Zeek to Nix Flake’s feature
Building Zeek with nix-shell(shell mode)
nix develop
# or
nix-shell
Building zeek with plugins
mkZeekPlugins = inputs . zeek2nix . lib . zeekWithPlugins {
package = inputs . zeek2nix . packages . ${ system } . zeek-latest ;
plugins = [
{
src = inputs . zeek2nix . lib . nixpkgs . zeek-sources . zeek-community-id ;
}
] ;
} ;
Testing your Zeek Plugin src with Nix-CI
mkZeekPluginCI = nixpkgs . zeekPluginCi {
plugins = [
{
src = inputs . zeek2nix . lib . nixpkgs . zeek-sources . zeek-netmap ;
}
] ;
buildInputs = [ inputs . zeek2nix . lib . nixpkgs . netmap ] ;
} ;
Deploying Zeek with NixOS (flakes feature)
{
inputs =
{
zeek-nix = {
url = "github:hardenedlinux/zeek-nix/main" ;
inputs . nixpkgs . follows = "nixos" ;
} ;
"..."
} ;
outputs = { self , zeek-nix , nixpkgs , ... } : {
nixosConfigurations . myConfig = nixpkgs . lib . nixosSystem {
system = "..." ;
modules = [
zeek-nix . nixosModules . zeek
( { ... } : {
services . zeek = {
enable = true ;
standalone = true ;
interface = "eno1" ;
listenAddress = "localhost" ;
package = pkgs . zeekWithPlugins {
package = pkgs . zeek-latest ;
plugins = [
{
src = pkgs . zeek-sources . zeek-community-id ;
}
] ;
} ;
privateScript = ''
@load /home/gtrun/project/hardenedlinux-zeek-script/scripts/zeek-query.zeek
@load /home/gtrun/project/hardenedlinux-zeek-script/scripts/log-passwords.zeek
'' ;
} ;
} )
] ;
} ;
} ;
}
creating the zeek dynamic dir to /var/lib/zeek
[2020-10-09 Fri 19:35] <-
sudo bash ./pre-run-zeekctl.sh
nix-env -iA cachix -f https://cachix.org/api/v1/install
cachix use zeek