diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2018-04-07 15:06:51 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2018-04-07 15:06:51 +0200 |
commit | 50a34e55b20764fe0ff638a9c15312b5be9ceca1 (patch) | |
tree | 14deb2eed4f7937293cf5a52cbddcae001646454 /nixos/modules/programs/iftop.nix | |
parent | f8fe297ff1dd7caebee4b923ce2178da090564ac (diff) | |
download | nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.tar nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.tar.gz nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.tar.bz2 nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.tar.lz nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.tar.xz nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.tar.zst nixlib-50a34e55b20764fe0ff638a9c15312b5be9ceca1.zip |
nixos/iftop: add module
This patch is heavily inspired by bd0d8ed807d29faa3deee96bafcbbd76c8fa4060 which added a setcap wrapper for `mtr` in order to allow running `mtr` without `sudo`. The need for the capability `cap_net_raw` that can be registered using `setcap` has been documented in the Arch Wiki: https://wiki.archlinux.org/index.php/Capabilities#iftop A simple testcase has been added which starts two machines, one with a setcap wrapper for `iftop`, one without. Both testcases monitor the bandwidth usage of the machine using the options `-t -s 1` once, the machine with setcap wrapper is expected to succeed, the `iftop` on the machine without setcap wrapper is expected to return a non-zero exit code.
Diffstat (limited to 'nixos/modules/programs/iftop.nix')
-rw-r--r-- | nixos/modules/programs/iftop.nix | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/nixos/modules/programs/iftop.nix b/nixos/modules/programs/iftop.nix new file mode 100644 index 000000000000..a98a9a8187d4 --- /dev/null +++ b/nixos/modules/programs/iftop.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.programs.iftop; +in { + options = { + programs.iftop.enable = mkEnableOption "iftop + setcap wrapper"; + }; + config = mkIf cfg.enable { + environment.systemPackages = [ pkgs.iftop ]; + security.wrappers.iftop = { + source = "${pkgs.iftop}/bin/iftop"; + capabilities = "cap_net_raw+p"; + }; + }; +} |