Don't enable cron by default

The rationale for disabling this is: 1) systemd timers are better; 2)
it gets rid of one usually unnecessary process, which makes containers
more light-weight.

Note that cron is still enabled if services.cron.systemCronJobs is
non-empty, so this only matters if you have no declarative cron jobs
but do have user cron jobs.

nixos/doc/manual/release-notes/rl-unstable.xml

@@ -36,7 +36,7 @@
 
 </para>
 
-<para>Following new services were added since the last release:
+<para>The following new services were added since the last release:
 
 <itemizedlist>
 <listitem><para><literal>brltty</literal></para></listitem>
@@ -50,6 +50,12 @@ following incompatible changes:
 
 <itemizedlist>
 
+<listitem><para><command>cron</command> is no longer enabled by
+default, unless you have a non-empty
+<option>services.cron.systemCronJobs</option>. To force
+<command>cron</command> to be enabled, set
+<option>services.cron.enable = true</option>.</para></listitem>
+
 <listitem><para>Steam now doesn't need root rights to work. Instead of using
 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.
 <literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>,

nixos/modules/services/scheduling/cron.nix

@@ -4,8 +4,6 @@ with lib;
 
 let
 
-  inherit (config.services) jobsTags;
-
   # Put all the system cronjobs together.
   systemCronJobsFile = pkgs.writeText "system-crontab"
     ''
@@ -25,9 +23,9 @@ let
     sendmailPath = "/var/setuid-wrappers/sendmail";
   };
 
-  allFiles = map (f: "\"${f}\"") (
+  allFiles =
-    [ "${systemCronJobsFile}" ] ++ config.services.cron.cronFiles
+    optional (config.services.cron.systemCronJobs != []) systemCronJobsFile
-  );
+    ++ config.services.cron.cronFiles;
 
 in
 
@@ -91,36 +89,44 @@ in
 
   ###### implementation
 
-  config = mkIf (config.services.cron.enable && allFiles != []) {
+  config = mkMerge [
 
-    security.setuidPrograms = [ "crontab" ];
+    { services.cron.enable = mkDefault (allFiles != []);
 
-    environment.systemPackages = [ cronNixosPkg ];
+    }
 
-    systemd.services.cron =
+    (mkIf (config.services.cron.enable && allFiles != []) {
-      { description = "Cron Daemon";
 
-        wantedBy = [ "multi-user.target" ];
+      security.setuidPrograms = [ "crontab" ];
 
-        preStart =
+      environment.systemPackages = [ cronNixosPkg ];
-          ''
-            rm -f /etc/crontab
-            cat ${toString allFiles} > /etc/crontab
-            chmod 0600 /etc/crontab
 
-            mkdir -m 710 -p /var/cron
+      systemd.services.cron =
+        { description = "Cron Daemon";
 
-            # By default, allow all users to create a crontab.  This
+          wantedBy = [ "multi-user.target" ];
-            # is denoted by the existence of an empty cron.deny file.
-            if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
-                touch /var/cron/cron.deny
-            fi
-          '';
 
-        restartTriggers = [ config.environment.etc.localtime.source ];
+          preStart =
-        serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n";
+            ''
-      };
+              rm -f /etc/crontab
+              cat ${concatMapStrings (f: "\"${f}\" ") allFiles} > /etc/crontab
+              chmod 0600 /etc/crontab
 
-  };
+              mkdir -m 710 -p /var/cron
+
+              # By default, allow all users to create a crontab.  This
+              # is denoted by the existence of an empty cron.deny file.
+              if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
+                  touch /var/cron/cron.deny
+              fi
+            '';
+
+          restartTriggers = [ config.environment.etc.localtime.source ];
+          serviceConfig.ExecStart = "${cronNixosPkg}/bin/cron -n";
+        };
+
+    })
+
+  ];
 
 }