Follow

is anyone here using pacserve or paclan? we have bunch of arch machines and the idea of serving the pacman cache to each other sounds lucrative since our internal network is around 10x faster than our downlink in best case

I tried pacserve with disappointing results (it isn't well documented, and the log messages were useless), now using paclan that kinda works, but suboptimal (it waits a long time when a package can't be served from the cache before downloading from official repos); docs are 0️⃣

Elen looked at its source and it is so bad she said she'd rather reimplement than fix it :D

Show thread

This is the first time I did anything with Squid and it went rather painless! Our http caching proxy works well with pacman :)

Show thread

The only thing that bothers me is that pacman.conf has no proxy configuration options, so I had to use a wrapper around pacman/yay

function yay() {
shift
export http_proxy="proxy.server:3128"
/usr/bin/yay $@
export http_proxy=""
}

Show thread

next step is to add some kind of location detection so it doesn't use the proxy if I'm not at home

I was thinking of serving a static text file on a local IP with the content "home" and if that 404s out, then I'm not at home

Show thread
@uint8_t pacserve worked for me 3 years ago, thats my only experience :P

@steph mine can't bind when tries to open the socket despite nothing is running on that port?!

@uint8_t DNS? I've got my home DNS server set up to serve *.local.lubar.me differently than the real DNS says to

@ben yep, I'm doing that trick already; outside DNS resolves to a public IP which is routed through wireguard, local DNS resolves to a LAN ip (:

@uint8_t my approach would've been to get the mac address of the gateway or of the wifi ap currently connected to.

@uint8_t arping maybe? i still need to find a solution for that too

@uint8_t TLS fingerprint has the nice property of being unspoofable

@uint8_t @ln Isn‘t that what .pac files were made for?
Proxy settings should be interface dependent anyway.

Combine router MAC with IP range used to determine network “location”. Let‘s you distinguish between VLANs as well which would likely have the same router MAC.

@MacLemon @uint8_t found out how to do it without arping and sudo \o/

ip neigh | grep '192.168.0.1 ' | cut -f5 -d' '

@MacLemon isn't pac a windows thing? I never saw that being used outside of windows proxy settings at big $corporation

@uint8_t It‘s supported by many browsers at least. IIRC it was originally introduced by Microsoft but for pretty much that purpose.

@uint8_t echo (iw dev wlp2s0 link | head -n1 | cut -f3 -d' ')

@uint8_t
You could ping ff02::2%<interface> and look at the link-local address of your gateway (which includes the MAC-Address)

@uint8_t
Just saying, there is an other aproach to get a gateway's MAC without any knowledge of the Network.

@nvi ping: ff02::2%: Name or service not known :(

UPC/Telekom does not give us IPv6, only legacy IP

@uint8_t
You need to put the interface-name behind the %. E.g. ff02::2%eth0

Your devices should have IPv6 link-local addresses regardless of your uplink.

@uint8_t ping -w 1 -c 1 could probably do it if you use a weird enough local IP :P

@steph yeah, no. that would work well enough that I'll forget about it completely until it will cause some major headache one day

@uint8_t pacserve itself always worked for me, fairly out of the boxily, but lately avahi stopped being able to see hosts on the ethernet side of the network from the wifi side, which ruins more than just pacserve for me and i'm not sure how to debug :/

@dx @uint8_t many routers are default misconfigured to not pass multicast traffic between WiFi and Ethernet segments

This breaks mDNS

@dx @uint8_t the reason for this is that WiFi is really bad at multicast

@erincandescent @uint8_t found the issue, and it was mostly that i was wrong about what the problem was.

- one host was invisible because it wasn't announcing any services.
- another host had the windows firewall on
- another host had the same hostname as the windows one and got a "-2" suffix

@dx I have a pet Squid now and it happily caches pacman's http requests 🦑

@uint8_t (assuming you can tank the storage overhead on every machine and don’t clear the cache unconditionally)

@pandentia ultimately a bittorrent like on-demand synchronization thing would be amazing, and that might be easiest to built with syncthing

@pandentia that's something to consider, but I wonder how would I purge old versions then, and prevent syncthing from re-populating that

also this would increase the disk space usage on hosts with fewer installed packages

@uint8_t Why not use a plain old HTTP caching proxy for this?

@aza_leah @uint8_t yeah, if there's server machines available this is the best bet

or just plain running a private mirror

@steph @uint8_t Yeah, I run a mirror at university (which is pointless these days as I'm not there :p)

Sign in to participate in the conversation
chaos.social

chaos.social – a Fediverse instance for & by the Chaos community