about summary refs log tree commit diff
path: root/nixos
diff options
context:
space:
mode:
authorEelco Dolstra <eelco.dolstra@logicblox.com>2015-07-22 15:02:07 +0200
committerEelco Dolstra <eelco.dolstra@logicblox.com>2015-07-22 15:15:09 +0200
commit201f9beddbf5786262bcff11482f0aa30914bb34 (patch)
tree601633f805687a17ae7bba90dc8cc0bfce033b8d /nixos
parentdb22d387db1396f8d8d3ff2a8607e53121f71ea7 (diff)
downloadnixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar
nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.gz
nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.bz2
nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.lz
nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.xz
nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.tar.zst
nixlib-201f9beddbf5786262bcff11482f0aa30914bb34.zip
Don't enable cron by default
The rationale for disabling this is: 1) systemd timers are better; 2)
it gets rid of one usually unnecessary process, which makes containers
more light-weight.

Note that cron is still enabled if services.cron.systemCronJobs is
non-empty, so this only matters if you have no declarative cron jobs
but do have user cron jobs.
Diffstat (limited to 'nixos')
-rw-r--r--nixos/doc/manual/release-notes/rl-unstable.xml8
-rw-r--r--nixos/modules/services/scheduling/cron.nix60
2 files changed, 40 insertions, 28 deletions
diff --git a/nixos/doc/manual/release-notes/rl-unstable.xml b/nixos/doc/manual/release-notes/rl-unstable.xml
index 0b7750b0591d..5fb07a8ed69b 100644
--- a/nixos/doc/manual/release-notes/rl-unstable.xml
+++ b/nixos/doc/manual/release-notes/rl-unstable.xml
@@ -36,7 +36,7 @@
 
 </para>
 
-<para>Following new services were added since the last release:
+<para>The following new services were added since the last release:
 
 <itemizedlist>
 <listitem><para><literal>brltty</literal></para></listitem>
@@ -50,6 +50,12 @@ following incompatible changes:
 
 <itemizedlist>
 
+<listitem><para><command>cron</command> is no longer enabled by
+default, unless you have a non-empty
+<option>services.cron.systemCronJobs</option>. To force
+<command>cron</command> to be enabled, set
+<option>services.cron.enable = true</option>.</para></listitem>
+
 <listitem><para>Steam now doesn't need root rights to work. Instead of using
 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.
 <literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>,
diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix
index 1f42086dc1ec..c81d2bdefa70 100644
--- a/nixos/modules/services/scheduling/cron.nix
+++ b/nixos/modules/services/scheduling/cron.nix
@@ -4,8 +4,6 @@ with lib;
 
 let
 
-  inherit (config.services) jobsTags;
-
   # Put all the system cronjobs together.
   systemCronJobsFile = pkgs.writeText "system-crontab"
     ''
@@ -25,9 +23,9 @@ let
     sendmailPath = "/var/setuid-wrappers/sendmail";
   };
 
-  allFiles = map (f: "\"${f}\"") (
-    [ "${systemCronJobsFile}" ] ++ config.services.cron.cronFiles
-  );
+  allFiles =
+    optional (config.services.cron.systemCronJobs != []) systemCronJobsFile
+    ++ config.services.cron.cronFiles;
 
 in
 
@@ -91,36 +89,44 @@ in
 
   ###### implementation
 
-  config = mkIf (config.services.cron.enable && allFiles != []) {
+  config = mkMerge [
 
-    security.setuidPrograms = [ "crontab" ];
+    { services.cron.enable = mkDefault (allFiles != []);
 
-    environment.systemPackages = [ cronNixosPkg ];
+    }
 
-    systemd.services.cron =
-      { description = "Cron Daemon";
+    (mkIf (config.services.cron.enable && allFiles != []) {
 
-        wantedBy = [ "multi-user.target" ];
+      security.setuidPrograms = [ "crontab" ];
 
-        preStart =
-          ''
-            rm -f /etc/crontab
-            cat ${toString allFiles} > /etc/crontab
-            chmod 0600 /etc/crontab
+      environment.systemPackages = [ cronNixosPkg ];
 
-            mkdir -m 710 -p /var/cron
+      systemd.services.cron =
+        { description = "Cron Daemon";
 
-            # By default, allow all users to create a crontab.  This
-            # is denoted by the existence of an empty cron.deny file.
-            if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
-                touch /var/cron/cron.deny
-            fi
-          '';
+          wantedBy = [ "multi-user.target" ];
 
-        restartTriggers = [ config.environment.etc.localtime.source ];
-        serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n";
-      };
+          preStart =
+            ''
+              rm -f /etc/crontab
+              cat ${concatMapStrings (f: "\"${f}\" ") allFiles} > /etc/crontab
+              chmod 0600 /etc/crontab
 
-  };
+              mkdir -m 710 -p /var/cron
+
+              # By default, allow all users to create a crontab.  This
+              # is denoted by the existence of an empty cron.deny file.
+              if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
+                  touch /var/cron/cron.deny
+              fi
+            '';
+
+          restartTriggers = [ config.environment.etc.localtime.source ];
+          serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n";
+        };
+
+    })
+
+  ];
 
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-20 07:26:29 +0000