Verified Commit b3256827 authored by Evangelos Foutras's avatar Evangelos Foutras 🐱
Browse files

common: use tier0 mirror on build servers + gemini

There is a need for build servers to never build against outdated repo
databases, even with syncrepo providing a local mirror that is updated
every minute. To that effect, we adjust mirrorlist on build servers so
the first mirror is the tier0 mirror provided by gemini.

Keep the syncrepo role on build servers in order to have a local cache
of packages and avoid concurrent build jobs downloading the same files
causing them to be corrupted.

Finally, configure gemini to use its own repos (like other mirrors do).
parent a144aa45
Pipeline #16612 passed with stage
in 34 seconds
{% if 'mirrors' in group_names or 'buildservers' in group_names %}
{% if 'buildservers' in group_names %}
Server = https://repos.archlinux.org/$repo/os/$arch
{% endif %}
{% if 'mirrors' in group_names or inventory_hostname == 'gemini.archlinux.org' %}
Server = file:///srv/ftp/$repo/os/$arch
{% endif %}
Server = https://mirror.pkgbuild.com/$repo/os/$arch/
Server = https://mirror.pkgbuild.com/$repo/os/$arch
......@@ -14,8 +14,6 @@ server {
ssl_certificate_key /etc/letsencrypt/live/{{ repos_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ repos_domain }}/chain.pem;
satisfy any;
access_log /var/log/nginx/{{ repos_domain }}/access.log reduced;
access_log /var/log/nginx/{{ repos_domain }}/access.log.json json_reduced;
......@@ -24,8 +22,18 @@ server {
}
location / {
satisfy any;
auth_request /devel/mirrorauth/;
{% for host in groups['buildservers'] | sort | unique %}
# {{ host }}
{% for address in ['ipv4_address', 'ipv6_address'] if address in hostvars[host] %}
allow {{ hostvars[host][address] }};
{% else %}
# no addresses defined in hostvars
{% endfor %}
{% endfor %}
autoindex on;
}
......@@ -50,7 +58,7 @@ server {
# Authentication to archweb
proxy_pass https://archlinux.org;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_ssl_verify on;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment