nixos/iotop: add module

The `iotop` program can't be started by an unprivileged user because of
missing root privileges. The issue can be fixed by creating a
setcap wrapper for `iotop` which contains `cap_net_admin`.
This commit is contained in:
Maximilian Bosch 2018-12-08 21:48:00 +01:00
parent bb962eb2a2
commit 7490e96e38
No known key found for this signature in database
GPG Key ID: 091DBF4D1FC46B8E
2 changed files with 19 additions and 0 deletions

View File

@ -98,6 +98,7 @@
./programs/gnupg.nix
./programs/gphoto2.nix
./programs/iftop.nix
./programs/iotop.nix
./programs/java.nix
./programs/kbdlight.nix
./programs/less.nix

View File

@ -0,0 +1,18 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.iotop;
in {
options = {
programs.iotop.enable = mkEnableOption "iotop + setcap wrapper";
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.iotop ];
security.wrappers.iotop = {
source = "${pkgs.iotop}/bin/iotop";
capabilities = "cap_net_admin+p";
};
};
}