Commit e5b461e3 authored by Bartłomiej Piotrowski's avatar Bartłomiej Piotrowski
Browse files

Add role for mirroring archlinux32

parent 6136bd2b
---
mirror_domain: ind.mirror.pkgbuild.com
archweb_mirrorcheck_locations: [10]
arch32_mirror_domain: ind.mirror.archlinux32.org
---
mirror_domain: jpn.mirror.pkgbuild.com
archweb_mirrorcheck_locations: [8]
arch32_mirror_domain: jpn.mirror.archlinux32.org
---
mirror_domain: mex.mirror.pkgbuild.com
archweb_mirrorcheck_locations: [7]
arch32_mirror_domain: mex.mirror.archlinux32.org
......@@ -3,3 +3,4 @@ mirror_domain: sgp.mirror.pkgbuild.com
public_domain: sgp.pkgbuild.com
archweb_mirrorcheck_locations: [9]
archbuild_fs: 'btrfs'
arch32_mirror_domain: sgp.mirror.archlinux32.org
......@@ -11,3 +11,4 @@
- { role: syncrepo, tags: ['syncrepo', 'nginx'] }
- { role: archweb, archweb_site: false, archweb_services: false, archweb_mirrorcheck: true, tags: ['archweb'] }
- { role: zabbix-agent, tags: ["zabbix", "zabbix-agent"] }
- { role: arch32_mirror, tags: ['arch32_mirror', 'nginx'] }
---
arch32_mirror_dir: /srv/archlinux32
arch32_mirror_source: rsync://mirror.archlinux32.org/archlinux32
arch32_mirror_lastupdate: https://mirror.archlinux32.org/lastupdate
---
- name: daemon reload
command: systemctl daemon-reload
---
- name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ arch32_mirror_domain }}' creates='/etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem'
when: 'arch32_mirror_domain is defined'
- name: install rsync
pacman: name=rsync state=present
- name: install syncrepo script
template: src=syncrepo_arch32 dest=/usr/local/bin/syncrepo_arch32 owner=root group=root mode=0755
- name: install syncrepo units
template: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- syncrepo_arch32.timer
- syncrepo_arch32.service
notify:
- daemon reload
- name: start and enable syncrepo unit
service: name={{ item }} enabled=yes state=started
with_items:
- syncrepo_arch32.timer
- name: make nginx log dir
file: path=/var/log/nginx/{{ arch32_mirror_domain }} state=directory owner=root group=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/syncrepo_arch32.conf owner=root group=root mode=0644
notify:
- reload nginx
when: 'arch32_mirror_domain is defined'
server {
listen 80;
listen [::]:80;
server_name {{ arch32_mirror_domain }};
root {{ arch32_mirror_dir }};
access_log /var/log/nginx/{{ arch32_mirror_domain }}/access.log;
error_log /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
include snippets/letsencrypt.conf;
autoindex on;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ arch32_mirror_domain }};
root {{ arch32_mirror_dir }};
access_log /var/log/nginx/{{ arch32_mirror_domain }}/access.log;
error_log /var/log/nginx/{{ arch32_mirror_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ arch32_mirror_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ arch32_mirror_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ arch32_mirror_domain }}/chain.pem;
autoindex on;
}
#!/bin/bash
# This is a simple mirroring script. To save bandwidth it first checks a
# timestamp via HTTP and only runs rsync when the timestamp differs from the
# local copy. As of 2016, a single rsync run without changes transfers roughly
# 6MiB of data which adds up to roughly 250GiB of traffic per month when rsync
# is run every minute. Performing a simple check via HTTP first can thus save a
# lot of traffic.
target="{{ arch32_mirror_dir }}"
tmp="/srv/syncrepo_arch32-tmp"
lock="/var/lock/syncrepo_arch32.lck"
# NOTE: You'll probably want to change this or set it to 0 to disable the limit
# The default unit is KiB (see man rsync /--bwlimit for more)
bwlimit=0
# NOTE: Most people reading this very likely need to change this since
# rsync.archlinux.org requires you to be a tier 1 mirror
source='{{ arch32_mirror_source }}'
lastupdate_url='{{ arch32_mirror_lastupdate }}'
#### END CONFIG
[ ! -d "${target}" ] && mkdir -p "${target}"
[ ! -d "${tmp}" ] && mkdir -p "${tmp}"
exec 9>"${lock}"
flock -n 9 || exit
rsync_cmd() {
local -a cmd=(rsync -rtlH --safe-links --delete-after ${VERBOSE} "--timeout=600" "--contimeout=60" -p \
--delay-updates --no-motd "--temp-dir=${tmp}")
if stty &>/dev/null; then
cmd+=(-h -v --progress)
else
cmd+=("--info=name1")
fi
if ((bwlimit>0)); then
cmd+=("--bwlimit=$bwlimit")
fi
"${cmd[@]}" "$@"
}
# if we are called without a tty (cronjob) only run when there are changes
if ! tty -s && [[ -f "$target/lastupdate" ]] && diff -b <(curl -s "$lastupdate_url") "$target/lastupdate" >/dev/null; then
# keep lastsync file in sync for statistics generated by the Arch Linux website
rsync_cmd "$source/lastsync" "$target/lastsync"
exit 0
fi
rsync_cmd \
--exclude='*.links.tar.gz*' \
--exclude='/other' \
--exclude='/sources' \
"${source}" \
"${target}"
#echo "Last sync was $(date -d @$(cat ${target}/lastsync))"
[Unit]
Description=Synchronize archlinux32 package repository mirror
RequiresMountsFor={{ arch32_mirror_dir }}
[Service]
Type=oneshot
ExecStart=/usr/local/bin/syncrepo_arch32
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
[Unit]
Description=Minutely archlinux32 repository sync
[Timer]
OnCalendar=minutely
AccuracySec=1m
Persistent=true
[Install]
WantedBy=timers.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment