pyrox.dev / nixpkgs
lol
fork atom

nixos/tcpdump: init

Sandro Jäckel eb42ef0c 28291813

options
unified split
Changed files
+31
nixos
modules
module-list.nix
programs
tcpdump.nix
+1
nixos/modules/module-list.nix 
···

       
296

       
296

       
 

       
  ./programs/sysdig.nix


     

       
297

       
297

       
 

       
  ./programs/system-config-printer.nix


     

       
298

       
298

       
 

       
  ./programs/systemtap.nix


     

       

       
299

       
+

       
  ./programs/tcpdump.nix


     

       
299

       
300

       
 

       
  ./programs/thefuck.nix


     

       
300

       
301

       
 

       
  ./programs/thunar.nix


     

       
301

       
302

       
 

       
  ./programs/thunderbird.nix
+30
nixos/modules/programs/tcpdump.nix 
···

       

       
1

       
+

       
{ config, lib, pkgs, ... }:


     

       

       
2

       
+

       



     

       

       
3

       
+

       
let


     

       

       
4

       
+

       
  cfg = config.programs.tcpdump;


     

       

       
5

       
+

       
in {


     

       

       
6

       
+

       
  options = {


     

       

       
7

       
+

       
    programs.tcpdump = {


     

       

       
8

       
+

       
      enable = lib.mkOption {


     

       

       
9

       
+

       
        type = lib.types.bool;


     

       

       
10

       
+

       
        default = false;


     

       

       
11

       
+

       
        description = ''


     

       

       
12

       
+

       
          Whether to configure a setcap wrapper for tcpdump.


     

       

       
13

       
+

       
          To use it, add your user to the `pcap` group.


     

       

       
14

       
+

       
        '';


     

       

       
15

       
+

       
      };


     

       

       
16

       
+

       
    };


     

       

       
17

       
+

       
  };


     

       

       
18

       
+

       



     

       

       
19

       
+

       
  config = lib.mkIf cfg.enable {


     

       

       
20

       
+

       
    security.wrappers.tcpdump = {


     

       

       
21

       
+

       
      owner = "root";


     

       

       
22

       
+

       
      group = "pcap";


     

       

       
23

       
+

       
      capabilities = "cap_net_raw+p";


     

       

       
24

       
+

       
      permissions = "u+rx,g+x";


     

       

       
25

       
+

       
      source = lib.getExe pkgs.tcpdump;


     

       

       
26

       
+

       
    };


     

       

       
27

       
+

       



     

       

       
28

       
+

       
    users.groups.pcap = { };


     

       

       
29

       
+

       
  };


     

       

       
30

       
+

       
}