programs/nethoscope: add security.wrapper

2021-03-07 11:38:12 +01:00 · 2021-03-07 11:38:12 +01:00 · c57232d31c
parent ce56f53d32
commit c57232d31c
2 changed files with 31 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -185,6 +185,7 @@
  ./programs/nbd.nix
  ./programs/nix-ld.nix
  ./programs/neovim.nix
+  ./programs/nethoscope.nix
  ./programs/nm-applet.nix
  ./programs/nncp.nix
  ./programs/npm.nix
--- a/nixos/modules/programs/nethoscope.nix
+++ b/nixos/modules/programs/nethoscope.nix
@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.programs.nethoscope;
+in
+{
+  meta.maintainers = with maintainers; [ _0x4A6F ];
+
+  options = {
+    programs.nethoscope = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to add nethoscope to the global environment and configure a
+          setcap wrapper for it.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ nethoscope ];
+    security.wrappers.nethoscope = {
+      source = "${pkgs.nethoscope}/bin/nethoscope";
+      capabilities = "cap_net_raw,cap_net_admin=eip";
+    };
+  };
+}