configure arch mirror server

group_vars/VMServer

@@ -149,3 +149,56 @@ nginx_vhosts:
             }
         }
 
+    - listen: 80
+      server_name: "arch.{{domain.name}}"
+      filename: "archMirror.conf"
+      template: "{{ nginx_vhost_template }}"
+      root: "{{arch_mirror_location}}"
+      access_log: /var/log/nginx/archmirror.access.log
+      error_log: /var/log/nginx/archmirror.error.log
+      extra_parameters: |
+        autoindex   on;
+
+        # Requests for package db, signature files and files db should redirect upstream without caching
+        location ~ \.(db|sig|files)$ {
+            proxy_pass http://archMirrorUp$request_uri;
+        }
+
+        # Requests for actual packages should be served directly from cache if available.
+        #   If not available, retrieve and save the package from an upstream mirror.
+        location ~ \.tar\.(xz|zst)$ {
+            try_files $uri @pkg_mirror;
+        }
+
+        # Retrieve package from upstream mirrors and cache for future requests
+        location @pkg_mirror {
+            proxy_store    on;
+            proxy_redirect off;
+            proxy_store_access  user:rw group:rw all:r;
+            proxy_next_upstream error timeout http_404;
+            proxy_pass          http://archMirrorUp$request_uri;
+        }
+    - listen:  "127.0.0.1:7001"
+      server_name: "_"
+      filename: "archMirrorUpstream1.conf"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        location / {
+          proxy_pass       http://archlinux.de-labrusse.fr$request_uri;
+        }
+    - listen:  "127.0.0.1:7002"
+      server_name: "_"
+      filename: "archMirrorUpstream2.conf"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        location / {
+          proxy_pass       http://mirror.23media.com/archlinux$request_uri;
+        }
+    - listen:  "127.0.0.1:7003"
+      server_name: "_"
+      filename: "archMirrorUpstream3.conf"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        location / {
+          proxy_pass       http://mirror.archlinux.ikoula.com$request_uri;
+        }

group_vars/server/mount

@@ -68,6 +68,13 @@ systemd_mounts:
             - vers=3.0
             - dir_mode=0770
         automount: true
+    diskstation_archMirror:
+        share: diskstation.ducamps.win:/volume2/archMirror
+        mount: /mnt/diskstation/archMirror
+        type: nfs
+        options:
+            - " "
+        automount: true
 systemd_mounts_enabled:
     - diskstation_git
     - diskstation_music
@@ -78,7 +85,7 @@ systemd_mounts_enabled:
     - diskstation_media
     - diskstation_ebook
     - diskstation_nextcloud
-
+    - diskstation_archMirror
 
 credentials_files:
     1:

group_vars/server/server

@@ -77,4 +77,6 @@ chisel_server_port: 9090
 chisel_server_backend: https://www.{{domain.name}}
 chisel_server_auth:
       user: chisel
-      pass: "{{vault_chisel_server_pass}}"
+      pass: "{{vault_chisel_server_pass}}"
+
+arch_mirror_location: "/mnt/diskstation/archMirror"

group_vars/server/web

@@ -15,11 +15,17 @@ certbot_certs:
     - ww.{{domain.name}}
 
 nginx_server_tokens: "off"
+nginx_server_resolver: "192.168.1.40 192.168.1.10"
 nginx_realIP_Proxy: 192.168.1.40/24
 nginx_upstreams:
     - name: PHP-handler
       servers:
         - unix:/var/run/php-fpm/php-fpm.sock
+    - name: archMirrorUp
+      servers:
+        - localhost:7001
+        - localhost:7002
+        - localhost:7003 
 nginx_extra_http_options: |
   proxy_connect_timeout 600s;
   proxy_send_timeout 600s;
@@ -280,3 +286,56 @@ nginx_vhosts:
           add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
           proxy_pass http://localhost:9090;
         }
+    - listen: 80
+      server_name: "arch.{{domain.name}}"
+      filename: "archMirror.conf"
+      template: "{{ nginx_vhost_template }}"
+      root: "{{arch_mirror_location}}"
+      access_log: /var/log/nginx/archmirror.access.log
+      error_log: /var/log/nginx/archmirror.error.log
+      extra_parameters: |
+        autoindex   on;
+
+        # Requests for package db, signature files and files db should redirect upstream without caching
+        location ~ \.(db|sig|files)$ {
+            proxy_pass http://archMirrorUp$request_uri;
+        }
+
+        # Requests for actual packages should be served directly from cache if available.
+        #   If not available, retrieve and save the package from an upstream mirror.
+        location ~ \.tar\.(xz|zst)$ {
+            try_files $uri @pkg_mirror;
+        }
+
+        # Retrieve package from upstream mirrors and cache for future requests
+        location @pkg_mirror {
+            proxy_store    on;
+            proxy_redirect off;
+            proxy_store_access  user:rw group:rw all:r;
+            proxy_next_upstream error timeout http_404;
+            proxy_pass          http://archMirrorUp$request_uri;
+        }
+    - listen:  "127.0.0.1:7001"
+      server_name: "_"
+      filename: "archMirrorUpstream1.conf"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        location / {
+          proxy_pass       http://archlinux.mirrors.ovh.net/archlinux$request_uri;
+        }
+    - listen:  "127.0.0.1:7002"
+      server_name: "_"
+      filename: "archMirrorUpstream2.conf"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        location / {
+          proxy_pass       http://archlinux.cu.be$request_uri;
+        }
+    - listen:  "127.0.0.1:7003"
+      server_name: "_"
+      filename: "archMirrorUpstream3.conf"
+      template: "{{ nginx_vhost_template }}"
+      extra_parameters: |
+        location / {
+          proxy_pass       http://mirror.neostrada.nl/archlinux$request_uri;
+        }

server.yml

@@ -30,3 +30,12 @@
   - chainetv
   - user_config
 
+  tasks:
+  - name: create paccache job for arch mirror
+    cron:
+      job: "find {{arch_mirror_location}} -type d -exec paccache -v -r -k 2 -c {} \\;"
+      user: "root"
+      name: "paccache job" 
+      hour: "4" 
+      state: present 
+    become: true