nixos/modules/services/networking/iperf3.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / iperf3.nix
at 24.11-pre 3.3 kB view raw
 1{ config, lib, pkgs, ... }: with lib;
 2let
 3  cfg = config.services.iperf3;
 4
 5  api = {
 6    enable = mkEnableOption "iperf3 network throughput testing server";
 7    port = mkOption {
 8      type        = types.ints.u16;
 9      default     = 5201;
10      description = "Server port to listen on for iperf3 client requests.";
11    };
12    affinity = mkOption {
13      type        = types.nullOr types.ints.unsigned;
14      default     = null;
15      description = "CPU affinity for the process.";
16    };
17    bind = mkOption {
18      type        = types.nullOr types.str;
19      default     = null;
20      description = "Bind to the specific interface associated with the given address.";
21    };
22    openFirewall = mkOption {
23      type = types.bool;
24      default = false;
25      description = "Open ports in the firewall for iperf3.";
26    };
27    verbose = mkOption {
28      type        = types.bool;
29      default     = false;
30      description = "Give more detailed output.";
31    };
32    forceFlush = mkOption {
33      type        = types.bool;
34      default     = false;
35      description = "Force flushing output at every interval.";
36    };
37    debug = mkOption {
38      type        = types.bool;
39      default     = false;
40      description = "Emit debugging output.";
41    };
42    rsaPrivateKey = mkOption {
43      type        = types.nullOr types.path;
44      default     = null;
45      description = "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.";
46    };
47    authorizedUsersFile = mkOption {
48      type        = types.nullOr types.path;
49      default     = null;
50      description = "Path to the configuration file containing authorized users credentials to run iperf tests.";
51    };
52    extraFlags = mkOption {
53      type        = types.listOf types.str;
54      default     = [ ];
55      description = "Extra flags to pass to iperf3(1).";
56    };
57  };
58
59  imp = {
60
61    networking.firewall = mkIf cfg.openFirewall {
62      allowedTCPPorts = [ cfg.port ];
63    };
64
65    systemd.services.iperf3 = {
66      description = "iperf3 daemon";
67      unitConfig.Documentation = "man:iperf3(1) https://iperf.fr/iperf-doc.php";
68      wantedBy = [ "multi-user.target" ];
69      after = [ "network.target" ];
70
71      serviceConfig = {
72        Restart = "on-failure";
73        RestartSec = 2;
74        DynamicUser = true;
75        PrivateDevices = true;
76        CapabilityBoundingSet = "";
77        NoNewPrivileges = true;
78        ExecStart = ''
79          ${pkgs.iperf3}/bin/iperf \
80            --server \
81            --port ${toString cfg.port} \
82            ${optionalString (cfg.affinity != null) "--affinity ${toString cfg.affinity}"} \
83            ${optionalString (cfg.bind != null) "--bind ${cfg.bind}"} \
84            ${optionalString (cfg.rsaPrivateKey != null) "--rsa-private-key-path ${cfg.rsaPrivateKey}"} \
85            ${optionalString (cfg.authorizedUsersFile != null) "--authorized-users-path ${cfg.authorizedUsersFile}"} \
86            ${optionalString cfg.verbose "--verbose"} \
87            ${optionalString cfg.debug "--debug"} \
88            ${optionalString cfg.forceFlush "--forceflush"} \
89            ${escapeShellArgs cfg.extraFlags}
90        '';
91      };
92    };
93  };
94in {
95  options.services.iperf3 = api;
96  config = mkIf cfg.enable imp;
97}