From 8febb2fad131dc1ff42a2c667b26b013d64c17b8 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sat, 1 Jun 2024 19:25:59 +0530 Subject: repo: ./nixos -> ./os --- os/fscusat/modules/mirror/debian/default.nix | 22 ++++++++++ os/fscusat/modules/mirror/debian/ftpsync.nix | 65 ++++++++++++++++++++++++++++ os/fscusat/modules/mirror/default.nix | 11 +++++ os/fscusat/modules/mirror/www.nix | 11 +++++ os/fscusat/modules/network.nix | 18 ++++++++ os/fscusat/modules/www.nix | 36 +++++++++++++++ 6 files changed, 163 insertions(+) create mode 100644 os/fscusat/modules/mirror/debian/default.nix create mode 100644 os/fscusat/modules/mirror/debian/ftpsync.nix create mode 100644 os/fscusat/modules/mirror/default.nix create mode 100644 os/fscusat/modules/mirror/www.nix create mode 100644 os/fscusat/modules/network.nix create mode 100644 os/fscusat/modules/www.nix (limited to 'os/fscusat/modules') diff --git a/os/fscusat/modules/mirror/debian/default.nix b/os/fscusat/modules/mirror/debian/default.nix new file mode 100644 index 0000000..c052bdd --- /dev/null +++ b/os/fscusat/modules/mirror/debian/default.nix @@ -0,0 +1,22 @@ +{ config, ... }: let + name = config.userdata.name; + email = config.userdata.email; +in { + imports = [ ./ftpsync.nix ]; + + services.ftpsync = { + enable = true; + + settings = { + RSYNC_HOST = "ossmirror.mycloud.services"; + RSYNC_PATH = "debian"; + ARCH_INCLUDE = "amd64 riscv64"; + + INFO_MAINTAINER = "${name} <${email}>"; + INFO_COUNTRY = "IN"; + INFO_LOCATION = "Kochi, Kerala"; + INFO_THROUGHPUT = "1Gb"; + MAILTO = email; + }; + }; +} diff --git a/os/fscusat/modules/mirror/debian/ftpsync.nix b/os/fscusat/modules/mirror/debian/ftpsync.nix new file mode 100644 index 0000000..29fb55b --- /dev/null +++ b/os/fscusat/modules/mirror/debian/ftpsync.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.ftpsync; + archvsync = pkgs.callPackage ../../../pkgs/archvsync {}; + + formatKeyValue = k: v: '' ${k}="${v}" ''; + configFormat = pkgs.formats.keyValue { mkKeyValue = formatKeyValue; }; + configFile = configFormat.generate "ftpsync.conf" cfg.settings; +in +{ + meta.maintainers = with lib.maintainers; [ sinanmohd ]; + + options.services.ftpsync = { + enable = lib.mkEnableOption (lib.mdDoc "ftpsync"); + + settings = lib.mkOption { + inherit (configFormat) type; + default = {}; + description = lib.mdDoc '' + Configuration options for ftpsync. + See ftpsync.conf(5) man page for available options. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + environment.etc."ftpsync/ftpsync.conf".source = configFile; + environment.systemPackages = [ archvsync ]; + + services.ftpsync.settings = { + TO = lib.mkDefault "$STATE_DIRECTORY"; + LOGDIR = lib.mkDefault "$LOGS_DIRECTORY"; + }; + + systemd = let + name = "ftpsync"; + meta = { + description = "Mirror Debian repositories of packages"; + documentation = [ "man:ftpsync(1)" ]; + }; + in { + timers.${name} = meta // { + wantedBy = [ "timers.target" ]; + + timerConfig = { + OnCalendar = "*-*-* 00,06,12,18:00:00"; + Unit="%i.service"; + Persistent = true; + FixedRandomDelay = true; + RandomizedDelaySec = "6h"; + }; + }; + + services.${name} = meta // { + serviceConfig = { + LogsDirectory = name; + StateDirectory = name; + + ExecStart = "${archvsync}/bin/ftpsync sync:all"; + }; + }; + }; + }; +} diff --git a/os/fscusat/modules/mirror/default.nix b/os/fscusat/modules/mirror/default.nix new file mode 100644 index 0000000..c5fd462 --- /dev/null +++ b/os/fscusat/modules/mirror/default.nix @@ -0,0 +1,11 @@ +{ ... }: { + imports = [ + ./debian + ./www.nix + ]; + + systemd.tmpfiles.rules = [ + "d /var/cache/mirror/ 0755 root root" + "L /var/cache/mirror/debian - - - - /var/lib/ftpsync/" + ]; +} diff --git a/os/fscusat/modules/mirror/www.nix b/os/fscusat/modules/mirror/www.nix new file mode 100644 index 0000000..ebde425 --- /dev/null +++ b/os/fscusat/modules/mirror/www.nix @@ -0,0 +1,11 @@ +{ ... }: + +let + domain = "foss.fscusat.ac.in"; +in +{ + services.nginx.virtualHosts.${domain}.locations."/mirror/" = { + alias = "/var/cache/mirror/"; + extraConfig = "autoindex on;"; + }; +} diff --git a/os/fscusat/modules/network.nix b/os/fscusat/modules/network.nix new file mode 100644 index 0000000..53367f8 --- /dev/null +++ b/os/fscusat/modules/network.nix @@ -0,0 +1,18 @@ +{ ... }: + +let + wan = "ens18"; +in +{ + networking = { + interfaces.${wan}.ipv4.addresses = [{ + address = "10.0.8.101"; + prefixLength = 16; + }]; + defaultGateway = { + address = "10.0.0.1"; + interface = wan; + }; + nameservers = [ "10.0.0.2" "10.0.0.3" ]; + }; +} diff --git a/os/fscusat/modules/www.nix b/os/fscusat/modules/www.nix new file mode 100644 index 0000000..24398da --- /dev/null +++ b/os/fscusat/modules/www.nix @@ -0,0 +1,36 @@ +{ config, ... }: + +let + domain = "foss.fscusat.ac.in"; +in +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + sops.secrets = let + opts = { + owner = config.services.nginx.user; + group = config.services.nginx.group; + }; + in{ + "cusat.ac.in/key" = opts; + "cusat.ac.in/crt" = opts; + }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + recommendedBrotliSettings = true; + + virtualHosts.${domain} = { + forceSSL = true; + sslCertificateKey = config.sops.secrets."cusat.ac.in/key".path; + sslCertificate = config.sops.secrets."cusat.ac.in/crt".path; + + locations."/".extraConfig = "return 307 $scheme://$host/mirror/;"; + }; + }; +} -- cgit v1.2.3