nixos/intel-gpu-tools: init basic security wrapper

author: Kira Bruneau <kira.bruneau@pm.me> 2024-05-04 10:44:28 -0400
committer: Kira Bruneau <kira.bruneau@pm.me> 2024-05-04 19:26:41 -0400
commit: 63e307802c9cfca4b8b3e0c9d4cf50ee7f3df172 (patch)
tree: a446fdc564e262b51827a40f1ef648c7ff460e71 /nixos/modules/hardware
parent: 5fd8536a9a5932d4ae8de52b7dc08d92041237fc (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/nixos/modules/hardware/video/intel-gpu-tools.nix b/nixos/modules/hardware/video/intel-gpu-tools.nix
new file mode 100644
index 000000000000..b69fefcae118
--- /dev/null
+++ b/nixos/modules/hardware/video/intel-gpu-tools.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.hardware.intel-gpu-tools;
+in
+{
+  options = {
+    hardware.intel-gpu-tools = {
+      enable = lib.mkEnableOption "a setcap wrapper for intel-gpu-tools";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.wrappers.intel_gpu_top = {
+      owner = "root";
+      group = "root";
+      source = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
+      capabilities = "cap_perfmon+ep";
+    };
+  };
+
+  meta = {
+    maintainers = with lib.maintainers; [ kira-bruneau ];
+  };
+}
author	Kira Bruneau <kira.bruneau@pm.me>	2024-05-04 10:44:28 -0400
committer	Kira Bruneau <kira.bruneau@pm.me>	2024-05-04 19:26:41 -0400
commit	63e307802c9cfca4b8b3e0c9d4cf50ee7f3df172 (patch)
tree	a446fdc564e262b51827a40f1ef648c7ff460e71 /nixos/modules/hardware
parent	5fd8536a9a5932d4ae8de52b7dc08d92041237fc (diff)