diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 31093bdbd013..7502214c86be 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -413,6 +413,15 @@
virtualisation.docker.daemon.settings.
+
+
+ Ntopng (services.ntopng) is updated to
+ 5.2.1 and uses a separate Redis instance if
+ system.stateVersion is at least
+ 22.05. Existing setups shouldn’t be
+ affected.
+
+
The backward compatibility in
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index 258cd2fe3166..c96f898505a2 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -136,6 +136,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`.
+- Ntopng (`services.ntopng`) is updated to 5.2.1 and uses a separate Redis instance if `system.stateVersion` is at least `22.05`. Existing setups shouldn't be affected.
+
- The backward compatibility in `services.wordpress` to configure sites with
the old interface has been removed. Please use `services.wordpress.sites`
instead.
diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix
index 77a004e8ab3a..022fc923edaa 100644
--- a/nixos/modules/services/networking/ntopng.nix
+++ b/nixos/modules/services/networking/ntopng.nix
@@ -6,7 +6,13 @@ let
cfg = config.services.ntopng;
opt = options.services.ntopng;
- redisCfg = config.services.redis;
+
+ createRedis = cfg.redis.createInstance != null;
+ redisService =
+ if cfg.redis.createInstance == "" then
+ "redis.service"
+ else
+ "redis-${cfg.redis.createInstance}.service";
configFile = if cfg.configText != "" then
pkgs.writeText "ntopng.conf" ''
@@ -15,8 +21,10 @@ let
else
pkgs.writeText "ntopng.conf" ''
${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)}
- --http-port=${toString cfg.http-port}
- --redis=localhost:${toString redisCfg.port}
+ --http-port=${toString cfg.httpPort}
+ --redis=${cfg.redis.address}
+ --data-dir=/var/lib/ntopng
+ --user=ntopng
${cfg.extraConfig}
'';
@@ -24,6 +32,10 @@ in
{
+ imports = [
+ (mkRenamedOptionModule [ "services" "ntopng" "http-port" ] [ "services" "ntopng" "httpPort" ])
+ ];
+
options = {
services.ntopng = {
@@ -56,7 +68,7 @@ in
'';
};
- http-port = mkOption {
+ httpPort = mkOption {
default = 3000;
type = types.int;
description = ''
@@ -64,6 +76,24 @@ in
'';
};
+ redis.address = mkOption {
+ type = types.str;
+ example = literalExpression "config.services.redis.ntopng.unixSocket";
+ description = ''
+ Redis address - may be a Unix socket or a network host and port.
+ '';
+ };
+
+ redis.createInstance = mkOption {
+ type = types.nullOr types.str;
+ default = if versionAtLeast config.system.stateVersion "22.05" then "ntopng" else "";
+ description = ''
+ Local Redis instance name. Set to null to disable
+ local Redis instance. Defaults to "" for
+ system.stateVersion older than 22.05.
+ '';
+ };
+
configText = mkOption {
default = "";
example = ''
@@ -95,23 +125,36 @@ in
config = mkIf cfg.enable {
# ntopng uses redis for data storage
- services.redis.enable = true;
+ services.ntopng.redis.address =
+ mkIf createRedis config.services.redis.servers.${cfg.redis.createInstance}.unixSocket;
+
+ services.redis.servers = mkIf createRedis {
+ ${cfg.redis.createInstance} = {
+ enable = true;
+ user = mkIf (cfg.redis.createInstance == "ntopng") "ntopng";
+ };
+ };
# nice to have manual page and ntopng command in PATH
environment.systemPackages = [ pkgs.ntopng ];
+ systemd.tmpfiles.rules = [ "d /var/lib/ntopng 0700 ntopng ntopng -" ];
+
systemd.services.ntopng = {
description = "Ntopng Network Monitor";
- requires = [ "redis.service" ];
- after = [ "network.target" "redis.service" ];
+ requires = optional createRedis redisService;
+ after = [ "network.target" ] ++ optional createRedis redisService;
wantedBy = [ "multi-user.target" ];
- preStart = "mkdir -p /var/lib/ntopng/";
serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}";
unitConfig.Documentation = "man:ntopng(8)";
};
- # ntopng drops priveleges to user "nobody" and that user is already defined
- # in users-groups.nix.
+ users.extraUsers.ntopng = {
+ group = "ntopng";
+ isSystemUser = true;
+ };
+
+ users.extraGroups.ntopng = { };
};
}
diff --git a/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch b/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch
deleted file mode 100644
index d794efeac08a..000000000000
--- a/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/src/Prefs.cpp b/src/Prefs.cpp
-index 76385c4..db8d20d 100755
---- a/src/Prefs.cpp
-+++ b/src/Prefs.cpp
-@@ -795,7 +795,6 @@ int Prefs::checkOptions() {
- ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to create log %s", path);
- }
-
-- free(data_dir); data_dir = strdup(ntop->get_install_dir());
- docs_dir = ntop->getValidPath(docs_dir);
- scripts_dir = ntop->getValidPath(scripts_dir);
- callbacks_dir = ntop->getValidPath(callbacks_dir);
diff --git a/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch b/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch
deleted file mode 100644
index 50ed1daebd48..000000000000
--- a/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/src/Ntop.cpp b/src/Ntop.cpp
-index 8de92a9..510418f 100644
---- a/src/Ntop.cpp
-+++ b/src/Ntop.cpp
-@@ -197,8 +197,7 @@ void Ntop::registerPrefs(Prefs *_prefs) {
- }
-
- if(stat(prefs->get_callbacks_dir(), &statbuf)
-- || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */
-- || (!(statbuf.st_mode & S_IWRITE)) /* It's not writable */) {
-+ || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */) {
- ntop->getTrace()->traceEvent(TRACE_ERROR, "Invalid directory %s specified",
- prefs->get_callbacks_dir());
- _exit(-1);
diff --git a/pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch b/pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch
deleted file mode 100644
index 51c9a706f898..000000000000
--- a/pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9cb650ea96c0e5063775071cfdae072e92c553b8 Mon Sep 17 00:00:00 2001
-From: emanuele-f
-Date: Tue, 18 Sep 2018 12:49:57 +0200
-Subject: [PATCH] Compilation fix with new libpcap
-
-SOCKET and INVALID_SOCKET are now defined in pcap.h
----
- third-party/mongoose/mongoose.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/third-party/mongoose/mongoose.c b/third-party/mongoose/mongoose.c
-index 6a61cea9b..634c142e3 100644
---- a/third-party/mongoose/mongoose.c
-+++ b/third-party/mongoose/mongoose.c
-@@ -247,7 +247,9 @@ struct pollfd {
- #define mg_rename(x, y) rename(x, y)
- #define mg_sleep(x) usleep((x) * 1000)
- #define ERRNO errno
-+#ifndef INVALID_SOCKET
- #define INVALID_SOCKET (-1)
-+#endif
-
- /* ntop */
- #if ((ULONG_MAX) == (UINT_MAX))
-@@ -270,7 +272,9 @@ struct pollfd {
- #endif
-
- //#define INT64_FMT PRId64
-+#ifndef SOCKET
- typedef int SOCKET;
-+#endif
- #define WINCDECL
-
- #endif // End of Windows and UNIX specific includes
diff --git a/pkgs/tools/networking/ntopng/default.nix b/pkgs/tools/networking/ntopng/default.nix
index 46dd586c0fa1..652ad4e28867 100644
--- a/pkgs/tools/networking/ntopng/default.nix
+++ b/pkgs/tools/networking/ntopng/default.nix
@@ -1,62 +1,46 @@
-{ lib, stdenv, fetchurl, libpcap,/* gnutls, libgcrypt,*/ libxml2, glib
-, geoip, geolite-legacy, sqlite, which, autoreconfHook, git
-, pkg-config, groff, curl, json_c, luajit, zeromq, rrdtool
+{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, bash, autoreconfHook
+, zeromq, ndpi, json_c, openssl, libpcap, libcap, curl, libmaxminddb
+, rrdtool, sqlite, libmysqlclient, expat, net-snmp
}:
-# ntopng includes LuaJIT, mongoose, rrdtool and zeromq in its third-party/
-# directory, but we use luajit, zeromq, and rrdtool from nixpkgs
-
stdenv.mkDerivation rec {
pname = "ntopng";
- version = "2.0";
+ version = "5.2.1";
- src = fetchurl {
- urls = [
- "mirror://sourceforge/project/ntop/ntopng/old/ntopng-${version}.tar.gz"
- "mirror://sourceforge/project/ntop/ntopng/ntopng-${version}.tar.gz"
- ];
- sha256 = "0l82ivh05cmmqcvs26r6y69z849d28njipphqzvnakf43ggddgrw";
+ src = fetchFromGitHub {
+ owner = "ntop";
+ repo = "ntopng";
+ rev = version;
+ sha256 = "sha256-FeRERSq8F3HEelUCkA6pgNNcP94xrWy6EbJgk+cEdqc=";
};
patches = [
- ./0001-Undo-weird-modification-of-data_dir.patch
- ./0002-Remove-requirement-to-have-writeable-callback-dir.patch
- ./0003-New-libpcap-defines-SOCKET.patch
+ (fetchpatch {
+ url = "https://github.com/ntop/ntopng/commit/0aa580e1a45f248fffe6d11729ce40571f08e187.patch";
+ sha256 = "sha256-xqEVwfGgkNS+akbJnLZsVvEQdp9GxxUen8VkFomtcPI=";
+ })
];
- buildInputs = [ libpcap/* gnutls libgcrypt*/ libxml2 glib geoip geolite-legacy
- sqlite which autoreconfHook git pkg-config groff curl json_c luajit zeromq
- rrdtool ];
+ nativeBuildInputs = [ bash autoreconfHook pkg-config ];
+ buildInputs = [
+ zeromq ndpi json_c openssl libpcap curl libmaxminddb rrdtool sqlite
+ libmysqlclient expat net-snmp libcap
+ ];
- autoreconfPhase = ''
- substituteInPlace autogen.sh --replace "/bin/rm" "rm"
- substituteInPlace nDPI/autogen.sh --replace "/bin/rm" "rm"
- $shell autogen.sh
- '';
+ autoreconfPhase = "bash autogen.sh";
preConfigure = ''
substituteInPlace Makefile.in --replace "/bin/rm" "rm"
'';
preBuild = ''
- substituteInPlace src/Ntop.cpp --replace "/usr/local" "$out"
-
- sed -e "s|\(#define CONST_DEFAULT_DATA_DIR\).*|\1 \"/var/lib/ntopng\"|g" \
- -e "s|\(#define CONST_DEFAULT_DOCS_DIR\).*|\1 \"$out/share/ntopng/httpdocs\"|g" \
- -e "s|\(#define CONST_DEFAULT_SCRIPTS_DIR\).*|\1 \"$out/share/ntopng/scripts\"|g" \
- -e "s|\(#define CONST_DEFAULT_CALLBACKS_DIR\).*|\1 \"$out/share/ntopng/scripts/callbacks\"|g" \
- -e "s|\(#define CONST_DEFAULT_INSTALL_DIR\).*|\1 \"$out/share/ntopng\"|g" \
+ sed -e "s|\(#define CONST_BIN_DIR \).*|\1\"$out/bin\"|g" \
+ -e "s|\(#define CONST_SHARE_DIR \).*|\1\"$out/share\"|g" \
-i include/ntop_defines.h
-
- rm -rf httpdocs/geoip
- ln -s ${geolite-legacy}/share/GeoIP httpdocs/geoip
- '' + lib.optionalString stdenv.isDarwin ''
- sed 's|LIBS += -lstdc++.6||' -i Makefile
'';
- NIX_CFLAGS_COMPILE = "-fpermissive"
- + lib.optionalString stdenv.cc.isClang " -Wno-error=reserved-user-defined-literal";
+ enableParallelBuilding = true;
meta = with lib; {
description = "High-speed web-based traffic analysis and flow collection tool";