From dd3e416e1e3bb0acf7edc128b2812571a59caf33 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 16 Feb 2022 20:47:27 +0300 Subject: [PATCH 1/4] ndpi: 4.0 -> 4.2 --- pkgs/development/libraries/ndpi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/ndpi/default.nix b/pkgs/development/libraries/ndpi/default.nix index a45884f72dc6..36efb886d141 100644 --- a/pkgs/development/libraries/ndpi/default.nix +++ b/pkgs/development/libraries/ndpi/default.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "ndpi"; - version = "4.0"; + version = "4.2"; src = fetchFromGitHub { owner = "ntop"; repo = "nDPI"; rev = version; - sha256 = "0snzvlracc6s7r2pgdn0jqcc7nxjxzcivsa579h90g5ibhhplv5x"; + sha256 = "sha256-ZWWuyPGl+hbrfXdtPvCBqMReuJ4FiGx+qiI7qCz6wtQ="; }; configureScript = "./autogen.sh"; From 6a91c56637e58e3dd4b7c2ff05998169e5c43f37 Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 16 Feb 2022 20:47:37 +0300 Subject: [PATCH 2/4] ntopng: 2.0 -> 5.2.1 --- ...-Undo-weird-modification-of-data_dir.patch | 12 ---- ...ement-to-have-writeable-callback-dir.patch | 14 ----- .../0003-New-libpcap-defines-SOCKET.patch | 34 ----------- pkgs/tools/networking/ntopng/default.nix | 60 +++++++------------ 4 files changed, 22 insertions(+), 98 deletions(-) delete mode 100644 pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch delete mode 100644 pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch delete mode 100644 pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch diff --git a/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch b/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch deleted file mode 100644 index d794efeac08a..000000000000 --- a/pkgs/tools/networking/ntopng/0001-Undo-weird-modification-of-data_dir.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/Prefs.cpp b/src/Prefs.cpp -index 76385c4..db8d20d 100755 ---- a/src/Prefs.cpp -+++ b/src/Prefs.cpp -@@ -795,7 +795,6 @@ int Prefs::checkOptions() { - ntop->getTrace()->traceEvent(TRACE_ERROR, "Unable to create log %s", path); - } - -- free(data_dir); data_dir = strdup(ntop->get_install_dir()); - docs_dir = ntop->getValidPath(docs_dir); - scripts_dir = ntop->getValidPath(scripts_dir); - callbacks_dir = ntop->getValidPath(callbacks_dir); diff --git a/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch b/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch deleted file mode 100644 index 50ed1daebd48..000000000000 --- a/pkgs/tools/networking/ntopng/0002-Remove-requirement-to-have-writeable-callback-dir.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/src/Ntop.cpp b/src/Ntop.cpp -index 8de92a9..510418f 100644 ---- a/src/Ntop.cpp -+++ b/src/Ntop.cpp -@@ -197,8 +197,7 @@ void Ntop::registerPrefs(Prefs *_prefs) { - } - - if(stat(prefs->get_callbacks_dir(), &statbuf) -- || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */ -- || (!(statbuf.st_mode & S_IWRITE)) /* It's not writable */) { -+ || (!(statbuf.st_mode & S_IFDIR)) /* It's not a directory */) { - ntop->getTrace()->traceEvent(TRACE_ERROR, "Invalid directory %s specified", - prefs->get_callbacks_dir()); - _exit(-1); diff --git a/pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch b/pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch deleted file mode 100644 index 51c9a706f898..000000000000 --- a/pkgs/tools/networking/ntopng/0003-New-libpcap-defines-SOCKET.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9cb650ea96c0e5063775071cfdae072e92c553b8 Mon Sep 17 00:00:00 2001 -From: emanuele-f -Date: Tue, 18 Sep 2018 12:49:57 +0200 -Subject: [PATCH] Compilation fix with new libpcap - -SOCKET and INVALID_SOCKET are now defined in pcap.h ---- - third-party/mongoose/mongoose.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/third-party/mongoose/mongoose.c b/third-party/mongoose/mongoose.c -index 6a61cea9b..634c142e3 100644 ---- a/third-party/mongoose/mongoose.c -+++ b/third-party/mongoose/mongoose.c -@@ -247,7 +247,9 @@ struct pollfd { - #define mg_rename(x, y) rename(x, y) - #define mg_sleep(x) usleep((x) * 1000) - #define ERRNO errno -+#ifndef INVALID_SOCKET - #define INVALID_SOCKET (-1) -+#endif - - /* ntop */ - #if ((ULONG_MAX) == (UINT_MAX)) -@@ -270,7 +272,9 @@ struct pollfd { - #endif - - //#define INT64_FMT PRId64 -+#ifndef SOCKET - typedef int SOCKET; -+#endif - #define WINCDECL - - #endif // End of Windows and UNIX specific includes diff --git a/pkgs/tools/networking/ntopng/default.nix b/pkgs/tools/networking/ntopng/default.nix index 46dd586c0fa1..652ad4e28867 100644 --- a/pkgs/tools/networking/ntopng/default.nix +++ b/pkgs/tools/networking/ntopng/default.nix @@ -1,62 +1,46 @@ -{ lib, stdenv, fetchurl, libpcap,/* gnutls, libgcrypt,*/ libxml2, glib -, geoip, geolite-legacy, sqlite, which, autoreconfHook, git -, pkg-config, groff, curl, json_c, luajit, zeromq, rrdtool +{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, bash, autoreconfHook +, zeromq, ndpi, json_c, openssl, libpcap, libcap, curl, libmaxminddb +, rrdtool, sqlite, libmysqlclient, expat, net-snmp }: -# ntopng includes LuaJIT, mongoose, rrdtool and zeromq in its third-party/ -# directory, but we use luajit, zeromq, and rrdtool from nixpkgs - stdenv.mkDerivation rec { pname = "ntopng"; - version = "2.0"; + version = "5.2.1"; - src = fetchurl { - urls = [ - "mirror://sourceforge/project/ntop/ntopng/old/ntopng-${version}.tar.gz" - "mirror://sourceforge/project/ntop/ntopng/ntopng-${version}.tar.gz" - ]; - sha256 = "0l82ivh05cmmqcvs26r6y69z849d28njipphqzvnakf43ggddgrw"; + src = fetchFromGitHub { + owner = "ntop"; + repo = "ntopng"; + rev = version; + sha256 = "sha256-FeRERSq8F3HEelUCkA6pgNNcP94xrWy6EbJgk+cEdqc="; }; patches = [ - ./0001-Undo-weird-modification-of-data_dir.patch - ./0002-Remove-requirement-to-have-writeable-callback-dir.patch - ./0003-New-libpcap-defines-SOCKET.patch + (fetchpatch { + url = "https://github.com/ntop/ntopng/commit/0aa580e1a45f248fffe6d11729ce40571f08e187.patch"; + sha256 = "sha256-xqEVwfGgkNS+akbJnLZsVvEQdp9GxxUen8VkFomtcPI="; + }) ]; - buildInputs = [ libpcap/* gnutls libgcrypt*/ libxml2 glib geoip geolite-legacy - sqlite which autoreconfHook git pkg-config groff curl json_c luajit zeromq - rrdtool ]; + nativeBuildInputs = [ bash autoreconfHook pkg-config ]; + buildInputs = [ + zeromq ndpi json_c openssl libpcap curl libmaxminddb rrdtool sqlite + libmysqlclient expat net-snmp libcap + ]; - autoreconfPhase = '' - substituteInPlace autogen.sh --replace "/bin/rm" "rm" - substituteInPlace nDPI/autogen.sh --replace "/bin/rm" "rm" - $shell autogen.sh - ''; + autoreconfPhase = "bash autogen.sh"; preConfigure = '' substituteInPlace Makefile.in --replace "/bin/rm" "rm" ''; preBuild = '' - substituteInPlace src/Ntop.cpp --replace "/usr/local" "$out" - - sed -e "s|\(#define CONST_DEFAULT_DATA_DIR\).*|\1 \"/var/lib/ntopng\"|g" \ - -e "s|\(#define CONST_DEFAULT_DOCS_DIR\).*|\1 \"$out/share/ntopng/httpdocs\"|g" \ - -e "s|\(#define CONST_DEFAULT_SCRIPTS_DIR\).*|\1 \"$out/share/ntopng/scripts\"|g" \ - -e "s|\(#define CONST_DEFAULT_CALLBACKS_DIR\).*|\1 \"$out/share/ntopng/scripts/callbacks\"|g" \ - -e "s|\(#define CONST_DEFAULT_INSTALL_DIR\).*|\1 \"$out/share/ntopng\"|g" \ + sed -e "s|\(#define CONST_BIN_DIR \).*|\1\"$out/bin\"|g" \ + -e "s|\(#define CONST_SHARE_DIR \).*|\1\"$out/share\"|g" \ -i include/ntop_defines.h - - rm -rf httpdocs/geoip - ln -s ${geolite-legacy}/share/GeoIP httpdocs/geoip - '' + lib.optionalString stdenv.isDarwin '' - sed 's|LIBS += -lstdc++.6||' -i Makefile ''; - NIX_CFLAGS_COMPILE = "-fpermissive" - + lib.optionalString stdenv.cc.isClang " -Wno-error=reserved-user-defined-literal"; + enableParallelBuilding = true; meta = with lib; { description = "High-speed web-based traffic analysis and flow collection tool"; From 41f4d999ad6ea5233e0852daea33d3c375b5a5ee Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Sat, 12 Feb 2022 15:45:57 +0300 Subject: [PATCH 3/4] nixos/ntopng: update user and redis configuration New ntopng version supports running as specified user. Create a separate user for ntopng with a separate Redis instance. Separate instance is only used for new `system.stateVersion`s to avoid breaking existing setups. To configure that we add two new options, `redis.address` and `redis.createInstance`. They can also be used to specify your own Redis address. --- .../from_md/release-notes/rl-2205.section.xml | 9 +++ .../manual/release-notes/rl-2205.section.md | 2 + nixos/modules/services/networking/ntopng.nix | 55 ++++++++++++++++--- 3 files changed, 58 insertions(+), 8 deletions(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 42db2d060be6..5d0a9dc76ea7 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -318,6 +318,15 @@ virtualisation.docker.daemon.settings. + + + Ntopng (services.ntopng) is updated to + 5.2.1 and uses a separate Redis instance if + system.stateVersion is at least + 22.05. Existing setups shouldn’t be + affected. + + The backward compatibility in diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 7bb7b1c33b16..7846513c6070 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -104,6 +104,8 @@ In addition to numerous new and upgraded packages, this release has the followin - If you previously used `/etc/docker/daemon.json`, you need to incorporate the changes into the new option `virtualisation.docker.daemon.settings`. +- Ntopng (`services.ntopng`) is updated to 5.2.1 and uses a separate Redis instance if `system.stateVersion` is at least `22.05`. Existing setups shouldn't be affected. + - The backward compatibility in `services.wordpress` to configure sites with the old interface has been removed. Please use `services.wordpress.sites` instead. diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix index 77a004e8ab3a..2c45d418a0db 100644 --- a/nixos/modules/services/networking/ntopng.nix +++ b/nixos/modules/services/networking/ntopng.nix @@ -6,7 +6,13 @@ let cfg = config.services.ntopng; opt = options.services.ntopng; - redisCfg = config.services.redis; + + createRedis = cfg.redis.createInstance != null; + redisService = + if cfg.redis.createInstance == "" then + "redis.service" + else + "redis-${cfg.redis.createInstance}.service"; configFile = if cfg.configText != "" then pkgs.writeText "ntopng.conf" '' @@ -16,7 +22,9 @@ let pkgs.writeText "ntopng.conf" '' ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)} --http-port=${toString cfg.http-port} - --redis=localhost:${toString redisCfg.port} + --redis=${cfg.redis.address} + --data-dir=/var/lib/ntopng + --user=ntopng ${cfg.extraConfig} ''; @@ -64,6 +72,24 @@ in ''; }; + redis.address = mkOption { + type = types.str; + example = literalExpression "config.services.redis.ntopng.unixSocket"; + description = '' + Redis address - may be a Unix socket or a network host and port. + ''; + }; + + redis.createInstance = mkOption { + type = types.nullOr types.str; + default = if versionAtLeast config.system.stateVersion "22.05" then "ntopng" else ""; + description = '' + Local Redis instance name. Set to null to disable + local Redis instance. Defaults to "" for + system.stateVersion older than 22.05. + ''; + }; + configText = mkOption { default = ""; example = '' @@ -95,23 +121,36 @@ in config = mkIf cfg.enable { # ntopng uses redis for data storage - services.redis.enable = true; + services.ntopng.redis.address = + mkIf createRedis config.services.redis.servers.${cfg.redis.createInstance}.unixSocket; + + services.redis.servers = mkIf createRedis { + ${cfg.redis.createInstance} = { + enable = true; + user = mkIf (cfg.redis.createInstance == "ntopng") "ntopng"; + }; + }; # nice to have manual page and ntopng command in PATH environment.systemPackages = [ pkgs.ntopng ]; + systemd.tmpfiles.rules = [ "d /var/lib/ntopng 0700 ntopng ntopng -" ]; + systemd.services.ntopng = { description = "Ntopng Network Monitor"; - requires = [ "redis.service" ]; - after = [ "network.target" "redis.service" ]; + requires = optional createRedis redisService; + after = [ "network.target" ] ++ optional createRedis redisService; wantedBy = [ "multi-user.target" ]; - preStart = "mkdir -p /var/lib/ntopng/"; serviceConfig.ExecStart = "${pkgs.ntopng}/bin/ntopng ${configFile}"; unitConfig.Documentation = "man:ntopng(8)"; }; - # ntopng drops priveleges to user "nobody" and that user is already defined - # in users-groups.nix. + users.extraUsers.ntopng = { + group = "ntopng"; + isSystemUser = true; + }; + + users.extraGroups.ntopng = { }; }; } From a347d52074c9aa5d39daae21bc1083dfc23d5f7b Mon Sep 17 00:00:00 2001 From: Nikolay Amiantov Date: Wed, 16 Feb 2022 21:33:19 +0300 Subject: [PATCH 4/4] nixos/ntopng: http-port -> httpPort --- nixos/modules/services/networking/ntopng.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/networking/ntopng.nix b/nixos/modules/services/networking/ntopng.nix index 2c45d418a0db..022fc923edaa 100644 --- a/nixos/modules/services/networking/ntopng.nix +++ b/nixos/modules/services/networking/ntopng.nix @@ -21,7 +21,7 @@ let else pkgs.writeText "ntopng.conf" '' ${concatStringsSep " " (map (e: "--interface=" + e) cfg.interfaces)} - --http-port=${toString cfg.http-port} + --http-port=${toString cfg.httpPort} --redis=${cfg.redis.address} --data-dir=/var/lib/ntopng --user=ntopng @@ -32,6 +32,10 @@ in { + imports = [ + (mkRenamedOptionModule [ "services" "ntopng" "http-port" ] [ "services" "ntopng" "httpPort" ]) + ]; + options = { services.ntopng = { @@ -64,7 +68,7 @@ in ''; }; - http-port = mkOption { + httpPort = mkOption { default = 3000; type = types.int; description = ''