From d77b68e48709887741a3ff61c568beb9699aaac8 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Thu, 16 Jan 2020 18:06:35 +0100
Subject: nixos/liboping: add module

This creates setcap wrappers for oping and noping to allow unprivileged
users to use those as well.
---
 nixos/modules/programs/liboping.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 nixos/modules/programs/liboping.nix

(limited to 'nixos/modules/programs')

diff --git a/nixos/modules/programs/liboping.nix b/nixos/modules/programs/liboping.nix
new file mode 100644
index 000000000000..4e4c235ccde4
--- /dev/null
+++ b/nixos/modules/programs/liboping.nix
@@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.liboping;
+in {
+  options.programs.liboping = {
+    enable = mkEnableOption "liboping";
+  };
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ liboping ];
+    security.wrappers = mkMerge (map (
+      exec: {
+        "${exec}" = {
+          source = "${pkgs.liboping}/bin/${exec}";
+          capabilities = "cap_net_raw+p";
+        };
+      }
+    ) [ "oping" "noping" ]);
+  };
+}
-- 
cgit 1.4.1