diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-10-10 13:28:20 +0200 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-10-10 13:28:20 +0200 |
commit | 5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010 (patch) | |
tree | a6c0f605be6de3f372ae69905b331f9f75452da7 /nixos/modules/services/scheduling/atd.nix | |
parent | 6070bc016bd2fd945b04347e25cfd3738622d2ac (diff) | |
download | nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.gz nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.bz2 nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.lz nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.xz nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.zst nixlib-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.zip |
Move all of NixOS to nixos/ in preparation of the repository merge
Diffstat (limited to 'nixos/modules/services/scheduling/atd.nix')
-rw-r--r-- | nixos/modules/services/scheduling/atd.nix | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix new file mode 100644 index 000000000000..88bec2cb2f3e --- /dev/null +++ b/nixos/modules/services/scheduling/atd.nix @@ -0,0 +1,111 @@ +{pkgs, config, ...}: + +with pkgs.lib; + +let + + cfg = config.services.atd; + + inherit (pkgs) at; + +in + +{ + + ###### interface + + options = { + + services.atd.enable = mkOption { + default = false; + description = '' + Whether to enable the `at' daemon, a command scheduler. + ''; + }; + + services.atd.allowEveryone = mkOption { + default = false; + description = '' + Whether to make /var/spool/at{jobs,spool} writeable + by everyone (and sticky). This is normally not needed since + the `at' commands are setuid/setgid `atd'. + ''; + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + security.setuidOwners = map (program: { + inherit program; + owner = "atd"; + group = "atd"; + setuid = true; + setgid = true; + }) [ "at" "atq" "atrm" "batch" ]; + + environment.systemPackages = [ at ]; + + security.pam.services = [ { name = "atd"; } ]; + + users.extraUsers = singleton + { name = "atd"; + uid = config.ids.uids.atd; + description = "atd user"; + home = "/var/empty"; + }; + + users.extraGroups = singleton + { name = "atd"; + gid = config.ids.gids.atd; + }; + + jobs.atd = + { description = "Job Execution Daemon (atd)"; + + startOn = "stopped udevtrigger"; + + path = [ at ]; + + preStart = + '' + # Snippets taken and adapted from the original `install' rule of + # the makefile. + + # We assume these values are those actually used in Nixpkgs for + # `at'. + spooldir=/var/spool/atspool + jobdir=/var/spool/atjobs + etcdir=/etc/at + + for dir in "$spooldir" "$jobdir" "$etcdir"; do + if [ ! -d "$dir" ]; then + mkdir -p "$dir" + chown atd:atd "$dir" + fi + done + chmod 1770 "$spooldir" "$jobdir" + ${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""} + if [ ! -f "$etcdir"/at.deny ]; then + touch "$etcdir"/at.deny + chown root:atd "$etcdir"/at.deny + chmod 640 "$etcdir"/at.deny + fi + if [ ! -f "$jobdir"/.SEQ ]; then + touch "$jobdir"/.SEQ + chown atd:atd "$jobdir"/.SEQ + chmod 600 "$jobdir"/.SEQ + fi + ''; + + exec = "atd"; + + daemonType = "fork"; + }; + + }; + +} |