{ pkgs, config, ... }: {

  users.users.mainUser.extraGroups = [ "wireshark" ];
  programs.wireshark.enable = true;

  environment.systemPackages = [

    pkgs.wireshark

    # alternative packet analyzer (only works with elasticsearch)
    pkgs.packetbeat7
  ];

  # elastic search is good for analysing stuff
  # https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
  services.elasticsearch.enable = true;
  services.elasticsearch.listenAddress =
    "${config.networking.hostName}.private";
  services.kibana.enable = true;
  services.kibana.elasticsearch.hosts =
    [ "http://${config.networking.hostName}.private:9200" ];
  services.kibana.listenAddress = "${config.networking.hostName}.private";
  services.kibana.port = 5601;

  # using tshark with elastic search
  # --------------------------------
  # tshark -r file.pcap -T ek > packages.json
  # curl -XPOST "sterni.private:9200/packets/doc/_bulk" -H 'Content-Type: application/json' --data-binary "@packets.json"

  services.nginx = {
    enable = true;
    statusPage = true;
    virtualHosts = {
      "kibana.${config.networking.hostName}.private" = {
        serverAliases = [ ];
        locations."/" = {
          proxyPass = "http://${config.networking.hostName}.private:${
              toString config.services.kibana.port
            }";
        };
      };
    };
  };

}