nixos/intel-gpu-tools: init basic security wrapper

nixos/doc/manual/release-notes/rl-2405.section.md

@@ -155,6 +155,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 
 - [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable).
 
+- [intel-gpu-tools](https://drm.pages.freedesktop.org/igt-gpu-tools), tools for development and testing of the Intel DRM driver. Available as [hardware.intel-gpu-tools](#opt-hardware.intel-gpu-tools.enable)
+
 - [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix](#opt-services.pretix.enable).
 
 - [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks](#opt-services.microsocks.enable).

nixos/modules/hardware/video/intel-gpu-tools.nix

@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.hardware.intel-gpu-tools;
+in
+{
+  options = {
+    hardware.intel-gpu-tools = {
+      enable = lib.mkEnableOption "a setcap wrapper for intel-gpu-tools";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    security.wrappers.intel_gpu_top = {
+      owner = "root";
+      group = "root";
+      source = "${pkgs.intel-gpu-tools}/bin/intel_gpu_top";
+      capabilities = "cap_perfmon+ep";
+    };
+  };
+
+  meta = {
+    maintainers = with lib.maintainers; [ kira-bruneau ];
+  };
+}

nixos/modules/module-list.nix

@@ -106,6 +106,7 @@
   ./hardware/video/bumblebee.nix
   ./hardware/video/capture/mwprocapture.nix
   ./hardware/video/displaylink.nix
+  ./hardware/video/intel-gpu-tools.nix
   ./hardware/video/nvidia.nix
   ./hardware/video/switcheroo-control.nix
   ./hardware/video/uvcvideo/default.nix