diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/scheduling')
-rw-r--r-- | nixpkgs/nixos/modules/services/scheduling/atd.nix | 115 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/scheduling/chronos.nix | 54 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/scheduling/cron.nix | 133 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/scheduling/fcron.nix | 167 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/scheduling/marathon.nix | 98 |
5 files changed, 567 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/scheduling/atd.nix b/nixpkgs/nixos/modules/services/scheduling/atd.nix new file mode 100644 index 000000000000..a32907647a0d --- /dev/null +++ b/nixpkgs/nixos/modules/services/scheduling/atd.nix @@ -0,0 +1,115 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.atd; + + inherit (pkgs) at; + +in + +{ + + ###### interface + + options = { + + services.atd.enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the <command>at</command> daemon, a command scheduler. + ''; + }; + + services.atd.allowEveryone = mkOption { + type = types.bool; + default = false; + description = '' + Whether to make <filename>/var/spool/at{jobs,spool}</filename> + writeable by everyone (and sticky). This is normally not + needed since the <command>at</command> commands are + setuid/setgid <literal>atd</literal>. + ''; + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + # Not wrapping "batch" because it's a shell script (kernel drops perms + # anyway) and it's patched to invoke the "at" setuid wrapper. + security.wrappers = builtins.listToAttrs ( + map (program: { name = "${program}"; value = { + source = "${at}/bin/${program}"; + owner = "atd"; + group = "atd"; + setuid = true; + setgid = true; + };}) [ "at" "atq" "atrm" ]); + + environment.systemPackages = [ at ]; + + security.pam.services.atd = {}; + + users.users = singleton + { name = "atd"; + uid = config.ids.uids.atd; + description = "atd user"; + home = "/var/empty"; + }; + + users.groups = singleton + { name = "atd"; + gid = config.ids.gids.atd; + }; + + systemd.services.atd = { + description = "Job Execution Daemon (atd)"; + after = [ "systemd-udev-settle.service" ]; + wants = [ "systemd-udev-settle.service" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ at ]; + + preStart = '' + # Snippets taken and adapted from the original `install' rule of + # the makefile. + + # We assume these values are those actually used in Nixpkgs for + # `at'. + spooldir=/var/spool/atspool + jobdir=/var/spool/atjobs + etcdir=/etc/at + + for dir in "$spooldir" "$jobdir" "$etcdir"; do + if [ ! -d "$dir" ]; then + mkdir -p "$dir" + chown atd:atd "$dir" + fi + done + chmod 1770 "$spooldir" "$jobdir" + ${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""} + if [ ! -f "$etcdir"/at.deny ]; then + touch "$etcdir"/at.deny + chown root:atd "$etcdir"/at.deny + chmod 640 "$etcdir"/at.deny + fi + if [ ! -f "$jobdir"/.SEQ ]; then + touch "$jobdir"/.SEQ + chown atd:atd "$jobdir"/.SEQ + chmod 600 "$jobdir"/.SEQ + fi + ''; + + script = "atd"; + + serviceConfig.Type = "forking"; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/scheduling/chronos.nix b/nixpkgs/nixos/modules/services/scheduling/chronos.nix new file mode 100644 index 000000000000..9a8ed4c09ac1 --- /dev/null +++ b/nixpkgs/nixos/modules/services/scheduling/chronos.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.chronos; + +in { + + ###### interface + + options.services.chronos = { + enable = mkOption { + description = "Whether to enable graphite web frontend."; + default = false; + type = types.bool; + }; + + httpPort = mkOption { + description = "Chronos listening port"; + default = 4400; + type = types.int; + }; + + master = mkOption { + description = "Chronos mesos master zookeeper address"; + default = "zk://${head cfg.zookeeperHosts}/mesos"; + type = types.str; + }; + + zookeeperHosts = mkOption { + description = "Chronos mesos zookepper addresses"; + default = [ "localhost:2181" ]; + type = types.listOf types.str; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + systemd.services.chronos = { + description = "Chronos Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "zookeeper.service" ]; + + serviceConfig = { + ExecStart = "${pkgs.chronos}/bin/chronos --master ${cfg.master} --zk_hosts ${concatStringsSep "," cfg.zookeeperHosts} --http_port ${toString cfg.httpPort}"; + User = "chronos"; + }; + }; + + users.users.chronos.uid = config.ids.uids.chronos; + }; +} diff --git a/nixpkgs/nixos/modules/services/scheduling/cron.nix b/nixpkgs/nixos/modules/services/scheduling/cron.nix new file mode 100644 index 000000000000..3bc31832946b --- /dev/null +++ b/nixpkgs/nixos/modules/services/scheduling/cron.nix @@ -0,0 +1,133 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + # Put all the system cronjobs together. + systemCronJobsFile = pkgs.writeText "system-crontab" + '' + SHELL=${pkgs.bash}/bin/bash + PATH=${config.system.path}/bin:${config.system.path}/sbin + ${optionalString (config.services.cron.mailto != null) '' + MAILTO="${config.services.cron.mailto}" + ''} + NIX_CONF_DIR=/etc/nix + ${lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} + ''; + + # Vixie cron requires build-time configuration for the sendmail path. + cronNixosPkg = pkgs.cron.override { + # The mail.nix nixos module, if there is any local mail system enabled, + # should have sendmail in this path. + sendmailPath = "/run/wrappers/bin/sendmail"; + }; + + allFiles = + optional (config.services.cron.systemCronJobs != []) systemCronJobsFile + ++ config.services.cron.cronFiles; + +in + +{ + + ###### interface + + options = { + + services.cron = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the Vixie cron daemon."; + }; + + mailto = mkOption { + type = types.nullOr types.str; + default = null; + description = "Email address to which job output will be mailed."; + }; + + systemCronJobs = mkOption { + type = types.listOf types.str; + default = []; + example = literalExample '' + [ "* * * * * test ls -l / > /tmp/cronout 2>&1" + "* * * * * eelco echo Hello World > /home/eelco/cronout" + ] + ''; + description = '' + A list of Cron jobs to be appended to the system-wide + crontab. See the manual page for crontab for the expected + format. If you want to get the results mailed you must setuid + sendmail. See <option>security.wrappers</option> + + If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root + is allowed to have its own crontab file. The /var/cron/cron.deny file + is created automatically for you, so every user can use a crontab. + + Many nixos modules set systemCronJobs, so if you decide to disable vixie cron + and enable another cron daemon, you may want it to get its system crontab + based on systemCronJobs. + ''; + }; + + cronFiles = mkOption { + type = types.listOf types.path; + default = []; + description = '' + A list of extra crontab files that will be read and appended to the main + crontab file when the cron service starts. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkMerge [ + + { services.cron.enable = mkDefault (allFiles != []); } + (mkIf (config.services.cron.enable) { + security.wrappers.crontab.source = "${cronNixosPkg}/bin/crontab"; + environment.systemPackages = [ cronNixosPkg ]; + environment.etc.crontab = + { source = pkgs.runCommand "crontabs" { inherit allFiles; preferLocalBuild = true; } + '' + touch $out + for i in $allFiles; do + cat "$i" >> $out + done + ''; + mode = "0600"; # Cron requires this. + }; + + systemd.services.cron = + { description = "Cron Daemon"; + + wantedBy = [ "multi-user.target" ]; + + preStart = + '' + mkdir -m 710 -p /var/cron + + # By default, allow all users to create a crontab. This + # is denoted by the existence of an empty cron.deny file. + if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then + touch /var/cron/cron.deny + fi + ''; + + restartTriggers = [ config.time.timeZone ]; + serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; + }; + + }) + + ]; + +} diff --git a/nixpkgs/nixos/modules/services/scheduling/fcron.nix b/nixpkgs/nixos/modules/services/scheduling/fcron.nix new file mode 100644 index 000000000000..f77b3bcd5921 --- /dev/null +++ b/nixpkgs/nixos/modules/services/scheduling/fcron.nix @@ -0,0 +1,167 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.fcron; + + queuelen = if cfg.queuelen == null then "" else "-q ${toString cfg.queuelen}"; + + # Duplicate code, also found in cron.nix. Needs deduplication. + systemCronJobs = + '' + SHELL=${pkgs.bash}/bin/bash + PATH=${config.system.path}/bin:${config.system.path}/sbin + ${optionalString (config.services.cron.mailto != null) '' + MAILTO="${config.services.cron.mailto}" + ''} + NIX_CONF_DIR=/etc/nix + ${lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)} + ''; + + allowdeny = target: users: + { source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users); + target = "fcron.${target}"; + mode = "644"; + gid = config.ids.gids.fcron; + }; + +in + +{ + + ###### interface + + options = { + + services.fcron = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the <command>fcron</command> daemon."; + }; + + allow = mkOption { + type = types.listOf types.str; + default = [ "all" ]; + description = '' + Users allowed to use fcrontab and fcrondyn (one name per + line, <literal>all</literal> for everyone). + ''; + }; + + deny = mkOption { + type = types.listOf types.str; + default = []; + description = "Users forbidden from using fcron."; + }; + + maxSerialJobs = mkOption { + type = types.int; + default = 1; + description = "Maximum number of serial jobs which can run simultaneously."; + }; + + queuelen = mkOption { + type = types.nullOr types.int; + default = null; + description = "Number of jobs the serial queue and the lavg queue can contain."; + }; + + systab = mkOption { + type = types.lines; + default = ""; + description = ''The "system" crontab contents.''; + }; + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + services.fcron.systab = systemCronJobs; + + environment.etc = + [ (allowdeny "allow" (cfg.allow)) + (allowdeny "deny" cfg.deny) + # see man 5 fcron.conf + { source = + let + isSendmailWrapped = + lib.hasAttr "sendmail" config.security.wrappers; + sendmailPath = + if isSendmailWrapped then "/run/wrappers/bin/sendmail" + else "${config.system.path}/bin/sendmail"; + in + pkgs.writeText "fcron.conf" '' + fcrontabs = /var/spool/fcron + pidfile = /run/fcron.pid + fifofile = /run/fcron.fifo + fcronallow = /etc/fcron.allow + fcrondeny = /etc/fcron.deny + shell = /bin/sh + sendmail = ${sendmailPath} + editor = ${pkgs.vim}/bin/vim + ''; + target = "fcron.conf"; + gid = config.ids.gids.fcron; + mode = "0644"; + } + ]; + + environment.systemPackages = [ pkgs.fcron ]; + users.users.fcron = { + uid = config.ids.uids.fcron; + home = "/var/spool/fcron"; + group = "fcron"; + }; + users.groups.fcron.gid = config.ids.gids.fcron; + + security.wrappers = { + fcrontab = { + source = "${pkgs.fcron}/bin/fcrontab"; + owner = "fcron"; + group = "fcron"; + setgid = true; + setuid = true; + }; + fcrondyn = { + source = "${pkgs.fcron}/bin/fcrondyn"; + owner = "fcron"; + group = "fcron"; + setgid = true; + }; + fcronsighup = { + source = "${pkgs.fcron}/bin/fcronsighup"; + group = "fcron"; + }; + }; + systemd.services.fcron = { + description = "fcron daemon"; + after = [ "local-fs.target" ]; + wantedBy = [ "multi-user.target" ]; + + path = [ pkgs.fcron ]; + + preStart = '' + install \ + --mode 0770 \ + --owner fcron \ + --group fcron \ + --directory /var/spool/fcron + # load system crontab file + /run/wrappers/bin/fcrontab -u systab - < ${pkgs.writeText "systab" cfg.systab} + ''; + + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}"; + }; + }; + }; +} diff --git a/nixpkgs/nixos/modules/services/scheduling/marathon.nix b/nixpkgs/nixos/modules/services/scheduling/marathon.nix new file mode 100644 index 000000000000..0961a67770e1 --- /dev/null +++ b/nixpkgs/nixos/modules/services/scheduling/marathon.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.marathon; + +in { + + ###### interface + + options.services.marathon = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the marathon mesos framework. + ''; + }; + + master = mkOption { + type = types.str; + default = "zk://${concatStringsSep "," cfg.zookeeperHosts}/mesos"; + example = "zk://1.2.3.4:2181,2.3.4.5:2181,3.4.5.6:2181/mesos"; + description = '' + Mesos master address. See <link xlink:href="https://mesosphere.github.io/marathon/docs/"/> for details. + ''; + }; + + zookeeperHosts = mkOption { + type = types.listOf types.str; + default = [ "localhost:2181" ]; + example = [ "1.2.3.4:2181" "2.3.4.5:2181" "3.4.5.6:2181" ]; + description = '' + ZooKeeper hosts' addresses. + ''; + }; + + user = mkOption { + type = types.str; + default = "marathon"; + example = "root"; + description = '' + The user that the Marathon framework will be launched as. If the user doesn't exist it will be created. + If you want to run apps that require root access or you want to launch apps using arbitrary users, that + is using the `--mesos_user` flag then you need to change this to `root`. + ''; + }; + + httpPort = mkOption { + type = types.int; + default = 8080; + description = '' + Marathon listening port for HTTP connections. + ''; + }; + + extraCmdLineOptions = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "--https_port=8443" "--zk_timeout=10000" "--marathon_store_timeout=2000" ]; + description = '' + Extra command line options to pass to Marathon. + See <link xlink:href="https://mesosphere.github.io/marathon/docs/command-line-flags.html"/> for all possible flags. + ''; + }; + + environment = mkOption { + default = { }; + type = types.attrs; + example = { JAVA_OPTS = "-Xmx512m"; MESOSPHERE_HTTP_CREDENTIALS = "username:password"; }; + description = '' + Environment variables passed to Marathon. + ''; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + systemd.services.marathon = { + description = "Marathon Service"; + environment = cfg.environment; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "zookeeper.service" "mesos-master.service" "mesos-slave.service" ]; + + serviceConfig = { + ExecStart = "${pkgs.marathon}/bin/marathon --master ${cfg.master} --zk zk://${concatStringsSep "," cfg.zookeeperHosts}/marathon --http_port ${toString cfg.httpPort} ${concatStringsSep " " cfg.extraCmdLineOptions}"; + User = cfg.user; + Restart = "always"; + RestartSec = "2"; + }; + }; + + users.users.${cfg.user} = { }; + }; +} |