntop/
+ for more info.
+
+ Note that enabling ntopng will also enable redis (key-value
+ database server) for persistent data storage.
+ '';
+ };
+
+ interfaces = mkOption {
+ default = [ "any" ];
+ example = [ "eth0" "wlan0" ];
+ type = types.listOf types.str;
+ description = ''
+ List of interfaces to monitor. Use "any" to monitor all interfaces.
+ '';
+ };
+
+ http-port = mkOption {
+ default = 3000;
+ type = types.uniq types.int;
+ description = ''
+ Sets the HTTP port of the embedded web server.
+ '';
+ };
+
+ configText = mkOption {
+ default = "";
+ example = ''
+ --interface=any
+ --http-port=3000
+ --disable-login
+ '';
+ type = types.lines;
+ description = ''
+ Overridable configuration file contents to use for ntopng. By
+ default, use the contents automatically generated by NixOS.
+ '';
+ };
+
+ extraConfig = mkOption {
+ default = "";
+ type = types.lines;
+ description = ''
+ Configuration lines that will be appended to the generated ntopng
+ configuration file. Note that this mechanism does not work when the
+ manual option is used.
+ '';
+ };
+
+ };
+
+ };
+
+ config = mkIf cfg.enable {
+
+ # ntopng uses redis for data storage
+ services.redis.enable = true;
+
+ # nice to have manual page and ntopng command in PATH
+ environment.systemPackages = [ pkgs.ntopng ];
+
+ systemd.services.ntopng = {
+ description = "Ntopng Network Monitor";
+ requires = [ "redis.service" ];
+ after = [ "network.target" "redis.service" ];
+ wantedBy = [ "multi-user.target" ];
+ preStart = "mkdir -p /var/lib/ntopng/";
+ serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
+ unitConfig.Documentation = "man:ntopng(8)";
+ };
+
+ # ntopng drops priveleges to user "nobody" and that user is already defined
+ # in users-groups.nix.
+ };
+
+}
diff --git a/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch b/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch
new file mode 100644
index 00000000000..8bec643c6e5
--- /dev/null
+++ b/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch
@@ -0,0 +1,24 @@
+From d0c56a14e0432faca1e9438b84e5e4090d293bb9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?=
+Date: Tue, 3 Dec 2013 20:42:24 +0000
+Subject: [PATCH 1/2] Undo weird modification of data_dir
+
+---
+ Prefs.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Prefs.cpp b/Prefs.cpp
+index b4fde5f..ca04ca1 100644
+--- a/Prefs.cpp
++++ b/Prefs.cpp
+@@ -408,7 +408,6 @@ int Prefs::checkOptions() {
+ ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to create log %s", path);
+ }
+
+- free(data_dir); data_dir = strdup(ntop->get_install_dir());
+ docs_dir = ntop->getValidPath(docs_dir);
+ scripts_dir = ntop->getValidPath(scripts_dir);
+ callbacks_dir = ntop->getValidPath(callbacks_dir);
+--
+1.8.4.3
+
diff --git a/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch b/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch
new file mode 100644
index 00000000000..99467c37126
--- /dev/null
+++ b/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch
@@ -0,0 +1,29 @@
+From d77b42003d13e2775be3255a26f380d6ccda8042 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?=
+Date: Tue, 3 Dec 2013 21:10:06 +0000
+Subject: [PATCH 2/2] Remove requirement to have writeable callback dir
+
+* ntopng doesn't write anything to the callback dir
+* it seems to be a copy-paste leftover error from data_dir a couple of
+ lines above
+---
+ Ntop.cpp | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/Ntop.cpp b/Ntop.cpp
+index 2fb027b..0b4881b 100644
+--- a/Ntop.cpp
++++ b/Ntop.cpp
+@@ -114,8 +114,7 @@ void Ntop::registerPrefs(Prefs *_prefs) {
+ }
+
+ if(stat(prefs->get_callbacks_dir(), &statbuf)
+- || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */
+- || (!(statbuf.st_mode & S_IWRITE)) /* It's not writable */) {
++ || (!(statbuf.st_mode & S_IFDIR))) { /* It's not a directory */
+ ntop->getTrace()->traceEvent(TRACE_ERROR, "Invalid directory %s specified",
+ prefs->get_callbacks_dir());
+ exit(-1);
+--
+1.8.4.3
+
diff --git a/pkgs/tools/networking/ntopng/default.nix b/pkgs/tools/networking/ntopng/default.nix
new file mode 100644
index 00000000000..e4f59a98cf0
--- /dev/null
+++ b/pkgs/tools/networking/ntopng/default.nix
@@ -0,0 +1,51 @@
+{ stdenv, fetchurl, libpcap, gnutls, libgcrypt, libxml2, glib, geoip, sqlite
+, which }:
+
+# ntopng includes LuaJIT, mongoose, rrdtool and zeromq in its third-party/
+# directory.
+
+stdenv.mkDerivation rec {
+ name = "ntopng-1.1_6932";
+
+ src = fetchurl {
+ url = "mirror://sourceforge/ntop/files/ntopng/${name}.tgz";
+ sha256 = "0cdbmrsjp3bb7xzci0vfnnkmbyxwxbf47l4kbnk4ydd7xwhwdnzr";
+ };
+
+ patches = [
+ ./0001-Undo-weird-modification-of-data_dir.patch
+ ./0002-Remove-requirement-to-have-writeable-callback-dir.patch
+ ];
+
+ buildInputs = [ libpcap gnutls libgcrypt libxml2 glib geoip sqlite which ];
+
+ preBuild = ''
+ sed -e "s|^SHELL=.*|SHELL=${stdenv.shell}|" \
+ -e "s|/usr/local|$out|g" \
+ -e "s|/bin/rm|rm|g" \
+ -i Makefile
+
+ sed -e "s|^SHELL=.*|SHELL=${stdenv.shell}|" \
+ -e "s|/usr/local|$out|g" \
+ -e "s|/opt/local|/non-existing-dir|g" \
+ -i configure
+
+ sed -e "s|/usr/local|$out|g" \
+ -i Ntop.cpp
+
+ sed -e "s|\(#define CONST_DEFAULT_DATA_DIR\).*|\1 \"/var/lib/ntopng\"|g" \
+ -e "s|\(#define CONST_DEFAULT_DOCS_DIR\).*|\1 \"$out/share/ntopng/httpdocs\"|g" \
+ -e "s|\(#define CONST_DEFAULT_SCRIPTS_DIR\).*|\1 \"$out/share/ntopng/scripts\"|g" \
+ -e "s|\(#define CONST_DEFAULT_CALLBACKS_DIR\).*|\1 \"$out/share/ntopng/scripts/callbacks\"|g" \
+ -e "s|\(#define CONST_DEFAULT_INSTALL_DIR\).*|\1 \"$out/share/ntopng\"|g" \
+ -i ntop_defines.h
+ '';
+
+ meta = with stdenv.lib; {
+ description = "High-speed web-based traffic analysis and flow collection tool";
+ homepage = http://www.ntop.org/products/ntop/;
+ license = licenses.gpl3Plus;
+ platforms = platforms.linux;
+ maintainers = [ maintainers.bjornfor ];
+ };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index c921ada6498..032a3f4baab 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -1448,6 +1448,8 @@ let
ntop = callPackage ../tools/networking/ntop { };
+ ntopng = callPackage ../tools/networking/ntopng { };
+
ntp = callPackage ../tools/networking/ntp { };
numdiff = callPackage ../tools/text/numdiff { };