ef176dcf7e
conversions were done using https://github.com/pennae/nix-doc-munge using (probably) rev f34e145 running nix-doc-munge nixos/**/*.nix nix-doc-munge --import nixos/**/*.nix the tool ensures that only changes that could affect the generated manual *but don't* are committed, other changes require manual review and are discarded.
97 lines
3.3 KiB
Nix
97 lines
3.3 KiB
Nix
{ config, lib, pkgs, ... }: with lib;
|
|
let
|
|
cfg = config.services.iperf3;
|
|
|
|
api = {
|
|
enable = mkEnableOption (lib.mdDoc "iperf3 network throughput testing server");
|
|
port = mkOption {
|
|
type = types.ints.u16;
|
|
default = 5201;
|
|
description = lib.mdDoc "Server port to listen on for iperf3 client requsts.";
|
|
};
|
|
affinity = mkOption {
|
|
type = types.nullOr types.ints.unsigned;
|
|
default = null;
|
|
description = lib.mdDoc "CPU affinity for the process.";
|
|
};
|
|
bind = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
description = lib.mdDoc "Bind to the specific interface associated with the given address.";
|
|
};
|
|
openFirewall = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = lib.mdDoc "Open ports in the firewall for iperf3.";
|
|
};
|
|
verbose = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = lib.mdDoc "Give more detailed output.";
|
|
};
|
|
forceFlush = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = lib.mdDoc "Force flushing output at every interval.";
|
|
};
|
|
debug = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = lib.mdDoc "Emit debugging output.";
|
|
};
|
|
rsaPrivateKey = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
description = lib.mdDoc "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.";
|
|
};
|
|
authorizedUsersFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
description = lib.mdDoc "Path to the configuration file containing authorized users credentials to run iperf tests.";
|
|
};
|
|
extraFlags = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = lib.mdDoc "Extra flags to pass to iperf3(1).";
|
|
};
|
|
};
|
|
|
|
imp = {
|
|
|
|
networking.firewall = mkIf cfg.openFirewall {
|
|
allowedTCPPorts = [ cfg.port ];
|
|
};
|
|
|
|
systemd.services.iperf3 = {
|
|
description = "iperf3 daemon";
|
|
unitConfig.Documentation = "man:iperf3(1) https://iperf.fr/iperf-doc.php";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
|
|
serviceConfig = {
|
|
Restart = "on-failure";
|
|
RestartSec = 2;
|
|
DynamicUser = true;
|
|
PrivateDevices = true;
|
|
CapabilityBoundingSet = "";
|
|
NoNewPrivileges = true;
|
|
ExecStart = ''
|
|
${pkgs.iperf3}/bin/iperf \
|
|
--server \
|
|
--port ${toString cfg.port} \
|
|
${optionalString (cfg.affinity != null) "--affinity ${toString cfg.affinity}"} \
|
|
${optionalString (cfg.bind != null) "--bind ${cfg.bind}"} \
|
|
${optionalString (cfg.rsaPrivateKey != null) "--rsa-private-key-path ${cfg.rsaPrivateKey}"} \
|
|
${optionalString (cfg.authorizedUsersFile != null) "--authorized-users-path ${cfg.authorizedUsersFile}"} \
|
|
${optionalString cfg.verbose "--verbose"} \
|
|
${optionalString cfg.debug "--debug"} \
|
|
${optionalString cfg.forceFlush "--forceflush"} \
|
|
${escapeShellArgs cfg.extraFlags}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
options.services.iperf3 = api;
|
|
config = mkIf cfg.enable imp;
|
|
}
|