numbus-server-module/modules/services/clamav.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.numbus.services.clamav;
  onAccessPaths = lib.mapAttrsToList (n: v: v.dataDir) (lib.filterAttrs (n: v:
    v ? enable && v.enable && v ? dataDir && v.dataDir != false
  ) config.numbus.services);
in

{
  options.numbus.services.clamav = {
    enable = mkEnableOption "ClamAV open-source anti-virus software";
  };

  config = mkIf cfg.enable {
    environment.systemPackages = [ pkgs.clamav pkgs.curl ];

    services.clamav = {
      updater.enable = true;
      clamonacc.enable = true;

      scanner = {
        enable = true;
        interval = "*-*-* 04:00:00"; # Everyday at 4am
        scanDirectories = [
          "/etc"
          "/home"
          "/var/lib"
          "/var/tmp"
          "/tmp"
        ];
      };

      daemon = {
        enable = true;
        settings = {
          OnAccessPrevention = true;
          OnAccessIncludePath = onAccessPaths;
        };
      };
    };
  };
}