I'm running a simple home mirror, but I managed to get into a situation where I have to use a bunch of custom excludes. I think we should be able to offer what people want nowadays.\
To my knowledge, hotstuff and other pre-configured rsync modules are no longer maintained and advised not to use. This leads people to maintain their own exclusion list for the rsync.
So I'm trying to improve my current experience at home and reduce the effort for others.
Project Description
I'd like to offer people with limited storage a super-easy way how to deploy a home mirror.
Ideally, Leap Micro + preconfigured combustion script. Boot and pull a pre-configured mirror container via cockpit (unless done in the combustion script) (160GB hotstuff, 320GB, etc ...). Done in like 5-8 minutes and already serving.
That's the easier part^
The more tricky part will be that nobody really touched are pre-configured rsync modules hotstuff etc for quite some time.
So refreshment of our pre-configured hotstuff, exposing it on github.com/openSUSEm, updating docs, and advertising is the next goal. Also, make a pre-recorded demo similar to the one I've done for Micro.
Trigger Ish recently configured a mirror for the Mauritius region and he struggled with quota issues. That only confirmed that I'm not alone who sees the issue. I shared with him my exclusion list and crontab line and he was happy. I think we can do a better job and nobody should be using these exclusion lists that require maintenance.
Goal for this Hackweek
Avoid using exclude list while being on a budget. Offer up-to-date pre-configured options. Offer simple solutions via containers for (not-only) people with rasp pi or similar home NAS.
- rsync modules for mirrors with quota up2date in git (currently located on pontifex)
- auto-deployment of mirror config to pontifex? (bonus, otherwise manual pull via request to admin@opensuse.org)
- Set of container images (per offered rsync module)
- Update docs (see resources) and publish a demo
Resources
https://en.opensuse.org/openSUSE:Mirror_howto
https://www.youtube.com/watch?v=ft8UVx9elKc
Looking for hackers with the skills:
hotstuff mirror opensuse rsync leapmicro containers raspberrypi
This project is part of:
Hack Week 21 Hack Week 23
Activity
Comments
-
over 3 years ago by lrupp | Reply
Really love to see this happening! Just one note: if possible, please provide an RPM package that can easily be installed and updated on the download mirror (pontifex). Single scripts, deployed at some time on a machine and not maintained any longer are a way we really should avoid. I had/have this experience especially with pontifex too often in the past....
-
-
over 3 years ago by pjessen | Reply
I can't remember when, but I hardwired the hotstuff modules, after I realised no one had the insight to fix the knapsack stuff. I try to maintain the other rsync modules, but I don't spend much time on it. Wrt this project, I say go for it, as long as it doesn't mean any extra ongoing maintenance.
-
-
over 3 years ago by lkocman | Reply
Initial drop of the current configuration (previously was under svn) https://github.com/openSUSE/opensuse-hotstuff (openSUSE Heroes can commit)
Very simple rpm utilizing obs_scm and explicit listing of individual files https://build.opensuse.org/request/show/975806 If infra team accepts this I'd like to start deploying via update from the infra repo.
Next step is refresh of the files :-)
-
-
over 3 years ago by simotek | Reply
The cache @firstyear wrote (https://github.com/Firstyear/opensuse-proxy-cache) might be more useful for alot of people rather then syncing as a fully populated mirror it fetches packages etc on demand the first time they are requested and caches them for future use. A number of people in Australia are already using it with decent success, I have it running in a container on one of my machines and the rest point to that as there main repo. It means you don't have to download the whole mirror just the stuff you actually use.
-
over 3 years ago by avicenzi | Reply
Hi, just fix hotstuff modules, other problems are solved in https://github.com/opensuse-brasil/mirror-images (I think).
I still need to clean up and upload my swarm/compose files and create some k8s files.
I've been running my mirror for probably over a year now on containers, no issues, it works really well.
My mirror current runs on this repo https://github.com/alexandrevicenzi/opensuse-mirror-docker/, it has some flaws.
I would really love if modules just included versions for example:
- Leap 15.4 oss/non-oss and updates
- TW oss/non-oss and updates
In my mirror I have current (15.4), current -1 (15.3) and TW, no ports, no debugs, no sources. Just Leap 15.4 with updates uses about 75 GB, that's really good even if you want to host at home. If you add 15.3, and TW that goes up to 700 GB, and if you add debug, source, ports, that goes over 2 TB. Would be nice if it was easier to filter architectures, I have zero interest in hosting IBM/PPC packages, that's often mainframe, and most people would not use openSUSE TW in a mainframe.
I don't really like the idea that I need to update my include/exclude file every new release, if we can avoid that with hotstuff, that is better. It's easier to maintain modules on our side, than expect many to update their configs every new release.
-
over 3 years ago by avicenzi | Reply
I just had an idea, maybe a silly one, but what if we had a service where the user chooses what he wants to mirror, and they get a custom url that is plain text, and with this url, they can just wget before they run rsync in cron to get their desired include/exclude list.
I would like sometime like that, and to be honest, not that difficult to be achieved. I would be willing, or I may implement that myself, just for fun.
-
-
about 2 years ago by lkocman | Reply
Oky I've spent some extra time on this yesterday. So I'm making it part of this year's hackweek again :-)
Refreshed https://build.opensuse.org/package/show/home:lkocman:Images/opensuse-mirror I plan to rework it to use exclusively exclude lists and offer user a decent choice.
next task would be to have a convenient hack with openSUSE-repos to use my local mirror on my local network only. I was thinking of repo priority and passing url to service fiel as a zypper variable.
Similar Projects
Create openSUSE images for Arm and RISC-V boards by avicenzi
Project Description
Create openSUSE images (or test generic EFI images) for Arm and RISC-V boards that are not yet supported.
Goal for Hackweek
Create bootable images of Tumbleweed for SBCs that currently have no images available or are untested.
Consider generic EFI images where possible, as some boards can hold a bootloader.
Document in the openSUSE Wiki how to flash and use the image for a given board.
Hack Week 25
Hack Week 24
Hack Week 23
Hack Week 22
Hack Week 21
Resources
Help Create A Chat Control Resistant Turnkey Chatmail/Deltachat Relay Stack - Rootless Podman Compose, OpenSUSE BCI, Hardened, & SELinux by 3nd5h1771fy
Description
The Mission: Decentralized & Sovereign Messaging
FYI: If you have never heard of "Chatmail", you can visit their site here, but simply put it can be thought of as the underlying protocol/platform decentralized messengers like DeltaChat use for their communications. Do not confuse it with the honeypot looking non-opensource paid for prodect with better seo that directs you to chatmailsecure(dot)com
In an era of increasing centralized surveillance by unaccountable bad actors (aka BigTech), "Chat Control," and the erosion of digital privacy, the need for sovereign communication infrastructure is critical. Chatmail is a pioneering initiative that bridges the gap between classic email and modern instant messaging, offering metadata-minimized, end-to-end encrypted (E2EE) communication that is interoperable and open.
However, unless you are a seasoned sysadmin, the current recommended deployment method of a Chatmail relay is rigid, fragile, difficult to properly secure, and effectively takes over the entire host the "relay" is deployed on.
Why This Matters
A simple, host agnostic, reproducible deployment lowers the entry cost for anyone wanting to run a privacy‑preserving, decentralized messaging relay. In an era of perpetually resurrected chat‑control legislation threats, EU digital‑sovereignty drives, and many dangers of using big‑tech messaging platforms (Apple iMessage, WhatsApp, FB Messenger, Instagram, SMS, Google Messages, etc...) for any type of communication, providing an easy‑to‑use alternative empowers:
- Censorship resistance - No single entity controls the relay; operators can spin up new nodes quickly.
- Surveillance mitigation - End‑to‑end OpenPGP encryption ensures relay operators never see plaintext.
- Digital sovereignty - Communities can host their own infrastructure under local jurisdiction, aligning with national data‑policy goals.
By turning the Chatmail relay into a plug‑and‑play container stack, we enable broader adoption, foster a resilient messaging fabric, and give developers, activists, and hobbyists a concrete tool to defend privacy online.
Goals
As I indicated earlier, this project aims to drastically simplify the deployment of Chatmail relay. By converting this architecture into a portable, containerized stack using Podman and OpenSUSE base container images, we can allow anyone to deploy their own censorship-resistant, privacy-preserving communications node in minutes.
Our goal for Hack Week: package every component into containers built on openSUSE/MicroOS base images, initially orchestrated with a single container-compose.yml (podman-compose compatible). The stack will:
- Run on any host that supports Podman (including optimizations and enhancements for SELinux‑enabled systems).
- Allow network decoupling by refactoring configurations to move from file-system constrained Unix sockets to internal TCP networking, allowing containers achieve stricter isolation.
- Utilize Enhanced Security with SELinux by using purpose built utilities such as udica we can quickly generate custom SELinux policies for the container stack, ensuring strict confinement superior to standard/typical Docker deployments.
- Allow the use of bind or remote mounted volumes for shared data (
/var/vmail, DKIM keys, TLS certs, etc.). - Replace the local DNS server requirement with a remote DNS‑provider API for DKIM/TXT record publishing.
By delivering a turnkey, host agnostic, reproducible deployment, we lower the barrier for individuals and small communities to launch their own chatmail relays, fostering a decentralized, censorship‑resistant messaging ecosystem that can serve DeltaChat users and/or future services adopting this protocol
Resources
- The links included above
- https://chatmail.at/doc/relay/
- https://delta.chat/en/help
- Project repo -> https://codeberg.org/EndShittification/containerized-chatmail-relay
Rewrite Distrobox in go (POC) by fabriziosestito
Description
Rewriting Distrobox in Go.
Main benefits:
- Easier to maintain and to test
- Adapter pattern for different container backends (LXC, systemd-nspawn, etc.)
Goals
- Build a minimal starting point with core commands
- Keep the CLI interface compatible: existing users shouldn't notice any difference
- Use a clean Go architecture with adapters for different container backends
- Keep dependencies minimal and binary size small
- Benchmark against the original shell script
Resources
- Upstream project: https://github.com/89luca89/distrobox/
- Distrobox site: https://distrobox.it/
- ArchWiki: https://wiki.archlinux.org/title/Distrobox
Technical talks at universities by agamez
Description
This project aims to empower the next generation of tech professionals by offering hands-on workshops on containerization and Kubernetes, with a strong focus on open-source technologies. By providing practical experience with these cutting-edge tools and fostering a deep understanding of open-source principles, we aim to bridge the gap between academia and industry.
For now, the scope is limited to Spanish universities, since we already have the contacts and have started some conversations.
Goals
- Technical Skill Development: equip students with the fundamental knowledge and skills to build, deploy, and manage containerized applications using open-source tools like Kubernetes.
- Open-Source Mindset: foster a passion for open-source software, encouraging students to contribute to open-source projects and collaborate with the global developer community.
- Career Readiness: prepare students for industry-relevant roles by exposing them to real-world use cases, best practices, and open-source in companies.
Resources
- Instructors: experienced open-source professionals with deep knowledge of containerization and Kubernetes.
- SUSE Expertise: leverage SUSE's expertise in open-source technologies to provide insights into industry trends and best practices.
Build a Single Camera 3D Scanner (Photogrammetry). by lparkin
Description
I want to see how fast I can develop a single-camera (pi camera module v3) rig with a stepper motor controlling a turntable that rotates the model being scanned. The trick here is not to be super fancy with 100's of sensors and data inputs, quite the opposite. I want to see how accurate I can scan objects into 3D-printable models using only a camera and as many fixed and known parameters as possible.
Speed to be augmented with agentic AI coding companion. As it stands, I have a 3D printer, pretty much all the electronics I need.
Goals
- Design and print working/workable camera rig
- Design and print working/workable turntable (considering printing my own cylinder-style bearings as well)
- Assemble rig components into MVP assembly
- Develop application that can hook into existing tools, or leverage a library like openCV, to process 2D images into a 3D model.
- Iterate until models are good enough to 3D print.
Resources
- https://www.instructables.com/3D-scanning-Photogrammetry-with-a-rotating-platfor/
- https://www.instructables.com/3d-Scan-Anything-Using-Just-a-Camera/
- https://www.instructables.com/Build-a-DIY-Desktop-3d-Scanner-With-Infinite-Resol/
- https://www.instructables.com/3D-Laser-Scanning-DIY/