commit 201f9beddbf5786262bcff11482f0aa30914bb34

pyrox.dev / nixpkgs

lol

Don't enable cron by default

The rationale for disabling this is: 1) systemd timers are better; 2)
it gets rid of one usually unnecessary process, which makes containers
more light-weight.

Note that cron is still enabled if services.cron.systemCronJobs is
non-empty, so this only matters if you have no declarative cron jobs
but do have user cron jobs.

Eelco Dolstra 10 years ago 201f9bed db22d387

+40 -28

2 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-unstable.xml

modules

services

scheduling

cron.nix

+7 -1

nixos/doc/manual/release-notes/rl-unstable.xml

··· 36 37 </para> 38 39 - <para>Following new services were added since the last release: 40 41 <itemizedlist> 42 <listitem><para><literal>brltty</literal></para></listitem> ··· 49 following incompatible changes: 50 51 <itemizedlist> 52 53 <listitem><para>Steam now doesn't need root rights to work. Instead of using 54 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.

··· 36 37 </para> 38 39 + <para>The following new services were added since the last release: 40 41 <itemizedlist> 42 <listitem><para><literal>brltty</literal></para></listitem> ··· 49 following incompatible changes: 50 51 <itemizedlist> 52 + 53 + <listitem><para><command>cron</command> is no longer enabled by 54 + default, unless you have a non-empty 55 + <option>services.cron.systemCronJobs</option>. To force 56 + <command>cron</command> to be enabled, set 57 + <option>services.cron.enable = true</option>.</para></listitem> 58 59 <listitem><para>Steam now doesn't need root rights to work. Instead of using 60 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.

+33 -27

nixos/modules/services/scheduling/cron.nix

··· 4 5 let 6 7 - inherit (config.services) jobsTags; 8 - 9 # Put all the system cronjobs together. 10 systemCronJobsFile = pkgs.writeText "system-crontab" 11 '' ··· 25 sendmailPath = "/var/setuid-wrappers/sendmail"; 26 }; 27 28 - allFiles = map (f: "\"${f}\"") ( 29 - [ "${systemCronJobsFile}" ] ++ config.services.cron.cronFiles 30 - ); 31 32 in 33 ··· 91 92 ###### implementation 93 94 - config = mkIf (config.services.cron.enable && allFiles != []) { 95 96 - security.setuidPrograms = [ "crontab" ]; 97 98 - environment.systemPackages = [ cronNixosPkg ]; 99 100 - systemd.services.cron = 101 - { description = "Cron Daemon"; 102 103 - wantedBy = [ "multi-user.target" ]; 104 105 - preStart = 106 - '' 107 - rm -f /etc/crontab 108 - cat ${toString allFiles} > /etc/crontab 109 - chmod 0600 /etc/crontab 110 111 - mkdir -m 710 -p /var/cron 112 113 - # By default, allow all users to create a crontab. This 114 - # is denoted by the existence of an empty cron.deny file. 115 - if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then 116 - touch /var/cron/cron.deny 117 - fi 118 - ''; 119 120 - restartTriggers = [ config.environment.etc.localtime.source ]; 121 - serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; 122 - }; 123 124 - }; 125 126 }

··· 4 5 let 6 7 # Put all the system cronjobs together. 8 systemCronJobsFile = pkgs.writeText "system-crontab" 9 '' ··· 23 sendmailPath = "/var/setuid-wrappers/sendmail"; 24 }; 25 26 + allFiles = 27 + optional (config.services.cron.systemCronJobs != []) systemCronJobsFile 28 + ++ config.services.cron.cronFiles; 29 30 in 31 ··· 89 90 ###### implementation 91 92 + config = mkMerge [ 93 94 + { services.cron.enable = mkDefault (allFiles != []); 95 96 + } 97 98 + (mkIf (config.services.cron.enable && allFiles != []) { 99 100 + security.setuidPrograms = [ "crontab" ]; 101 102 + environment.systemPackages = [ cronNixosPkg ]; 103 104 + systemd.services.cron = 105 + { description = "Cron Daemon"; 106 107 + wantedBy = [ "multi-user.target" ]; 108 + 109 + preStart = 110 + '' 111 + rm -f /etc/crontab 112 + cat ${concatMapStrings (f: "\"${f}\" ") allFiles} > /etc/crontab 113 + chmod 0600 /etc/crontab 114 115 + mkdir -m 710 -p /var/cron 116 117 + # By default, allow all users to create a crontab. This 118 + # is denoted by the existence of an empty cron.deny file. 119 + if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then 120 + touch /var/cron/cron.deny 121 + fi 122 + ''; 123 + 124 + restartTriggers = [ config.environment.etc.localtime.source ]; 125 + serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n"; 126 + }; 127 + 128 + }) 129 + 130 + ]; 131 132 }