2014-04-14 15:26:48 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
2009-01-02 19:41:39 +00:00
|
|
|
|
2014-04-14 15:26:48 +01:00
|
|
|
with lib;
|
2009-01-02 19:41:39 +00:00
|
|
|
|
|
|
|
let
|
2009-10-12 17:36:19 +01:00
|
|
|
|
2009-01-02 19:41:39 +00:00
|
|
|
cfg = config.services.fcron;
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2013-10-30 16:37:45 +00:00
|
|
|
queuelen = if cfg.queuelen == null then "" else "-q ${toString cfg.queuelen}";
|
2009-01-02 19:41:39 +00:00
|
|
|
|
2013-11-04 11:07:03 +00:00
|
|
|
# Duplicate code, also found in cron.nix. Needs deduplication.
|
2011-01-03 18:36:31 +00:00
|
|
|
systemCronJobs =
|
2009-10-12 17:36:19 +01:00
|
|
|
''
|
2010-10-10 12:35:15 +01:00
|
|
|
SHELL=${pkgs.bash}/bin/bash
|
|
|
|
PATH=${config.system.path}/bin:${config.system.path}/sbin
|
2013-11-04 11:07:03 +00:00
|
|
|
${optionalString (config.services.cron.mailto != null) ''
|
|
|
|
MAILTO="${config.services.cron.mailto}"
|
|
|
|
''}
|
2011-11-03 19:04:54 +00:00
|
|
|
NIX_CONF_DIR=/etc/nix
|
2014-05-05 19:58:51 +01:00
|
|
|
${lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)}
|
2009-10-12 17:36:19 +01:00
|
|
|
'';
|
|
|
|
|
|
|
|
allowdeny = target: users:
|
|
|
|
{ source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users);
|
|
|
|
target = "fcron.${target}";
|
2017-03-05 21:40:01 +00:00
|
|
|
mode = "644";
|
|
|
|
gid = config.ids.gids.fcron;
|
2009-10-12 17:36:19 +01:00
|
|
|
};
|
2009-01-02 19:41:39 +00:00
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
2009-10-12 17:36:19 +01:00
|
|
|
|
|
|
|
###### interface
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
options = {
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
services.fcron = {
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
enable = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.bool;
|
2009-10-12 17:36:19 +01:00
|
|
|
default = false;
|
2013-10-30 16:37:45 +00:00
|
|
|
description = "Whether to enable the <command>fcron</command> daemon.";
|
2009-10-12 17:36:19 +01:00
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
allow = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.listOf types.str;
|
2010-10-10 12:35:15 +01:00
|
|
|
default = [ "all" ];
|
2009-10-12 17:36:19 +01:00
|
|
|
description = ''
|
2013-10-30 16:37:45 +00:00
|
|
|
Users allowed to use fcrontab and fcrondyn (one name per
|
|
|
|
line, <literal>all</literal> for everyone).
|
2009-10-12 17:36:19 +01:00
|
|
|
'';
|
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
deny = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.listOf types.str;
|
2009-10-12 17:36:19 +01:00
|
|
|
default = [];
|
|
|
|
description = "Users forbidden from using fcron.";
|
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
maxSerialJobs = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.int;
|
2009-10-12 17:36:19 +01:00
|
|
|
default = 1;
|
|
|
|
description = "Maximum number of serial jobs which can run simultaneously.";
|
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
queuelen = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.nullOr types.int;
|
|
|
|
default = null;
|
|
|
|
description = "Number of jobs the serial queue and the lavg queue can contain.";
|
2009-10-12 17:36:19 +01:00
|
|
|
};
|
2011-09-14 19:20:50 +01:00
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
systab = mkOption {
|
2013-10-30 16:37:45 +00:00
|
|
|
type = types.lines;
|
2011-01-05 10:42:39 +00:00
|
|
|
default = "";
|
2009-10-12 17:36:19 +01:00
|
|
|
description = ''The "system" crontab contents.'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2009-01-02 19:41:39 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2009-10-12 17:36:19 +01:00
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2009-01-02 19:41:39 +00:00
|
|
|
|
2011-01-05 10:42:39 +00:00
|
|
|
services.fcron.systab = systemCronJobs;
|
|
|
|
|
2019-09-14 18:51:29 +01:00
|
|
|
environment.etc = listToAttrs
|
|
|
|
(map (x: { name = x.target; value = x; })
|
2010-10-10 12:35:15 +01:00
|
|
|
[ (allowdeny "allow" (cfg.allow))
|
2009-10-12 17:36:19 +01:00
|
|
|
(allowdeny "deny" cfg.deny)
|
|
|
|
# see man 5 fcron.conf
|
2017-12-31 02:34:11 +00:00
|
|
|
{ source =
|
|
|
|
let
|
|
|
|
isSendmailWrapped =
|
|
|
|
lib.hasAttr "sendmail" config.security.wrappers;
|
|
|
|
sendmailPath =
|
|
|
|
if isSendmailWrapped then "/run/wrappers/bin/sendmail"
|
|
|
|
else "${config.system.path}/bin/sendmail";
|
|
|
|
in
|
|
|
|
pkgs.writeText "fcron.conf" ''
|
|
|
|
fcrontabs = /var/spool/fcron
|
2018-12-19 21:41:40 +00:00
|
|
|
pidfile = /run/fcron.pid
|
|
|
|
fifofile = /run/fcron.fifo
|
2017-12-31 02:34:11 +00:00
|
|
|
fcronallow = /etc/fcron.allow
|
|
|
|
fcrondeny = /etc/fcron.deny
|
|
|
|
shell = /bin/sh
|
|
|
|
sendmail = ${sendmailPath}
|
|
|
|
editor = ${pkgs.vim}/bin/vim
|
|
|
|
'';
|
2009-10-12 17:36:19 +01:00
|
|
|
target = "fcron.conf";
|
2017-03-05 21:40:01 +00:00
|
|
|
gid = config.ids.gids.fcron;
|
|
|
|
mode = "0644";
|
2009-10-12 17:36:19 +01:00
|
|
|
}
|
2019-09-14 18:51:29 +01:00
|
|
|
]);
|
2009-10-12 17:36:19 +01:00
|
|
|
|
|
|
|
environment.systemPackages = [ pkgs.fcron ];
|
2018-06-30 00:58:35 +01:00
|
|
|
users.users.fcron = {
|
2017-03-05 21:40:01 +00:00
|
|
|
uid = config.ids.uids.fcron;
|
|
|
|
home = "/var/spool/fcron";
|
|
|
|
group = "fcron";
|
|
|
|
};
|
|
|
|
users.groups.fcron.gid = config.ids.gids.fcron;
|
|
|
|
|
|
|
|
security.wrappers = {
|
|
|
|
fcrontab = {
|
|
|
|
source = "${pkgs.fcron}/bin/fcrontab";
|
|
|
|
owner = "fcron";
|
|
|
|
group = "fcron";
|
|
|
|
setgid = true;
|
2018-05-06 19:24:09 +01:00
|
|
|
setuid = true;
|
2017-03-05 21:40:01 +00:00
|
|
|
};
|
|
|
|
fcrondyn = {
|
|
|
|
source = "${pkgs.fcron}/bin/fcrondyn";
|
|
|
|
owner = "fcron";
|
|
|
|
group = "fcron";
|
|
|
|
setgid = true;
|
2021-06-10 00:47:55 +01:00
|
|
|
setuid = false;
|
2017-03-05 21:40:01 +00:00
|
|
|
};
|
|
|
|
fcronsighup = {
|
|
|
|
source = "${pkgs.fcron}/bin/fcronsighup";
|
2021-06-10 00:47:55 +01:00
|
|
|
owner = "root";
|
2017-03-05 21:40:01 +00:00
|
|
|
group = "fcron";
|
2021-09-12 17:53:48 +01:00
|
|
|
setuid = true;
|
2017-03-05 21:40:01 +00:00
|
|
|
};
|
|
|
|
};
|
2016-01-06 06:50:18 +00:00
|
|
|
systemd.services.fcron = {
|
|
|
|
description = "fcron daemon";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
2017-10-09 11:35:06 +01:00
|
|
|
path = [ pkgs.fcron ];
|
2009-10-12 17:36:19 +01:00
|
|
|
|
2016-01-06 06:50:18 +00:00
|
|
|
preStart = ''
|
2017-04-13 11:26:45 +01:00
|
|
|
install \
|
|
|
|
--mode 0770 \
|
|
|
|
--owner fcron \
|
|
|
|
--group fcron \
|
|
|
|
--directory /var/spool/fcron
|
2016-01-06 06:50:18 +00:00
|
|
|
# load system crontab file
|
2017-10-09 22:44:28 +01:00
|
|
|
/run/wrappers/bin/fcrontab -u systab - < ${pkgs.writeText "systab" cfg.systab}
|
2016-01-06 06:50:18 +00:00
|
|
|
'';
|
2012-06-10 16:14:16 +01:00
|
|
|
|
2017-03-05 21:40:01 +00:00
|
|
|
serviceConfig = {
|
|
|
|
Type = "forking";
|
|
|
|
ExecStart = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
|
|
|
|
};
|
2016-01-06 06:50:18 +00:00
|
|
|
};
|
2009-01-02 19:41:39 +00:00
|
|
|
};
|
|
|
|
}
|