diff options
Diffstat (limited to 'entrypoint.bash')
-rw-r--r-- | entrypoint.bash | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/entrypoint.bash b/entrypoint.bash new file mode 100644 index 0000000..6b39101 --- /dev/null +++ b/entrypoint.bash @@ -0,0 +1,181 @@ +#!/bin/bash +# + +if [ ! -f /root/mirror.bash ]; then + cat > /root/mirror.bash <<-EOF +#!/bin/bash + +# Directory where the repo is stored locally. Example: /srv/repo +target="/srv/repo" + +# Lockfile path +lock="/var/lock/syncrepo.lck" + +# If you want to limit the bandwidth used by rsync set this. +# Use 0 to disable the limit. +# The default unit is KiB (see man rsync /--bwlimit for more) +bwlimit="${BWLIMIT:-0}" + +# The source URL of the mirror you want to sync from. +# If you choose a tier 1 mirror from this list and use its rsync URL: +# https://www.hyperbola.info/mirrors/ +source_url='${SOURCE_URL:-rsync://mirror.fsf.org/hyperbola/gnu-plus-linux-libre}' + +# An HTTP(S) URL pointing to the 'lastupdate' file on your chosen mirror. +# If you are a tier 1 mirror use: https://rsync.hyperbola.info/lastupdate +# Otherwise use the HTTP(S) URL from your chosen mirror. +lastupdate_url='' + +[ ! -d "\${target}" ] && mkdir -p "\${target}" + +exec 9>"\${lock}" +/usr/bin/flock -n 9 || exit + +# Cleanup any temporary files from old run that might remain. +# Note: You can skip this if you have rsync newer than 3.2.3 +# not affected by https://github.com/WayneD/rsync/issues/192 +find "\${target}" -name '.~tmp~' -exec rm -r {} + + +rsync_cmd() { + local -a cmd=(rsync -rlptH --safe-links --delete-delay --delay-updates --timeout=600 --no-motd) + + if stty &>/dev/null; then + cmd+=(-h -v --progress) + else + cmd+=(--quiet) + fi + + if ((bwlimit>0)); then + cmd+=("--bwlimit=\$bwlimit") + fi + + "\${cmd[@]}" "\$@" +} + + +# if we are called without a tty (cronjob) only run when there are changes +if ! tty -s && [[ -f "\$target/lastupdate" ]] && diff -b <(curl -Ls "\$lastupdate_url") "\$target/lastupdate" >/dev/null; then + # keep lastsync file in sync for statistics generated by Hyperbola GNU/Linux-libre website + rsync_cmd "\$source_url/lastsync" "\$target/lastsync" + exit 0 +fi + +rsync_cmd \ + ${RSYNC_OPTIONS:---exclude='*.links.tar.gz*'} \ + "\${source_url}" \ + "\${target}" + +# Cleanup +/bin/rm -f "\$lock" +exit 0 + +EOF +fi + +/bin/rm -f /etc/nginx/nginx.conf || true + +if [ ! -f /etc/nginx/nginx.conf ]; then +cat > /etc/nginx/nginx.conf <<- EOF +#user http; +worker_processes auto; +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; +#pid logs/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' + # '\$status \$body_bytes_sent "\$http_referer" ' + # '"\$http_user_agent" "\$http_x_forwarded_for"'; + + # hidden version + server_tokens off; + + disable_symlinks off; + + server { + listen 80 default_server; + server_name localhost; + + # Logs + #access_log logs/access.log main; + access_log /dev/null; + error_log /dev/null; + + root /srv/repo; + + location / { + autoindex on; + autoindex_exact_size off; + } + + location ~ /\.ht { + deny all; + } + + location ~ /.well-known { + allow all; + } + + # Enable compression for JS/CSS/HTML, for improved client load times. + # It might be nice to compress JSON/XML as returned by the API, but + # leaving that out to protect against potential BREACH attack. + gzip on; + gzip_vary on; + + gzip_types # text/html is always compressed by HttpGzipModule + text/css + application/javascript + font/truetype + font/opentype + application/vnd.ms-fontobject + image/svg+xml; + + gzip_min_length 1000; # default is 20 bytes + gzip_buffers 16 8k; + gzip_comp_level 2; # default is 1 + + client_body_timeout 30s; # default is 60 + client_header_timeout 10s; # default is 60 + send_timeout 10s; # default is 60 + keepalive_timeout 10s; # default is 75 + resolver_timeout 10s; # default is 30 + reset_timedout_connection on; + proxy_ignore_client_abort on; + + tcp_nopush on; # send headers in one piece + tcp_nodelay on; # don't buffer data sent, good for small data bursts in real time + + # Enabling the sendfile directive eliminates the step of copying the data into the buffer + # and enables direct copying data from one file descriptor to another. + sendfile on; + sendfile_max_chunk 1M; # prevent one fast connection from entirely occupying the worker process. should be > 800k. + aio threads; + } +} +EOF +fi + +SET_CRON="${CRONTAB:-0 */6 * * *}" + +if [ ! -f /root/repo-task.sh ] ;then + cat > /root/repo-task.sh <<- EOF +$SET_CRON /bin/sh /root/mirror.bash >/dev/null 2>&1 +EOF +fi + +# Start mirror +/bin/bash /root/mirror.bash & + +# Set cronie +/usr/bin/crontab /root/repo-task.sh + +# Start nginx +exec nginx -g "daemon off;" |