{ config, pkgs, lib, ... }:
with lib;
let
  avscan = pkgs.writeScript "avscan" ''
    #!${pkgs.bash}/bin/bash

    for user in $(cut -d":" -f1 /etc/passwd); do
      if [ -d "/home/$user" ]; then
          nice -15 ${pkgs.sudo}/bin/sudo -u $user ${pkgs.clamav}/bin/clamscan --recursive --quiet --infected /home/$user
      fi
    done
  '';
  cfg = config.services.avscan;
in
{
  options.services.avscan = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = "Enable antivirus scan";
    };
  };

  config = mkIf cfg.enable {
    services.clamav.updater.enable = true;
    services.clamav.updater.interval = "daily";
    services.clamav.updater.frequency = 1;

    systemd.services.avscan = {
      description = "Antivirus scan";
      serviceConfig = {
        Type = "oneshot";
        User = "root";
        Group = "root";
        ExecStart = "${avscan}";
      };
    };

    systemd.timers.avscan = {
      description = "Antivirus scan";
      wantedBy = [ "timers.target" ];
      timerConfig.OnCalendar = "Mon *-*-* 13:00:00";
    };
  };
}