nixos: add programs.wireshark option · pyrox.dev/nixpkgs@8f3e6fd

lol

nixos: add programs.wireshark option

To be able to use Wireshark as an ordinary user, the 'dumpcap' program
must be installed setuid root. This module module simplifies such a
configuration to simply:

programs.wireshark.enable = true;

The setuid wrapper is available for users in the 'wireshark' group.

Changes v1 -> v2:
- add "defaultText" to the programs.wireshark.package option (AFAIK,
that prevents the manual from being needlessly rebuilt when the
package changes)

authored by

Bjørn Forsman and committed by

Robin Gloster 9 years ago 8f3e6fdd 070825d4

+60

3 changed files

expand all

unified split

nixos

modules

misc

ids.nix

module-list.nix

programs

wireshark.nix

nixos/modules/misc/ids.nix

··· 288 288 kresd = 270; 289 289 rpc = 271; 290 290 geoip = 272; 291 + #wireshark = 273; # unused 291 292 292 293 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 293 294 ··· 545 546 kresd = 270; 546 547 #rpc = 271; # unused 547 548 #geoip = 272; # unused 549 + wireshark = 273; 548 550 549 551 # When adding a gid, make sure it doesn't match an existing 550 552 # uid. Users and groups with the same name should have equal

nixos/modules/module-list.nix

··· 91 91 ./programs/tmux.nix 92 92 ./programs/venus.nix 93 93 ./programs/vim.nix 94 + ./programs/wireshark.nix 94 95 ./programs/wvdial.nix 95 96 ./programs/xfs_quota.nix 96 97 ./programs/xonsh.nix

+57

nixos/modules/programs/wireshark.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + 7 + cfg = config.programs.wireshark; 8 + wireshark = cfg.package; 9 + 10 + in 11 + 12 + { 13 + 14 + options = { 15 + 16 + programs.wireshark = { 17 + 18 + enable = mkOption { 19 + type = types.bool; 20 + default = false; 21 + description = '' 22 + Whether to add Wireshark to the global environment and configure a 23 + setuid wrapper for 'dumpcap' for users in the 'wireshark' group. 24 + ''; 25 + }; 26 + 27 + package = mkOption { 28 + type = types.package; 29 + default = pkgs.wireshark-cli; 30 + defaultText = "pkgs.wireshark-cli"; 31 + description = '' 32 + Which Wireshark package to install in the global environment. 33 + ''; 34 + }; 35 + 36 + }; 37 + 38 + }; 39 + 40 + config = mkIf cfg.enable { 41 + 42 + environment.systemPackages = [ wireshark ]; 43 + 44 + security.wrappers.dumpcap = { 45 + source = "${wireshark}/bin/dumpcap"; 46 + owner = "root"; 47 + group = "wireshark"; 48 + setuid = true; 49 + setgid = false; 50 + permissions = "u+rx,g+x"; 51 + }; 52 + 53 + users.extraGroups.wireshark.gid = config.ids.gids.wireshark; 54 + 55 + }; 56 + 57 + }