systems/makanek/retiolum-map.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  network = "retiolum";

  stateDirectory = "retiolum-map";

  geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb";
  geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}";
in
{
  systemd.services.retiolum-index = {
    description = "Retiolum indexing service";
    wants = [ "tinc.${network}.service" ];
    script = ''
      ${pkgs.tinc-graph}/bin/tinc-graph --geoip-file ${geo-ip-database-path} --network ${network} \
        | ${pkgs.coreutils}/bin/tee network.json \
        | ${pkgs.tinc-graph}/bin/tinc-midpoint > midpoint.json

      cp ${pkgs.tinc-graph}/static/map.html map.html
      cp ${pkgs.tinc-graph}/static/map.html index.html
      cp ${pkgs.tinc-graph}/static/graph.html graph.html
    '';
    startAt = "hourly";
    path = [
      pkgs.coreutils
      pkgs.jq
      pkgs.tinc_pre
    ];
    serviceConfig = {
      Type = "oneshot";
      User = "root";
      StateDirectory = stateDirectory;
      WorkingDirectory = "/var/lib/${stateDirectory}";
    };
  };

  services.geoipupdate = {
    enable = true;
    settings = {
      AccountID = 608777;
      LicenseKey._secret = config.age.secrets.maxmind-license-key.path;
      EditionIDs = [ "GeoLite2-City" ];
    };
  };

  age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;

  niveum.passport.services = [
    {
      link = "http://graph.r";
      title = "Retiolum Realtime Map";
      description = "displays geographical information about the retiolum network. <a href=\"http://graph.r/graph.html\">Graph</a> info also available.";
    }
    {
      link = "http://c.r/${geo-ip-database}";
      title = "GeoIP";
      description = "shares MaxMind's GeoIP database with the krebs world. Updated weekly.";
    }
  ];

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."graph.r".locations."/".root = "/var/lib/${stateDirectory}";
    # RRM @ https://github.com/krebs/cholerab/blob/master/thesauron.adoc
    virtualHosts."rrm.r".locations."/".root = "/var/lib/${stateDirectory}";
  };

  systemd.services.geoip-share = {
    after = [ "geoipupdate.service" ];
    wantedBy = [ "geoipupdate.service" ];
    script = "${pkgs.curl}/bin/curl -fSs --data-binary @${geo-ip-database-path} http://c.r/${geo-ip-database} ";
    serviceConfig = {
      Type = "oneshot";
      DynamicUser = true;
    };
  };
}
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
format 2025-12-28 13:39:42 +01:00			`}:`
			`let`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`network = "retiolum";`

			`stateDirectory = "retiolum-map";`

feat(graph.r): use geoip from updater, share with retiolum 2021-12-01 12:04:26 +01:00			`geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb";`
			`geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}";`
format 2025-12-28 13:39:42 +01:00			`in`
			`{`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`systemd.services.retiolum-index = {`
			`description = "Retiolum indexing service";`
format 2025-12-28 13:39:42 +01:00			`wants = [ "tinc.${network}.service" ];`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`script = ''`
remove specialArgs inputs 2025-12-28 13:19:15 +01:00			`${pkgs.tinc-graph}/bin/tinc-graph --geoip-file ${geo-ip-database-path} --network ${network} \`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`\| ${pkgs.coreutils}/bin/tee network.json \`
remove specialArgs inputs 2025-12-28 13:19:15 +01:00			`\| ${pkgs.tinc-graph}/bin/tinc-midpoint > midpoint.json`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00
remove specialArgs inputs 2025-12-28 13:19:15 +01:00			`cp ${pkgs.tinc-graph}/static/map.html map.html`
			`cp ${pkgs.tinc-graph}/static/map.html index.html`
			`cp ${pkgs.tinc-graph}/static/graph.html graph.html`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`'';`
			`startAt = "hourly";`
format 2025-12-28 13:39:42 +01:00			`path = [`
			`pkgs.coreutils`
			`pkgs.jq`
			`pkgs.tinc_pre`
			`];`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`serviceConfig = {`
			`Type = "oneshot";`
			`User = "root";`
			`StateDirectory = stateDirectory;`
			`WorkingDirectory = "/var/lib/${stateDirectory}";`
			`};`
			`};`

feat(retiolum-map): use 21.11 geoipupdate 2021-12-01 09:53:15 +01:00			`services.geoipupdate = {`
chore(tinc-graph): update 2021-12-01 09:47:45 +01:00			`enable = true;`
feat(retiolum-map): use 21.11 geoipupdate 2021-12-01 09:53:15 +01:00			`settings = {`
			`AccountID = 608777;`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`LicenseKey._secret = config.age.secrets.maxmind-license-key.path;`
format 2025-12-28 13:39:42 +01:00			`EditionIDs = [ "GeoLite2-City" ];`
feat(retiolum-map): use 21.11 geoipupdate 2021-12-01 09:53:15 +01:00			`};`
chore(tinc-graph): update 2021-12-01 09:47:45 +01:00			`};`

Revert "chore: get secrets via input, mock for CI" This reverts commit 3138fd23ef855a5925eb370bf0c976316c6c96b4. 2023-07-04 16:28:26 +02:00			`age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00
feat(passport): init for makanek 2022-05-22 11:47:59 +02:00			`niveum.passport.services = [`
			`{`
			`link = "http://graph.r";`
			`title = "Retiolum Realtime Map";`
			`description = "displays geographical information about the retiolum network. <a href=\"http://graph.r/graph.html\">Graph</a> info also available.";`
			`}`
			`{`
			`link = "http://c.r/${geo-ip-database}";`
			`title = "GeoIP";`
			`description = "shares MaxMind's GeoIP database with the krebs world. Updated weekly.";`
			`}`
			`];`

feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`services.nginx = {`
			`enable = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
			`virtualHosts."graph.r".locations."/".root = "/var/lib/${stateDirectory}";`
feat(retiolum-map): add rrm.r alias 2022-01-11 23:13:17 +01:00			`# RRM @ https://github.com/krebs/cholerab/blob/master/thesauron.adoc`
			`virtualHosts."rrm.r".locations."/".root = "/var/lib/${stateDirectory}";`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`};`
feat(graph.r): use geoip from updater, share with retiolum 2021-12-01 12:04:26 +01:00
			`systemd.services.geoip-share = {`
format 2025-12-28 13:39:42 +01:00			`after = [ "geoipupdate.service" ];`
			`wantedBy = [ "geoipupdate.service" ];`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`script = "${pkgs.curl}/bin/curl -fSs --data-binary @${geo-ip-database-path} http://c.r/${geo-ip-database} ";`
feat(graph.r): use geoip from updater, share with retiolum 2021-12-01 12:04:26 +01:00			`serviceConfig = {`
			`Type = "oneshot";`
			`DynamicUser = true;`
			`};`
			`};`
feat: add service to supersede graph.r 2021-11-30 21:58:38 +01:00			`}`