ntopng and adguard now work

2026-01-20 00:47:36 +01:00 · 2026-01-20 00:47:36 +01:00 · f9c6cf6f55
commit f9c6cf6f55
parent 2db9235ad0
3 changed files with 71 additions and 556 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -14,7 +14,6 @@
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
-    ./akvorado.nix
    specialArgs.inputs.vscode-server.nixosModules.default
  ];

@ -56,17 +55,15 @@
    }
  ];
  networking.defaultGateway = "192.168.69.1";
-  networking.nameservers = [ "1.1.1.1" ];
+  #networking.nameservers = [ "1.1.1.1" ];
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    22
+    53
    80
    443
    2222 # forgejo ssh
-    3000 # forgejo frontend
-    2055 # akvorado sink
-    8080 # akvorado frontend
-    8081 # akvorado frontend
+    8184 # forgejo frontend
    8123 # homeassistant
    5580 # homeassistant matter
    2283 # immich
@ -75,9 +72,14 @@
    8971 # frigate
    8554 # frigate rtsp
    8555 # frigate rtsp
+    2055 # ntopng sink
+    8182 # ntopng frontend
+    3000 # adguardhome frontend
+    8183 # adguardhome frontend
    9000
  ];
  networking.firewall.allowedUDPPorts = [
+    53
    8555 # frigate rtsp
    2055 # ntopng sink
  ];
@ -134,7 +136,9 @@
    certs."kempinger.at".domain = "*.kempinger.at";
  };

-  services.resolved.enable = true;
+  #services.resolved.enable = true;
+
+  services.fail2ban.enable = true;

  services.nginx = {
    enable = true;
@ -193,7 +197,7 @@
        DOMAIN = "git.kempinger.at";
        # You need to specify this to remove the port from URLs in the web UI.
        ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
-        HTTP_PORT = 3000;
+        HTTP_PORT = 8184;
        DISABLE_SSH = false;
        SSH_PORT = 2222;
        START_SSH_SERVER = true;
@ -223,7 +227,7 @@
      interval = "weekly";
    };
  };
-  
+
  # services.borgbackup.jobs."forgejo" = {
  #   paths = config.services.forgejo.repositoryRoot;
  #   repo = "/backup/forgejo";
@ -235,6 +239,12 @@
  #   };
  # };

+  services.immich = {
+    enable = true;
+    accelerationDevices = null;
+    port = 2283;
+  };
+
  services.borgbackup.jobs."immich" = {
    paths = config.services.immich.mediaLocation;
    repo = "/backup/immich";
@ -298,7 +308,6 @@
      ];
    };

-
    containers.frigate = {
      #autoStart = true;
      volumes = [
@ -327,14 +336,58 @@
        "--network=host"
      ];
    };
+    containers.netflow2ng = {
+      # Note: The image will not be updated on rebuilds, unless the version label changes
+      image = "synfinatic/netflow2ng:v0.1.0";
+      cmd = [
+        "-a"
+        "0.0.0.0:2055"
+        "-m"
+        "0.0.0.0:8181"
+        "-z"
+        "tcp://127.0.0.1:5556"
+        "--log-level"
+        "debug"
+        "--tlv"
+      ];
+      extraOptions = [
+        "--network=host"
+      ];
+    };
  };

-  services.immich = {
+  services.ntopng = {
    enable = true;
-    accelerationDevices = null;
-    port = 2283;
-    #host = "immich.kempinger.at";
-    #openFirewall = true;
+    httpPort = 8182;
+    interfaces = [ "tcp://0.0.0.0:5556" ];
+    extraConfig = ''
+      --dns-mode 1
+      --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN"'';
+  };
+
+  services.influxdb.enable = true;
+
+  services.geoipupdate = {
+    enable = true;
+    settings = {
+      AccountID = 1284637;
+      DatabaseDirectory = "/var/lib/GeoIP";
+      LicenseKey = {
+        _secret = "/root/maxmind_license_key";
+      };
+      EditionIDs = [
+        "GeoLite2-ASN"
+        "GeoLite2-City"
+        "GeoLite2-Country"
+      ];
+    };
+  };
+
+  services.adguardhome = {
+    enable = true;
+    # You can select any ip and port, just make sure to open firewalls where needed
+    host = "0.0.0.0";
+    port = 8183;
  };

  # Nix settings