feat: add gortium.clamav NixOS module

- New module at modules/nixos/services/clamav.nix - Options: enable (CLI-only), enableDaemon (full services), onAccessScanning (clamonacc), scanPaths, dailyScanTime - All scans are logging-only — no auto-quarantine or deletion - uConsole: CLI tools only (enableDaemon=false) - lazyworkhorse: full setup with on-access scanning, daily 3 AM scan Also: remove neovim from uConsole (fails cross-compile, emacs available)
2026-06-18 21:53:33 -04:00
parent f14c74f50f
commit 8874f6ff66
5 changed files with 259 additions and 10 deletions
--- a/hosts/lazyworkhorse/configuration.nix
+++ b/hosts/lazyworkhorse/configuration.nix
@@ -166,9 +166,9 @@
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
-      # Additional hardening settings below in SERVER HARDENING section
-    };
-    hostKeys = [
+  # ============================================================
+  # ClamAV antivirus — daemon, hourly updates, daily scan, on-access
+  # ============================================================
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
@@ -337,6 +337,16 @@
  # networking.firewall.enable = false;

  # =============================================================================
+  # ============================================================
+  # ClamAV antivirus — daemon, hourly updates, daily scan, on-access
+  # ============================================================
+  gortium.clamav = {
+    enable = true;
+    enableDaemon = true;
+    onAccessScanning = true;
+    dailyScanTime = "03:00";
+  };
+
  # SERVER HARDENING - Firewall, Fail2ban, SSH, Kernel
  # =============================================================================
  
--- a/hosts/uconsole-cm5/configuration.nix
+++ b/hosts/uconsole-cm5/configuration.nix
@@ -83,7 +83,6 @@
    fd
    htop
    tmux
-    neovim

    # ===== HAM Radio =====
    wsjtx
@@ -202,10 +201,9 @@
  # ============================================================
  # ClamAV antivirus — daily automatic scans
  # ============================================================
-  services.clamav = {
-    daemon.enable = true;
-    updater.enable = true;
-    scanner.enable = true;
+  gortium.clamav = {
+    enable = true;
+    enableDaemon = false;
  };

 }