initial commit

1 files changed, 181 insertions, 0 deletions

diff --git a/entrypoint.bash b/entrypoint.bash
new file mode 100644
index 0000000..6b39101
--- /dev/null
+++ b/entrypoint.bash
@@ -0,0 +1,181 @@
+#!/bin/bash
+#
+
+if [ ! -f /root/mirror.bash ]; then
+    cat > /root/mirror.bash <<-EOF
+#!/bin/bash
+
+# Directory where the repo is stored locally. Example: /srv/repo
+target="/srv/repo"
+
+# Lockfile path
+lock="/var/lock/syncrepo.lck"
+
+# If you want to limit the bandwidth used by rsync set this.
+# Use 0 to disable the limit.
+# The default unit is KiB (see man rsync /--bwlimit for more)
+bwlimit="${BWLIMIT:-0}"
+
+# The source URL of the mirror you want to sync from.
+# If you choose a tier 1 mirror from this list and use its rsync URL:
+# https://www.hyperbola.info/mirrors/
+source_url='${SOURCE_URL:-rsync://mirror.fsf.org/hyperbola/gnu-plus-linux-libre}'
+
+# An HTTP(S) URL pointing to the 'lastupdate' file on your chosen mirror.
+# If you are a tier 1 mirror use: https://rsync.hyperbola.info/lastupdate
+# Otherwise use the HTTP(S) URL from your chosen mirror.
+lastupdate_url=''
+
+[ ! -d "\${target}" ] && mkdir -p "\${target}"
+
+exec 9>"\${lock}"
+/usr/bin/flock -n 9 || exit
+
+# Cleanup any temporary files from old run that might remain.
+# Note: You can skip this if you have rsync newer than 3.2.3
+# not affected by https://github.com/WayneD/rsync/issues/192
+find "\${target}" -name '.~tmp~' -exec rm -r {} +
+
+rsync_cmd() {
+    local -a cmd=(rsync -rlptH --safe-links --delete-delay --delay-updates --timeout=600 --no-motd)
+
+    if stty &>/dev/null; then
+	cmd+=(-h -v --progress)
+    else
+	cmd+=(--quiet)
+    fi
+
+    if ((bwlimit>0)); then
+	cmd+=("--bwlimit=\$bwlimit")
+    fi
+
+    "\${cmd[@]}" "\$@"
+}
+
+
+# if we are called without a tty (cronjob) only run when there are changes
+if ! tty -s && [[ -f "\$target/lastupdate" ]] && diff -b <(curl -Ls "\$lastupdate_url") "\$target/lastupdate" >/dev/null; then
+    # keep lastsync file in sync for statistics generated by Hyperbola GNU/Linux-libre website
+    rsync_cmd "\$source_url/lastsync" "\$target/lastsync"
+    exit 0
+fi
+
+rsync_cmd \
+    ${RSYNC_OPTIONS:---exclude='*.links.tar.gz*'} \
+    "\${source_url}" \
+    "\${target}"
+
+# Cleanup
+/bin/rm -f "\$lock"
+exit 0
+
+EOF
+fi
+
+/bin/rm -f /etc/nginx/nginx.conf || true
+
+if [ ! -f /etc/nginx/nginx.conf ]; then
+cat > /etc/nginx/nginx.conf <<- EOF
+#user http;
+worker_processes  auto;
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+#pid        logs/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
+    #                  '\$status \$body_bytes_sent "\$http_referer" '
+    #                  '"\$http_user_agent" "\$http_x_forwarded_for"';
+
+    # hidden version
+    server_tokens off;
+
+    disable_symlinks off;
+
+    server {
+        listen 80 default_server;
+        server_name localhost;
+
+        # Logs
+        #access_log  logs/access.log  main;
+        access_log /dev/null;
+        error_log /dev/null;
+
+        root /srv/repo;
+
+        location / {
+            autoindex on;
+            autoindex_exact_size off;
+        }
+
+        location ~ /\.ht {
+            deny  all;
+        }
+
+        location ~ /.well-known {
+            allow all;
+        }
+
+        # Enable compression for JS/CSS/HTML, for improved client load times.
+        # It might be nice to compress JSON/XML as returned by the API, but
+        # leaving that out to protect against potential BREACH attack.
+        gzip              on;
+        gzip_vary         on;
+
+        gzip_types        # text/html is always compressed by HttpGzipModule
+                          text/css
+                          application/javascript
+                          font/truetype
+                          font/opentype
+                          application/vnd.ms-fontobject
+                          image/svg+xml;
+
+        gzip_min_length 1000; # default is 20 bytes
+        gzip_buffers 16 8k;
+        gzip_comp_level 2; # default is 1
+
+        client_body_timeout       30s; # default is 60
+        client_header_timeout     10s; # default is 60
+        send_timeout              10s; # default is 60
+        keepalive_timeout         10s; # default is 75
+        resolver_timeout          10s; # default is 30
+        reset_timedout_connection on;
+        proxy_ignore_client_abort on;
+
+        tcp_nopush on; # send headers in one piece
+        tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time
+
+        # Enabling the sendfile directive eliminates the step of copying the data into the buffer
+        # and enables direct copying data from one file descriptor to another.
+        sendfile on;
+        sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k.
+        aio threads;
+    }
+}
+EOF
+fi
+
+SET_CRON="${CRONTAB:-0 */6 * * *}"
+
+if [ ! -f /root/repo-task.sh ] ;then
+    cat > /root/repo-task.sh <<- EOF
+$SET_CRON /bin/sh /root/mirror.bash >/dev/null 2>&1
+EOF
+fi
+
+# Start mirror
+/bin/bash /root/mirror.bash &
+
+# Set cronie
+/usr/bin/crontab /root/repo-task.sh
+
+# Start nginx
+exec nginx -g "daemon off;"