Merge pull request #1340 from bjornfor/ntopng

Add ntopng package and nixos service module

nixos/modules/module-list.nix

@@ -170,6 +170,7 @@
   ./services/networking/minidlna.nix
   ./services/networking/nat.nix
   ./services/networking/networkmanager.nix
+  ./services/networking/ntopng.nix
   ./services/networking/ntpd.nix
   ./services/networking/oidentd.nix
   ./services/networking/openfire.nix

nixos/modules/services/networking/ntopng.nix

@@ -0,0 +1,116 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.ntopng;
+  redisCfg = config.services.redis;
+
+  configFile = if cfg.configText != "" then
+    pkgs.writeText "ntopng.conf" ''
+      ${cfg.configText}
+    ''
+    else
+    pkgs.writeText "ntopng.conf" ''
+      ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
+      --http-port=${toString cfg.http-port}
+      --redis=localhost:${toString redisCfg.port}
+      ${cfg.extraConfig}
+    '';
+
+in
+
+{
+
+  options = {
+
+    services.ntopng = {
+
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Enable ntopng, a high-speed web-based traffic analysis and flow
+          collection tool.
+
+          With the default configuration, ntopng monitors all network
+          interfaces and displays its findings at http://localhost:${toString
+          cfg.http-port}. Default username and password is admin/admin.
+
+          See the ntopng(8) manual page and http://www.ntop.org/products/ntop/
+          for more info.
+
+          Note that enabling ntopng will also enable redis (key-value
+          database server) for persistent data storage.
+        '';
+      };
+
+      interfaces = mkOption {
+        default = [ "any" ];
+        example = [ "eth0" "wlan0" ];
+        type = types.listOf types.str;
+        description = ''
+          List of interfaces to monitor. Use "any" to monitor all interfaces.
+        '';
+      };
+
+      http-port = mkOption {
+        default = 3000;
+        type = types.uniq types.int;
+        description = ''
+          Sets the HTTP port of the embedded web server.
+        '';
+      };
+
+      configText = mkOption {
+        default = "";
+        example = ''
+          --interface=any
+          --http-port=3000
+          --disable-login
+        '';
+        type = types.lines;
+        description = ''
+          Overridable configuration file contents to use for ntopng. By
+          default, use the contents automatically generated by NixOS.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        type = types.lines;
+        description = ''
+          Configuration lines that will be appended to the generated ntopng
+          configuration file. Note that this mechanism does not work when the
+          manual <option>configText</option> option is used.
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    # ntopng uses redis for data storage
+    services.redis.enable = true;
+
+    # nice to have manual page and ntopng command in PATH
+    environment.systemPackages = [ pkgs.ntopng ];
+
+    systemd.services.ntopng = {
+      description = "Ntopng Network Monitor";
+      requires = [ "redis.service" ];
+      after = [ "network.target" "redis.service" ];
+      wantedBy = [ "multi-user.target" ];
+      preStart = "mkdir -p /var/lib/ntopng/";
+      serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
+      unitConfig.Documentation = "man:ntopng(8)";
+    };
+
+    # ntopng drops priveleges to user "nobody" and that user is already defined
+    # in users-groups.nix.
+  };
+
+}

pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch

@@ -0,0 +1,24 @@
+From d0c56a14e0432faca1e9438b84e5e4090d293bb9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
+Date: Tue, 3 Dec 2013 20:42:24 +0000
+Subject: [PATCH 1/2] Undo weird modification of data_dir
+
+---
+ Prefs.cpp | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Prefs.cpp b/Prefs.cpp
+index b4fde5f..ca04ca1 100644
+--- a/Prefs.cpp
++++ b/Prefs.cpp
+@@ -408,7 +408,6 @@ int Prefs::checkOptions() {
+ 			ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to create log %s", path);
+   }
+ 
+-  free(data_dir); data_dir = strdup(ntop->get_install_dir());
+   docs_dir      = ntop->getValidPath(docs_dir);
+   scripts_dir   = ntop->getValidPath(scripts_dir);
+   callbacks_dir = ntop->getValidPath(callbacks_dir);
+-- 
+1.8.4.3
+

pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch

@@ -0,0 +1,29 @@
+From d77b42003d13e2775be3255a26f380d6ccda8042 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
+Date: Tue, 3 Dec 2013 21:10:06 +0000
+Subject: [PATCH 2/2] Remove requirement to have writeable callback dir
+
+* ntopng doesn't write anything to the callback dir
+* it seems to be a copy-paste leftover error from data_dir a couple of
+  lines above
+---
+ Ntop.cpp | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/Ntop.cpp b/Ntop.cpp
+index 2fb027b..0b4881b 100644
+--- a/Ntop.cpp
++++ b/Ntop.cpp
+@@ -114,8 +114,7 @@ void Ntop::registerPrefs(Prefs *_prefs) {
+   }
+ 
+   if(stat(prefs->get_callbacks_dir(), &statbuf)
+-     || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */
+-     || (!(statbuf.st_mode & S_IWRITE)) /* It's not writable    */) {
++     || (!(statbuf.st_mode & S_IFDIR))) { /* It's not a directory */
+     ntop->getTrace()->traceEvent(TRACE_ERROR, "Invalid directory %s specified",
+ 				 prefs->get_callbacks_dir());
+     exit(-1);
+-- 
+1.8.4.3
+

pkgs/tools/networking/ntopng/default.nix

@@ -0,0 +1,51 @@
+{ stdenv, fetchurl, libpcap, gnutls, libgcrypt, libxml2, glib, geoip, sqlite
+, which }:
+
+# ntopng includes LuaJIT, mongoose, rrdtool and zeromq in its third-party/
+# directory.
+
+stdenv.mkDerivation rec {
+  name = "ntopng-1.1_6932";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/ntop/files/ntopng/${name}.tgz";
+    sha256 = "0cdbmrsjp3bb7xzci0vfnnkmbyxwxbf47l4kbnk4ydd7xwhwdnzr";
+  };
+
+  patches = [
+    ./0001-Undo-weird-modification-of-data_dir.patch
+    ./0002-Remove-requirement-to-have-writeable-callback-dir.patch
+  ];
+
+  buildInputs = [ libpcap gnutls libgcrypt libxml2 glib geoip sqlite which ];
+
+  preBuild = ''
+    sed -e "s|^SHELL=.*|SHELL=${stdenv.shell}|" \
+        -e "s|/usr/local|$out|g" \
+        -e "s|/bin/rm|rm|g" \
+        -i Makefile
+
+    sed -e "s|^SHELL=.*|SHELL=${stdenv.shell}|" \
+        -e "s|/usr/local|$out|g" \
+        -e "s|/opt/local|/non-existing-dir|g" \
+        -i configure
+
+    sed -e "s|/usr/local|$out|g" \
+        -i Ntop.cpp
+
+    sed -e "s|\(#define CONST_DEFAULT_DATA_DIR\).*|\1 \"/var/lib/ntopng\"|g" \
+        -e "s|\(#define CONST_DEFAULT_DOCS_DIR\).*|\1 \"$out/share/ntopng/httpdocs\"|g" \
+        -e "s|\(#define CONST_DEFAULT_SCRIPTS_DIR\).*|\1 \"$out/share/ntopng/scripts\"|g" \
+        -e "s|\(#define CONST_DEFAULT_CALLBACKS_DIR\).*|\1 \"$out/share/ntopng/scripts/callbacks\"|g" \
+        -e "s|\(#define CONST_DEFAULT_INSTALL_DIR\).*|\1 \"$out/share/ntopng\"|g" \
+        -i ntop_defines.h
+  '';
+
+  meta = with stdenv.lib; {
+    description = "High-speed web-based traffic analysis and flow collection tool";
+    homepage = http://www.ntop.org/products/ntop/;
+    license = licenses.gpl3Plus;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
+  };
+}

pkgs/top-level/all-packages.nix

@@ -1448,6 +1448,8 @@ let
 
   ntop = callPackage ../tools/networking/ntop { };
 
+  ntopng = callPackage ../tools/networking/ntopng { };
+
   ntp = callPackage ../tools/networking/ntp { };
 
   numdiff = callPackage ../tools/text/numdiff { };