commit d4e5bb34b76c98adee1d7fc00440adeb6a2a8c13 · pyrox.dev/nixpkgs

nixos/modules/misc/ids.nix

···

       287
       287
        
             pdns-recursor = 269;

     

       288
       288
        
             kresd = 270;

     

       289
       289
        
             rpc = 271;

     

       290
       290
       +
             geoip = 272;

     

       290
       291
        
       

     

       291
       292
        
             # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

     

       292
       293
        
       

     
···

       543
       544
        
             gogs = 268;

     

       544
       545
        
             kresd = 270;

     

       545
       546
        
             #rpc = 271; # unused

     

       547
       547
       +
             #geoip = 272; # unused

     

       546
       548
        
       

     

       547
       549
        
             # When adding a gid, make sure it doesn't match an existing

     

       548
       550
        
             # uid. Users and groups with the same name should have equal

+10 -4

nixos/modules/services/misc/geoip-updater.nix

···

       251
       251
        
             }

     

       252
       252
        
           ];

     

       253
       253
        
       

     

       254
       254
       +
           users.extraUsers.geoip = {

     

       255
       255
       +
             group = "root";

     

       256
       256
       +
             description = "GeoIP database updater";

     

       257
       257
       +
             uid = config.ids.uids.geoip;

     

       258
       258
       +
           };

     

       259
       259
       +
       

     

       254
       260
        
           systemd.timers.geoip-updater =

     

       255
       261
        
             { description = "GeoIP Updater Timer";

     

       256
       262
        
               partOf = [ "geoip-updater.service" ];

     
···

       267
       273
        
             preStart = ''

     

       268
       274
        
               mkdir -p "${cfg.databaseDir}"

     

       269
       275
        
               chmod 755 "${cfg.databaseDir}"

     

       270
       270
       -
               chown nobody:root "${cfg.databaseDir}"

     

       276
       276
       +
               chown geoip:root "${cfg.databaseDir}"

     

       271
       277
        
             '';

     

       272
       278
        
             serviceConfig = {

     

       273
       279
        
               ExecStart = "${geoip-updater}/bin/geoip-updater";

     

       274
       274
       -
               User = "nobody";

     

       280
       280
       +
               User = "geoip";

     

       275
       281
        
               PermissionsStartOnly = true;

     

       276
       282
        
             };

     

       277
       283
        
           };

     
···

       285
       291
        
             preStart = ''

     

       286
       292
        
               mkdir -p "${cfg.databaseDir}"

     

       287
       293
        
               chmod 755 "${cfg.databaseDir}"

     

       288
       288
       -
               chown nobody:root "${cfg.databaseDir}"

     

       294
       294
       +
               chown geoip:root "${cfg.databaseDir}"

     

       289
       295
        
             '';

     

       290
       296
        
             serviceConfig = {

     

       291
       297
        
               ExecStart = "${geoip-updater}/bin/geoip-updater --skip-existing";

     

       292
       292
       -
               User = "nobody";

     

       298
       298
       +
               User = "geoip";

     

       293
       299
        
               PermissionsStartOnly = true;

     

       294
       300
        
               # So it won't be (needlessly) restarted:

     

       295
       301
        
               RemainAfterExit = true;