nixpkgs/nixos/modules/services/monitoring/incron.nix


{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.incron;

in

{
  options = {

    services.incron = {

      enable = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Whether to enable the incron daemon.

          Note that commands run under incrontab only support common Nix profiles for the <envar>PATH</envar> provided variable.
        '';
      };

      allow = mkOption {
        type = types.nullOr (types.listOf types.str);
        default = null;
        description = ''
          Users allowed to use incrontab.

          If empty then no user will be allowed to have their own incrontab.
          If <literal>null</literal> then will defer to <option>deny</option>.
          If both <option>allow</option> and <option>deny</option> are null
          then all users will be allowed to have their own incrontab.
        '';
      };

      deny = mkOption {
        type = types.nullOr (types.listOf types.str);
        default = null;
        description = "Users forbidden from using incrontab.";
      };

      systab = mkOption {
        type = types.lines;
        default = "";
        description = "The system incrontab contents.";
        example = ''
          /var/mail IN_CLOSE_WRITE abc $@/$#
          /tmp IN_ALL_EVENTS efg $@/$# $&
        '';
      };

      extraPackages = mkOption {
        type = types.listOf types.package;
        default = [];
        example = literalExample "[ pkgs.rsync ]";
        description = "Extra packages available to the system incrontab.";
      };

    };

  };

  config = mkIf cfg.enable {

    warnings = optional (cfg.allow != null && cfg.deny != null)
      ''If `services.incron.allow` is set then `services.incron.deny` will be ignored.'';

    environment.systemPackages = [ pkgs.incron ];

    security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab";

    # incron won't read symlinks
    environment.etc."incron.d/system" = {
      mode = "0444";
      text = cfg.systab;
    };
    environment.etc."incron.allow" = mkIf (cfg.allow != null) {
      text = concatStringsSep "\n" cfg.allow;
    };
    environment.etc."incron.deny" = mkIf (cfg.deny != null) {
      text = concatStringsSep "\n" cfg.deny;
    };

    systemd.services.incron = {
      description = "File System Events Scheduler";
      wantedBy = [ "multi-user.target" ];
      path = cfg.extraPackages;
      serviceConfig.PIDFile = "/run/incrond.pid";
      serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron";
      serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground";
    };
  };

}
added a comment about the PATH variable under which incrontab commands will run 2018-08-27 21:31:55 +00:00
initial work on incron service 2018-08-25 18:08:24 -04:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.services.incron;`

			`in`

			`{`
			`options = {`

			`services.incron = {`

			`enable = mkOption {`
			`type = types.bool;`
			`default = false;`
added a comment about the PATH variable under which incrontab commands will run 2018-08-27 21:31:55 +00:00			`description = ''`
			`Whether to enable the incron daemon.`

changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`Note that commands run under incrontab only support common Nix profiles for the <envar>PATH</envar> provided variable.`
added a comment about the PATH variable under which incrontab commands will run 2018-08-27 21:31:55 +00:00			`'';`
initial work on incron service 2018-08-25 18:08:24 -04:00			`};`

			`allow = mkOption {`
			`type = types.nullOr (types.listOf types.str);`
			`default = null;`
clarified the descriptions of the allow and deny options 2018-08-27 21:15:03 +00:00			`description = ''`
			`Users allowed to use incrontab.`

			`If empty then no user will be allowed to have their own incrontab.`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`If <literal>null</literal> then will defer to <option>deny</option>.`
clarified the descriptions of the allow and deny options 2018-08-27 21:15:03 +00:00			`If both <option>allow</option> and <option>deny</option> are null`
			`then all users will be allowed to have their own incrontab.`
			`'';`
initial work on incron service 2018-08-25 18:08:24 -04:00			`};`

			`deny = mkOption {`
			`type = types.nullOr (types.listOf types.str);`
			`default = null;`
			`description = "Users forbidden from using incrontab.";`
			`};`

			`systab = mkOption {`
			`type = types.lines;`
			`default = "";`
			`description = "The system incrontab contents.";`
			`example = ''`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`/var/mail IN_CLOSE_WRITE abc $@/$#`
			`/tmp IN_ALL_EVENTS efg $@/$# $&`
initial work on incron service 2018-08-25 18:08:24 -04:00			`'';`
			`};`

added option to specify which packages are available to the system incrontab recommendation by @jtojnar and @maurer 2018-08-29 00:43:28 +00:00			`extraPackages = mkOption {`
			`type = types.listOf types.package;`
			`default = [];`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`example = literalExample "[ pkgs.rsync ]";`
added option to specify which packages are available to the system incrontab recommendation by @jtojnar and @maurer 2018-08-29 00:43:28 +00:00			`description = "Extra packages available to the system incrontab.";`
			`};`

initial work on incron service 2018-08-25 18:08:24 -04:00			`};`

			`};`

			`config = mkIf cfg.enable {`

changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`warnings = optional (cfg.allow != null && cfg.deny != null)`
			''If `services.incron.allow` is set then `services.incron.deny` will be ignored.'';
added a check to make sure a situation where a defined configuration wouldn't be unused as per recommended by @maurer 2018-08-28 23:50:55 +00:00
initial work on incron service 2018-08-25 18:08:24 -04:00			`environment.systemPackages = [ pkgs.incron ];`

			`security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab";`

fixed issue with system jobs 2018-08-27 15:23:19 +00:00			`# incron won't read symlinks`
			`environment.etc."incron.d/system" = {`
			`mode = "0444";`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`text = cfg.systab;`
fixed issue with system jobs 2018-08-27 15:23:19 +00:00			`};`
initial work on incron service 2018-08-25 18:08:24 -04:00			`environment.etc."incron.allow" = mkIf (cfg.allow != null) {`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`text = concatStringsSep "\n" cfg.allow;`
initial work on incron service 2018-08-25 18:08:24 -04:00			`};`
			`environment.etc."incron.deny" = mkIf (cfg.deny != null) {`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`text = concatStringsSep "\n" cfg.deny;`
initial work on incron service 2018-08-25 18:08:24 -04:00			`};`

			`systemd.services.incron = {`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`description = "File System Events Scheduler";`
initial work on incron service 2018-08-25 18:08:24 -04:00			`wantedBy = [ "multi-user.target" ];`
added option to specify which packages are available to the system incrontab recommendation by @jtojnar and @maurer 2018-08-29 00:43:28 +00:00			`path = cfg.extraPackages;`
initial work on incron service 2018-08-25 18:08:24 -04:00			`serviceConfig.PIDFile = "/run/incrond.pid";`
changes as per requested by @aszlig 2018-08-31 02:52:49 +00:00			`serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron";`
changed from forking to simple as recommended by @aszlig 2018-08-31 03:03:04 +00:00			`serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground";`
initial work on incron service 2018-08-25 18:08:24 -04:00			`};`
			`};`

			`}`