nixos/modules/programs/tcpdump.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / programs / tcpdump.nix

at master 645 B view raw

 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8let
 9  cfg = config.programs.tcpdump;
10in
11{
12  options = {
13    programs.tcpdump = {
14      enable = lib.mkOption {
15        type = lib.types.bool;
16        default = false;
17        description = ''
18          Whether to configure a setcap wrapper for tcpdump.
19          To use it, add your user to the `pcap` group.
20        '';
21      };
22    };
23  };
24
25  config = lib.mkIf cfg.enable {
26    security.wrappers.tcpdump = {
27      owner = "root";
28      group = "pcap";
29      capabilities = "cap_net_raw+p";
30      permissions = "u+rx,g+x";
31      source = lib.getExe pkgs.tcpdump;
32    };
33
34    users.groups.pcap = { };
35  };
36}