Last active
January 28, 2021 01:16
-
-
Save seia-soto/486354937a7d7335f2db990dbf02dc5e to your computer and use it in GitHub Desktop.
mirror.seia.io
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| echo -e "[$(date)] - <alpinelinux> sync is about to start" >> /_seia/projects/mirror/log | |
| # make sure we never run 2 rsync at the same time | |
| lockfile="/tmp/alpine-mirror.lock" | |
| if [ -z "$flock" ] ; then | |
| exec env flock=1 flock -n $lockfile "$0" "$@" | |
| echo -e "[$(date)] - <alpinelinux> stopped the sync because there is lockfile" >> /_seia/projects/mirror/log | |
| fi | |
| src=rsync://rsync.alpinelinux.org/alpine/ | |
| dest=/_seia/ext/sdb1/projects/mirror/sources/alpinelinux/ | |
| exclude="--include-from=/_seia/projects/mirror/includes/alpinelinux.includes --exclude */" | |
| mkdir -p "$dest" | |
| /usr/bin/rsync \ | |
| --archive \ | |
| --update \ | |
| --hard-links \ | |
| --delete \ | |
| --delete-after \ | |
| --delay-updates \ | |
| --timeout=600 \ | |
| --progress \ | |
| $exclude \ | |
| "$src" "$dest" | |
| echo -e "[$(date)] - <alpinelinux> mirror has been synced" >> /_seia/projects/mirror/log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| edge** | |
| v3.12** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/nft -f | |
| flush ruleset | |
| define enabled_ports = { | |
| ssh, | |
| http, | |
| https | |
| } | |
| table ip filter { | |
| chain input { | |
| type filter hook input priority 0 | |
| policy drop | |
| # Allow already established/related connections | |
| ct state {established, related} accept | |
| # Drop invalid connections | |
| ct state invalid drop | |
| # Loopback interface | |
| iifname lo accept | |
| # Allow ICMP ping requests, rate limit to prevent ICMP flood | |
| ip protocol icmp limit rate 15/second accept | |
| # Open ports | |
| tcp dport $enabled_ports accept | |
| udp dport $enabled_ports limit rate 25/second accept | |
| } | |
| chain forward { | |
| type filter hook forward priority 0 | |
| } | |
| chain output { | |
| type filter hook output priority 0 | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| limit_conn_zone $binary_remote_addr zone=addr_connlimit_mirror:10m; | |
| server { | |
| listen 80; | |
| listen 443 ssl http2; | |
| server_name mirror.seia.io; | |
| ssl_certificate /etc/letsencrypt/live/mirror.seia.io/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/mirror.seia.io/privkey.pem; | |
| location / { | |
| root /_seia/ext/sdb1/projects/mirror/sources/; | |
| try_files $uri $uri/ 404; | |
| autoindex on; | |
| limit_conn addr_connlimit_mirror 3; | |
| } | |
| include snippets/use-certificate.conf; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rm -rf /tmp/*.lock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| echo -e "[$(date)] - <ubuntu-releases> sync is about to start" >> /_seia/projects/mirror/log | |
| # make sure we never run 2 rsync at the same time | |
| lockfile="/tmp/ubuntu-releases-mirror.lock" | |
| if [ -z "$flock" ] ; then | |
| exec env flock=1 flock -n $lockfile "$0" "$@" | |
| echo -e "[$(date)] - <ubuntu-releases> stopped the sync because there is lockfile" >> /_seia/projects/mirror/log | |
| fi | |
| src=rsync://kr.rsync.releases.ubuntu.com/releases | |
| dest=/_seia/ext/sdb1/projects/mirror/sources/ubuntu-releases/ | |
| ##### NOTHING TO EXCLUDE! | |
| exclude="--exclude '*' --include-from /_seia/projects/mirror/includes/ubuntu-releases.includes" | |
| mkdir -p "$dest" | |
| /usr/bin/rsync \ | |
| --archive \ | |
| --update \ | |
| --hard-links \ | |
| --delete \ | |
| --delete-after \ | |
| --delay-updates \ | |
| --timeout=600 \ | |
| --progress \ | |
| "$src" "$dest" | |
| echo -e "[$(date)] - <ubuntu-releases> mirror has been synced" >> /_seia/projects/mirror/log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_session_timeout 1d; | |
| ssl_session_cache shared:SSL:50m; | |
| ssl_session_tickets off; | |
| ssl_protocols TLSv1.2; | |
| ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; | |
| ssl_prefer_server_ciphers on; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| if ($scheme = 'http') { | |
| return 301 https://$host$request_uri; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment