Add the maxmind mod

.github/workflows/BuildImage.yml

@@ -3,9 +3,9 @@ name: Build Image
 on: [push, pull_request, workflow_dispatch]
 
 env:
-  ENDPOINT: "linuxserver/mods" #don't modify
-  BASEIMAGE: "replace_baseimage" #replace
-  MODNAME: "replace_modname" #replace
+  ENDPOINT: "linuxserver/mods"
+  BASEIMAGE: "swag"
+  MODNAME: "maxmind"
 
 jobs:
   build:

Dockerfile

@@ -1,6 +1,6 @@
 FROM scratch
 
-LABEL maintainer="username"
+LABEL maintainer="quietsy"
 
 # copy local files
 COPY root/ /

Dockerfile.complex

@@ -1,23 +0,0 @@
-## Buildstage ##
-FROM ghcr.io/linuxserver/baseimage-alpine:3.12 as buildstage
-
-RUN \
- echo "**** install packages ****" && \
- apk add --no-cache \
-	curl && \
- echo "**** grab rclone ****" && \
- mkdir -p /root-layer && \
- curl -o \
-	/root-layer/rclone.deb -L \
-	"https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb"
-
-# copy local files
-COPY root/ /root-layer/
-
-## Single layer deployed image ##
-FROM scratch
-
-LABEL maintainer="username"
-
-# Add files from buildstage
-COPY --from=buildstage /root-layer/ /

README.md

@@ -1,17 +1,49 @@
-# Rsync - Docker mod for openssh-server
+# Maxmind Docker mod for Nginx based images
 
-This mod adds rsync to openssh-server, to be installed/updated during container start.
+This mod adds the maxmind database to nginx using the license key defined in the environment variable.
 
-In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync`
+This mod downloads the `GeoLite2-City.mmdb` database under `/config/geoip2db`, the database is updated weekly.
 
-If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2`
+**This mod should not be enabled together with the swag-dbip mod.**
 
-# Mod creation instructions
+Follow these steps to enable the maxmind mod:
 
-* Fork the repo, create a new branch based on the branch `template`.
-* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done.
-* Inspect the `root` folder contents. Edit, add and remove as necessary.
-* Edit this readme with pertinent info, delete these instructions.
-* Finally edit the `.github/workflows/BuildImage.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`.
-* Ask the team to create a new branch named `<baseimagename>-<modname>`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch.
-* Submit PR against the branch created by the team.
+1. Acquire a maxmind license here: https://www.maxmind.com/en/geolite2/signup
+2. In the container's docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-maxmind`
+   
+   If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-maxmind|linuxserver/mods:swag-mod2`
+3. In the container's docker arguments, set an environment variable `MAXMINDDB_LICENSE_KEY=<license-key>` with your license key.
+4. Add the following line to `/config/nginx/nginx.conf` under the `http` section:
+   
+   ```nginx
+   include /config/nginx/maxmind.conf;
+   ```
+5. Edit `/config/nginx/maxmind.conf` and add countries to the blocklist / whitelist according to the comments, for example:
+   
+    ```nginx
+    map $geoip2_data_country_iso_code $geo-whitelist {
+        default no;
+        UK yes;
+    }
+
+    map $geoip2_data_country_iso_code $geo-blacklist {
+        default yes;
+        US no;
+    }
+    ```
+6. Use the definitions in the following way:
+   ```nginx
+    server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+
+        server_name some-app.*;
+        include /config/nginx/ssl.conf;
+        client_max_body_size 0;
+
+        if ($lan-ip = yes) { set $geo-whitelist yes; }
+        if ($geo-whitelist = no) { return 404; }
+
+        location / {
+    ```
+7. Recreate the container to apply the changes.

root/defaults/maxmind.conf

@@ -0,0 +1,34 @@
+geoip2 /config/geoip2db/GeoLite2-City.mmdb {
+    auto_reload 1w;
+    $geoip2_data_city_name   city names en;
+    $geoip2_data_postal_code postal code;
+    $geoip2_data_latitude    location latitude;
+    $geoip2_data_longitude   location longitude;
+    $geoip2_data_state_name  subdivisions 0 names en;
+    $geoip2_data_state_code  subdivisions 0 iso_code;
+    $geoip2_data_continent_code   continent code;
+    $geoip2_data_country_iso_code country iso_code;
+}
+
+# Country Codes: https://en.wikipedia.org/wiki/ISO_3166-2
+
+map $geoip2_data_country_iso_code $geo-whitelist {
+    default yes;
+    # Example for whitelisting a country, comment out 'default yes;' above and uncomment 'default no;' and the whitelisted country below
+    # default no;
+    # UK yes;
+}
+
+map $geoip2_data_country_iso_code $geo-blacklist {
+    default yes;
+    # Example for blacklisting a country, uncomment the blacklisted country below
+    # UK no;
+ }
+
+geo $lan-ip {
+    default no;
+    10.0.0.0/8 yes;
+    172.16.0.0/12 yes;
+    192.168.0.0/16 yes;
+    127.0.0.1 yes;
+}

root/etc/cont-init.d/98-maxmind

@@ -0,0 +1,27 @@
+#!/usr/bin/with-contenv bash
+
+echo "Applying the maxmind mod..."
+
+# create GeoIP2 folder symlink
+[[ -d /var/lib/libmaxminddb ]] && [[ ! -L /var/lib/libmaxminddb ]] && \
+    rm -rf /var/lib/libmaxminddb
+[[ ! -d /var/lib/libmaxminddb ]] && \
+    ln -s /config/geoip2db /var/lib/libmaxminddb
+# check GeoIP2 database
+if [ -n "$MAXMINDDB_LICENSE_KEY" ]; then
+    sed -i "s|.*MAXMINDDB_LICENSE_KEY.*|MAXMINDDB_LICENSE_KEY=\"${MAXMINDDB_LICENSE_KEY}\"|g" /etc/libmaxminddb.cron.conf
+    if [ ! -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then
+        echo "Downloading GeoIP2 City database."
+        /etc/periodic/weekly/libmaxminddb
+    fi
+elif [ -f /var/lib/libmaxminddb/GeoLite2-City.mmdb ]; then
+    echo -e "Currently using the user provided GeoLite2-City.mmdb.\nIf you want to enable weekly auto-updates of the database, retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key."
+else
+    echo -e "Starting 2019/12/30, GeoIP2 databases require personal license key to download. Please retrieve a free license key from MaxMind,\nand add a new env variable \"MAXMINDDB_LICENSE_KEY\", set to your license key."
+fi
+
+if [ ! -f /config/nginx/maxmind.conf ]; then
+    cp /defaults/maxmind.conf /config/nginx/maxmind.conf
+fi
+
+echo "Applied the maxmind mod"

root/etc/cont-init.d/98-vpn-config

@@ -1,27 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Determine if setup is needed
-if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \
-[ -f /usr/bin/apt ]; then
-  ## Ubuntu
-  apt-get update
-  apt-get install --no-install-recommends -y \
-    iptables \
-    openssh-client \
-    python3 \
-    python3-pip 
-  pip3 install sshuttle
-fi
-if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \
-[ -f /sbin/apk ]; then
-  # Alpine
-  apk add --no-cache \
-    iptables \
-    openssh \
-    py3-pip \
-    python3 
-  pip3 install sshuttle
-fi
-
-chown -R root:root /root
-chmod -R 600 /root/.ssh

root/etc/services.d/sshvpn/run

@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16