commit 201f9beddbf5786262bcff11482f0aa30914bb34

pyrox.dev / nixpkgs

lol

Don't enable cron by default

The rationale for disabling this is: 1) systemd timers are better; 2)
it gets rid of one usually unnecessary process, which makes containers
more light-weight.

Note that cron is still enabled if services.cron.systemCronJobs is
non-empty, so this only matters if you have no declarative cron jobs
but do have user cron jobs.

Eelco Dolstra 10 years ago 201f9bed db22d387

+40 -28

2 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-unstable.xml

modules

services

scheduling

cron.nix

+7 -1

nixos/doc/manual/release-notes/rl-unstable.xml

··· 36 36 37 37 </para> 38 38 39 - <para>Following new services were added since the last release: 39 + <para>The following new services were added since the last release: 40 40 41 41 <itemizedlist> 42 42 <listitem><para><literal>brltty</literal></para></listitem> ··· 49 49 following incompatible changes: 50 50 51 51 <itemizedlist> 52 + 53 + <listitem><para><command>cron</command> is no longer enabled by 54 + default, unless you have a non-empty 55 + <option>services.cron.systemCronJobs</option>. To force 56 + <command>cron</command> to be enabled, set 57 + <option>services.cron.enable = true</option>.</para></listitem> 52 58 53 59 <listitem><para>Steam now doesn't need root rights to work. Instead of using 54 60 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.

+33 -27

nixos/modules/services/scheduling/cron.nix

··· 4 4 5 5 let 6 6 7 - inherit (config.services) jobsTags; 8 - 9 7 # Put all the system cronjobs together. 10 8 systemCronJobsFile = pkgs.writeText "system-crontab" 11 9 '' ··· 25 23 sendmailPath = "/var/setuid-wrappers/sendmail"; 26 24 }; 27 25 28 - allFiles = map (f: "\"${f}\"") ( 29 - [ "${systemCronJobsFile}" ] ++ config.services.cron.cronFiles 30 - ); 26 + allFiles = 27 + optional (config.services.cron.systemCronJobs != []) systemCronJobsFile 28 + ++ config.services.cron.cronFiles; 31 29 32 30 in 33 31 ··· 91 89 92 90 ###### implementation 93 91 94 - config = mkIf (config.services.cron.enable && allFiles != []) { 92 + config = mkMerge [ 95 93 96 - security.setuidPrograms = [ "crontab" ]; 94 + { services.cron.enable = mkDefault (allFiles != []); 97 95 98 - environment.systemPackages = [ cronNixosPkg ]; 96 + } 99 97 100 - systemd.services.cron = 101 - { description = "Cron Daemon"; 98 + (mkIf (config.services.cron.enable && allFiles != []) { 102 99 103 - wantedBy = [ "multi-user.target" ]; 100 + security.setuidPrograms = [ "crontab" ]; 104 101 105 - preStart = 106 - '' 107 - rm -f /etc/crontab 108 - cat ${toString allFiles} > /etc/crontab 109 - chmod 0600 /etc/crontab 102 + environment.systemPackages = [ cronNixosPkg ]; 110 103 111 - mkdir -m 710 -p /var/cron 104 + systemd.services.cron = 105 + { description = "Cron Daemon"; 112 106 113 - # By default, allow all users to create a crontab. This 114 - # is denoted by the existence of an empty cron.deny file. 115 - if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then 116 - touch /var/cron/cron.deny 117 - fi 118 - ''; 107 + wantedBy = [ "multi-user.target" ]; 108 + 109 + preStart = 110 + '' 111 + rm -f /etc/crontab 112 + cat ${concatMapStrings (f: "\"${f}\" ") allFiles} > /etc/crontab 113 + chmod 0600 /etc/crontab 119 114 120 - restartTriggers = [ config.environment.etc.localtime.source ]; 121 - serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; 122 - }; 115 + mkdir -m 710 -p /var/cron 123 116 124 - }; 117 + # By default, allow all users to create a crontab. This 118 + # is denoted by the existence of an empty cron.deny file. 119 + if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then 120 + touch /var/cron/cron.deny 121 + fi 122 + ''; 123 + 124 + restartTriggers = [ config.environment.etc.localtime.source ]; 125 + serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; 126 + }; 127 + 128 + }) 129 + 130 + ]; 125 131 126 132 }