nixos/modules/programs/traceroute.nix

{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.programs.traceroute;
in
{
  options = {
    programs.traceroute = {
      enable = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = ''
          Whether to configure a setcap wrapper for traceroute.
        '';
      };
    };
  };

  config = lib.mkIf cfg.enable {
    security.wrappers.traceroute = {
      owner = "root";
      group = "root";
      capabilities = "cap_net_raw+p";
      source = lib.getExe pkgs.traceroute;
    };
  };
}
push sheeet 2025-10-09 14:15:47 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`

			`let`
			`cfg = config.programs.traceroute;`
			`in`
			`{`
			`options = {`
			`programs.traceroute = {`
			`enable = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`description = ''`
			`Whether to configure a setcap wrapper for traceroute.`
			`'';`
			`};`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`security.wrappers.traceroute = {`
			`owner = "root";`
			`group = "root";`
			`capabilities = "cap_net_raw+p";`
			`source = lib.getExe pkgs.traceroute;`
			`};`
			`};`
			`}`