Move all of NixOS to nixos/ in preparation of the repository merge

1 files changed, 111 insertions, 0 deletions

diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix
new file mode 100644
index 000000000000..88bec2cb2f3e
--- /dev/null
+++ b/nixos/modules/services/scheduling/atd.nix
@@ -0,0 +1,111 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.atd;
+
+  inherit (pkgs) at;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.atd.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to enable the `at' daemon, a command scheduler.
+      '';
+    };
+
+    services.atd.allowEveryone = mkOption {
+      default = false;
+      description = ''
+        Whether to make /var/spool/at{jobs,spool} writeable
+        by everyone (and sticky).  This is normally not needed since
+        the `at' commands are setuid/setgid `atd'.
+     '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    security.setuidOwners = map (program: {
+      inherit program;
+      owner = "atd";
+      group = "atd";
+      setuid = true;
+      setgid = true;
+    }) [ "at" "atq" "atrm" "batch" ];
+
+    environment.systemPackages = [ at ];
+
+    security.pam.services = [ { name = "atd"; } ];
+
+    users.extraUsers = singleton
+      { name = "atd";
+        uid = config.ids.uids.atd;
+        description = "atd user";
+        home = "/var/empty";
+      };
+
+    users.extraGroups = singleton
+      { name = "atd";
+        gid = config.ids.gids.atd;
+      };
+
+    jobs.atd =
+      { description = "Job Execution Daemon (atd)";
+
+        startOn = "stopped udevtrigger";
+
+        path = [ at ];
+
+        preStart =
+          ''
+            # Snippets taken and adapted from the original `install' rule of
+            # the makefile.
+
+            # We assume these values are those actually used in Nixpkgs for
+            # `at'.
+            spooldir=/var/spool/atspool
+            jobdir=/var/spool/atjobs
+            etcdir=/etc/at
+
+            for dir in "$spooldir" "$jobdir" "$etcdir"; do
+              if [ ! -d "$dir" ]; then
+                  mkdir -p "$dir"
+                  chown atd:atd "$dir"
+              fi
+            done
+            chmod 1770 "$spooldir" "$jobdir"
+            ${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""}
+            if [ ! -f "$etcdir"/at.deny ]; then
+                touch "$etcdir"/at.deny
+                chown root:atd "$etcdir"/at.deny
+                chmod 640 "$etcdir"/at.deny
+            fi
+            if [ ! -f "$jobdir"/.SEQ ]; then
+                touch "$jobdir"/.SEQ
+                chown atd:atd "$jobdir"/.SEQ
+                chmod 600 "$jobdir"/.SEQ
+            fi
+          '';
+
+        exec = "atd";
+
+        daemonType = "fork";
+      };
+
+  };
+
+}