diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-07-22 15:02:07 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2015-07-22 15:15:09 +0200 |
| commit | 201f9beddbf5786262bcff11482f0aa30914bb34 (patch) | |
| tree | 601633f805687a17ae7bba90dc8cc0bfce033b8d /nixos/modules/services/scheduling/cron.nix | |
| parent | db22d387db1396f8d8d3ff2a8607e53121f71ea7 (diff) | |
| download | nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.gz nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.bz2 nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.lz nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.xz nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.zst nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.zip | |
Don't enable cron by default
The rationale for disabling this is: 1) systemd timers are better; 2) it gets rid of one usually unnecessary process, which makes containers more light-weight. Note that cron is still enabled if services.cron.systemCronJobs is non-empty, so this only matters if you have no declarative cron jobs but do have user cron jobs.
Diffstat (limited to 'nixos/modules/services/scheduling/cron.nix')
| -rw-r--r-- | nixos/modules/services/scheduling/cron.nix | 60 |
1 files changed, 33 insertions, 27 deletions
diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix index 1f42086dc1ec..c81d2bdefa70 100644 --- a/nixos/modules/services/scheduling/cron.nix +++ b/nixos/modules/services/scheduling/cron.nix @@ -4,8 +4,6 @@ with lib; let - inherit (config.services) jobsTags; - # Put all the system cronjobs together. systemCronJobsFile = pkgs.writeText "system-crontab" '' @@ -25,9 +23,9 @@ let sendmailPath = "/var/setuid-wrappers/sendmail"; }; - allFiles = map (f: "\"${f}\"") ( - [ "${systemCronJobsFile}" ] ++ config.services.cron.cronFiles - ); + allFiles = + optional (config.services.cron.systemCronJobs != []) systemCronJobsFile + ++ config.services.cron.cronFiles; in @@ -91,36 +89,44 @@ in ###### implementation - config = mkIf (config.services.cron.enable && allFiles != []) { + config = mkMerge [ - security.setuidPrograms = [ "crontab" ]; + { services.cron.enable = mkDefault (allFiles != []); - environment.systemPackages = [ cronNixosPkg ]; + } - systemd.services.cron = - { description = "Cron Daemon"; + (mkIf (config.services.cron.enable && allFiles != []) { - wantedBy = [ "multi-user.target" ]; + security.setuidPrograms = [ "crontab" ]; - preStart = - '' - rm -f /etc/crontab - cat ${toString allFiles} > /etc/crontab - chmod 0600 /etc/crontab + environment.systemPackages = [ cronNixosPkg ]; - mkdir -m 710 -p /var/cron + systemd.services.cron = + { description = "Cron Daemon"; - # By default, allow all users to create a crontab. This - # is denoted by the existence of an empty cron.deny file. - if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then - touch /var/cron/cron.deny - fi - ''; + wantedBy = [ "multi-user.target" ]; - restartTriggers = [ config.environment.etc.localtime.source ]; - serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; - }; + preStart = + '' + rm -f /etc/crontab + cat ${concatMapStrings (f: "\"${f}\" ") allFiles} > /etc/crontab + chmod 0600 /etc/crontab - }; + mkdir -m 710 -p /var/cron + + # By default, allow all users to create a crontab. This + # is denoted by the existence of an empty cron.deny file. + if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then + touch /var/cron/cron.deny + fi + ''; + + restartTriggers = [ config.environment.etc.localtime.source ]; + serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; + }; + + }) + + ]; } |