nixos/modules/services/monitoring/incron.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / monitoring / incron.nix
at 23.11-pre 2.8 kB view raw
  1
  2{ config, lib, pkgs, ... }:
  3
  4with lib;
  5
  6let
  7
  8  cfg = config.services.incron;
  9
 10in
 11
 12{
 13  options = {
 14
 15    services.incron = {
 16
 17      enable = mkOption {
 18        type = types.bool;
 19        default = false;
 20        description = lib.mdDoc ''
 21          Whether to enable the incron daemon.
 22
 23          Note that commands run under incrontab only support common Nix profiles for the {env}`PATH` provided variable.
 24        '';
 25      };
 26
 27      allow = mkOption {
 28        type = types.nullOr (types.listOf types.str);
 29        default = null;
 30        description = lib.mdDoc ''
 31          Users allowed to use incrontab.
 32
 33          If empty then no user will be allowed to have their own incrontab.
 34          If `null` then will defer to {option}`deny`.
 35          If both {option}`allow` and {option}`deny` are null
 36          then all users will be allowed to have their own incrontab.
 37        '';
 38      };
 39
 40      deny = mkOption {
 41        type = types.nullOr (types.listOf types.str);
 42        default = null;
 43        description = lib.mdDoc "Users forbidden from using incrontab.";
 44      };
 45
 46      systab = mkOption {
 47        type = types.lines;
 48        default = "";
 49        description = lib.mdDoc "The system incrontab contents.";
 50        example = ''
 51          /var/mail IN_CLOSE_WRITE abc $@/$#
 52          /tmp IN_ALL_EVENTS efg $@/$# $&
 53        '';
 54      };
 55
 56      extraPackages = mkOption {
 57        type = types.listOf types.package;
 58        default = [];
 59        example = literalExpression "[ pkgs.rsync ]";
 60        description = lib.mdDoc "Extra packages available to the system incrontab.";
 61      };
 62
 63    };
 64
 65  };
 66
 67  config = mkIf cfg.enable {
 68
 69    warnings = optional (cfg.allow != null && cfg.deny != null)
 70      "If `services.incron.allow` is set then `services.incron.deny` will be ignored.";
 71
 72    environment.systemPackages = [ pkgs.incron ];
 73
 74    security.wrappers.incrontab =
 75    { setuid = true;
 76      owner = "root";
 77      group = "root";
 78      source = "${pkgs.incron}/bin/incrontab";
 79    };
 80
 81    # incron won't read symlinks
 82    environment.etc."incron.d/system" = {
 83      mode = "0444";
 84      text = cfg.systab;
 85    };
 86    environment.etc."incron.allow" = mkIf (cfg.allow != null) {
 87      text = concatStringsSep "\n" cfg.allow;
 88    };
 89    environment.etc."incron.deny" = mkIf (cfg.deny != null) {
 90      text = concatStringsSep "\n" cfg.deny;
 91    };
 92
 93    systemd.services.incron = {
 94      description = "File System Events Scheduler";
 95      wantedBy = [ "multi-user.target" ];
 96      path = cfg.extraPackages;
 97      serviceConfig.PIDFile = "/run/incrond.pid";
 98      serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron";
 99      serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground";
100    };
101  };
102
103}