diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-10-10 13:28:20 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2013-10-10 13:28:20 +0200 |
| commit | 5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010 (patch) | |
| tree | a6c0f605be6de3f372ae69905b331f9f75452da7 /nixos/modules/services/security/fprot.nix | |
| parent | 6070bc016bd2fd945b04347e25cfd3738622d2ac (diff) | |
| download | nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.gz nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.bz2 nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.lz nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.xz nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.tar.zst nixpkgs-5c1f8cbc70cd5e6867ef6a2a06d27a40daa07010.zip | |
Move all of NixOS to nixos/ in preparation of the repository merge
Diffstat (limited to 'nixos/modules/services/security/fprot.nix')
| -rw-r--r-- | nixos/modules/services/security/fprot.nix | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/nixos/modules/services/security/fprot.nix b/nixos/modules/services/security/fprot.nix new file mode 100644 index 00000000000..9f1fc4ed6d8 --- /dev/null +++ b/nixos/modules/services/security/fprot.nix @@ -0,0 +1,88 @@ +{ config, pkgs, ... }: +with pkgs.lib; +let + fprotUser = "fprot"; + stateDir = "/var/lib/fprot"; + fprotGroup = fprotUser; + cfg = config.services.fprot; +in { + options = { + + services.fprot = { + updater = { + enable = mkOption { + default = false; + description = '' + Whether to enable automatic F-Prot virus definitions database updates. + ''; + }; + + productData = mkOption { + default = "${pkgs.fprot}/opt/f-prot/product.data"; + description = '' + product.data file. Defaults to the one supplied with installation package. + ''; + }; + + frequency = mkOption { + default = 30; + description = '' + Update virus definitions every X minutes. + ''; + }; + + licenseKeyfile = mkOption { + default = "${pkgs.fprot}/opt/f-prot/license.key"; + description = '' + License keyfile. Defaults to the one supplied with installation package. + ''; + }; + + }; + }; + }; + + ###### implementation + + config = mkIf cfg.updater.enable { + environment.systemPackages = [ pkgs.fprot ]; + environment.etc = singleton { + source = "${pkgs.fprot}/opt/f-prot/f-prot.conf"; + target = "f-prot.conf"; + }; + + users.extraUsers = singleton + { name = fprotUser; + uid = config.ids.uids.fprot; + description = "F-Prot daemon user"; + home = stateDir; + }; + + users.extraGroups = singleton + { name = fprotGroup; + gid = config.ids.gids.fprot; + }; + + services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ]; + + jobs = { + fprot_updater = { + name = "fprot-updater"; + task = true; + + # have to copy fpupdate executable because it insists on storing the virus database in the same dir + preStart = '' + mkdir -m 0755 -p ${stateDir} + chown ${fprotUser}:${fprotGroup} ${stateDir} + cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir} + ln -sf ${cfg.updater.productData} ${stateDir}/product.data + ''; + #setuid = fprotUser; + #setgid = fprotGroup; + exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}"; + }; + }; + + }; + +} \ No newline at end of file |