nixos/clamav-unofficial-sigs: init at 7.2 #106453
Conversation
SlothOfAnarchy
force-pushed
the
init-clamav-unofficial-sigs
branch
from
d906eee
to
c2755e5
Compare
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
| let | ||
| cfg = config.services.clamav-unofficial-sigs; | ||
| in { | ||
| options.services.clamav-unofficial-sigs = with types; { |
There was a problem hiding this comment.
Should this live under services.clamav which already exists? I'm not familiar with this software so let me know what you think 🤔
There was a problem hiding this comment.
The option could also be moved there, I just thought I'd create a separate module and option because the signatures are not from any official source.
This service can be seen as extension to freshclam. It uses other malware signature sites (possibly paid ones with credentials) and adds the signatures to the clamav database.
There was a problem hiding this comment.
Ah, ok this is a completely different project that just adds on to clamav - definitely a valid reason to keep the module separate.
Looking at this comment points out why you will need values from the clamav configuration... After this PR is merged you will be able to access the values you need, in this case via config.services.clamav.daemon.settinsg.PidFile.
SlothOfAnarchy
force-pushed
the
init-clamav-unofficial-sigs
branch
from
f75d272
to
7603e2c
Compare
| let | ||
| cfg = config.services.clamav-unofficial-sigs; | ||
| in { | ||
| options.services.clamav-unofficial-sigs = with types; { |
There was a problem hiding this comment.
Ah, ok this is a completely different project that just adds on to clamav - definitely a valid reason to keep the module separate.
Looking at this comment points out why you will need values from the clamav configuration... After this PR is merged you will be able to access the values you need, in this case via config.services.clamav.daemon.settinsg.PidFile.
| startAt = "hourly"; | ||
| description = "Update unofficial ClamAV signatures"; | ||
|
|
||
| serviceConfig = { |
There was a problem hiding this comment.
I think the upstream unit would greatly benefit from your work here. Worst case scenario, call it free review from the upstream project 😄
If you're able to submit a PR and have upstream merge it, you could utilize the upstream unit (via systemd.packages) and we can stay in sync with upstream. Ideally we have these sorts of changes land upstream instead of every distros downstream service.
| echo ' | ||
| allow_upgrades="no" | ||
| allow_update_checks="no" | ||
| clam_user="clamav" | ||
| clam_group="clamav" | ||
| clamd_pid="/run/clamav/clamd.pid" | ||
| clamd_socket="/run/clamav/clamd.ctl" | ||
| log_pipe_cmd="systemd-cat -t clamav-unofficial-sigs" | ||
| enable_random="no" | ||
| user_configuration_complete="yes" | ||
| ' > $out/etc/clamav-unofficial-sigs/os.conf |
There was a problem hiding this comment.
Let's move this to the module so we can take advantage of this PR, pulling values directly from the clamav settings file, like this config.services.clamav.daemon.settinsg.PidFile.
| user_configuration_complete="yes" | ||
| ' > $out/etc/clamav-unofficial-sigs/os.conf | ||
|
|
||
| wrapProgram $out/bin/clamav-unofficial-sigs \ |
There was a problem hiding this comment.
Does this package need to include perl?
| options.services.clamav-unofficial-sigs = with types; { | ||
| enable = mkEnableOption "Unofficial ClamAV signatures"; | ||
|
|
||
| extraConfig = mkOption { |
There was a problem hiding this comment.
By convention we should call this option settings, much like I did here.
| cp clamav-unofficial-sigs.sh $out/bin/clamav-unofficial-sigs | ||
| chmod +x $out/bin/clamav-unofficial-sigs | ||
|
|
||
| cp config/master.conf $out/etc/clamav-unofficial-sigs |
There was a problem hiding this comment.
Is it possible to log to stdout instead of files? That would be the ideal solution.
If there is no way to log to stdout then we should add LogsDirectory = "clamav-unofficial-sigs"; to the unit as well.
|
ping @SlothOfAnarchy |
|
I marked this as stale due to inactivity. → More info |
stale
bot
added
the
2.status: stale
|
Closing due to inactivity from author. |
Motivation for this change
Initialize package and module for https://github.com/extremeshok/clamav-unofficial-sigs
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)cc @ajs124