fedd7cd690
This is slightly more verbose and inconvenient, but it forces you to think about what the wrapper ownership and permissions will be.
21 lines
416 B
Nix
21 lines
416 B
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.programs.iftop;
|
|
in {
|
|
options = {
|
|
programs.iftop.enable = mkEnableOption "iftop + setcap wrapper";
|
|
};
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = [ pkgs.iftop ];
|
|
security.wrappers.iftop = {
|
|
owner = "root";
|
|
group = "root";
|
|
capabilities = "cap_net_raw+p";
|
|
source = "${pkgs.iftop}/bin/iftop";
|
|
};
|
|
};
|
|
}
|