pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / security / clamav.nix
at 15.09-beta 1.7 kB view raw
1{ config, lib, pkgs, ... }: 2with lib; 3let 4 clamavUser = "clamav"; 5 stateDir = "/var/lib/clamav"; 6 clamavGroup = clamavUser; 7 cfg = config.services.clamav; 8in 9{ 10 ###### interface 11 12 options = { 13 14 services.clamav = { 15 updater = { 16 enable = mkOption { 17 default = false; 18 description = '' 19 Whether to enable automatic ClamAV virus definitions database updates. 20 ''; 21 }; 22 23 frequency = mkOption { 24 default = 12; 25 description = '' 26 Number of database checks per day. 27 ''; 28 }; 29 30 config = mkOption { 31 default = ""; 32 description = '' 33 Extra configuration for freshclam. Contents will be added verbatim to the 34 configuration file. 35 ''; 36 }; 37 }; 38 }; 39 }; 40 41 ###### implementation 42 43 config = mkIf cfg.updater.enable { 44 environment.systemPackages = [ pkgs.clamav ]; 45 users.extraUsers = singleton 46 { name = clamavUser; 47 uid = config.ids.uids.clamav; 48 description = "ClamAV daemon user"; 49 home = stateDir; 50 }; 51 52 users.extraGroups = singleton 53 { name = clamavGroup; 54 gid = config.ids.gids.clamav; 55 }; 56 57 services.clamav.updater.config = '' 58 DatabaseDirectory ${stateDir} 59 Foreground yes 60 Checks ${toString cfg.updater.frequency} 61 DatabaseMirror database.clamav.net 62 ''; 63 64 jobs = { 65 clamav_updater = { 66 name = "clamav-updater"; 67 startOn = "started network-interfaces"; 68 stopOn = "stopping network-interfaces"; 69 70 preStart = '' 71 mkdir -m 0755 -p ${stateDir} 72 chown ${clamavUser}:${clamavGroup} ${stateDir} 73 ''; 74 exec = "${pkgs.clamav}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}"; 75 }; 76 }; 77 78 }; 79 80}