1 { config, lib, pkgs, ... }:
7 cfg = config.services.atd;
19 services.atd.enable = mkOption {
22 description = lib.mdDoc ''
23 Whether to enable the {command}`at` daemon, a command scheduler.
27 services.atd.allowEveryone = mkOption {
30 description = lib.mdDoc ''
31 Whether to make {file}`/var/spool/at{jobs,spool}`
32 writeable by everyone (and sticky). This is normally not
33 needed since the {command}`at` commands are
43 config = mkIf cfg.enable {
45 # Not wrapping "batch" because it's a shell script (kernel drops perms
46 # anyway) and it's patched to invoke the "at" setuid wrapper.
47 security.wrappers = builtins.listToAttrs (
48 map (program: { name = "${program}"; value = {
49 source = "${at}/bin/${program}";
54 };}) [ "at" "atq" "atrm" ]);
56 environment.systemPackages = [ at ];
58 security.pam.services.atd = {};
62 uid = config.ids.uids.atd;
64 description = "atd user";
68 users.groups.atd.gid = config.ids.gids.atd;
70 systemd.services.atd = {
71 description = "Job Execution Daemon (atd)";
72 wantedBy = [ "multi-user.target" ];
77 # Snippets taken and adapted from the original `install' rule of
80 # We assume these values are those actually used in Nixpkgs for
82 spooldir=/var/spool/atspool
83 jobdir=/var/spool/atjobs
86 install -dm755 -o atd -g atd "$etcdir"
87 spool_and_job_dir_perms=${if cfg.allowEveryone then "1777" else "1770"}
88 install -dm"$spool_and_job_dir_perms" -o atd -g atd "$spooldir" "$jobdir"
89 if [ ! -f "$etcdir"/at.deny ]; then
90 touch "$etcdir"/at.deny
91 chown root:atd "$etcdir"/at.deny
92 chmod 640 "$etcdir"/at.deny
94 if [ ! -f "$jobdir"/.SEQ ]; then
96 chown atd:atd "$jobdir"/.SEQ
97 chmod 600 "$jobdir"/.SEQ
103 serviceConfig.Type = "forking";