clamav: Use freshclam.conf defined by clamav-updater module if enabled

9 years ago · 507ad9a4f9
parent 4bea06636a
commit 507ad9a4f9
2 changed files with 10 additions and 6 deletions
--- a/nixos/modules/services/security/clamav.nix
+++ b/nixos/modules/services/security/clamav.nix
@ -16,6 +16,7 @@ let

    ${cfg.daemon.extraConfig}
  '';
+  pkg = pkgs.clamav.override { freshclamConf = cfg.updater.config; };
 in
 {
  options = {
@ -54,7 +55,7 @@ in
  };

  config = mkIf cfg.updater.enable or cfg.daemon.enable {
-    environment.systemPackages = [ pkgs.clamav ];
+    environment.systemPackages = [ pkg ];
    users.extraUsers = singleton {
      name = clamavUser;
      uid = config.ids.uids.clamav;
@ -76,7 +77,7 @@ in

    systemd.services.clamd = mkIf cfg.daemon.enable {
      description = "ClamAV daemon (clamd)";
-      path = [ pkgs.clamav ];
+      path = [ pkg ];
      after = [ "network.target" "freshclam.service" ];
      requires = [ "freshclam.service" ];
      wantedBy = [ "multi-user.target" ];
@ -87,7 +88,7 @@ in
        chown ${clamavUser}:${clamavGroup} ${runDir}
      '';
      serviceConfig = {
-        ExecStart = "${pkgs.clamav}/bin/clamd --config-file=${clamdConfigFile}";
+        ExecStart = "${pkg}/bin/clamd --config-file=${clamdConfigFile}";
        Type = "forking";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        Restart = "on-failure";
@ -100,13 +101,13 @@ in
      description = "ClamAV updater (freshclam)";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
-      path = [ pkgs.clamav ];
+      path = [ pkg ];
      preStart = ''
        mkdir -m 0755 -p ${stateDir}
        chown ${clamavUser}:${clamavGroup} ${stateDir}
      '';
      serviceConfig = {
-        ExecStart = "${pkgs.clamav}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";
+        ExecStart = "${pkg}/bin/freshclam --daemon --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        Restart = "on-failure";
        RestartSec = "10s";
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@ -1,5 +1,6 @@
 { stdenv, fetchurl, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl
-, libmilter, pcre }:
+, libmilter, pcre, freshclamConf ? null }:
+
 stdenv.mkDerivation rec {
  name = "clamav-${version}";
  version = "0.99";
@ -24,6 +25,8 @@ stdenv.mkDerivation rec {
    "--disable-clamav"
  ];

+  fixupPhase = if (freshclamConf != null) then ''echo "${freshclamConf}" > $out/etc/freshclam.conf'' else "";
+
  meta = with stdenv.lib; {
    homepage = http://www.clamav.net;
    description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats";