nixpkgs/nixos/modules/services/security/fprot.nix

{ config, lib, pkgs, ... }:
with lib;
let
  fprotUser = "fprot";
  stateDir = "/var/lib/fprot";
  fprotGroup = fprotUser;
  cfg = config.services.fprot;
in {
  options = {

    services.fprot = {
      updater = {
        enable = mkEnableOption "automatic F-Prot virus definitions database updates";

        productData = mkOption {
          description = ''
            product.data file. Defaults to the one supplied with installation package.
          '';
          type = types.path;
        };

        frequency = mkOption {
          default = 30;
          type = types.int;
          description = ''
            Update virus definitions every X minutes.
          '';
        };

        licenseKeyfile = mkOption {
          type = types.path;
          description = ''
            License keyfile. Defaults to the one supplied with installation package.
          '';
        };

      };
    };
  };

  ###### implementation

  config = mkIf cfg.updater.enable {

    services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";
    services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";

    environment.systemPackages = [ pkgs.fprot ];
    environment.etc."f-prot.conf" = {
      source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
    };

    users.users.${fprotUser} =
      { uid = config.ids.uids.fprot;
        description = "F-Prot daemon user";
        home = stateDir;
      };

    users.groups.${fprotGroup} =
      { gid = config.ids.gids.fprot; };

    services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];

    systemd.services.fprot-updater = {
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = false;
      };
      wantedBy = [ "multi-user.target" ];

      # have to copy fpupdate executable because it insists on storing the virus database in the same dir
      preStart = ''
        mkdir -m 0755 -p ${stateDir}
        chown ${fprotUser}:${fprotGroup} ${stateDir}
        cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
        ln -sf ${cfg.updater.productData} ${stateDir}/product.data
      '';

      script = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
    };
 };
}
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
			`with lib;`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`let`
			`fprotUser = "fprot";`
			`stateDir = "/var/lib/fprot";`
			`fprotGroup = fprotUser;`
			`cfg = config.services.fprot;`
			`in {`
			`options = {`

			`services.fprot = {`
			`updater = {`
treewide: add bool type to enable options, or make use of mkEnableOption Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate. 2020-04-20 20:05:26 +02:00			`enable = mkEnableOption "automatic F-Prot virus definitions database updates";`
Die tabs die 2014-04-09 00:17:16 +02:00
			`productData = mkOption {`
			`description = ''`
			`product.data file. Defaults to the one supplied with installation package.`
			`'';`
nixos/fprot: add type 2021-01-26 21:04:20 +01:00			`type = types.path;`
Die tabs die 2014-04-09 00:17:16 +02:00			`};`

			`frequency = mkOption {`
			`default = 30;`
nixos/fprot: add type 2021-01-26 21:04:20 +01:00			`type = types.int;`
Die tabs die 2014-04-09 00:17:16 +02:00			`description = ''`
			`Update virus definitions every X minutes.`
			`'';`
			`};`

			`licenseKeyfile = mkOption {`
nixos/fprot: add type 2021-01-26 21:04:20 +01:00			`type = types.path;`
Die tabs die 2014-04-09 00:17:16 +02:00			`description = ''`
			`License keyfile. Defaults to the one supplied with installation package.`
			`'';`
			`};`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00
			`};`
			`};`
			`};`

			`###### implementation`

			`config = mkIf cfg.updater.enable {`
Disable allowUnfree by default Fixes #2134. 2014-04-09 00:09:31 +02:00
Die tabs die 2014-04-09 00:17:16 +02:00			`services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";`
			`services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";`
Disable allowUnfree by default Fixes #2134. 2014-04-09 00:09:31 +02:00
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`environment.systemPackages = [ pkgs.fprot ];`
treewide: use attrs instead of list for types.loaOf options 2019-09-14 19:51:29 +02:00			`environment.etc."f-prot.conf" = {`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";`
			`};`

treewide: use attrs instead of list for types.loaOf options 2019-09-14 19:51:29 +02:00			`users.users.${fprotUser} =`
			`{ uid = config.ids.uids.fprot;`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`description = "F-Prot daemon user";`
			`home = stateDir;`
			`};`

treewide: use attrs instead of list for types.loaOf options 2019-09-14 19:51:29 +02:00			`users.groups.${fprotGroup} =`
			`{ gid = config.ids.gids.fprot; };`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00
			`services.cron.systemCronJobs = [ "/${toString cfg.updater.frequency} * * * root start fprot-updater" ];`

treewide: remove redundant quotes 2019-08-13 21:52:01 +00:00			`systemd.services.fprot-updater = {`
jobs -> systemd.services 2016-01-06 06:50:18 +00:00			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = false;`
Die tabs die 2014-04-09 00:17:16 +02:00			`};`
jobs -> systemd.services 2016-01-06 06:50:18 +00:00			`wantedBy = [ "multi-user.target" ];`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00
jobs -> systemd.services 2016-01-06 06:50:18 +00:00			`# have to copy fpupdate executable because it insists on storing the virus database in the same dir`
			`preStart = ''`
			`mkdir -m 0755 -p ${stateDir}`
			`chown ${fprotUser}:${fprotGroup} ${stateDir}`
			`cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}`
			`ln -sf ${cfg.updater.productData} ${stateDir}/product.data`
			`'';`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00
jobs -> systemd.services 2016-01-06 06:50:18 +00:00			`script = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";`
			`};`
			`};`
Die tabs die 2014-04-09 00:17:16 +02:00			`}`