Added some ClamAV configuration, needs more research. Try to get nextcloud to be able to connect to itself.

2026-02-27 17:24:16 +01:00
parent 346c2094a9
commit d9ee1967fd
2 changed files with 42 additions and 0 deletions
@@ -9,5 +9,13 @@
      allowedTCPPorts = [ 53 80 443 ];
      allowedUDPPorts = [ 53 443 ];
    };
+    extraCommands = ''
+      # Accept HTTPS from podman network
+      ${pkgs.nftables}/bin/nft add rule inet filter input ip saddr 10.89.0.0/16 tcp dport 443 ct state new,established accept || true
+      ${pkgs.nftables}/bin/nft add rule inet filter input ip saddr 192.168.11.0/24 tcp dport 443 ct state new,established accept || true
+      ${pkgs.nftables}/bin/nft add rule inet filter input ip saddr 192.168.27.0/24 tcp dport 443 ct state new,established accept || true
+      # Accept established responses
+      ${pkgs.nftables}/bin/nft add rule inet filter input ct state established,related accept || true
+    '';
  };
 }
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+{
+environment.systemPackages = [ pkgs.clamav pkgs.curl ];
+
+services.clamav = {
+  updater.enable = true;
+  daemon.enable = true;
+
+  scanner = {
+    enable = true;
+    interval = "*-*-* 04:00:00"; # Everyday at 4am
+    scanDirectories = [
+      "/etc"
+      "/home"
+      "/var/lib"
+      "/var/tmp"
+      "/tmp"
+    ];
+  };
+
+
+  clamonacc.enable = true;
+
+  daemon.settings = {
+    OnAccessPrevention = true;
+    OnAccessIncludePath = "/mnt/data";
+  };
+};
+
+services.clamav.daemon.enable = true;
+services.clamav.updater.enable = true;
+services.clamav.clamonacc.enable = true;
+}