summaryrefslogtreecommitdiff
path: root/os/fscusat/modules
diff options
context:
space:
mode:
Diffstat (limited to 'os/fscusat/modules')
-rw-r--r--os/fscusat/modules/mirror/debian/default.nix22
-rw-r--r--os/fscusat/modules/mirror/debian/ftpsync.nix65
-rw-r--r--os/fscusat/modules/mirror/default.nix11
-rw-r--r--os/fscusat/modules/mirror/www.nix11
-rw-r--r--os/fscusat/modules/network.nix18
-rw-r--r--os/fscusat/modules/www.nix36
6 files changed, 163 insertions, 0 deletions
diff --git a/os/fscusat/modules/mirror/debian/default.nix b/os/fscusat/modules/mirror/debian/default.nix
new file mode 100644
index 0000000..c052bdd
--- /dev/null
+++ b/os/fscusat/modules/mirror/debian/default.nix
@@ -0,0 +1,22 @@
+{ config, ... }: let
+ name = config.userdata.name;
+ email = config.userdata.email;
+in {
+ imports = [ ./ftpsync.nix ];
+
+ services.ftpsync = {
+ enable = true;
+
+ settings = {
+ RSYNC_HOST = "ossmirror.mycloud.services";
+ RSYNC_PATH = "debian";
+ ARCH_INCLUDE = "amd64 riscv64";
+
+ INFO_MAINTAINER = "${name} <${email}>";
+ INFO_COUNTRY = "IN";
+ INFO_LOCATION = "Kochi, Kerala";
+ INFO_THROUGHPUT = "1Gb";
+ MAILTO = email;
+ };
+ };
+}
diff --git a/os/fscusat/modules/mirror/debian/ftpsync.nix b/os/fscusat/modules/mirror/debian/ftpsync.nix
new file mode 100644
index 0000000..29fb55b
--- /dev/null
+++ b/os/fscusat/modules/mirror/debian/ftpsync.nix
@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+
+let
+ cfg = config.services.ftpsync;
+ archvsync = pkgs.callPackage ../../../pkgs/archvsync {};
+
+ formatKeyValue = k: v: '' ${k}="${v}" '';
+ configFormat = pkgs.formats.keyValue { mkKeyValue = formatKeyValue; };
+ configFile = configFormat.generate "ftpsync.conf" cfg.settings;
+in
+{
+ meta.maintainers = with lib.maintainers; [ sinanmohd ];
+
+ options.services.ftpsync = {
+ enable = lib.mkEnableOption (lib.mdDoc "ftpsync");
+
+ settings = lib.mkOption {
+ inherit (configFormat) type;
+ default = {};
+ description = lib.mdDoc ''
+ Configuration options for ftpsync.
+ See ftpsync.conf(5) man page for available options.
+ '';
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ environment.etc."ftpsync/ftpsync.conf".source = configFile;
+ environment.systemPackages = [ archvsync ];
+
+ services.ftpsync.settings = {
+ TO = lib.mkDefault "$STATE_DIRECTORY";
+ LOGDIR = lib.mkDefault "$LOGS_DIRECTORY";
+ };
+
+ systemd = let
+ name = "ftpsync";
+ meta = {
+ description = "Mirror Debian repositories of packages";
+ documentation = [ "man:ftpsync(1)" ];
+ };
+ in {
+ timers.${name} = meta // {
+ wantedBy = [ "timers.target" ];
+
+ timerConfig = {
+ OnCalendar = "*-*-* 00,06,12,18:00:00";
+ Unit="%i.service";
+ Persistent = true;
+ FixedRandomDelay = true;
+ RandomizedDelaySec = "6h";
+ };
+ };
+
+ services.${name} = meta // {
+ serviceConfig = {
+ LogsDirectory = name;
+ StateDirectory = name;
+
+ ExecStart = "${archvsync}/bin/ftpsync sync:all";
+ };
+ };
+ };
+ };
+}
diff --git a/os/fscusat/modules/mirror/default.nix b/os/fscusat/modules/mirror/default.nix
new file mode 100644
index 0000000..c5fd462
--- /dev/null
+++ b/os/fscusat/modules/mirror/default.nix
@@ -0,0 +1,11 @@
+{ ... }: {
+ imports = [
+ ./debian
+ ./www.nix
+ ];
+
+ systemd.tmpfiles.rules = [
+ "d /var/cache/mirror/ 0755 root root"
+ "L /var/cache/mirror/debian - - - - /var/lib/ftpsync/"
+ ];
+}
diff --git a/os/fscusat/modules/mirror/www.nix b/os/fscusat/modules/mirror/www.nix
new file mode 100644
index 0000000..ebde425
--- /dev/null
+++ b/os/fscusat/modules/mirror/www.nix
@@ -0,0 +1,11 @@
+{ ... }:
+
+let
+ domain = "foss.fscusat.ac.in";
+in
+{
+ services.nginx.virtualHosts.${domain}.locations."/mirror/" = {
+ alias = "/var/cache/mirror/";
+ extraConfig = "autoindex on;";
+ };
+}
diff --git a/os/fscusat/modules/network.nix b/os/fscusat/modules/network.nix
new file mode 100644
index 0000000..53367f8
--- /dev/null
+++ b/os/fscusat/modules/network.nix
@@ -0,0 +1,18 @@
+{ ... }:
+
+let
+ wan = "ens18";
+in
+{
+ networking = {
+ interfaces.${wan}.ipv4.addresses = [{
+ address = "10.0.8.101";
+ prefixLength = 16;
+ }];
+ defaultGateway = {
+ address = "10.0.0.1";
+ interface = wan;
+ };
+ nameservers = [ "10.0.0.2" "10.0.0.3" ];
+ };
+}
diff --git a/os/fscusat/modules/www.nix b/os/fscusat/modules/www.nix
new file mode 100644
index 0000000..24398da
--- /dev/null
+++ b/os/fscusat/modules/www.nix
@@ -0,0 +1,36 @@
+{ config, ... }:
+
+let
+ domain = "foss.fscusat.ac.in";
+in
+{
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ sops.secrets = let
+ opts = {
+ owner = config.services.nginx.user;
+ group = config.services.nginx.group;
+ };
+ in{
+ "cusat.ac.in/key" = opts;
+ "cusat.ac.in/crt" = opts;
+ };
+
+ services.nginx = {
+ enable = true;
+ recommendedTlsSettings = true;
+ recommendedZstdSettings = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+ recommendedBrotliSettings = true;
+
+ virtualHosts.${domain} = {
+ forceSSL = true;
+ sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path;
+ sslCertificate = config.sops.secrets."cusat.ac.in/crt".path;
+
+ locations."/".extraConfig = "return 307 $scheme://$host/mirror/;";
+ };
+ };
+}