numbus/numbus-server-module
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added periodic clamAV scan. Added mail alert on virus detection.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-03-01 13:18:35 +01:00
parent bbe269bfcd
commit 3bfaf5fa6f
3 changed files with 118 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/services/clamav.nix
+34
View File
@@ -17,6 +17,14 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.clamav pkgs.curl ];
security.sudo.extraRules = [{
users = [ "clamav" ];
commands = [{
command = "/run/current-system/sw/bin/systemctl start clamav-virus-notify.service";
options = [ "NOPASSWD" ];
}];
}];
services.clamav = {
updater.enable = true;
clamonacc.enable = true;
@@ -38,8 +46,34 @@ in
settings = {
OnAccessPrevention = true;
OnAccessIncludePath = onAccessPaths;
VirusEvent = "echo 'CLAM_VIRUSEVENT_VIRUSNAME=\"%v\"\nCLAM_VIRUSEVENT_FILENAME=\"%f\"' > /var/lib/clamav/virus_event.env && /run/wrappers/bin/sudo /run/current-system/sw/bin/systemctl start clamav-virus-notify.service";
};
};
};
systemd.services.clamav-periodic-scan = mkIf (onAccessPaths != []) {
description = "ClamAV periodic scan of service data directories";
after = [ "clamav-daemon.service" ];
requires = [ "clamav-daemon.service" ];
onFailure = [ "clamav-virus-notify.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.clamav}/bin/clamdscan --fdpass --multiscan ${lib.escapeShellArgs onAccessPaths}";
User = "clamav";
Group = "clamav";
SupplementaryGroups = [ "users" ];
TimeoutStartSec = "infinity";
};
};
systemd.timers.clamav-periodic-scan = mkIf (onAccessPaths != []) {
description = "Timer for ClamAV periodic scan";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-1/2-01 04:00:00";
Persistent = true;
Unit = "clamav-periodic-scan.service";
};
};
};
}
modules/services/nextcloud.nix
+1 -1
View File
@@ -241,7 +241,7 @@ helper.mkPodmanService {
sudo -u numbus-admin podman exec --user www-data nextcloud-server php occ maintenance:repair --include-expensive
INSTALL_APPS_LIST=( "calendar" "contacts" "mail" "notes" "onlyoffice" "cookbook" "whiteboard" )
REMOVE_APPS_LIST=( "activity" "app_api" "federation" "webhook_listeners" "photos" "recommendations" "sharebymail" "teams" "support" "richdocumentscode" )
REMOVE_APPS_LIST=( "activity" "federation" "webhook_listeners" "photos" "recommendations" "sharebymail" "teams" "support" "richdocumentscode" )
CURRENT_APPS_SIGNATURE="$(echo "''${INSTALL_APPS_LIST[@]}" "''${REMOVE_APPS_LIST[@]}")"
APPS_SIGNATURE_FILE="/var/lib/numbus-server/${name}/installed_apps.signature"