nixpkgs/nixos/modules/services/misc
Bjørn Forsman 824d82fa0f nixos/geoip-updater: new service
The GeoIP databases from MaxMind have no stable URLs and change every
month (or so). Our current method of packaging these database in Nix and
playing catch-up with ever-changing file hashes is a bad idea. For
instance, it makes it impossible to realize old NixOS configurations.

This patch adds a NixOS service that periodically updates the GeoIP
databases in /var/lib/geoip-databases. Moving NixOS modules over can be
done in later patches.

I tried adding MD5 check, but not all databases have them, so i skipped
it. We are downloading over HTTPS though, it should be good. I also
tried adding zip support, but the first zip file I extracted had a
different filename inside than the archive name, which breaks an
assumption in this service, so I skipped that too.

Changes v9 -> v10:
  - Pass "--max-time" to curl to set upper bound on downloads (ensures
    no indefinite hanging if there's problem with networking).
    Timeout for network connectivity check: 60s.
    Timeout for geoip database (each): 15m.

Changes v8 -> v9:
  - Mention the random timer delay in the documentation for the
    'interval' option.

Changes v7 -> v8:
  - Add "RemainAfterExit=true" for the setup service, so it won't be
    restarted needlessly. (Thanks @danbst!)

Changes v6 -> v7:
  - Add --skip-existing flag to geoip-updater, which skips updating
    existing database files. Pass that flag when we run the service on
    boot (and on any NixOS configuration change).
    (IMHO, this is somewhat a workaround for systemd persistent timers
    not being triggered immediately when a timer has never expired
    before. But it does have the nice side effect of ensuring that the
    installed databases always correspond to the configured ones, since
    the service is now always run after configuration changes.)

Changes v5 -> v6:
  - Update database files atomically (per DB)
  - If a database is removed from the configuration, it'll be removed
    from /var/lib/geoip-databases too (on next run).
  - Add NixOS module assertion so that if user inputs non- .gz or .xz
    file there will be a build time error instead of runtime.
  - Run updater as user "nobody" instead of "root".
  - Rename NixOS service from "geoip-databases" to "geoip-updater".
  - Drop RemainAfterExit, or else the timer won't trigger the unit.
  - Bring back "curl --fail", or else we won't catch and log curl
    failures.

Changes v4 -> v5:
  - Add "GeoLite2-City.mmdb.gz" to default database list.

Changes v3 -> v4:
  - Remove unneeded geoip-updater-setup.service after adding
    'wantedBy = [ "multi-user.target" ]' directly to
    geoip-updater.service
  - Drop unneeded "Service" name from service descriptions.

Changes v2 -> v3:
  - Network may be down when starting from a cold boot, so try a few
    times. Possibly, if using systemd-networkd, it'll pass on the first
    try. But with default DHCP on NixOS, the service is started before
    hostnames can be resolved and thus we need a few extra seconds.
  - Add error handling and mark service as failed if fatal error.
  - Add proper syslog log levels.
  - Add RandomizedDelaySec=3600 to the timer to not put high load on the
    MaxMind servers. Suggested by @Mic92.
  - Set RemainAfterExit on geoip-updater.service instead of
    geoip-updater-setup.service. (The latter is only a proxy that pulls
    in the former service).

Changes v1 -> v2:
From Данило Глинський (Danylo Hlynskyi) <abcz2.uprola@gmail.com>:
  nixos/geoip-databases: add `databases` option and fix initial setup

  There were two great issues when using this service:
  - When you just enable service, databases aren't downloaded, they are
    downloaded when timer triggers. Fixed this with automatic download on
    first system activation.
  - When there is no internet, updater outputs nothing to logs, which is
    IMO misbehavior. Fixed this with removing `--fail` option, better be
    explicit here.
2017-02-12 15:07:34 +01:00
..
taskserver nixos: fix taskserver module to evaluate properly when keys are managed manually 2017-02-07 18:35:41 +01:00
apache-kafka.nix apache-kafka service: change default brokerId to -1 2017-01-24 12:32:22 -05:00
autofs.nix nixos/autofs: fix typo afuese -> afuse 2016-09-19 13:49:47 +02:00
bepasty.nix nixos: use types.lines for extraConfig 2016-10-23 19:41:43 +02:00
calibre-server.nix calibre-server service: add type to libraryDir option 2015-10-31 14:21:56 -07:00
canto-daemon.nix canto-daemon: Fix typo and remove TimeoutStopSec 2015-02-08 14:16:17 +00:00
cfdyndns.nix cfdyndns: init at 0.0.1 2016-02-15 12:54:04 -08:00
cgminer.nix cgminer: respect xserver.display variable 2016-07-05 19:17:40 -07:00
confd.nix confd service: change default etcd port 4001 -> 2379 2016-09-28 23:35:54 +02:00
couchpotato.nix couchpotato module: init 2017-01-16 12:54:43 +01:00
cpuminer-cryptonight.nix cpuminer-cryptonight: new service module 2014-09-22 13:37:47 -04:00
defaultUnicornConfig.rb fixup! gitlab: 8.0.5 -> 8.5.0, service improvements 2016-02-26 08:31:20 +01:00
devmon.nix devmon: Non-root user, set PATH, require udisks2 2015-11-18 11:30:08 +00:00
dictd.nix nixos/modules: use defaultText where applicable 2016-11-21 16:35:15 +01:00
disnix.nix nixos/modules: use defaultText where applicable 2016-11-21 16:35:15 +01:00
docker-registry.nix dockerRegistry module: re-init with new underlying software 2016-10-12 14:05:09 +02:00
dysnomia.nix disnix-module: split dysnomia's functionality into a separate module so that it can be used without Disnix and remove the hacky/obsolete avahi publisher 2016-06-17 09:12:44 +00:00
emby.nix emby: use makeWrapper to supply ffmpeg/probe paths 2016-10-03 12:23:44 +02:00
errbot.nix errbot service: fix import config in plugins 2016-11-08 17:44:52 +01:00
etcd.nix misc.etcd: get closer to upstream service definition 2016-09-13 11:19:22 +02:00
felix.nix Add missing 'type', 'defaultText' and 'literalExample' in module definitions 2016-01-17 19:41:23 +01:00
folding-at-home.nix folding-at-home service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
gammu-smsd.nix treewide: Mass replace 'sqlite}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
geoip-updater.nix nixos/geoip-updater: new service 2017-02-12 15:07:34 +01:00
gitit.nix Fix #4210: Remove builderDefs 2016-08-31 11:34:46 +02:00
gitlab.nix gitlab service: fix sidekiq queue config 2016-11-29 17:42:46 +01:00
gitlab.xml nixos/doc/gitlab: fix build 2016-08-26 15:47:39 +02:00
gitolite.nix nixos: Replace pkgs.openssh with config.programs.ssh.package 2015-06-26 17:09:58 -07:00
gogs.nix gogs: fix error on push 2017-02-04 12:16:37 +01:00
gpsd.nix types.uniq types.int -> types.int 2015-06-15 18:11:32 +02:00
ihaskell.nix nixos: drop unused 'haskellPackages' option from ihaskell service 2017-01-31 22:38:01 +01:00
leaps.nix leaps: 0.5.1 + add a service + test 2016-11-06 10:34:42 +01:00
mantisbt.nix mantisbt: fix typo in documentation 2016-03-12 07:48:36 -06:00
mathics.nix nixos/mathics: New service and test 2016-01-02 14:34:55 -08:00
matrix-synapse-log_config.yaml matrix-synapse: init at 0.12.0 2016-01-15 15:17:14 +01:00
matrix-synapse.nix matrix-synapse service: Make url_preview_enabled optional (#20609) 2016-11-28 03:33:48 +01:00
mbpfan.nix Add missing 'type', 'defaultText' and 'literalExample' in module definitions 2016-01-17 19:41:23 +01:00
mediatomb.nix Allow setting mediatomb interface 2015-06-13 15:16:28 +00:00
mesos-master.nix mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
mesos-slave.nix mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
mwlib.nix mwlib uses pdftk to create books 2015-06-08 08:35:12 +00:00
nix-daemon.nix Add some more details about useSandbox 2017-01-03 14:24:49 -05:00
nix-gc.nix nix gc service: fix use of startAt 2016-10-23 17:56:49 +02:00
nix-optimise.nix nix-optimise module: fix startAt 2016-10-19 02:22:12 +02:00
nix-ssh-serve.nix treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
nixos-manual.nix manual: automatically generate modules entries 2016-08-11 00:24:41 +09:00
nscd-sssd.conf sssd: init at 1.14.2 2017-01-04 03:07:20 +03:00
nzbget.nix nzbget: 16.4 -> 17.0-r1686 and nzbget service 2016-05-13 18:56:39 +02:00
octoprint.nix nixos/octoprint: fixup extraConfig 2016-10-23 19:47:28 +02:00
packagekit.nix packagekit: add latest from hughsie's github repo 2016-07-05 20:26:59 +00:00
parsoid.nix parsoid service: update, use declarative configuration 2016-11-20 19:12:14 +03:00
phd.nix Fix forgotten unit entry 2014-09-03 15:47:53 +04:00
plex.nix Merge pull request #21395 from jerith666/plex-firewall 2016-12-24 23:31:04 +01:00
redmine.nix nixos: use types.lines for extraConfig 2016-10-23 19:41:43 +02:00
ripple-data-api.nix fix argument in mkEnableOption 2015-06-21 18:21:21 +03:00
ripple-rest.nix fix argument in mkEnableOption 2015-06-21 18:21:21 +03:00
rippled.nix rippled module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
rogue.nix nixos/rogue: Set WorkingDirectory to /tmp 2015-07-22 16:08:17 +03:00
siproxd.nix siproxd: initial service expression 2014-08-19 10:19:52 -04:00
sonarr.nix sonarr service: initial service 2016-07-15 16:18:37 +02:00
spice-vdagentd.nix spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
sssd.nix sssd: init at 1.14.2 2017-01-04 03:07:20 +03:00
subsonic.nix Add script to move /var/subsonic to cfg.home 2016-05-16 14:42:22 -07:00
sundtek.nix sundtek: 2015-12-12 -> 2016-01-26 + service change 2016-01-30 20:08:52 +01:00
svnserve.nix svnserve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
synergy.nix nixos/synergy: Restart services on failure. 2015-10-13 04:42:39 +02:00
uhub.nix uhub: initial service expression 2014-09-01 10:53:19 +04:00
zookeeper.nix zookeeper service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00