48 lines
1.4 KiB
Nix
48 lines
1.4 KiB
Nix
{ pkgs, config, ... }: {
|
|
|
|
users.users.mainUser.extraGroups = [ "wireshark" ];
|
|
programs.wireshark.enable = true;
|
|
|
|
|
|
|
|
environment.systemPackages = [
|
|
|
|
pkgs.wireshark
|
|
|
|
# alternative packet analyzer (only works with elasticsearch)
|
|
pkgs.packetbeat7
|
|
];
|
|
|
|
|
|
# elastic search is good for analysing stuff
|
|
# https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
|
|
services.elasticsearch.enable = true;
|
|
services.elasticsearch.listenAddress =
|
|
"${config.networking.hostName}.private";
|
|
services.kibana.enable = true;
|
|
services.kibana.elasticsearch.hosts =
|
|
[ "http://${config.networking.hostName}.private:9200" ];
|
|
services.kibana.listenAddress = "${config.networking.hostName}.private";
|
|
services.kibana.port = 5601;
|
|
|
|
# using tshark with elastic search
|
|
# --------------------------------
|
|
# tshark -r file.pcap -T ek > packages.json
|
|
# curl -XPOST "sterni.private:9200/packets/doc/_bulk" -H 'Content-Type: application/json' --data-binary "@packets.json"
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
statusPage = true;
|
|
virtualHosts = {
|
|
"kibana.${config.networking.hostName}.private" = {
|
|
serverAliases = [ ];
|
|
locations."/" = {
|
|
proxyPass = "http://${config.networking.hostName}.private:${
|
|
toString config.services.kibana.port
|
|
}";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
}
|