{ config, lib, pkgs, ... }: let cfg = config.programs.pqos-wrapper; in { options.programs.pqos-wrapper = { enable = lib.mkEnableOption "PQoS Wrapper for BenchExec"; package = lib.mkPackageOption pkgs "pqos-wrapper" { }; }; config = lib.mkIf cfg.enable { hardware.cpu.x86.msr.enable = true; security.wrappers.${cfg.package.meta.mainProgram} = { owner = "nobody"; group = config.hardware.cpu.x86.msr.group; source = lib.getExe cfg.package; capabilities = "cap_sys_rawio=eip"; }; }; meta.maintainers = with lib.maintainers; [ lorenzleutgeb ]; }