Don't enable cron by default

The rationale for disabling this is: 1) systemd timers are better; 2) it gets rid of one usually unnecessary process, which makes containers more light-weight. Note that cron is still enabled if services.cron.systemCronJobs is non-empty, so this only matters if you have no declarative cron jobs but do have user cron jobs.
2025-07-13 13:40:28 +03:00 · 2015-07-22 15:02:07 +02:00 · 2015-07-22 15:02:07 +02:00 · 201f9beddb
commit 201f9beddb
parent db22d387db
2 changed files with 40 additions and 28 deletions
--- a/nixos/modules/services/scheduling/cron.nix
+++ b/nixos/modules/services/scheduling/cron.nix
@ -4,8 +4,6 @@ with lib;

 let

-  inherit (config.services) jobsTags;
-
  # Put all the system cronjobs together.
  systemCronJobsFile = pkgs.writeText "system-crontab"
    ''
@ -25,9 +23,9 @@ let
    sendmailPath = "/var/setuid-wrappers/sendmail";
  };

-  allFiles = map (f: "\"${f}\"") (
-    [ "${systemCronJobsFile}" ] ++ config.services.cron.cronFiles
-  );
+  allFiles =
+    optional (config.services.cron.systemCronJobs != []) systemCronJobsFile
+    ++ config.services.cron.cronFiles;

 in

@ -91,36 +89,44 @@ in

  ###### implementation

-  config = mkIf (config.services.cron.enable && allFiles != []) {
+  config = mkMerge [

-    security.setuidPrograms = [ "crontab" ];
+    { services.cron.enable = mkDefault (allFiles != []);

-    environment.systemPackages = [ cronNixosPkg ];
+    }

-    systemd.services.cron =
-      { description = "Cron Daemon";
+    (mkIf (config.services.cron.enable && allFiles != []) {

-        wantedBy = [ "multi-user.target" ];
+      security.setuidPrograms = [ "crontab" ];

-        preStart =
-          ''
-            rm -f /etc/crontab
-            cat ${toString allFiles} > /etc/crontab
-            chmod 0600 /etc/crontab
+      environment.systemPackages = [ cronNixosPkg ];

-            mkdir -m 710 -p /var/cron
+      systemd.services.cron =
+        { description = "Cron Daemon";

-            # By default, allow all users to create a crontab.  This
-            # is denoted by the existence of an empty cron.deny file.
-            if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
-                touch /var/cron/cron.deny
-            fi
-          '';
+          wantedBy = [ "multi-user.target" ];

-        restartTriggers = [ config.environment.etc.localtime.source ];
-        serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n";
-      };
+          preStart =
+            ''
+              rm -f /etc/crontab
+              cat ${concatMapStrings (f: "\"${f}\" ") allFiles} > /etc/crontab
+              chmod 0600 /etc/crontab

-  };
+              mkdir -m 710 -p /var/cron
+
+              # By default, allow all users to create a crontab.  This
+              # is denoted by the existence of an empty cron.deny file.
+              if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
+                  touch /var/cron/cron.deny
+              fi
+            '';
+
+          restartTriggers = [ config.environment.etc.localtime.source ];
+          serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n";
+        };
+
+    })
+
+  ];

 }