rsyncd.conf.proto.j2 3.44 KB
Newer Older
1
# DO NOT CHANGE rsync.conf, CHANGE rsync.conf.proto INSTEAD!
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Hosts are managed by archweb, talk to someone that has permission to
# play with mirrors to get new IP addresses added.

use chroot = no
max connections = 12
lock file = /var/run/rsyncd/main.lock
syslog facility = local5
pid file = /var/run/rsyncd.pid
#transfer logging = yes
transfer logging = no
motd file = /etc/rsyncd.motd
timeout = 600

# ALLOW ONLY TIERED MIRRORS
16
# This effectively disables all sections but *_tier1 and *_auth
17
18
19
20
21
22
# We keep the configuration around in case we need to revert again
hosts allow = 127.0.0.1

# DENY THE REST
hosts deny = *

23
{% if 'archive_mirrors' in groups %}
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
24
25
26
[archive]
	path = /srv/archive
	comment = archive
27
	hosts allow = {{ groups['archive_mirrors'] | map('extract', hostvars, ['ipv4_address']) | join(' ') }} {{ groups['archive_mirrors'] | map('extract', hostvars, ['ipv6_address']) | join(' ') }}
28
{% endif %}
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
29

30
31
32
33
# Just the release/stable iso/packages (for most mirrors)
[ftp]
	path = /srv/ftp
	comment = ftp area (most mirrors should use this)
34
	exclude = /archive/ /other/ /sources/ /*-debug/ /pool/*-debug/
35
36
37
38

[ftp_tier1]
	path = /srv/ftp
	comment = ftp area (most mirrors should use this)
39
	exclude = /archive/ /other/ /sources/ /*-debug/ /pool/*-debug/
40
41
42
43
44
45
	hosts allow = @@ALLOWHOSTS_TIER1@@
	max connections = 0

[ftp_auth]
	path = /srv/ftp
	comment = ftp area, passworded (same as 'ftp')
46
	exclude = /archive/ /other/ /sources/ /*-debug/ /pool/*-debug/
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
	hosts allow = *
	auth users = *
	secrets file = /etc/rsyncd.secrets
	max connections = 0

# The whole she-bang, except /sources
[ftpfull]
	path = /srv/ftp
	comment = ftp area (everything, including very old versions, except sources)
	exclude = /sources/

[ftpfull_tier1]
	path = /srv/ftp
	comment = ftp area (everything, including very old versions, except sources)
	exclude = /sources/
	hosts allow = @@ALLOWHOSTS_TIER1@@
	max connections = 0

[ftpfull_auth]
	path = /srv/ftp
	comment = ftp area (everything, including very old versions, except sources)
	exclude = /sources/
	hosts allow = *
	auth users = *
	secrets file = /etc/rsyncd.secrets
	max connections = 0

# The whole she-bang
[kitchensink]
	path = /srv/ftp
	comment = ftp area (everything, including very old versions)
78
	hosts allow = {{ hostvars['archlinux.org']['ipv4_address'] }} {{ hostvars['archlinux.org']['ipv6_address'] }}
79
80
81
82

[kitchensink_tier1]
	path = /srv/ftp
	comment = ftp area (everything, including very old versions)
83
	hosts allow = @@ALLOWHOSTS_TIER1@@ {{ hostvars['gemini.archlinux.org']['ipv4_address'] }} {{ hostvars['gemini.archlinux.org']['ipv6_address'] }}
84
85
86
87
88
89
90
91
92
93
	max connections = 0

[kitchensink_auth]
	path = /srv/ftp
	comment = ftp area (everything, including very old versions)
	hosts allow = *
	auth users = *
	secrets file = /etc/rsyncd.secrets
	max connections = 0

Morten Linderud's avatar
Morten Linderud committed
94
95
96
97
98
# Debug repositories
[debug_packages]
	path = /srv/ftp
	comment =  debug packages
	exclude = *
99
	include = /*-debug/*** /pool /pool/*-debug/***
100
	hosts allow = {{ groups['mirrors'] | map('extract', hostvars, ['ipv4_address']) | join(' ') }} {{ groups['mirrors'] | map('extract', hostvars, ['ipv6_address']) | join(' ') }}
Morten Linderud's avatar
Morten Linderud committed
101
102
	max connections = 0

103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Individual repositories
[core]
	path = /srv/ftp/core
	comment = core repository

[extra]
	path = /srv/ftp/extra
	comment = extra repository

[community]
	path = /srv/ftp/community
	comment = community repository

[testing]
	path = /srv/ftp/testing
	comment = testing repository

[community-testing]
	path = /srv/ftp/community-testing
	comment = community-testing repository