nixos/modules/services/monitoring/incron.nix at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / incron.nix
at 18.09-beta 2.7 kB view raw
 1
 2{ config, lib, pkgs, ... }:
 3
 4with lib;
 5
 6let
 7
 8  cfg = config.services.incron;
 9
10in
11
12{
13  options = {
14
15    services.incron = {
16
17      enable = mkOption {
18        type = types.bool;
19        default = false;
20        description = ''
21          Whether to enable the incron daemon.
22
23          Note that commands run under incrontab only support common Nix profiles for the <envar>PATH</envar> provided variable.
24        '';
25      };
26
27      allow = mkOption {
28        type = types.nullOr (types.listOf types.str);
29        default = null;
30        description = ''
31          Users allowed to use incrontab.
32
33          If empty then no user will be allowed to have their own incrontab.
34          If <literal>null</literal> then will defer to <option>deny</option>.
35          If both <option>allow</option> and <option>deny</option> are null
36          then all users will be allowed to have their own incrontab.
37        '';
38      };
39
40      deny = mkOption {
41        type = types.nullOr (types.listOf types.str);
42        default = null;
43        description = "Users forbidden from using incrontab.";
44      };
45
46      systab = mkOption {
47        type = types.lines;
48        default = "";
49        description = "The system incrontab contents.";
50        example = ''
51          /var/mail IN_CLOSE_WRITE abc $@/$#
52          /tmp IN_ALL_EVENTS efg $@/$# $&
53        '';
54      };
55
56      extraPackages = mkOption {
57        type = types.listOf types.package;
58        default = [];
59        example = literalExample "[ pkgs.rsync ]";
60        description = "Extra packages available to the system incrontab.";
61      };
62
63    };
64
65  };
66
67  config = mkIf cfg.enable {
68
69    warnings = optional (cfg.allow != null && cfg.deny != null)
70      ''If `services.incron.allow` is set then `services.incron.deny` will be ignored.'';
71
72    environment.systemPackages = [ pkgs.incron ];
73
74    security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab";
75
76    # incron won't read symlinks
77    environment.etc."incron.d/system" = {
78      mode = "0444";
79      text = cfg.systab;
80    };
81    environment.etc."incron.allow" = mkIf (cfg.allow != null) {
82      text = concatStringsSep "\n" cfg.allow;
83    };
84    environment.etc."incron.deny" = mkIf (cfg.deny != null) {
85      text = concatStringsSep "\n" cfg.deny;
86    };
87
88    systemd.services.incron = {
89      description = "File System Events Scheduler";
90      wantedBy = [ "multi-user.target" ];
91      path = cfg.extraPackages;
92      serviceConfig.PIDFile = "/run/incrond.pid";
93      serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron";
94      serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground";
95    };
96  };
97
98}