~craftyguy/blog.craftyguy.net

3edded759f23b53a90818e24cd4a6567f2d42acd — Clayton Craft 4 months ago 5522195 main
content/2021-06-05-pmos-mirror-setup: new post
1 files changed, 82 insertions(+), 0 deletions(-)

A content/2021-06-05-pmos-mirror-setup.md
A content/2021-06-05-pmos-mirror-setup.md => content/2021-06-05-pmos-mirror-setup.md +82 -0
@@ 0,0 1,82 @@
+++
title = "Setting up a mirror for postmarketOS pmaports on Arch Linux"
date = 2021-06-05
[taxonomies]
tags = ["postmarketOS"]
+++

Running a mirror for postmarketOS is fairly simple, and it allows you to
alleviate some pressure from the main pmaports mirror if you're installing from
pmaports often... Not to mention you'll almost certainly experience a rapid
speed-up in downloading from it (compared to the official mirror) if your
mirror is local/close.

I set up my mirror on Arch Linux, so the info below is specific to systemd. However it could easily be adapted to crontab or something similar.

The actual synchronization is handled by a systemd timer that fires every hour, and runs a systemd service.

The timer:
```
[Unit]
Description=Hourly sync with the postmarketOS binary repo

[Timer]
OnCalendar=hourly
Persistent=true
Unit=pmos_mirror_sync.service

[Install]
WantedBy=timers.target
```


And the service::
```
[Unit]
Description=Sync with the main postmarketOS binary repo

[Service]
Type=oneshot
ExecStart=/usr/bin/rsync -rh --progress --delete rsync://mirror.postmarketos.org/postmarketos/ /srv/http/postmarketos/
[Unit]
Description=Hourly sync with the postmarketOS binary repo
```

Pay special attention to the destination for rsync, in this case it's
`/srv/http/postmarketos`, you may want to have it elsewhere.

Enable the timer:

```bash
$ sudo systemctl enable postmarketos-mirror.timer
```

You can trigger the service manually:
```bash
$ sudo systemctl start postmarketos-mirror.service
```

I run this mirror behind nginx, here's the server fragment I use to set that up (adjust `server_name` and the `ssl_certificate`/`ssl_certificate_key` accordingly):

```
server {
        server_name postmarketos.craftyguy.net;
        listen 80;
        listen 443 ssl http2;
        ssl_certificate /etc/ssl/ansible/postmarketos.craftyguy.net.pem;
        ssl_certificate_key /etc/ssl/ansible/postmarketos.craftyguy.net.key;

        ## Check if this certificate is really served for this server_name
        # http://serverfault.com/questions/578648/properly-setting-up-a-default-nginx-server-for-https
        if ($host != $server_name) {
                return       444;
        }

        location / {
                root   /srv/http/postmarketos;
                autoindex on;
        }
}
```

SSL isn't really required for the mirror, and mine is available over http too, but I have it as an option since it's dead simple to set up and maintain.