diff options
author | Jan Tojnar <jtojnar@gmail.com> | 2018-08-31 06:54:58 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-08-31 06:54:58 +0100 |
commit | f0136e4bc85b5cadd72671b513ecf24a576a046f (patch) | |
tree | 07a70e313f8f730d80b9e332c507005904cdf837 /nixos/modules | |
parent | b11e4ed9996c36b6e80c488611a223ad048be82b (diff) | |
parent | 9b12db6928543dd33a02e7964e82e2291c48a3f0 (diff) | |
download | nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.tar nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.tar.gz nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.tar.bz2 nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.tar.lz nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.tar.xz nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.tar.zst nixlib-f0136e4bc85b5cadd72671b513ecf24a576a046f.zip |
Merge pull request #45638 from aanderse/incron
incron: init at 0.5.12
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/monitoring/incron.nix | 98 |
2 files changed, 99 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 6bad54d6d433..93e6050e1dde 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -421,6 +421,7 @@ ./services/monitoring/graphite.nix ./services/monitoring/hdaps.nix ./services/monitoring/heapster.nix + ./services/monitoring/incron.nix ./services/monitoring/longview.nix ./services/monitoring/monit.nix ./services/monitoring/munin.nix diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix new file mode 100644 index 000000000000..1789fd9f2051 --- /dev/null +++ b/nixos/modules/services/monitoring/incron.nix @@ -0,0 +1,98 @@ + +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.incron; + +in + +{ + options = { + + services.incron = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the incron daemon. + + Note that commands run under incrontab only support common Nix profiles for the <envar>PATH</envar> provided variable. + ''; + }; + + allow = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = '' + Users allowed to use incrontab. + + If empty then no user will be allowed to have their own incrontab. + If <literal>null</literal> then will defer to <option>deny</option>. + If both <option>allow</option> and <option>deny</option> are null + then all users will be allowed to have their own incrontab. + ''; + }; + + deny = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = "Users forbidden from using incrontab."; + }; + + systab = mkOption { + type = types.lines; + default = ""; + description = "The system incrontab contents."; + example = '' + /var/mail IN_CLOSE_WRITE abc $@/$# + /tmp IN_ALL_EVENTS efg $@/$# $& + ''; + }; + + extraPackages = mkOption { + type = types.listOf types.package; + default = []; + example = literalExample "[ pkgs.rsync ]"; + description = "Extra packages available to the system incrontab."; + }; + + }; + + }; + + config = mkIf cfg.enable { + + warnings = optional (cfg.allow != null && cfg.deny != null) + ''If `services.incron.allow` is set then `services.incron.deny` will be ignored.''; + + environment.systemPackages = [ pkgs.incron ]; + + security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab"; + + # incron won't read symlinks + environment.etc."incron.d/system" = { + mode = "0444"; + text = cfg.systab; + }; + environment.etc."incron.allow" = mkIf (cfg.allow != null) { + text = concatStringsSep "\n" cfg.allow; + }; + environment.etc."incron.deny" = mkIf (cfg.deny != null) { + text = concatStringsSep "\n" cfg.deny; + }; + + systemd.services.incron = { + description = "File System Events Scheduler"; + wantedBy = [ "multi-user.target" ]; + path = cfg.extraPackages; + serviceConfig.PIDFile = "/run/incrond.pid"; + serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron"; + serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground"; + }; + }; + +} |