nixpkgs/nixos/modules/services/security/clamav.nix

{ config, lib, pkgs, ... }:
with lib;
let
  clamavUser = "clamav";
  stateDir = "/var/lib/clamav";
  clamavGroup = clamavUser;
  cfg = config.services.clamav;
in
{
  ###### interface

  options = {

    services.clamav = {
      updater = {
	enable = mkOption {
	  default = false;
	  description = ''
	    Whether to enable automatic ClamAV virus definitions database updates.
	  '';
	};

	frequency = mkOption {
	  default = 12;
	  description = ''
	    Number of database checks per day.
	  '';
	};

	config = mkOption {
	  default = "";
	  description = ''
	    Extra configuration for freshclam. Contents will be added verbatim to the
	    configuration file.
	  '';
	};
      };
    };
  };

  ###### implementation

  config = mkIf cfg.updater.enable {
    environment.systemPackages = [ pkgs.clamav ];
    users.extraUsers = singleton
      { name = clamavUser;
        uid = config.ids.uids.clamav;
        description = "ClamAV daemon user";
        home = stateDir;
      };

    users.extraGroups = singleton
      { name = clamavGroup;
        gid = config.ids.gids.clamav;
      };

    services.clamav.updater.config = ''
      DatabaseDirectory ${stateDir}
      Foreground yes
      Checks ${toString cfg.updater.frequency}
      DatabaseMirror database.clamav.net
    '';

    jobs = {
      clamav_updater = {
	name = "clamav-updater";
          startOn = "started network-interfaces";
          stopOn = "stopping network-interfaces";

          preStart = ''
            mkdir -m 0755 -p ${stateDir}
            chown ${clamavUser}:${clamavGroup} ${stateDir}
          '';
          exec = "${pkgs.clamav}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";
      }; 
    };

  };

}
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem. 2014-04-14 16:26:48 +02:00			`{ config, lib, pkgs, ... }:`
			`with lib;`
ClamAV: package virus fingerprint database updater. 2012-07-23 17:18:19 +03:00			`let`
			`clamavUser = "clamav";`
			`stateDir = "/var/lib/clamav";`
			`clamavGroup = clamavUser;`
			`cfg = config.services.clamav;`
			`in`
			`{`
			`###### interface`

			`options = {`

			`services.clamav = {`
			`updater = {`
			`enable = mkOption {`
			`default = false;`
			`description = ''`
			`Whether to enable automatic ClamAV virus definitions database updates.`
			`'';`
			`};`

			`frequency = mkOption {`
			`default = 12;`
			`description = ''`
			`Number of database checks per day.`
			`'';`
			`};`

			`config = mkOption {`
			`default = "";`
			`description = ''`
			`Extra configuration for freshclam. Contents will be added verbatim to the`
			`configuration file.`
			`'';`
			`};`
			`};`
			`};`
			`};`

			`###### implementation`

			`config = mkIf cfg.updater.enable {`
			`environment.systemPackages = [ pkgs.clamav ];`
			`users.extraUsers = singleton`
			`{ name = clamavUser;`
			`uid = config.ids.uids.clamav;`
			`description = "ClamAV daemon user";`
			`home = stateDir;`
			`};`

			`users.extraGroups = singleton`
			`{ name = clamavGroup;`
			`gid = config.ids.gids.clamav;`
			`};`

			`services.clamav.updater.config = ''`
			`DatabaseDirectory ${stateDir}`
			`Foreground yes`
			`Checks ${toString cfg.updater.frequency}`
			`DatabaseMirror database.clamav.net`
			`'';`

			`jobs = {`
			`clamav_updater = {`
			`name = "clamav-updater";`
			`startOn = "started network-interfaces";`
			`stopOn = "stopping network-interfaces";`

			`preStart = ''`
			`mkdir -m 0755 -p ${stateDir}`
			`chown ${clamavUser}:${clamavGroup} ${stateDir}`
			`'';`
clamav: run freshclam in daemon mode 2014-09-01 09:41:19 +02:00			`exec = "${pkgs.clamav}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";`
ClamAV: package virus fingerprint database updater. 2012-07-23 17:18:19 +03:00			`};`
			`};`

			`};`

clamav: run freshclam in daemon mode 2014-09-01 09:41:19 +02:00			`}`