nixos/iftop: add module

This patch is heavily inspired by bd0d8ed807d29faa3deee96bafcbbd76c8fa4060 which added
a setcap wrapper for `mtr` in order to allow running `mtr` without
`sudo`. The need for the capability `cap_net_raw` that can be registered using
`setcap` has been documented in the Arch Wiki: https://wiki.archlinux.org/index.php/Capabilities#iftop

A simple testcase has been added which starts two machines, one with a
setcap wrapper for `iftop`, one without. Both testcases monitor the
bandwidth usage of the machine using the options `-t -s 1` once, the
machine with setcap wrapper is expected to succeed, the `iftop` on the
machine without setcap wrapper is expected to return a non-zero exit
code.

1 files changed, 30 insertions, 0 deletions

diff --git a/nixos/tests/iftop.nix b/nixos/tests/iftop.nix
new file mode 100644
index 000000000000..21ff3cafed7c
--- /dev/null
+++ b/nixos/tests/iftop.nix
@@ -0,0 +1,30 @@
+import ./make-test.nix ({ pkgs, lib, ... }:
+
+with lib;
+
+{
+  name = "iftop";
+  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
+
+  nodes = {
+    withIftop = {
+      imports = [ ./common/user-account.nix ];
+
+      programs.iftop.enable = true;
+    };
+    withoutIftop = {
+      imports = [ ./common/user-account.nix ];
+    };
+  };
+
+  testScript = ''
+    subtest "machine with iftop enabled", sub {
+      $withIftop->start;
+      $withIftop->succeed("su -l alice -c 'iftop -t -s 1'");
+    };
+    subtest "machine without iftop", sub {
+      $withoutIftop->start;
+      $withoutIftop->mustFail("su -l alice -c 'iftop -t -s 1'");
+    };
+  '';
+})