{
config,
lib,
pkgs,
...
}:
let
cfg = config.programs.traceroute;
in
options = {
programs.traceroute = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to configure a setcap wrapper for traceroute.
'';
};
config = lib.mkIf cfg.enable {
security.wrappers.traceroute = {
owner = "root";
group = "root";
capabilities = "cap_net_raw+p";
source = lib.getExe pkgs.traceroute;
}