| blob | 66666a57fd8efb3dec18b0c6418b3053ff00e219 |
1 # This module defines global configuration for Haka.
3 { config, lib, pkgs, ... }:
5 with lib;
7 let
9 cfg = config.services.haka;
11 haka = cfg.package;
13 hakaConf = pkgs.writeText "haka.conf"
14 ''
15 [general]
16 configuration = ${if lib.strings.hasPrefix "/" cfg.configFile
17 then "${cfg.configFile}"
18 else "${haka}/share/haka/sample/${cfg.configFile}"}
19 ${optionalString (builtins.lessThan 0 cfg.threads) "thread = ${cfg.threads}"}
21 [packet]
22 ${optionalString cfg.pcap ''module = "packet/pcap"''}
23 ${optionalString cfg.nfqueue ''module = "packet/nqueue"''}
24 ${optionalString cfg.dump.enable ''dump = "yes"''}
25 ${optionalString cfg.dump.enable ''dump_input = "${cfg.dump.input}"''}
26 ${optionalString cfg.dump.enable ''dump_output = "${cfg.dump.output}"''}
28 interfaces = "${lib.strings.concatStringsSep "," cfg.interfaces}"
30 [log]
31 # Select the log module
32 module = "log/syslog"
34 # Set the default logging level
35 #level = "info,packet=debug"
37 [alert]
38 # Select the alert module
39 module = "alert/syslog"
41 # Disable alert on standard output
42 #alert_on_stdout = no
44 # alert/file module option
45 #file = "/dev/null"
46 '';
48 in
50 {
52 ###### interface
54 options = {
56 services.haka = {
58 enable = mkEnableOption "Haka";
60 package = mkPackageOption pkgs "haka" { };
62 configFile = mkOption {
63 default = "empty.lua";
64 example = "/srv/haka/myfilter.lua";
65 type = types.str;
66 description = ''
67 Specify which configuration file Haka uses.
68 It can be absolute path or a path relative to the sample directory of
69 the haka git repo.
70 '';
71 };
73 interfaces = mkOption {
74 default = [ "eth0" ];
75 example = [ "any" ];
76 type = with types; listOf str;
77 description = ''
78 Specify which interface(s) Haka listens to.
79 Use 'any' to listen to all interfaces.
80 '';
81 };
83 threads = mkOption {
84 default = 0;
85 example = 4;
86 type = types.int;
87 description = ''
88 The number of threads that will be used.
89 All system threads are used by default.
90 '';
91 };
93 pcap = mkOption {
94 default = true;
95 type = types.bool;
96 description = "Whether to enable pcap";
97 };
99 nfqueue = mkEnableOption "nfqueue";
101 dump.enable = mkEnableOption "dump";
102 dump.input = mkOption {
103 default = "/tmp/input.pcap";
104 example = "/path/to/file.pcap";
105 type = types.path;
106 description = "Path to file where incoming packets are dumped";
107 };
109 dump.output = mkOption {
110 default = "/tmp/output.pcap";
111 example = "/path/to/file.pcap";
112 type = types.path;
113 description = "Path to file where outgoing packets are dumped";
114 };
115 };
116 };
119 ###### implementation
121 config = mkIf cfg.enable {
123 assertions = [
124 { assertion = cfg.pcap != cfg.nfqueue;
125 message = "either pcap or nfqueue can be enabled, not both.";
126 }
127 { assertion = cfg.nfqueue -> !dump.enable;
128 message = "dump can only be used with nfqueue.";
129 }
130 { assertion = cfg.interfaces != [];
131 message = "at least one interface must be specified.";
132 }];
135 environment.systemPackages = [ haka ];
137 systemd.services.haka = {
138 description = "Haka";
139 wantedBy = [ "multi-user.target" ];
140 after = [ "network.target" ];
141 serviceConfig = {
142 ExecStart = "${haka}/bin/haka -c ${hakaConf}";
143 ExecStop = "${haka}/bin/hakactl stop";
144 User = "root";
145 Type = "forking";
146 };
147 };
148 };
149 }