2 { config, lib, pkgs, ... }:
8 cfg = config.services.incron;
20 description = lib.mdDoc ''
21 Whether to enable the incron daemon.
23 Note that commands run under incrontab only support common Nix profiles for the {env}`PATH` provided variable.
28 type = types.nullOr (types.listOf types.str);
30 description = lib.mdDoc ''
31 Users allowed to use incrontab.
33 If empty then no user will be allowed to have their own incrontab.
34 If `null` then will defer to {option}`deny`.
35 If both {option}`allow` and {option}`deny` are null
36 then all users will be allowed to have their own incrontab.
41 type = types.nullOr (types.listOf types.str);
43 description = lib.mdDoc "Users forbidden from using incrontab.";
49 description = lib.mdDoc "The system incrontab contents.";
51 /var/mail IN_CLOSE_WRITE abc $@/$#
52 /tmp IN_ALL_EVENTS efg $@/$# $&
56 extraPackages = mkOption {
57 type = types.listOf types.package;
59 example = literalExpression "[ pkgs.rsync ]";
60 description = lib.mdDoc "Extra packages available to the system incrontab.";
67 config = mkIf cfg.enable {
69 warnings = optional (cfg.allow != null && cfg.deny != null)
70 "If `services.incron.allow` is set then `services.incron.deny` will be ignored.";
72 environment.systemPackages = [ pkgs.incron ];
74 security.wrappers.incrontab =
78 source = "${pkgs.incron}/bin/incrontab";
81 # incron won't read symlinks
82 environment.etc."incron.d/system" = {
86 environment.etc."incron.allow" = mkIf (cfg.allow != null) {
87 text = concatStringsSep "\n" cfg.allow;
89 environment.etc."incron.deny" = mkIf (cfg.deny != null) {
90 text = concatStringsSep "\n" cfg.deny;
93 systemd.services.incron = {
94 description = "File System Events Scheduler";
95 wantedBy = [ "multi-user.target" ];
96 path = cfg.extraPackages;
97 serviceConfig.PIDFile = "/run/incrond.pid";
98 serviceConfig.ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 710 -p /var/spool/incron";
99 serviceConfig.ExecStart = "${pkgs.incron}/bin/incrond --foreground";