From 8febb2fad131dc1ff42a2c667b26b013d64c17b8 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Sat, 1 Jun 2024 19:25:59 +0530
Subject: repo: ./nixos -> ./os

---
 os/fscusat/modules/mirror/debian/default.nix | 22 ++++++++++
 os/fscusat/modules/mirror/debian/ftpsync.nix | 65 ++++++++++++++++++++++++++++
 os/fscusat/modules/mirror/default.nix        | 11 +++++
 os/fscusat/modules/mirror/www.nix            | 11 +++++
 os/fscusat/modules/network.nix               | 18 ++++++++
 os/fscusat/modules/www.nix                   | 36 +++++++++++++++
 6 files changed, 163 insertions(+)
 create mode 100644 os/fscusat/modules/mirror/debian/default.nix
 create mode 100644 os/fscusat/modules/mirror/debian/ftpsync.nix
 create mode 100644 os/fscusat/modules/mirror/default.nix
 create mode 100644 os/fscusat/modules/mirror/www.nix
 create mode 100644 os/fscusat/modules/network.nix
 create mode 100644 os/fscusat/modules/www.nix

(limited to 'os/fscusat/modules')

diff --git a/os/fscusat/modules/mirror/debian/default.nix b/os/fscusat/modules/mirror/debian/default.nix
new file mode 100644
index 0000000..c052bdd
--- /dev/null
+++ b/os/fscusat/modules/mirror/debian/default.nix
@@ -0,0 +1,22 @@
+{ config, ... }: let
+  name = config.userdata.name;
+  email = config.userdata.email;
+in {
+  imports = [ ./ftpsync.nix ];
+
+  services.ftpsync = {
+    enable = true;
+
+    settings = {
+      RSYNC_HOST = "ossmirror.mycloud.services";
+      RSYNC_PATH = "debian";
+      ARCH_INCLUDE = "amd64 riscv64";
+
+      INFO_MAINTAINER = "${name} <${email}>";
+      INFO_COUNTRY = "IN";
+      INFO_LOCATION = "Kochi, Kerala";
+      INFO_THROUGHPUT = "1Gb";
+      MAILTO = email;
+    };
+  };
+}
diff --git a/os/fscusat/modules/mirror/debian/ftpsync.nix b/os/fscusat/modules/mirror/debian/ftpsync.nix
new file mode 100644
index 0000000..29fb55b
--- /dev/null
+++ b/os/fscusat/modules/mirror/debian/ftpsync.nix
@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.ftpsync;
+  archvsync = pkgs.callPackage ../../../pkgs/archvsync {};
+
+  formatKeyValue = k: v: '' ${k}="${v}" '';
+  configFormat = pkgs.formats.keyValue { mkKeyValue = formatKeyValue; };
+  configFile = configFormat.generate "ftpsync.conf" cfg.settings;
+in
+{
+  meta.maintainers = with lib.maintainers; [ sinanmohd ];
+
+  options.services.ftpsync = {
+    enable = lib.mkEnableOption (lib.mdDoc "ftpsync");
+
+    settings = lib.mkOption {
+      inherit (configFormat) type;
+      default = {};
+      description = lib.mdDoc ''
+        Configuration options for ftpsync.
+        See ftpsync.conf(5) man page for available options.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.etc."ftpsync/ftpsync.conf".source = configFile;
+    environment.systemPackages = [ archvsync ];
+
+    services.ftpsync.settings = {
+      TO = lib.mkDefault "$STATE_DIRECTORY";
+      LOGDIR = lib.mkDefault "$LOGS_DIRECTORY";
+    };
+
+    systemd = let
+      name = "ftpsync";
+      meta = {
+        description = "Mirror Debian repositories of packages";
+        documentation = [ "man:ftpsync(1)" ];
+      };
+    in {
+      timers.${name} = meta // {
+        wantedBy = [ "timers.target" ];
+
+        timerConfig = {
+          OnCalendar = "*-*-* 00,06,12,18:00:00";
+          Unit="%i.service";
+          Persistent = true;
+          FixedRandomDelay = true;
+          RandomizedDelaySec = "6h";
+        };
+      };
+
+      services.${name} = meta // {
+        serviceConfig = {
+          LogsDirectory = name;
+          StateDirectory = name;
+
+          ExecStart = "${archvsync}/bin/ftpsync sync:all";
+        };
+      };
+    };
+  };
+}
diff --git a/os/fscusat/modules/mirror/default.nix b/os/fscusat/modules/mirror/default.nix
new file mode 100644
index 0000000..c5fd462
--- /dev/null
+++ b/os/fscusat/modules/mirror/default.nix
@@ -0,0 +1,11 @@
+{ ... }: {
+  imports = [
+    ./debian
+    ./www.nix
+  ];
+
+  systemd.tmpfiles.rules = [
+    "d  /var/cache/mirror/        0755  root  root"
+    "L  /var/cache/mirror/debian  -     -     -     - /var/lib/ftpsync/"
+  ];
+}
diff --git a/os/fscusat/modules/mirror/www.nix b/os/fscusat/modules/mirror/www.nix
new file mode 100644
index 0000000..ebde425
--- /dev/null
+++ b/os/fscusat/modules/mirror/www.nix
@@ -0,0 +1,11 @@
+{ ... }:
+
+let
+  domain = "foss.fscusat.ac.in";
+in
+{
+  services.nginx.virtualHosts.${domain}.locations."/mirror/" = {
+    alias = "/var/cache/mirror/";
+    extraConfig = "autoindex on;";
+  };
+}
diff --git a/os/fscusat/modules/network.nix b/os/fscusat/modules/network.nix
new file mode 100644
index 0000000..53367f8
--- /dev/null
+++ b/os/fscusat/modules/network.nix
@@ -0,0 +1,18 @@
+{ ... }:
+
+let
+  wan = "ens18";
+in
+{
+  networking = {
+    interfaces.${wan}.ipv4.addresses = [{
+      address = "10.0.8.101";
+      prefixLength = 16;
+    }];
+    defaultGateway = {
+      address = "10.0.0.1";
+      interface = wan;
+    };
+    nameservers = [ "10.0.0.2" "10.0.0.3" ];
+  };
+}
diff --git a/os/fscusat/modules/www.nix b/os/fscusat/modules/www.nix
new file mode 100644
index 0000000..24398da
--- /dev/null
+++ b/os/fscusat/modules/www.nix
@@ -0,0 +1,36 @@
+{ config, ... }:
+
+let
+  domain = "foss.fscusat.ac.in";
+in
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  sops.secrets = let 
+    opts = {
+      owner = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
+  in{
+    "cusat.ac.in/key" = opts;
+    "cusat.ac.in/crt" = opts;
+  };
+
+  services.nginx = { 
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedZstdSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    recommendedBrotliSettings = true;
+
+    virtualHosts.${domain} = {
+      forceSSL = true;
+      sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path;
+      sslCertificate = config.sops.secrets."cusat.ac.in/crt".path;
+
+      locations."/".extraConfig = "return 307 $scheme://$host/mirror/;";
+    };
+  };
+}
-- 
cgit v1.2.3