nixos/modules/services/networking/iperf3.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / iperf3.nix
at 25.11-pre 3.3 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7with lib;
  8let
  9  cfg = config.services.iperf3;
 10
 11  api = {
 12    enable = mkEnableOption "iperf3 network throughput testing server";
 13    package = mkPackageOption pkgs "iperf3" { };
 14    port = mkOption {
 15      type = types.ints.u16;
 16      default = 5201;
 17      description = "Server port to listen on for iperf3 client requests.";
 18    };
 19    affinity = mkOption {
 20      type = types.nullOr types.ints.unsigned;
 21      default = null;
 22      description = "CPU affinity for the process.";
 23    };
 24    bind = mkOption {
 25      type = types.nullOr types.str;
 26      default = null;
 27      description = "Bind to the specific interface associated with the given address.";
 28    };
 29    openFirewall = mkOption {
 30      type = types.bool;
 31      default = false;
 32      description = "Open ports in the firewall for iperf3.";
 33    };
 34    verbose = mkOption {
 35      type = types.bool;
 36      default = false;
 37      description = "Give more detailed output.";
 38    };
 39    forceFlush = mkOption {
 40      type = types.bool;
 41      default = false;
 42      description = "Force flushing output at every interval.";
 43    };
 44    debug = mkOption {
 45      type = types.bool;
 46      default = false;
 47      description = "Emit debugging output.";
 48    };
 49    rsaPrivateKey = mkOption {
 50      type = types.nullOr types.path;
 51      default = null;
 52      description = "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.";
 53    };
 54    authorizedUsersFile = mkOption {
 55      type = types.nullOr types.path;
 56      default = null;
 57      description = "Path to the configuration file containing authorized users credentials to run iperf tests.";
 58    };
 59    extraFlags = mkOption {
 60      type = types.listOf types.str;
 61      default = [ ];
 62      description = "Extra flags to pass to iperf3(1).";
 63    };
 64  };
 65
 66  imp = {
 67
 68    networking.firewall = mkIf cfg.openFirewall {
 69      allowedTCPPorts = [ cfg.port ];
 70    };
 71
 72    systemd.services.iperf3 = {
 73      description = "iperf3 daemon";
 74      unitConfig.Documentation = "man:iperf3(1) https://iperf.fr/iperf-doc.php";
 75      wantedBy = [ "multi-user.target" ];
 76      after = [ "network.target" ];
 77
 78      serviceConfig = {
 79        Restart = "on-failure";
 80        RestartSec = 2;
 81        DynamicUser = true;
 82        PrivateDevices = true;
 83        CapabilityBoundingSet = "";
 84        NoNewPrivileges = true;
 85        ExecStart = ''
 86          ${lib.getExe cfg.package} \
 87            --server \
 88            --port ${toString cfg.port} \
 89            ${optionalString (cfg.affinity != null) "--affinity ${toString cfg.affinity}"} \
 90            ${optionalString (cfg.bind != null) "--bind ${cfg.bind}"} \
 91            ${optionalString (cfg.rsaPrivateKey != null) "--rsa-private-key-path ${cfg.rsaPrivateKey}"} \
 92            ${
 93              optionalString (
 94                cfg.authorizedUsersFile != null
 95              ) "--authorized-users-path ${cfg.authorizedUsersFile}"
 96            } \
 97            ${optionalString cfg.verbose "--verbose"} \
 98            ${optionalString cfg.debug "--debug"} \
 99            ${optionalString cfg.forceFlush "--forceflush"} \
100            ${escapeShellArgs cfg.extraFlags}
101        '';
102      };
103    };
104  };
105in
106{
107  options.services.iperf3 = api;
108  config = mkIf cfg.enable imp;
109}