blob: 581d7ee7706f23bfeb462245f5e2f94c56cf4154 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
. ${BUILDFILE%/*}/common.sh
pkgver=20180828.1
package() {
preamble
# #### Repo
provides=(pacman-mirrorlist)
conflicts=(pacman-mirrorlist)
depends+=(
rsync
abs
mktorrent
dbscripts
config-parabola-mgmt-nginx
uwsgi-plugin-php
unionfs-fuse
oxygen-icons
)
add-file etc/pacman.d/mirrorlist <<EOF
Server = file:///srv/repo/main/\$repo/os/\$arch
EOF
add-file -m755 etc/ssl/misc/certbot-get.d/10-repo <<EOF
#!/bin/bash
echo {repo,repomirror}.{parabola.nu,parabolagnulinux.org}
EOF
add-file -m644 etc/nginx/sites/server-repo_parabola_nu.conf <<EOF
# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-
server {
server_name repo.parabola.nu;
listen 443 ssl http2;
listen [::]:443 ssl http2;
error_log /var/log/nginx/nginx.http.repo_parabola_nu.error.log error;
access_log /var/log/nginx/nginx.http.repo_parabola_nu.access.log specific;
if (\$args !~* noredirect) {
return 302 https://repomirror.parabola.nu\$uri;
}
index /.fancyindex/index.php;
location = /.fancyindex/index.php {
include uwsgi_params;
uwsgi_modifier1 14; # Standard PHP request
uwsgi_pass unix:/run/uwsgi/repo.sock;
}
location / {
root /srv/repo;
try_files /main\$uri /http\$uri @union;
}
location @union {}
}
EOF
add-file -m644 usr/lib/sysusers.d/repo.conf <<-'EOF'
u repo-readonly -
EOF
add-file -m644 etc/uwsgi/repo.ini <<EOF
[uwsgi]
master = true
processes = 4
uid = repo-readonly
gid = http
plugins = php
php-set = open_basedir=/srv/http/repo.parabola.nu
EOF
add-unit etc/systemd/system/sockets.target.wants/uwsgi@repo.socket
add-file -m644 etc/nginx/sites/server-repomirror_parabola_nu.conf <<EOF
# -*- Mode: nginx; nginx-indent-level: 8; indent-tabs-mode: t -*-
server {
server_name repomirror.parabola.nu;
listen 443 ssl http2;
listen [::]:443 ssl http2;
error_log /var/log/nginx/nginx.http.repomirror_parabola_nu.error.log error;
access_log /var/log/nginx/nginx.http.repomirror_parabola_nu.access.log specific;
location / {
root /srv/http/repo.parabola.nu;
include uwsgi_params;
uwsgi_param SCRIPT_NAME /srv/http/repo.parabola.nu/.fancyindex/mirror.php;
uwsgi_modifier1 14; # Standard PHP request
uwsgi_pass unix:/run/uwsgi/repomirror.sock;
}
}
EOF
add-file -m644 etc/uwsgi/repomirror.ini <<EOF
[uwsgi]
master = true
processes = 4
uid = repo-readonly
gid = http
plugins = php
php-app = /srv/http/repo.parabola.nu/.fancyindex/mirror.php
php-set = open_basedir=/srv/http/repo.parabola.nu:/srv/repo/http
EOF
add-unit etc/systemd/system/sockets.target.wants/uwsgi@repomirror.socket
add-file -m644 etc/systemd/system/rsyncd@.service.d/user.conf <<EOF
[Service]
User=repo-readonly
EOF
add-file -m644 etc/systemd/system/rsyncd.socket.d/port.conf <<EOF
[Socket]
# 873 is filtered
ListenStream=
ListenStream=875
EOF
add-unit etc/systemd/system/sockets.target.wants/rsyncd.socket
add-file -m644 usr/share/holo/files/10-"$pkgname"/etc/rsyncd.conf <<EOF
# The uid, port, et c. are configured in the systemd units.
use chroot = no
[repos]
path = /srv/repo/main
comment = Parabola repos
ignore nonreadable = yes
[abs]
path = /srv/repo/db-import-archlinux-src/abslibre
comment = Arch Build System Libre
EOF
postamble
}
|
