nixos/modules/services/security/fprot.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / fprot.nix
at 16.09-beta 2.4 kB view raw
 1{ config, lib, pkgs, ... }:
 2with lib;
 3let
 4  fprotUser = "fprot";
 5  stateDir = "/var/lib/fprot";
 6  fprotGroup = fprotUser;
 7  cfg = config.services.fprot;
 8in {
 9  options = {
10
11    services.fprot = {
12      updater = {
13        enable = mkOption {
14          default = false;
15          description = ''
16            Whether to enable automatic F-Prot virus definitions database updates.
17          '';
18        };
19
20        productData = mkOption {
21          description = ''
22            product.data file. Defaults to the one supplied with installation package.
23          '';
24        };
25
26        frequency = mkOption {
27          default = 30;
28          description = ''
29            Update virus definitions every X minutes.
30          '';
31        };
32
33        licenseKeyfile = mkOption {
34          description = ''
35            License keyfile. Defaults to the one supplied with installation package.
36          '';
37        };
38
39      };
40    };
41  };
42
43  ###### implementation
44
45  config = mkIf cfg.updater.enable {
46
47    services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";
48    services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";
49
50    environment.systemPackages = [ pkgs.fprot ];
51    environment.etc = singleton {
52      source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
53      target = "f-prot.conf";
54    };
55
56    users.extraUsers = singleton
57      { name = fprotUser;
58        uid = config.ids.uids.fprot;
59        description = "F-Prot daemon user";
60        home = stateDir;
61      };
62
63    users.extraGroups = singleton
64      { name = fprotGroup;
65        gid = config.ids.gids.fprot;
66      };
67
68    services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
69
70    systemd.services."fprot-updater" = {
71      serviceConfig = {
72        Type = "oneshot";
73        RemainAfterExit = false;
74      };
75      wantedBy = [ "multi-user.target" ];
76
77      # have to copy fpupdate executable because it insists on storing the virus database in the same dir
78      preStart = ''
79        mkdir -m 0755 -p ${stateDir}
80        chown ${fprotUser}:${fprotGroup} ${stateDir}
81        cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
82        ln -sf ${cfg.updater.productData} ${stateDir}/product.data
83      '';
84
85      script = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
86    };
87 };
88}