nixpkgs/nixos/modules/services/security/fprot.nix

{ config, lib, pkgs, ... }:
with lib;
let
  fprotUser = "fprot";
  stateDir = "/var/lib/fprot";
  fprotGroup = fprotUser;
  cfg = config.services.fprot;
in {
  options = {

    services.fprot = {
      updater = {
        enable = mkOption {
          default = false;
          description = ''
            Whether to enable automatic F-Prot virus definitions database updates.
          '';
        };

        productData = mkOption {
          description = ''
            product.data file. Defaults to the one supplied with installation package.
          '';
        };

        frequency = mkOption {
          default = 30;
          description = ''
            Update virus definitions every X minutes.
          '';
        };

        licenseKeyfile = mkOption {
          description = ''
            License keyfile. Defaults to the one supplied with installation package.
          '';
        };

      };
    };
  };

  ###### implementation

  config = mkIf cfg.updater.enable {

    services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";
    services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";

    environment.systemPackages = [ pkgs.fprot ];
    environment.etc = singleton {
      source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
      target = "f-prot.conf";
    };

    users.extraUsers = singleton
      { name = fprotUser;
        uid = config.ids.uids.fprot;
        description = "F-Prot daemon user";
        home = stateDir;
      };

    users.extraGroups = singleton
      { name = fprotGroup;
        gid = config.ids.gids.fprot;
      };

    services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];

    jobs = {
      fprot_updater = {
        name = "fprot-updater";
          task = true;

          # have to copy fpupdate executable because it insists on storing the virus database in the same dir
          preStart = ''
            mkdir -m 0755 -p ${stateDir}
            chown ${fprotUser}:${fprotGroup} ${stateDir}
            cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
            ln -sf ${cfg.updater.productData} ${stateDir}/product.data
          '';
          #setuid = fprotUser;
          #setgid = fprotGroup;
          exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
      };
    };

 };

}
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
			`with lib;`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`let`
			`fprotUser = "fprot";`
			`stateDir = "/var/lib/fprot";`
			`fprotGroup = fprotUser;`
			`cfg = config.services.fprot;`
			`in {`
			`options = {`

			`services.fprot = {`
			`updater = {`
Die tabs die 2014-04-09 00:17:16 +02:00			`enable = mkOption {`
			`default = false;`
			`description = ''`
			`Whether to enable automatic F-Prot virus definitions database updates.`
			`'';`
			`};`

			`productData = mkOption {`
			`description = ''`
			`product.data file. Defaults to the one supplied with installation package.`
			`'';`
			`};`

			`frequency = mkOption {`
			`default = 30;`
			`description = ''`
			`Update virus definitions every X minutes.`
			`'';`
			`};`

			`licenseKeyfile = mkOption {`
			`description = ''`
			`License keyfile. Defaults to the one supplied with installation package.`
			`'';`
			`};`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00
			`};`
			`};`
			`};`

			`###### implementation`

			`config = mkIf cfg.updater.enable {`
Disable allowUnfree by default Fixes #2134. 2014-04-09 00:09:31 +02:00
Die tabs die 2014-04-09 00:17:16 +02:00			`services.fprot.updater.productData = mkDefault "${pkgs.fprot}/opt/f-prot/product.data";`
			`services.fprot.updater.licenseKeyfile = mkDefault "${pkgs.fprot}/opt/f-prot/license.key";`
Disable allowUnfree by default Fixes #2134. 2014-04-09 00:09:31 +02:00
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`environment.systemPackages = [ pkgs.fprot ];`
			`environment.etc = singleton {`
			`source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";`
			`target = "f-prot.conf";`
			`};`

			`users.extraUsers = singleton`
			`{ name = fprotUser;`
			`uid = config.ids.uids.fprot;`
			`description = "F-Prot daemon user";`
			`home = stateDir;`
			`};`

			`users.extraGroups = singleton`
			`{ name = fprotGroup;`
			`gid = config.ids.gids.fprot;`
			`};`

			`services.cron.systemCronJobs = [ "/${toString cfg.updater.frequency} * * * root start fprot-updater" ];`

			`jobs = {`
			`fprot_updater = {`
Die tabs die 2014-04-09 00:17:16 +02:00			`name = "fprot-updater";`
			`task = true;`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00
Die tabs die 2014-04-09 00:17:16 +02:00			`# have to copy fpupdate executable because it insists on storing the virus database in the same dir`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`preStart = ''`
			`mkdir -m 0755 -p ${stateDir}`
			`chown ${fprotUser}:${fprotGroup} ${stateDir}`
Die tabs die 2014-04-09 00:17:16 +02:00			`cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}`
			`ln -sf ${cfg.updater.productData} ${stateDir}/product.data`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`'';`
Die tabs die 2014-04-09 00:17:16 +02:00			`#setuid = fprotUser;`
			`#setgid = fprotGroup;`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";`
Die tabs die 2014-04-09 00:17:16 +02:00			`};`
F-Prot virus signaure database updater: package 2012-07-24 10:51:17 +03:00			`};`

			`};`

Die tabs die 2014-04-09 00:17:16 +02:00			`}`