From fc03a9f5b7bdd839f9f51f0ec950ae53228643e4 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 25 Aug 2018 18:08:24 -0400 Subject: [PATCH 01/18] initial work on incron service --- nixos/modules/module-list.nix | 1 + nixos/modules/services/monitoring/incron.nix | 73 ++++++++++++++++++++ pkgs/tools/system/incron/default.nix | 33 +++++++++ 3 files changed, 107 insertions(+) create mode 100644 nixos/modules/services/monitoring/incron.nix create mode 100644 pkgs/tools/system/incron/default.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2846afea8fbc..4d83e10d0297 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -416,6 +416,7 @@ ./services/monitoring/graphite.nix ./services/monitoring/hdaps.nix ./services/monitoring/heapster.nix + ./services/monitoring/incron.nix ./services/monitoring/longview.nix ./services/monitoring/monit.nix ./services/monitoring/munin.nix diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix new file mode 100644 index 000000000000..8e312c65f93c --- /dev/null +++ b/nixos/modules/services/monitoring/incron.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.incron; + +in + +{ + options = { + + services.incron = { + + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the incron daemon."; + }; + + allow = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = "Users allowed to use incrontab."; + }; + + deny = mkOption { + type = types.nullOr (types.listOf types.str); + default = null; + description = "Users forbidden from using incrontab."; + }; + + systab = mkOption { + type = types.lines; + default = ""; + description = "The system incrontab contents."; + example = '' + "/var/mail IN_CLOSE_WRITE abc $@/$#" + "/tmp IN_ALL_EVENTS efg $@/$# $&" + ''; + }; + + }; + + }; + + config = mkIf cfg.enable { + + environment.systemPackages = [ pkgs.incron ]; + + security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab"; + + environment.etc."incron.d/system".text = "${cfg.systab}"; + environment.etc."incron.allow" = mkIf (cfg.allow != null) { + text = "${concatStringsSep "\n" cfg.allow}"; + }; + environment.etc."incron.deny" = mkIf (cfg.deny != null) { + text = "${concatStringsSep "\n" cfg.deny}"; + }; + + systemd.services.incron = { + description = "File system events scheduler"; + wantedBy = [ "multi-user.target" ]; + path = [ config.system.path ]; + preStart = "mkdir -m 710 -p /var/spool/incron"; + serviceConfig.Type = "forking"; + serviceConfig.PIDFile = "/run/incrond.pid"; + serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond"; + }; + }; + +} diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix new file mode 100644 index 000000000000..bb320f8d894c --- /dev/null +++ b/pkgs/tools/system/incron/default.nix @@ -0,0 +1,33 @@ +{ stdenv, fetchurl, bash }: + +stdenv.mkDerivation rec { + name = "incron-0.5.12"; + src = fetchurl { + url = "https://github.com/ar-/incron/archive/0.5.12.tar.gz"; + sha256 = "14cgsfyl43pd86wy40m1xwr7ww023n2jyks66ngybz5s4gbhps6c"; + }; + + patchPhase = '' + sed -i "s|PREFIX = /usr/local|PREFIX = $out|g" Makefile + sed -i "s|/bin/bash|${bash}/bin/bash|g" usertable.cpp + ''; + + installPhase = '' + mkdir -p $out/bin + + # make install doesn't work because setuid and permissions + # just manually install the binaries instead + cp incrond incrontab $out/bin/ + + # make install-man is fine for documentation + make install-man + ''; + + meta = with stdenv.lib; { + description = " + The inotify cron daemon (incrond) is a daemon which monitors filesystem events and executes commands defined in system and user tables. It's use is generally similar to cron."; + license = gpl2; + homepage = https://github.com/ar-/incron; + platforms = platforms.linux; + }; +} From 63c3b7ce10ab8672ecb28226f31c09e9809e80c0 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 25 Aug 2018 20:51:39 -0400 Subject: [PATCH 02/18] fixed license added incron to pkgs --- pkgs/tools/system/incron/default.nix | 2 +- pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index bb320f8d894c..a06bb324aaaa 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = " The inotify cron daemon (incrond) is a daemon which monitors filesystem events and executes commands defined in system and user tables. It's use is generally similar to cron."; - license = gpl2; + license = licenses.gpl2; homepage = https://github.com/ar-/incron; platforms = platforms.linux; }; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6a25ec7c561f..0183f3e8f16f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3237,6 +3237,8 @@ with pkgs; inboxer = callPackage ../applications/networking/mailreaders/inboxer { }; + incron = callPackage ../tools/system/incron { }; + inetutils = callPackage ../tools/networking/inetutils { }; infiniband-diags = callPackage ../tools/networking/infiniband-diags { }; From 944f0b01a4029472565c91642ed5819fab4f4cc0 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sun, 26 Aug 2018 01:02:33 +0000 Subject: [PATCH 03/18] replace hardcoded guess path with what i hope is the proper nixos path --- pkgs/tools/system/incron/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index a06bb324aaaa..2f78a37203f7 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -10,6 +10,7 @@ stdenv.mkDerivation rec { patchPhase = '' sed -i "s|PREFIX = /usr/local|PREFIX = $out|g" Makefile sed -i "s|/bin/bash|${bash}/bin/bash|g" usertable.cpp + sed -i "s|/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin|/run/current-system/sw/bin|g" usertable.cpp ''; installPhase = '' From 8da9d7ceb186a92e0737fa98f334b4c4d7a16543 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 25 Aug 2018 21:10:59 -0400 Subject: [PATCH 04/18] conforming to CONTRIBUTING.md --- maintainers/maintainer-list.nix | 5 +++++ pkgs/tools/system/incron/default.nix | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 657e5696041c..a5e48aa30f44 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -23,6 +23,11 @@ github = "a1russell"; name = "Adam Russell"; }; + aanderse = { + email = "aaron@fosslib.net"; + github = "aanderse"; + name = "Aaron Andersen"; + }; aaronschif = { email = "aaronschif@gmail.com"; github = "aaronschif"; diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index 2f78a37203f7..8c1b717d6d25 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -25,10 +25,10 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - description = " - The inotify cron daemon (incrond) is a daemon which monitors filesystem events and executes commands defined in system and user tables. It's use is generally similar to cron."; - license = licenses.gpl2; + description = "A daemon which monitors filesystem events and executes commands defined in system and user tables"; homepage = https://github.com/ar-/incron; + license = licenses.gpl2; + maintainers = [ maintainers.aanderse ]; platforms = platforms.linux; }; } From fc1f33bc2c45fbffc6d2217d95e9f64fce509d90 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 15:23:19 +0000 Subject: [PATCH 05/18] fixed issue with system jobs --- nixos/modules/services/monitoring/incron.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index 8e312c65f93c..5eec4b82fa02 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -51,7 +51,11 @@ in security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab"; - environment.etc."incron.d/system".text = "${cfg.systab}"; + # incron won't read symlinks + environment.etc."incron.d/system" = { + mode = "0444"; + text = "${cfg.systab}"; + }; environment.etc."incron.allow" = mkIf (cfg.allow != null) { text = "${concatStringsSep "\n" cfg.allow}"; }; From 4d89adcd7292b69765eb7692c7e145b28256b30f Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 15:24:10 +0000 Subject: [PATCH 06/18] tweak the PATH variable to better match what NixOS provides --- pkgs/tools/system/incron/default.nix | 5 +-- pkgs/tools/system/incron/default_path.patch | 36 +++++++++++++++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 pkgs/tools/system/incron/default_path.patch diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index 8c1b717d6d25..6c708a49b64f 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -7,10 +7,11 @@ stdenv.mkDerivation rec { sha256 = "14cgsfyl43pd86wy40m1xwr7ww023n2jyks66ngybz5s4gbhps6c"; }; - patchPhase = '' + patches = [ ./default_path.patch ]; + + prePatch = '' sed -i "s|PREFIX = /usr/local|PREFIX = $out|g" Makefile sed -i "s|/bin/bash|${bash}/bin/bash|g" usertable.cpp - sed -i "s|/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin|/run/current-system/sw/bin|g" usertable.cpp ''; installPhase = '' diff --git a/pkgs/tools/system/incron/default_path.patch b/pkgs/tools/system/incron/default_path.patch new file mode 100644 index 000000000000..72ef477a92e2 --- /dev/null +++ b/pkgs/tools/system/incron/default_path.patch @@ -0,0 +1,36 @@ +diff --git usertable.cpp usertable.cpp +index 11fd04b..a8681bd 100644 +--- a/usertable.cpp ++++ b/usertable.cpp +@@ -43,9 +43,6 @@ + #define DONT_FOLLOW(mask) (false) + #endif // IN_DONT_FOLLOW + +-// this is not enough, but... +-#define DEFAULT_PATH "/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin" +- + + PROC_MAP UserTable::s_procMap; + +@@ -597,12 +594,20 @@ void UserTable::RunAsUser(std::string cmd) const + if (clearenv() != 0) + goto failed; + ++ // try to recreate the user path as best as possible ++ std::string DEFAULT_PATH; ++ DEFAULT_PATH += "/run/wrappers/bin:/home/"; ++ DEFAULT_PATH += pwd->pw_name; ++ DEFAULT_PATH += "/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/etc/profiles/per-user/"; ++ DEFAULT_PATH += pwd->pw_name; ++ DEFAULT_PATH += "/bin"; ++ + if ( setenv("LOGNAME", pwd->pw_name, 1) != 0 + || setenv("USER", pwd->pw_name, 1) != 0 + || setenv("USERNAME", pwd->pw_name, 1) != 0 + || setenv("HOME", pwd->pw_dir, 1) != 0 + || setenv("SHELL", pwd->pw_shell, 1) != 0 +- || setenv("PATH", DEFAULT_PATH, 1) != 0) ++ || setenv("PATH", DEFAULT_PATH.c_str(), 1) != 0) + { + goto failed; + } From 64fd3f10aaaca018334ca019d1c9aa4b7c87fe2b Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 15:49:41 +0000 Subject: [PATCH 07/18] fixed mistake about location of HOME --- pkgs/tools/system/incron/default_path.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/system/incron/default_path.patch b/pkgs/tools/system/incron/default_path.patch index 72ef477a92e2..ae173ea29e62 100644 --- a/pkgs/tools/system/incron/default_path.patch +++ b/pkgs/tools/system/incron/default_path.patch @@ -18,8 +18,8 @@ index 11fd04b..a8681bd 100644 + // try to recreate the user path as best as possible + std::string DEFAULT_PATH; -+ DEFAULT_PATH += "/run/wrappers/bin:/home/"; -+ DEFAULT_PATH += pwd->pw_name; ++ DEFAULT_PATH += "/run/wrappers/bin:"; ++ DEFAULT_PATH += pwd->pw_dir; + DEFAULT_PATH += "/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/etc/profiles/per-user/"; + DEFAULT_PATH += pwd->pw_name; + DEFAULT_PATH += "/bin"; From e8d79aba4e1a955bec8573de766e99c26ec3b15b Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 20:59:19 +0000 Subject: [PATCH 08/18] use fetchFromGitHub instead of fetchurl as recommended by @jtojnar --- pkgs/tools/system/incron/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index 6c708a49b64f..4133342f6c4d 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -1,10 +1,12 @@ -{ stdenv, fetchurl, bash }: +{ stdenv, fetchFromGitHub, bash }: stdenv.mkDerivation rec { name = "incron-0.5.12"; - src = fetchurl { - url = "https://github.com/ar-/incron/archive/0.5.12.tar.gz"; - sha256 = "14cgsfyl43pd86wy40m1xwr7ww023n2jyks66ngybz5s4gbhps6c"; + src = fetchFromGitHub { + owner = "ar-"; + repo = "incron"; + rev = "incron-0.5.12"; + sha256 = "11d5f98cjafiv9h9zzzrw2s06s2fvdg8gp64km7mdprd2xmy6dih"; }; patches = [ ./default_path.patch ]; From 7840d00532f87ce0712522e0fbbdc335ce83fd3f Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 21:15:03 +0000 Subject: [PATCH 09/18] clarified the descriptions of the allow and deny options --- nixos/modules/services/monitoring/incron.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index 5eec4b82fa02..4a9e1a9b7b8f 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -22,7 +22,14 @@ in allow = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = "Users allowed to use incrontab."; + description = '' + Users allowed to use incrontab. + + If empty then no user will be allowed to have their own incrontab. + If null then will defer to . + If both and are null + then all users will be allowed to have their own incrontab. + ''; }; deny = mkOption { From bd50320cb1fe6e16294d93d7d051ecd4111e3a16 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 21:28:20 +0000 Subject: [PATCH 10/18] some cleanup of the package .nix file as recommended by @jtojnar --- pkgs/tools/system/incron/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index 4133342f6c4d..43b91f6fac1b 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -16,15 +16,15 @@ stdenv.mkDerivation rec { sed -i "s|/bin/bash|${bash}/bin/bash|g" usertable.cpp ''; - installPhase = '' + installFlags = [ "PREFIX=$(out)" ]; + installTargets = [ "install-man" ]; + + preInstall = '' mkdir -p $out/bin # make install doesn't work because setuid and permissions # just manually install the binaries instead cp incrond incrontab $out/bin/ - - # make install-man is fine for documentation - make install-man ''; meta = with stdenv.lib; { From b77f38c3cd715f59447f4e318fe38abd4f3fee57 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 21:31:55 +0000 Subject: [PATCH 11/18] added a comment about the PATH variable under which incrontab commands will run --- nixos/modules/services/monitoring/incron.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index 4a9e1a9b7b8f..edba38140c6c 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -1,3 +1,4 @@ + { config, lib, pkgs, ... }: with lib; @@ -16,7 +17,11 @@ in enable = mkOption { type = types.bool; default = false; - description = "Whether to enable the incron daemon."; + description = '' + Whether to enable the incron daemon. + + Note that commands run under incrontab only support common Nix profiles for the PATH provided variable. + ''; }; allow = mkOption { From 9153e499a821e946c075191073397f76152bd89b Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 22:35:25 +0000 Subject: [PATCH 12/18] removed redundant line --- pkgs/tools/system/incron/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index 43b91f6fac1b..d29575f8be33 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -12,7 +12,6 @@ stdenv.mkDerivation rec { patches = [ ./default_path.patch ]; prePatch = '' - sed -i "s|PREFIX = /usr/local|PREFIX = $out|g" Makefile sed -i "s|/bin/bash|${bash}/bin/bash|g" usertable.cpp ''; From 1a05952f442393a2a489f2d47c9a42e839af7ea9 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Mon, 27 Aug 2018 22:37:22 +0000 Subject: [PATCH 13/18] remove duplicate string --- pkgs/tools/system/incron/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index d29575f8be33..29e3b88acc8e 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { src = fetchFromGitHub { owner = "ar-"; repo = "incron"; - rev = "incron-0.5.12"; + rev = name; sha256 = "11d5f98cjafiv9h9zzzrw2s06s2fvdg8gp64km7mdprd2xmy6dih"; }; From 3d1091eb5b50667b71cd174b0beaadddceba2364 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 28 Aug 2018 23:50:55 +0000 Subject: [PATCH 14/18] added a check to make sure a situation where a defined configuration wouldn't be unused as per recommended by @maurer --- nixos/modules/services/monitoring/incron.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index edba38140c6c..c850bad881c4 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -59,6 +59,12 @@ in config = mkIf cfg.enable { + assertions = [ + { assertion = cfg.allow != null -> cfg.deny == null; + message = "If `services.incron.allow` is set then `services.incron.deny` will be ignored."; + } + ]; + environment.systemPackages = [ pkgs.incron ]; security.wrappers.incrontab.source = "${pkgs.incron}/bin/incrontab"; From d9943e6bba6c325c8d7bf11f4c91ad00f861e566 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 29 Aug 2018 00:43:28 +0000 Subject: [PATCH 15/18] added option to specify which packages are available to the system incrontab recommendation by @jtojnar and @maurer --- nixos/modules/services/monitoring/incron.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index c850bad881c4..b366597fb2b2 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -53,6 +53,13 @@ in ''; }; + extraPackages = mkOption { + type = types.listOf types.package; + default = []; + example = "[ pkgs.rsync ];"; + description = "Extra packages available to the system incrontab."; + }; + }; }; @@ -84,7 +91,7 @@ in systemd.services.incron = { description = "File system events scheduler"; wantedBy = [ "multi-user.target" ]; - path = [ config.system.path ]; + path = cfg.extraPackages; preStart = "mkdir -m 710 -p /var/spool/incron"; serviceConfig.Type = "forking"; serviceConfig.PIDFile = "/run/incrond.pid"; From 7bc2a0dd64eb3512488c8dd981186a5b0b5c3e92 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Fri, 31 Aug 2018 02:17:38 +0000 Subject: [PATCH 16/18] removed quotes when not needed as suggested by @aszlig --- nixos/modules/services/monitoring/incron.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index b366597fb2b2..3857186f42dd 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -79,13 +79,13 @@ in # incron won't read symlinks environment.etc."incron.d/system" = { mode = "0444"; - text = "${cfg.systab}"; + text = ${cfg.systab}; }; environment.etc."incron.allow" = mkIf (cfg.allow != null) { - text = "${concatStringsSep "\n" cfg.allow}"; + text = ${concatStringsSep "\n" cfg.allow}; }; environment.etc."incron.deny" = mkIf (cfg.deny != null) { - text = "${concatStringsSep "\n" cfg.deny}"; + text = ${concatStringsSep "\n" cfg.deny}; }; systemd.services.incron = { From d7d7533c18531237e458e7f29d9b072925e5bb72 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Fri, 31 Aug 2018 02:52:49 +0000 Subject: [PATCH 17/18] changes as per requested by @aszlig --- nixos/modules/services/monitoring/incron.nix | 27 +++++++++----------- pkgs/tools/system/incron/default.nix | 2 +- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index 3857186f42dd..cac93ad47127 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -20,7 +20,7 @@ in description = '' Whether to enable the incron daemon. - Note that commands run under incrontab only support common Nix profiles for the PATH provided variable. + Note that commands run under incrontab only support common Nix profiles for the PATH provided variable. ''; }; @@ -31,7 +31,7 @@ in Users allowed to use incrontab. If empty then no user will be allowed to have their own incrontab. - If null then will defer to . + If null then will defer to . If both and are null then all users will be allowed to have their own incrontab. ''; @@ -48,15 +48,15 @@ in default = ""; description = "The system incrontab contents."; example = '' - "/var/mail IN_CLOSE_WRITE abc $@/$#" - "/tmp IN_ALL_EVENTS efg $@/$# $&" + /var/mail IN_CLOSE_WRITE abc $@/$# + /tmp IN_ALL_EVENTS efg $@/$# $& ''; }; extraPackages = mkOption { type = types.listOf types.package; default = []; - example = "[ pkgs.rsync ];"; + example = literalExample "[ pkgs.rsync ]"; description = "Extra packages available to the system incrontab."; }; @@ -66,11 +66,8 @@ in config = mkIf cfg.enable { - assertions = [ - { assertion = cfg.allow != null -> cfg.deny == null; - message = "If `services.incron.allow` is set then `services.incron.deny` will be ignored."; - } - ]; + warnings = optional (cfg.allow != null && cfg.deny != null) + ''If `services.incron.allow` is set then `services.incron.deny` will be ignored.''; environment.systemPackages = [ pkgs.incron ]; @@ -79,22 +76,22 @@ in # incron won't read symlinks environment.etc."incron.d/system" = { mode = "0444"; - text = ${cfg.systab}; + text = cfg.systab; }; environment.etc."incron.allow" = mkIf (cfg.allow != null) { - text = ${concatStringsSep "\n" cfg.allow}; + text = concatStringsSep "\n" cfg.allow; }; environment.etc."incron.deny" = mkIf (cfg.deny != null) { - text = ${concatStringsSep "\n" cfg.deny}; + text = concatStringsSep "\n" cfg.deny; }; systemd.services.incron = { - description = "File system events scheduler"; + description = "File System Events Scheduler"; wantedBy = [ "multi-user.target" ]; path = cfg.extraPackages; - preStart = "mkdir -m 710 -p /var/spool/incron"; serviceConfig.Type = "forking"; serviceConfig.PIDFile = "/run/incrond.pid"; + serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron"; serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond"; }; }; diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix index 29e3b88acc8e..2afbed2f9bb2 100644 --- a/pkgs/tools/system/incron/default.nix +++ b/pkgs/tools/system/incron/default.nix @@ -27,7 +27,7 @@ stdenv.mkDerivation rec { ''; meta = with stdenv.lib; { - description = "A daemon which monitors filesystem events and executes commands defined in system and user tables"; + description = "A cron-like daemon which handles filesystem events."; homepage = https://github.com/ar-/incron; license = licenses.gpl2; maintainers = [ maintainers.aanderse ]; From 9b12db6928543dd33a02e7964e82e2291c48a3f0 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Fri, 31 Aug 2018 03:03:04 +0000 Subject: [PATCH 18/18] changed from forking to simple as recommended by @aszlig --- nixos/modules/services/monitoring/incron.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/services/monitoring/incron.nix b/nixos/modules/services/monitoring/incron.nix index cac93ad47127..1789fd9f2051 100644 --- a/nixos/modules/services/monitoring/incron.nix +++ b/nixos/modules/services/monitoring/incron.nix @@ -89,10 +89,9 @@ in description = "File System Events Scheduler"; wantedBy = [ "multi-user.target" ]; path = cfg.extraPackages; - serviceConfig.Type = "forking"; serviceConfig.PIDFile = "/run/incrond.pid"; serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron"; - serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond"; + serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground"; }; };