1 files changed, 41 insertions, 0 deletions

diff --git a/nixos/modules/sentinel-fwlogs.nix b/nixos/modules/sentinel-fwlogs.nix
new file mode 100644
index 0000000..d2bc864
--- /dev/null
+++ b/nixos/modules/sentinel-fwlogs.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+  imports = [ ./sentinel.nix ];
+
+
+  options = {
+    services.sentinel.fwlogs = {
+        enable = mkOption {
+          type = types.bool;
+          default = true;
+          description = ''
+            Whether to enable the Turris Sentinel Firewall logs collector.
+            The services.sentinel.enable has to be enabled as well.
+          '';
+        };
+        nflog-group = mkOption {
+          type = types.port;
+          default = 1914;
+          description = "Netfilter log group used to pass logs to sentinel-fwlogs.";
+        };
+      };
+  };
+
+
+  config = mkIf config.services.sentinel.enable && config.services.sentinel.fwlogs.enable {
+    environment.systemPackages = [ pkgs.sentinel-fwlogs ];
+
+    systemd.services.sentinel-fwlogs = {
+      description = "Turris Sentinel Firewall Logs";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.sentinel-fwlogs ];
+      serviceConfig.ExecStart = "${pkgs.sentinel-fwlogs}/bin/sentinel-fwlogs";
+    };
+
+  };
+
+}