Setting up a mirror for postmarketOS pmaports on Arch Linux
Running a mirror for postmarketOS is fairly simple, and it allows you to alleviate some pressure from the main pmaports mirror if you're installing from pmaports often... Not to mention you'll almost certainly experience a rapid speed-up in downloading from it (compared to the official mirror) if your mirror is local/close.
I set up my mirror on Arch Linux, so the info below is specific to systemd. However it could easily be adapted to crontab or something similar.
The actual synchronization is handled by a systemd timer that fires every hour, and runs a systemd service.
The timer:
[Unit]
Description=Hourly sync with the postmarketOS binary repo
[Timer]
OnCalendar=hourly
Persistent=true
Unit=pmos_mirror_sync.service
[Install]
WantedBy=timers.target
And the service::
[Unit]
Description=Sync with the main postmarketOS binary repo
[Service]
Type=oneshot
ExecStart=/usr/bin/rsync -rh --progress --delete rsync://mirror.postmarketos.org/postmarketos/ /srv/http/postmarketos/
[Unit]
Description=Hourly sync with the postmarketOS binary repo
Pay special attention to the destination for rsync, in this case it's /srv/http/postmarketos
, you may want to have it elsewhere.
Enable the timer:
$ sudo systemctl enable postmarketos-mirror.timer
You can trigger the service manually:
$ sudo systemctl start postmarketos-mirror.service
I run this mirror behind nginx, here's the server fragment I use to set that up (adjust server_name
and the ssl_certificate
/ssl_certificate_key
accordingly):
server {
server_name postmarketos.craftyguy.net;
listen 80;
listen 443 ssl http2;
ssl_certificate /etc/ssl/ansible/postmarketos.craftyguy.net.pem;
ssl_certificate_key /etc/ssl/ansible/postmarketos.craftyguy.net.key;
## Check if this certificate is really served for this server_name
# http://serverfault.com/questions/578648/properly-setting-up-a-default-nginx-server-for-https
if ($host != $server_name) {
return 444;
}
location / {
root /srv/http/postmarketos;
autoindex on;
}
}
SSL isn't really required for the mirror, and mine is available over http too, but I have it as an option since it's dead simple to set up and maintain.