oleksandr/homelab
1
0
Fork 0
Code Pull Requests Activity

feat(k8s/archmirror): add Arch Linux mirror stack

Browse Source
This commit is contained in:
Oleksandr Berezovskyi
2026-02-25 23:57:02 +02:00
parent a7773d5c05
commit b40b8a9ff9
11 changed files with 304 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
kubernetes/app/archmirror/configmap-nginx.yaml Normal file
View File

@@ -0,0 +1,38 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: archmirror-nginx-config
namespace: archmirror
data:
nginx.conf: |
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
gzip on;
server {
listen 80;
root /usr/share/nginx/html;
location /archlinux/ {
alias /usr/share/nginx/html/archlinux/;
autoindex on;
}
location = / {
return 301 /archlinux/;
}
location /health {
return 200 "OK\n";
add_header Content-Type text/plain;
}
}
}

42
kubernetes/app/archmirror/configmap-sync.yaml Normal file
View File

@@ -0,0 +1,42 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: archmirror-sync-script
namespace: archmirror
data:
sync.sh: |
#!/bin/sh
set -e
TARGET_DIR="/archlinux"
MAX_RETRIES=3
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >&2
}
if [ -z "$MIRROR_URL" ]; then
log "ERROR: MIRROR_URL not set"
exit 1
fi
mkdir -p "$TARGET_DIR"
for i in $(seq 1 $MAX_RETRIES); do
log "Sync attempt $i/$MAX_RETRIES from $MIRROR_URL"
if rsync --timeout=7200 \
-rlptH --safe-links --delete-delay --delay-updates \
-v --info=progress2 \
"$MIRROR_URL/" "$TARGET_DIR/"; then
log "Sync completed successfully"
exit 0
fi
if [ "$i" -lt "$MAX_RETRIES" ]; then
sleep $((i * 300))
fi
done
log "All sync attempts failed"
exit 1

54
kubernetes/app/archmirror/cronjob-sync.yaml Normal file
View File

@@ -0,0 +1,54 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: archmirror-sync
namespace: archmirror
labels:
app: archmirror-sync
spec:
schedule: "0 */6 * * *"
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 3
jobTemplate:
spec:
backoffLimit: 1
activeDeadlineSeconds: 14400
template:
metadata:
labels:
app: archmirror-sync
spec:
restartPolicy: OnFailure
containers:
- name: rsync
image: alpine:3.21
command:
- sh
- -c
- apk add --no-cache rsync && sh /scripts/sync.sh
env:
- name: MIRROR_URL
value: ${ARCHMIRROR_MIRROR_URL}
volumeMounts:
- name: data
mountPath: /archlinux
- name: sync-script
mountPath: /scripts
readOnly: true
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: "1"
memory: 512Mi
volumes:
- name: data
persistentVolumeClaim:
claimName: archmirror-data
- name: sync-script
configMap:
name: archmirror-sync-script
defaultMode: 0755

64
kubernetes/app/archmirror/deployment.yaml Normal file
View File

@@ -0,0 +1,64 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: archmirror
namespace: archmirror
labels:
app: archmirror
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: archmirror
template:
metadata:
labels:
app: archmirror
spec:
containers:
- name: nginx
image: nginx:1.27-alpine
ports:
- containerPort: 80
name: http
protocol: TCP
livenessProbe:
httpGet:
port: 80
path: /health
initialDelaySeconds: 5
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
port: 80
path: /health
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 500m
memory: 128Mi
volumeMounts:
- name: data
mountPath: /usr/share/nginx/html/archlinux
readOnly: true
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
volumes:
- name: data
persistentVolumeClaim:
claimName: archmirror-data
- name: nginx-config
configMap:
name: archmirror-nginx-config

20
kubernetes/app/archmirror/ingress.yaml Normal file
View File

@@ -0,0 +1,20 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: archmirror
namespace: archmirror
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: ${ARCHMIRROR_HOST}
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: archmirror
port:
number: 80

5
kubernetes/app/archmirror/namespace.yaml Normal file
View File

@@ -0,0 +1,5 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: archmirror

29
kubernetes/app/archmirror/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
# Default deny all ingress in the archmirror namespace
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-ingress
namespace: archmirror
spec:
podSelector: {}
policyTypes:
- Ingress
---
# Allow Traefik ingress controller to reach nginx
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-ingress-controller
namespace: archmirror
spec:
podSelector:
matchLabels:
app: archmirror
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: traefik

18
kubernetes/app/archmirror/pv.yaml Normal file
View File

@@ -0,0 +1,18 @@
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: archmirror-data-nfs
spec:
capacity:
storage: 200Gi
accessModes:
- ReadWriteMany
storageClassName: ""
persistentVolumeReclaimPolicy: Retain
mountOptions:
- hard
- nointr
nfs:
server: synology.storage.lviv
path: ${ARCHMIRROR_NFS_PATH}

14
kubernetes/app/archmirror/pvc.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: archmirror-data
namespace: archmirror
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
volumeName: archmirror-data-nfs
resources:
requests:
storage: 200Gi

14
kubernetes/app/archmirror/service.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
apiVersion: v1
kind: Service
metadata:
name: archmirror
namespace: archmirror
spec:
selector:
app: archmirror
ports:
- name: http
port: 80
targetPort: 80
protocol: TCP