nixos/iotop: add module

The `iotop` program can't be started by an unprivileged user because of
missing root privileges. The issue can be fixed by creating a
setcap wrapper for `iotop` which contains `cap_net_admin`.

1 files changed, 18 insertions, 0 deletions

diff --git a/nixos/modules/programs/iotop.nix b/nixos/modules/programs/iotop.nix
new file mode 100644
index 00000000000..986d562ad0f
--- /dev/null
+++ b/nixos/modules/programs/iotop.nix
@@ -0,0 +1,18 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.iotop;
+in {
+  options = {
+    programs.iotop.enable = mkEnableOption "iotop + setcap wrapper";
+  };
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.iotop ];
+    security.wrappers.iotop = {
+      source = "${pkgs.iotop}/bin/iotop";
+      capabilities = "cap_net_admin+p";
+    };
+  };
+}