From eb746540a970e1fd1c45c92c75dbc87ffb77f3a1 Mon Sep 17 00:00:00 2001
From: happysalada <raphael@megzari.com>
Date: Mon, 20 Nov 2023 20:49:53 +0100
Subject: [PATCH] nixos/clamav: run as clamav user not root

---
 nixos/modules/services/security/clamav.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix
index fd0ca0323c23..a43435f2cdbb 100644
--- a/nixos/modules/services/security/clamav.nix
+++ b/nixos/modules/services/security/clamav.nix
@@ -110,6 +110,8 @@ in
       serviceConfig = {
         ExecStart = "${pkg}/bin/clamd";
         ExecReload = "${pkgs.coreutils}/bin/kill -USR2 $MAINPID";
+        User = clamavUser;
+        Group = clamavGroup;
         StateDirectory = "clamav";
         RuntimeDirectory = "clamav";
         PrivateTmp = "yes";
@@ -138,6 +140,8 @@ in
         SuccessExitStatus = "1"; # if databases are up to date
         StateDirectory = "clamav";
         RuntimeDirectory = "clamav";
+        User = clamavUser;
+        Group = clamavGroup;
         PrivateTmp = "yes";
         PrivateDevices = "yes";
       };