diff options
author | talyz <kim.lindberger@gmail.com> | 2021-04-28 16:56:06 +0200 |
---|---|---|
committer | talyz <kim.lindberger@gmail.com> | 2021-06-03 20:57:25 +0200 |
commit | f5f8341c76ffad22ae52c622be97c94ccbd2a847 (patch) | |
tree | 347d7c661366e16eab9c84c213e52a5e22a906e8 /nixos/modules/services/misc/geoipupdate.nix | |
parent | 3edde6562e19698da69a499881e0a2e4f5a497a2 (diff) | |
download | nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.tar nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.tar.gz nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.tar.bz2 nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.tar.lz nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.tar.xz nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.tar.zst nixpkgs-f5f8341c76ffad22ae52c622be97c94ccbd2a847.zip |
nixos/geoipupdate: Replace the old `geoip-updater` module
Our old bespoke GeoIP updater doesn't seem to be working anymore. Instead of trying to fix it, replace it with the official updater from MaxMind.
Diffstat (limited to 'nixos/modules/services/misc/geoipupdate.nix')
-rw-r--r-- | nixos/modules/services/misc/geoipupdate.nix | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/geoipupdate.nix b/nixos/modules/services/misc/geoipupdate.nix new file mode 100644 index 00000000000..5d87be928d9 --- /dev/null +++ b/nixos/modules/services/misc/geoipupdate.nix @@ -0,0 +1,145 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.geoipupdate; +in +{ + imports = [ + (lib.mkRemovedOptionModule [ "services" "geoip-updater" ] "services.geoip-updater has been removed, use services.geoipupdate instead.") + ]; + + options = { + services.geoipupdate = { + enable = lib.mkEnableOption '' + periodic downloading of GeoIP databases using + <productname>geoipupdate</productname>. + ''; + + interval = lib.mkOption { + type = lib.types.str; + default = "weekly"; + description = '' + Update the GeoIP databases at this time / interval. + The format is described in + <citerefentry><refentrytitle>systemd.time</refentrytitle> + <manvolnum>7</manvolnum></citerefentry>. + ''; + }; + + settings = lib.mkOption { + description = '' + <productname>geoipupdate</productname> configuration + options. See + <link xlink:href="https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md" /> + for a full list of available options. + ''; + type = lib.types.submodule { + freeformType = + with lib.types; + let + type = oneOf [str int bool]; + in + attrsOf (either type (listOf type)); + + options = { + + AccountID = lib.mkOption { + type = lib.types.int; + description = '' + Your MaxMind account ID. + ''; + }; + + EditionIDs = lib.mkOption { + type = with lib.types; listOf (either str int); + example = [ + "GeoLite2-ASN" + "GeoLite2-City" + "GeoLite2-Country" + ]; + description = '' + List of database edition IDs. This includes new string + IDs like <literal>GeoIP2-City</literal> and old + numeric IDs like <literal>106</literal>. + ''; + }; + + LicenseKey = lib.mkOption { + type = lib.types.path; + description = '' + A file containing the <productname>MaxMind</productname> + license key. + ''; + }; + + DatabaseDirectory = lib.mkOption { + type = lib.types.path; + default = "/var/lib/GeoIP"; + example = "/run/GeoIP"; + description = '' + The directory to store the database files in. The + directory will be automatically created, the owner + changed to <literal>geoip</literal> and permissions + set to world readable. This applies if the directory + already exists as well, so don't use a directory with + sensitive contents. + ''; + }; + + }; + }; + }; + }; + + }; + + config = lib.mkIf cfg.enable { + + services.geoipupdate.settings = { + LockFile = "/run/geoipupdate/.lock"; + }; + + systemd.services.geoipupdate = { + description = "GeoIP Updater"; + after = [ "network-online.target" "nss-lookup.target" ]; + wants = [ "network-online.target" ]; + startAt = cfg.interval; + serviceConfig = { + ExecStartPre = + let + geoipupdateKeyValue = lib.generators.toKeyValue { + mkKeyValue = lib.flip lib.generators.mkKeyValueDefault " " rec { + mkValueString = v: with builtins; + if isInt v then toString v + else if isString v then v + else if true == v then "1" + else if false == v then "0" + else if isList v then lib.concatMapStringsSep " " mkValueString v + else throw "unsupported type ${typeOf v}: ${(lib.generators.toPretty {}) v}"; + }; + }; + + geoipupdateConf = pkgs.writeText "discourse.conf" (geoipupdateKeyValue cfg.settings); + + script = '' + mkdir -p "${cfg.settings.DatabaseDirectory}" + chmod 755 "${cfg.settings.DatabaseDirectory}" + chown geoip "${cfg.settings.DatabaseDirectory}" + + cp ${geoipupdateConf} /run/geoipupdate/GeoIP.conf + ${pkgs.replace-secret}/bin/replace-secret '${cfg.settings.LicenseKey}' \ + '${cfg.settings.LicenseKey}' \ + /run/geoipupdate/GeoIP.conf + ''; + in + "+${pkgs.writeShellScript "start-pre-full-privileges" script}"; + ExecStart = "${pkgs.geoipupdate}/bin/geoipupdate -f /run/geoipupdate/GeoIP.conf"; + User = "geoip"; + DynamicUser = true; + ReadWritePaths = cfg.settings.DatabaseDirectory; + RuntimeDirectory = "geoipupdate"; + RuntimeDirectoryMode = 0700; + }; + }; + }; +} |