add wireshark

configs/sterni/configuration.nix

@@ -10,6 +10,7 @@
     ./tinc.nix
 
     #./wifi-access-point.nix
+    ./wireshark.nix
 
   ];
 

configs/sterni/wireshark.nix

@@ -0,0 +1,48 @@
+{ pkgs, config, ... }: {
+
+  users.users.mainUser.extraGroups = [ "wireshark" ];
+  programs.wireshark.enable = true;
+
+
+
+  environment.systemPackages = [
+
+    pkgs.wireshark
+
+    # alternative packet analyzer (only works with elasticsearch)
+    pkgs.packetbeat7
+  ];
+
+
+  # elastic search is good for analysing stuff
+  # https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
+  services.elasticsearch.enable = true;
+  services.elasticsearch.listenAddress =
+    "${config.networking.hostName}.private";
+  services.kibana.enable = true;
+  services.kibana.elasticsearch.hosts =
+    [ "http://${config.networking.hostName}.private:9200" ];
+  services.kibana.listenAddress = "${config.networking.hostName}.private";
+  services.kibana.port = 5601;
+
+  # using tshark with elastic search
+  # --------------------------------
+  # tshark -r file.pcap -T ek > packages.json
+  # curl -XPOST "sterni.private:9200/packets/doc/_bulk" -H 'Content-Type: application/json' --data-binary "@packets.json"
+
+  services.nginx = {
+    enable = true;
+    statusPage = true;
+    virtualHosts = {
+      "kibana.${config.networking.hostName}.private" = {
+        serverAliases = [ ];
+        locations."/" = {
+          proxyPass = "http://${config.networking.hostName}.private:${
+              toString config.services.kibana.port
+            }";
+        };
+      };
+    };
+  };
+
+}