nixpkgs/nixos/modules/programs/iftop.nix
Maximilian Bosch 50a34e55b2
nixos/iftop: add module
This patch is heavily inspired by bd0d8ed807d29faa3deee96bafcbbd76c8fa4060 which added
a setcap wrapper for `mtr` in order to allow running `mtr` without
`sudo`. The need for the capability `cap_net_raw` that can be registered using
`setcap` has been documented in the Arch Wiki: https://wiki.archlinux.org/index.php/Capabilities#iftop

A simple testcase has been added which starts two machines, one with a
setcap wrapper for `iftop`, one without. Both testcases monitor the
bandwidth usage of the machine using the options `-t -s 1` once, the
machine with setcap wrapper is expected to succeed, the `iftop` on the
machine without setcap wrapper is expected to return a non-zero exit
code.
2018-04-07 15:06:51 +02:00

19 lines
372 B
Nix

{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.iftop;
in {
options = {
programs.iftop.enable = mkEnableOption "iftop + setcap wrapper";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.iftop ];
security.wrappers.iftop = {
source = "${pkgs.iftop}/bin/iftop";
capabilities = "cap_net_raw+p";
};
};
}