nixos/suricata: Fix module and add to module-list

[felbinger]

I forgot to add the suricata module (#313671) to the modules-list, so it doesn't appear in the search.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[bjornfor]

You might want to remove import = [ [...] ../modules/services/networking/suricata/default.nix ] from nixos/tests/suricata.nix (in a separate commit).

[bjornfor]

Commit "nixos/suricata: add module to modules-list" is now doing a lot more. I suggest to break this PR down into these commits:

1. Fix module
2. Add module to module-list.nix
3. Remove now unneeded module in nixosTests

[bjornfor]

Please mind the order of commits. Each commit should be atomic and take the code from one working state to the next. Currently, the first commit would break the test.

[hax404]

You may reference the test in https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/ids/suricata/default.nix

[SuperSandro2000]

the description could be a bit more elaborate and more a full sentence but other than that looking good

[Ma27]

You might want to remove import = [ [...] ../modules/services/networking/suricata/default.nix ] from nixos/tests/suricata.nix (in a separate commit).

WHy in a separate commit? This gives you one commit where the test doesn't evaluate.

the description could be a bit more elaborate and more a full sentence but other than that looking good

I don't think single-word descriptions are appropriate, agreed.

---

Also, I noticed that the module has some import-from-derivation which made me build erlang while evaluating nixos/release.nix. Please remove that as well.

---

Also I must wonder why this got merged in this state in the first place 🤔

[bjornfor]

You might want to remove import = [ [...] ../modules/services/networking/suricata/default.nix ] from nixos/tests/suricata.nix (in a separate commit).

WHy in a separate commit? This gives you one commit where the test doesn't evaluate.

I suggested a commit order here: #349826 (comment) (no breakage).

[felbinger]

the description could be a bit more elaborate and more a full sentence but other than that looking good

I don't think single-word descriptions are appropriate, agreed.

Not quiet sure what to put in there yet. Some of them have good descriptions in https://docs.suricata.io/en/suricata-7.0.7/configuration/suricata-yaml.html, which I am going to adopt, but some of them aren't really documented that well.

[bjornfor]

Commit nixos/suricata: add module to modules-list contains patch hunks that belong to the other (first) commit.