nixpkgs-suyu/nixos/modules/services/networking/iperf3.nix
pennae ef176dcf7e nixos/*: automatically convert option descriptions
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running

    nix-doc-munge nixos/**/*.nix
    nix-doc-munge --import nixos/**/*.nix

the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
2022-08-31 16:32:53 +02:00

97 lines
3.3 KiB
Nix

{ config, lib, pkgs, ... }: with lib;
let
cfg = config.services.iperf3;
api = {
enable = mkEnableOption (lib.mdDoc "iperf3 network throughput testing server");
port = mkOption {
type = types.ints.u16;
default = 5201;
description = lib.mdDoc "Server port to listen on for iperf3 client requsts.";
};
affinity = mkOption {
type = types.nullOr types.ints.unsigned;
default = null;
description = lib.mdDoc "CPU affinity for the process.";
};
bind = mkOption {
type = types.nullOr types.str;
default = null;
description = lib.mdDoc "Bind to the specific interface associated with the given address.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Open ports in the firewall for iperf3.";
};
verbose = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Give more detailed output.";
};
forceFlush = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Force flushing output at every interval.";
};
debug = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Emit debugging output.";
};
rsaPrivateKey = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc "Path to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.";
};
authorizedUsersFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc "Path to the configuration file containing authorized users credentials to run iperf tests.";
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
description = lib.mdDoc "Extra flags to pass to iperf3(1).";
};
};
imp = {
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
systemd.services.iperf3 = {
description = "iperf3 daemon";
unitConfig.Documentation = "man:iperf3(1) https://iperf.fr/iperf-doc.php";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 2;
DynamicUser = true;
PrivateDevices = true;
CapabilityBoundingSet = "";
NoNewPrivileges = true;
ExecStart = ''
${pkgs.iperf3}/bin/iperf \
--server \
--port ${toString cfg.port} \
${optionalString (cfg.affinity != null) "--affinity ${toString cfg.affinity}"} \
${optionalString (cfg.bind != null) "--bind ${cfg.bind}"} \
${optionalString (cfg.rsaPrivateKey != null) "--rsa-private-key-path ${cfg.rsaPrivateKey}"} \
${optionalString (cfg.authorizedUsersFile != null) "--authorized-users-path ${cfg.authorizedUsersFile}"} \
${optionalString cfg.verbose "--verbose"} \
${optionalString cfg.debug "--debug"} \
${optionalString cfg.forceFlush "--forceflush"} \
${escapeShellArgs cfg.extraFlags}
'';
};
};
};
in {
options.services.iperf3 = api;
config = mkIf cfg.enable imp;
}