pyrox.dev / nixpkgs
lol
fork atom

nixos/iftop: add module

This patch is heavily inspired by bd0d8ed807d29faa3deee96bafcbbd76c8fa4060 which added
a setcap wrapper for `mtr` in order to allow running `mtr` without
`sudo`. The need for the capability `cap_net_raw` that can be registered using
`setcap` has been documented in the Arch Wiki: https://wiki.archlinux.org/index.php/Capabilities#iftop

A simple testcase has been added which starts two machines, one with a
setcap wrapper for `iftop`, one without. Both testcases monitor the
bandwidth usage of the machine using the options `-t -s 1` once, the
machine with setcap wrapper is expected to succeed, the `iftop` on the
machine without setcap wrapper is expected to return a non-zero exit
code.

Maximilian Bosch 50a34e55 f8fe297f

options
unified split
Changed files
+50
nixos
modules
module-list.nix
programs
iftop.nix
release.nix
tests
iftop.nix
+1
nixos/modules/module-list.nix 
···

       
86

       
 

       
  ./programs/freetds.nix


     

       
87

       
 

       
  ./programs/gnupg.nix


     

       
88

       
 

       
  ./programs/gphoto2.nix


     

       

       

       
     

       
89

       
 

       
  ./programs/java.nix


     

       
90

       
 

       
  ./programs/kbdlight.nix


     

       
91

       
 

       
  ./programs/less.nix


     
···

       
86

       
 

       
  ./programs/freetds.nix


     

       
87

       
 

       
  ./programs/gnupg.nix


     

       
88

       
 

       
  ./programs/gphoto2.nix


     

       
89

       
+

       
  ./programs/iftop.nix


     

       
90

       
 

       
  ./programs/java.nix


     

       
91

       
 

       
  ./programs/kbdlight.nix


     

       
92

       
 

       
  ./programs/less.nix
+18
nixos/modules/programs/iftop.nix 
···

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     
···

       
1

       
+

       
{ config, pkgs, lib, ... }:


     

       
2

       
+

       



     

       
3

       
+

       
with lib;


     

       
4

       
+

       



     

       
5

       
+

       
let


     

       
6

       
+

       
  cfg = config.programs.iftop;


     

       
7

       
+

       
in {


     

       
8

       
+

       
  options = {


     

       
9

       
+

       
    programs.iftop.enable = mkEnableOption "iftop + setcap wrapper";


     

       
10

       
+

       
  };


     

       
11

       
+

       
  config = mkIf cfg.enable {


     

       
12

       
+

       
    environment.systemPackages = [ pkgs.iftop ];


     

       
13

       
+

       
    security.wrappers.iftop = {


     

       
14

       
+

       
      source = "${pkgs.iftop}/bin/iftop";


     

       
15

       
+

       
      capabilities = "cap_net_raw+p";


     

       
16

       
+

       
    };


     

       
17

       
+

       
  };


     

       
18

       
+

       
}
+1
nixos/release.nix 
···

       
295

       
 

       
  tests.hound = callTest tests/hound.nix {};


     

       
296

       
 

       
  tests.hocker-fetchdocker = callTest tests/hocker-fetchdocker {};


     

       
297

       
 

       
  tests.i3wm = callTest tests/i3wm.nix {};


     

       

       

       
     

       
298

       
 

       
  tests.initrd-network-ssh = callTest tests/initrd-network-ssh {};


     

       
299

       
 

       
  tests.installer = callSubTests tests/installer.nix {};


     

       
300

       
 

       
  tests.influxdb = callTest tests/influxdb.nix {};


     
···

       
295

       
 

       
  tests.hound = callTest tests/hound.nix {};


     

       
296

       
 

       
  tests.hocker-fetchdocker = callTest tests/hocker-fetchdocker {};


     

       
297

       
 

       
  tests.i3wm = callTest tests/i3wm.nix {};


     

       
298

       
+

       
  tests.iftop = callTest tests/iftop.nix {};


     

       
299

       
 

       
  tests.initrd-network-ssh = callTest tests/initrd-network-ssh {};


     

       
300

       
 

       
  tests.installer = callSubTests tests/installer.nix {};


     

       
301

       
 

       
  tests.influxdb = callTest tests/influxdb.nix {};
+30
nixos/tests/iftop.nix 
···

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     
···

       
1

       
+

       
import ./make-test.nix ({ pkgs, lib, ... }:


     

       
2

       
+

       



     

       
3

       
+

       
with lib;


     

       
4

       
+

       



     

       
5

       
+

       
{


     

       
6

       
+

       
  name = "iftop";


     

       
7

       
+

       
  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];


     

       
8

       
+

       



     

       
9

       
+

       
  nodes = {


     

       
10

       
+

       
    withIftop = {


     

       
11

       
+

       
      imports = [ ./common/user-account.nix ];


     

       
12

       
+

       



     

       
13

       
+

       
      programs.iftop.enable = true;


     

       
14

       
+

       
    };


     

       
15

       
+

       
    withoutIftop = {


     

       
16

       
+

       
      imports = [ ./common/user-account.nix ];


     

       
17

       
+

       
    };


     

       
18

       
+

       
  };


     

       
19

       
+

       



     

       
20

       
+

       
  testScript = ''


     

       
21

       
+

       
    subtest "machine with iftop enabled", sub {


     

       
22

       
+

       
      $withIftop->start;


     

       
23

       
+

       
      $withIftop->succeed("su -l alice -c 'iftop -t -s 1'");


     

       
24

       
+

       
    };


     

       
25

       
+

       
    subtest "machine without iftop", sub {


     

       
26

       
+

       
      $withoutIftop->start;


     

       
27

       
+

       
      $withoutIftop->mustFail("su -l alice -c 'iftop -t -s 1'");


     

       
28

       
+

       
    };


     

       
29

       
+

       
  '';


     

       
30

       
+

       
})