commit 43b1dcfb2e30ad1c28aedb55017f2ae6bbb577de Author: dr460nf1r3 Date: Sat Jan 22 21:17:36 2022 +0100 Initial upload diff --git a/README b/README new file mode 100644 index 0000000..032ea9f --- /dev/null +++ b/README @@ -0,0 +1,16 @@ +# Chaotic-AUR mirror Docker setup +This repo provides an easy to way to setup a new Chaotic-AUR mirror. This will deploy Syncthing for syncing the repo and Nginx as webserver. +The following steps need to be taken: +``` +sudo pacman -Syu docker docker-compose +git clone https://github.com/chaotic-aur/docker-mirror.git +cd docker-mirror +sudo ./run +``` +You will be asked for: +- A domain that will serve the mirror (needs to be setup prior to starting the process) +- Email address for obtaining a SSL certificate +After that, docker-compose will fetch the needed containers. Syncthing will be available at port 8384 while the mirror can be reached using the domain name. +Syncthing devices need to be confirmed by us, so it might take some time for syncing to actually start. +Then, create a new issue at the [packages repo](https://github.com/chaotic-aur/packages/issues/new/choose) to have the mirror added to mirrorlist and geo-mirror. +Questions left? Feel free to create an issue or join the Telegram group to ask them! :) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..06923cf --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,48 @@ +version: "3.7" +services: + nginx: + container_name: nginx + restart: unless-stopped + hostname: ${DOMAIN_NAME:?err} + volumes: + - './repo:/var/lib/nginx/html/repo/chaotic-aur:ro' + - './data/acme-webroot:/var/lib/nginx/html/acme:ro' + - './data/letsencrypt/etc:/etc/letsencrypt:ro' + - './preset/nginx.conf:/etc/nginx/nginx.conf:ro' + - './preset/conf.d:/etc/nginx/conf.d:ro' + labels: + com.datadoghq.ad.check_names: '["nginx"]' + com.datadoghq.ad.init_configs: '[{}]' + com.datadoghq.ad.instances: '[{"nginx_status_url": "http://%%host%%:81/nginx_status/"}]' + ports: + - '80:80' + - '443:443' + image: nginx + + syncthing: + image: linuxserver/syncthing + container_name: syncthing + hostname: ${DOMAIN_NAME:?err} + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/London + volumes: + - './data/syncthing:/config' + - './repo:/repo' + ports: + - 8384:8384 + - 22000:22000/tcp + - 22000:22000/udp + - 21027:21027/udp + restart: unless-stopped + + certbot: + container_name: certbot + restart: always + volumes: + - './data/acme-webroot:/srv/http/webroot' + - './data/letsencrypt/etc:/etc/letsencrypt' + - './data/letsencrypt/var:/var/lib/letsencrypt' + image: certbot/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; sleep 10; while :; do certbot renew -w /srv/http/webroot/ --webroot; sleep 12h & wait $${!}; done;'" diff --git a/preset/conf.d/chaotic.conf b/preset/conf.d/chaotic.conf new file mode 100644 index 0000000..3c196f6 --- /dev/null +++ b/preset/conf.d/chaotic.conf @@ -0,0 +1,25 @@ +server { + listen 80; + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/chaotic/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/chaotic/privkey.pem; + autoindex on; + autoindex_exact_size off; + autoindex_format xml; + + root /var/lib/nginx/html/repo; + location ~* /chaotic-aur/x86_64/(?!.*chaotic-aur\.(db|files)).+\.tar.* { + add_header Cache-Control "max-age=150, stale-while-revalidate=150, stale-if-error=86400"; + } + location / { + xslt_string_param path $uri; + xslt_string_param hostname $hostname; + xslt_stylesheet /etc/nginx/conf.d/style.xslt; + add_header Cache-Control 'no-cache'; + } + location ~ /.well-known/acme-challenge { + allow all; + autoindex off; + root /var/lib/nginx/html/acme; + } +} diff --git a/preset/conf.d/status.conf b/preset/conf.d/status.conf new file mode 100644 index 0000000..bc12071 --- /dev/null +++ b/preset/conf.d/status.conf @@ -0,0 +1,11 @@ +server { + listen 81; + access_log off; + + location /nginx_status { + # freely available with open source NGINX + stub_status; + # ensures the version information can be retrieved + server_tokens on; + } +} diff --git a/preset/conf.d/style.xslt b/preset/conf.d/style.xslt new file mode 100644 index 0000000..e8ec42a --- /dev/null +++ b/preset/conf.d/style.xslt @@ -0,0 +1,337 @@ + + + + + ]> + + + + + + + + + - + + + B + + + K + + + M + + + G + + + + + + + + + + + + + + + + + + + + + + + + - + Directory + + + + + + + + + + + + + + + + + + + + + File + + + + + + + + + + + Index of + + <xsl:value-of select="$path"/> + + + + +
+
+ +
+ +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameLast ModifiedSizeType
     
+ +
+
+
+
+ Directories, Files, Total +
+
powered by Nginx
+ +
+ + + + diff --git a/preset/nginx.conf b/preset/nginx.conf new file mode 100644 index 0000000..5830bc8 --- /dev/null +++ b/preset/nginx.conf @@ -0,0 +1,93 @@ +# /etc/nginx/nginx.conf + +user nginx; + +# Set number of worker processes automatically based on number of CPU cores. +worker_processes auto; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /var/log/nginx/error.log warn; + +# Includes files with directives to load dynamic modules. +include /etc/nginx/modules/*.conf; +load_module modules/ngx_http_xslt_filter_module.so; + +events { + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; +} + +http { + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + #resolver 208.67.222.222 208.67.220.220; + + # Don't tell nginx version to clients. + server_tokens off; + + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. + client_max_body_size 0; + + # Timeout for keep-alive connections. Server will close connections after + # this time. + keepalive_timeout 65; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). + sendfile on; + + # Don't buffer data-sends (disable Nagle algorithm). + # Good for sending frequent small bursts of data in real time. + tcp_nodelay off; + + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. + #tcp_nopush on; + + # Path of the file with Diffie-Hellman parameters for EDH ciphers. + #ssl_dhparam /etc/ssl/nginx/dh2048.pem; + + # Specifies that our cipher suits should be preferred over client ciphers. + ssl_prefer_server_ciphers on; + + # Enables a shared SSL cache with size that can hold around 8000 sessions. + ssl_session_cache shared:SSL:2m; + + proxy_max_temp_file_size 0; + fastcgi_max_temp_file_size 0; + proxy_buffering off; + + # Enable gzipping of responses. + #gzip on; + + # Set the Vary HTTP header as defined in the RFC 2616. + gzip_vary on; + + # Enable checking the existence of precompressed files. + #gzip_static on; + + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /var/log/nginx/access.log main; + + + # Includes virtual hosts configs. + include /etc/nginx/conf.d/*.conf; +} diff --git a/preset/syncthing-config.xml b/preset/syncthing-config.xml new file mode 100644 index 0000000..8248cdd --- /dev/null +++ b/preset/syncthing-config.xml @@ -0,0 +1,21 @@ + + + basic + + + + + +
dynamic
+ false + false + 0 + 0 + 0 + false + 0 + + +
127.0.0.1:8384
+ + diff --git a/run b/run new file mode 100755 index 0000000..11c78b3 --- /dev/null +++ b/run @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e + +if [ ! -e ./.env ]; then + read -p 'Domain that will serve the mirror: ' domain + read -p 'Your email address: ' email + echo "DOMAIN_NAME=$domain" > ./.env + echo "EMAIL=$email" >> ./.env +fi + +source .env + +if [ ! -e ./data/letsencrypt/etc/renewal/chaotic.conf ]; then + docker run -p 80:80 -p 443:443 -it --rm -v "$PWD/data/letsencrypt/etc:/etc/letsencrypt" -v "$PWD/data/letsencrypt/var:/var/lib/letsencrypt" certbot/certbot certonly --standalone --agree-tos --cert-name chaotic -n -m "$EMAIL" -d "$DOMAIN_NAME" +fi + +if [ ! -e ./repo ]; then + mkdir -p ./repo/.stfolder + chown -R 1000:1000 ./repo +fi + +if [ ! -e ./data/syncthing/config.xml ]; then + mkdir -p ./data/syncthing + cp ./preset/syncthing-config.xml ./data/syncthing/config.xml + chown -R 1000:1000 ./data/syncthing +fi + +docker-compose -f docker-compose.yml up -d