diff --git a/nixos/doc/manual/development/writing-modules.xml b/nixos/doc/manual/development/writing-modules.xml
index a699e74e5f6..971e586f20b 100644
--- a/nixos/doc/manual/development/writing-modules.xml
+++ b/nixos/doc/manual/development/writing-modules.xml
@@ -107,12 +107,12 @@ the file system. This module declares two options that can be defined
by other modules (typically the user’s
configuration.nix):
(whether the database should
-be updated) and (when the
+be updated) and (when the
update should be done). It implements its functionality by defining
two options declared by other modules:
(the set of all systemd services)
-and (the list of
-commands to be executed periodically by cron).
+and (the list of commands to be
+executed periodically by systemd).
NixOS Module for the “locate” Service
@@ -120,53 +120,59 @@ commands to be executed periodically by cron).
with lib;
-let locatedb = "/var/cache/locatedb"; in
-
-{
- options = {
-
- services.locate = {
-
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- If enabled, NixOS will periodically update the database of
- files used by the locate command.
- '';
- };
-
- period = mkOption {
- type = types.str;
- default = "15 02 * * *";
- description = ''
- This option defines (in the format used by cron) when the
- locate database is updated. The default is to update at
- 02:15 at night every day.
- '';
- };
-
+let
+ cfg = config.services.locate;
+in {
+ options.services.locate = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If enabled, NixOS will periodically update the database of
+ files used by the locate command.
+ '';
};
+ interval = mkOption {
+ type = types.str;
+ default = "02:15";
+ example = "hourly";
+ description = ''
+ Update the locate database at this interval. Updates by
+ default at 2:15 AM every day.
+
+ The format is described in
+ systemd.time
+ 7.
+ '';
+ };
+
+ # Other options omitted for documentation
};
config = {
-
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = [ pkgs.su ];
script =
''
- mkdir -m 0755 -p $(dirname ${locatedb})
- exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /run'
+ mkdir -m 0755 -p $(dirname ${toString cfg.output})
+ exec updatedb \
+ --localuser=${cfg.localuser} \
+ ${optionalString (!cfg.includeStore) "--prunepaths='/nix/store'"} \
+ --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
'';
};
- services.cron.systemCronJobs = optional config.services.locate.enable
- "${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
-
+ systemd.timers.update-locatedb = mkIf cfg.enable
+ { description = "Update timer for locate database";
+ partOf = [ "update-locatedb.service" ];
+ wantedBy = [ "timers.target" ];
+ timerConfig.OnCalendar = cfg.interval;
+ };
};
-}
+}
+
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix
index 4f9c8d4e5ba..318b81ca07c 100644
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@@ -1,76 +1,74 @@
-{ config, lib, pkgs, ... }:
+{ config, options, lib, pkgs, ... }:
with lib;
let
cfg = config.services.locate;
in {
-
- ###### interface
-
- options = {
-
- services.locate = {
-
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- If enabled, NixOS will periodically update the database of
- files used by the locate command.
- '';
- };
-
- period = mkOption {
- type = types.str;
- default = "15 02 * * *";
- description = ''
- This option defines (in the format used by cron) when the
- locate database is updated.
- The default is to update at 02:15 at night every day.
- '';
- };
-
- extraFlags = mkOption {
- type = types.listOf types.str;
- default = [ ];
- description = ''
- Extra flags to pass to updatedb.
- '';
- };
-
- output = mkOption {
- type = types.path;
- default = "/var/cache/locatedb";
- description = ''
- The database file to build.
- '';
- };
-
- localuser = mkOption {
- type = types.str;
- default = "nobody";
- description = ''
- The user to search non-network directories as, using
- su.
- '';
- };
-
- includeStore = mkOption {
- type = types.bool;
- default = false;
- description = ''
- Whether to include /nix/store in the locate database.
- '';
- };
-
+ options.services.locate = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ If enabled, NixOS will periodically update the database of
+ files used by the locate command.
+ '';
};
+ interval = mkOption {
+ type = types.str;
+ default = "02:15";
+ example = "hourly";
+ description = ''
+ Update the locate database at this interval. Updates by
+ default at 2:15 AM every day.
+
+ The format is described in
+ systemd.time
+ 7.
+ '';
+ };
+
+ # This is no longer supported, but we keep it to give a better warning below
+ period = mkOption { visible = false; };
+
+ extraFlags = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ description = ''
+ Extra flags to pass to updatedb.
+ '';
+ };
+
+ output = mkOption {
+ type = types.path;
+ default = "/var/cache/locatedb";
+ description = ''
+ The database file to build.
+ '';
+ };
+
+ localuser = mkOption {
+ type = types.str;
+ default = "nobody";
+ description = ''
+ The user to search non-network directories as, using
+ su.
+ '';
+ };
+
+ includeStore = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to include /nix/store in the locate database.
+ '';
+ };
};
- ###### implementation
-
config = {
+ warnings = let opt = options.services.locate.period; in optional opt.isDefined "The `period` definition in ${showFiles opt.files} has been removed; please replace it with `interval`, using the new systemd.time interval specifier.";
+
systemd.services.update-locatedb =
{ description = "Update Locate Database";
path = [ pkgs.su ];
@@ -84,11 +82,18 @@ in {
'';
serviceConfig.Nice = 19;
serviceConfig.IOSchedulingClass = "idle";
+ serviceConfig.PrivateTmp = "yes";
+ serviceConfig.PrivateNetwork = "yes";
+ serviceConfig.NoNewPrivileges = "yes";
+ serviceConfig.ReadOnlyDirectories = "/";
+ serviceConfig.ReadWriteDirectories = cfg.output;
};
- services.cron.systemCronJobs = optional config.services.locate.enable
- "${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
-
+ systemd.timers.update-locatedb = mkIf cfg.enable
+ { description = "Update timer for locate database";
+ partOf = [ "update-locatedb.service" ];
+ wantedBy = [ "timers.target" ];
+ timerConfig.OnCalendar = cfg.interval;
+ };
};
-
}