summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2018-07-05 14:44:30 +0200
committerGravatar Christian Hesse <mail@eworm.de>2018-07-05 14:44:30 +0200
commiteeb439db30c82c429a7a02bb0287713556ef7785 (patch)
tree1fa776df51ae5b41f2dcd65472458fa806f4d12e
parentad79ff8b22318c22eb25a157d5e2a210afa77de6 (diff)
parentb8aeafb0377321d8443fc36a7a1ae660f407cfd2 (diff)
downloadpacredir-eeb439db30c82c429a7a02bb0287713556ef7785.tar.gz
pacredir-eeb439db30c82c429a7a02bb0287713556ef7785.tar.zst
Merge branch 'bind-mount'
-rw-r--r--.gitignore1
-rw-r--r--Makefile17
-rw-r--r--README.md4
-rw-r--r--avahi/pacdbserve.service.in15
-rw-r--r--avahi/pacserve.service.in2
-rw-r--r--config.def.h6
-rw-r--r--initcpio/hooks/pacredir19
-rw-r--r--pacredir.c124
-rw-r--r--pacredir.conf3
-rw-r--r--pacredir.h31
-rw-r--r--systemd/pacdbserve.service14
-rw-r--r--systemd/pacredir.service1
-rw-r--r--systemd/pacserve.service7
-rw-r--r--systemd/tmpfiles.conf2
14 files changed, 72 insertions, 174 deletions
diff --git a/.gitignore b/.gitignore
index 5e671cb..cf170d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@
arch
pacredir
config.h
-avahi/pacdbserve.service
avahi/pacserve.service
README.html
version.h
diff --git a/Makefile b/Makefile
index fd13a48..776f715 100644
--- a/Makefile
+++ b/Makefile
@@ -30,7 +30,7 @@ ID := $(shell grep 'ID=' < /etc/os-release | cut -d= -f2)
# a release tarball...
VERSION := 0.3.3
-all: pacredir avahi/pacdbserve.service avahi/pacserve.service README.html
+all: pacredir avahi/pacserve.service README.html
pacredir: pacredir.c pacredir.h config.h version.h
$(CC) $(CFLAGS) $(CFLAGS_EXTRA) $(LDFLAGS) -DREPRODUCIBLE=$(REPRODUCIBLE) -DARCH=\"$(ARCH)\" -DID=\"$(ID)\" -o pacredir pacredir.c
@@ -41,28 +41,23 @@ config.h:
version.h: $(wildcard .git/HEAD .git/index .git/refs/tags/*) Makefile
printf "#ifndef VERSION\n#define VERSION \"%s\"\n#endif\n" $(shell git describe --long 2>/dev/null || echo ${VERSION}) > $@
-avahi/pacdbserve.service: avahi/pacdbserve.service.in
- $(SED) 's/%ARCH%/$(ARCH)/;s/%ID%/$(ID)/' avahi/pacdbserve.service.in > avahi/pacdbserve.service
-
avahi/pacserve.service: avahi/pacserve.service.in
- $(SED) 's/%ID%/$(ID)/' avahi/pacserve.service.in > avahi/pacserve.service
+ $(SED) 's/%ARCH%/$(ARCH)/;s/%ID%/$(ID)/' avahi/pacserve.service.in > avahi/pacserve.service
README.html: README.md
$(MD) README.md > README.html
install: install-bin install-doc
-install-bin: pacredir avahi/pacdbserve.service avahi/pacserve.service
+install-bin: pacredir avahi/pacserve.service
$(INSTALL) -D -m0755 pacredir $(DESTDIR)$(PREFIX)/bin/pacredir
$(LN) -s darkhttpd $(DESTDIR)$(PREFIX)/bin/pacserve
- $(LN) -s darkhttpd $(DESTDIR)$(PREFIX)/bin/pacdbserve
$(INSTALL) -D -m0644 pacredir.conf $(DESTDIR)/etc/pacredir.conf
$(INSTALL) -D -m0644 pacman/pacredir $(DESTDIR)/etc/pacman.d/pacredir
$(INSTALL) -D -m0644 avahi/pacserve.service $(DESTDIR)/etc/avahi/services/pacserve.service
- $(INSTALL) -D -m0644 avahi/pacdbserve.service $(DESTDIR)/etc/avahi/services/pacdbserve.service
- $(INSTALL) -D -m0644 systemd/pacdbserve.service $(DESTDIR)$(PREFIX)/lib/systemd/system/pacdbserve.service
$(INSTALL) -D -m0644 systemd/pacredir.service $(DESTDIR)$(PREFIX)/lib/systemd/system/pacredir.service
$(INSTALL) -D -m0644 systemd/pacserve.service $(DESTDIR)$(PREFIX)/lib/systemd/system/pacserve.service
+ $(INSTALL) -D -m0644 systemd/tmpfiles.conf $(DESTDIR)$(PREFIX)/lib/tmpfiles.d/pacserve.conf
$(INSTALL) -D -m0644 initcpio/hooks/pacredir $(DESTDIR)$(PREFIX)/lib/initcpio/hooks/pacredir
$(INSTALL) -D -m0644 initcpio/install/pacredir $(DESTDIR)$(PREFIX)/lib/initcpio/install/pacredir
$(INSTALL) -D -m0644 dhcpcd/80-pacredir $(DESTDIR)$(PREFIX)/lib/dhcpcd/dhcpcd-hooks/80-pacredir
@@ -73,10 +68,10 @@ install-doc: README.html
$(INSTALL) -D -m0644 README.html $(DESTDIR)$(PREFIX)/share/doc/pacredir/README.html
clean:
- $(RM) -f *.o *~ pacredir avahi/pacdbserve.service avahi/pacserve.service README.html version.h
+ $(RM) -f *.o *~ pacredir avahi/pacserve.service README.html version.h
distclean:
- $(RM) -f *.o *~ pacredir avahi/pacdbserve.service avahi/pacserve.service README.html version.h config.h
+ $(RM) -f *.o *~ pacredir avahi/pacserve.service README.html version.h config.h
release:
git archive --format=tar.xz --prefix=pacredir-$(VERSION)/ $(VERSION) > pacredir-$(VERSION).tar.xz
diff --git a/README.md b/README.md
index be44d41..2b44c7b 100644
--- a/README.md
+++ b/README.md
@@ -48,8 +48,8 @@ Additionally systemd service files are installed to
Usage
-----
-Enable systemd services `pacserve`, `pacdbserve` and `pacredir`, open TCP
-ports `7078` and `7079` and add the following line to your repository
+Enable systemd services `pacserve` and `pacredir`, open TCP
+port `7078` and add the following line to your repository
definitions in `pacman.conf`:
> Include = /etc/pacman.d/pacredir
diff --git a/avahi/pacdbserve.service.in b/avahi/pacdbserve.service.in
deleted file mode 100644
index 106bc28..0000000
--- a/avahi/pacdbserve.service.in
+++ /dev/null
@@ -1,15 +0,0 @@
-<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
-<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-
-<!-- See avahi.service(5) for more information about this configuration file -->
-
-<service-group>
-
- <name replace-wildcards="yes">%h</name>
-
- <service>
- <type>_pacdbserve_%ID%_%ARCH%._tcp</type>
- <port>7079</port>
- </service>
-
-</service-group>
diff --git a/avahi/pacserve.service.in b/avahi/pacserve.service.in
index 2da20f7..4a39e6d 100644
--- a/avahi/pacserve.service.in
+++ b/avahi/pacserve.service.in
@@ -8,7 +8,7 @@
<name replace-wildcards="yes">%h</name>
<service>
- <type>_pacserve_%ID%._tcp</type>
+ <type>_pacserve_%ID%_%ARCH%._tcp</type>
<port>7078</port>
</service>
diff --git a/config.def.h b/config.def.h
index 00a4955..a11028b 100644
--- a/config.def.h
+++ b/config.def.h
@@ -22,14 +22,12 @@
#define PAGE404 "<html><head><title>404 Not Found</title>" \
"</head><body>404 Not Found: %s</body></html>"
-/* the ports pacredir, pacserve and pacdbserve listen to */
+/* the ports pacredir and pacserve listen to */
#define PORT_PACREDIR 7077
#define PORT_PACSERVE 7078
-#define PORT_PACDBSERVE 7079
/* avahi service names */
-#define PACSERVE "_pacserve_" ID "._tcp"
-#define PACDBSERVE "_pacdbserve_" ID "_" ARCH "._tcp"
+#define PACSERVE "_pacserve_" ID "_" ARCH "._tcp"
/* path to the config file */
#define CONFIGFILE "/etc/pacredir.conf"
diff --git a/initcpio/hooks/pacredir b/initcpio/hooks/pacredir
index 5f8d560..c73bb8e 100644
--- a/initcpio/hooks/pacredir
+++ b/initcpio/hooks/pacredir
@@ -4,24 +4,17 @@ run_latehook() {
local newroot="/new_root/"
if ! grep -q '^pacserve hosts' ${newroot}/etc/pacredir.conf; then
- if [[ -n "${pacserve}" ]]; then
- msg ":: Adding pacserve host '${pacserve}' to pacredir.conf..."
- echo "pacserve hosts = ${pacserve}" >> ${newroot}/etc/pacredir.conf
- fi
- fi
-
- if ! grep -q '^pacdbserve hosts' ${newroot}/etc/pacredir.conf; then
case $(uname -m) in
x86_64)
- if [[ -n "${pacdbserve_x86_64}" ]]; then
- msg ":: Adding pacdbserve host '${pacdbserve_x86_64}' to pacredir.conf..."
- echo "pacdbserve hosts = ${pacdbserve_x86_64}" >> ${newroot}/etc/pacredir.conf
+ if [[ -n "${pacserve_x86_64}" ]]; then
+ msg ":: Adding pacserve host '${pacserve_x86_64}' to pacredir.conf..."
+ echo "pacserve hosts = ${pacserve_x86_64}" >> ${newroot}/etc/pacredir.conf
fi
;;
i686)
- if [[ -n "${pacdbserve_i686}" ]]; then
- msg ":: Adding pacdbserve host '${pacdbserve_i686}' to pacredir.conf..."
- echo "pacdbserve hosts = ${pacdbserve_i686}" >> ${newroot}/etc/pacredir.conf
+ if [[ -n "${pacserve_i686}" ]]; then
+ msg ":: Adding pacserve host '${pacserve_i686}' to pacredir.conf..."
+ echo "pacserve hosts = ${pacserve_i686}" >> ${newroot}/etc/pacredir.conf
fi
;;
esac
diff --git a/pacredir.c b/pacredir.c
index 4660c8f..05caf1d 100644
--- a/pacredir.c
+++ b/pacredir.c
@@ -47,22 +47,25 @@ char * get_fqdn(const char * hostname, const char * domainname) {
}
/*** get_url ***/
-char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const char * uri) {
- const char * host;
+char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const uint8_t dbfile, const char * uri) {
+ const char * host, * dir;
char * url;
- host = (*address ? address : hostname);
+ host = *address ? address : hostname;
+
+ dir = dbfile ? "db" : "pkg";
url = malloc(10 /* static chars of an url & null char */
+ strlen(host)
+ 5 /* max strlen of decimal 16bit value */
+ 2 /* square brackets for IPv6 address */
+ + 4 /* extra dir */
+ strlen(uri));
if (*address != 0 && proto == AVAHI_PROTO_INET6)
- sprintf(url, "http://[%s]:%d/%s", address, port, uri);
+ sprintf(url, "http://[%s]:%d/%s/%s", address, port, dir, uri);
else
- sprintf(url, "http://%s:%d/%s", host, port, uri);
+ sprintf(url, "http://%s:%d/%s/%s", host, port, dir, uri);
return url;
}
@@ -92,15 +95,10 @@ int add_host(const char * host, AvahiProtocol proto, const char * address, const
tmphosts->proto = AVAHI_PROTO_UNSPEC;
*tmphosts->address = 0;
- tmphosts->pacserve.port = 0;
- tmphosts->pacserve.online = 0;
- tmphosts->pacserve.badtime = 0;
- tmphosts->pacserve.badcount = 0;
-
- tmphosts->pacdbserve.port = 0;
- tmphosts->pacdbserve.online = 0;
- tmphosts->pacdbserve.badtime = 0;
- tmphosts->pacdbserve.badcount = 0;
+ tmphosts->port = 0;
+ tmphosts->online = 0;
+ tmphosts->badtime = 0;
+ tmphosts->badcount = 0;
tmphosts->next = malloc(sizeof(struct hosts));
tmphosts->next->host = NULL;
@@ -111,19 +109,12 @@ update:
if (address != NULL)
memcpy(tmphosts->address, address, AVAHI_ADDRESS_STR_MAX);
- if (strcmp(type, PACSERVE) == 0) {
- tmphosts->pacserve.online = 1;
- tmphosts->pacserve.port = port;
- request.service = &tmphosts->pacserve;
- } else if (strcmp(type, PACDBSERVE) == 0) {
- tmphosts->pacdbserve.online = 1;
- tmphosts->pacdbserve.port = port;
- request.service = &tmphosts->pacdbserve;
- }
+ tmphosts->online = 1;
+ tmphosts->port = port;
/* do a first request and let get_http_code() set the bad status */
- request.host = tmphosts->host;
- request.url = get_url(request.host, tmphosts->proto, tmphosts->address, request.service->port, "");
+ request.host = tmphosts;
+ request.url = get_url(request.host->host, request.host->proto, request.host->address, request.host->port, 0, "");
request.http_code = 0;
request.last_modified = 0;
get_http_code(&request);
@@ -141,11 +132,7 @@ int remove_host(const char * host, AvahiProtocol proto, const char * type) {
if (verbose > 0)
write_log(stdout, "Marking service %s on host %s (%s) offline\n",
type, host, avahi_proto_to_string(proto));
- if (strcmp(type, PACSERVE) == 0) {
- tmphosts->pacserve.online = 0;
- } else if (strcmp(type, PACDBSERVE) == 0) {
- tmphosts->pacdbserve.online = 0;
- }
+ tmphosts->online = 0;
break;
}
tmphosts = tmphosts->next;
@@ -189,7 +176,7 @@ static void resolve_callback(AvahiServiceResolver *r,
write_log(stdout, "Found service %s on host %s (%s) on interface %s\n",
type, host, ipaddress, intname);
- add_host(host, protocol, ipaddress, strcmp(type, PACSERVE) == 0 ? PORT_PACSERVE : PORT_PACDBSERVE, type);
+ add_host(host, protocol, ipaddress, PORT_PACSERVE, type);
break;
}
@@ -315,16 +302,16 @@ static void * get_http_code(void * data) {
/* perform the request */
if ((res = curl_easy_perform(curl)) != CURLE_OK) {
write_log(stderr, "Could not connect to server %s on port %d: %s\n",
- request->host, request->service->port,
+ request->host->host, request->host->port,
*errbuf != 0 ? errbuf : curl_easy_strerror(res));
request->http_code = 0;
request->last_modified = 0;
- request->service->badtime = tv.tv_sec;
- request->service->badcount++;
+ request->host->badtime = tv.tv_sec;
+ request->host->badcount++;
return NULL;
} else {
- request->service->badtime = 0;
- request->service->badcount = 0;
+ request->host->badtime = 0;
+ request->host->badcount = 0;
}
/* get http status code */
@@ -438,14 +425,14 @@ static int ahc_echo(void * cls,
/* try to find a server with most recent file */
while (tmphosts->host != NULL) {
- struct services *service = (dbfile ? &tmphosts->pacdbserve : &tmphosts->pacserve);
- time_t badtime = service->badtime + service->badcount * BADTIME;
+ struct hosts * host = tmphosts;
+ time_t badtime = host->badtime + host->badcount * BADTIME;
/* skip host if offline or had a bad request within last BADTIME seconds */
- if (service->online == 0) {
+ if (host->online == 0) {
if (verbose > 0)
write_log(stdout, "Service %s on host %s is offline, skipping\n",
- dbfile ? PACDBSERVE : PACSERVE, tmphosts->host);
+ PACSERVE, tmphosts->host);
tmphosts = tmphosts->next;
continue;
} else if (badtime > tv.tv_sec) {
@@ -455,7 +442,7 @@ static int ahc_echo(void * cls,
ctime[strlen(ctime) - 1] = '\0';
write_log(stdout, "Service %s on host %s is marked bad until %s, skipping\n",
- dbfile ? PACDBSERVE : PACSERVE, tmphosts->host, ctime);
+ PACSERVE, tmphosts->host, ctime);
}
tmphosts = tmphosts->next;
continue;
@@ -484,12 +471,8 @@ static int ahc_echo(void * cls,
request = requests[req_count];
/* prepare request struct */
- request->host = tmphosts->host;
- if (dbfile == 1)
- request->service = &(tmphosts->pacdbserve);
- else
- request->service = &(tmphosts->pacserve);
- request->url = get_url(tmphosts->host, tmphosts->proto, tmphosts->address, request->service->port, basename);
+ request->host = tmphosts;
+ request->url = get_url(request->host->host, request->host->proto, request->host->address, request->host->port, dbfile, basename);
request->http_code = 0;
request->last_modified = 0;
@@ -536,7 +519,7 @@ static int ahc_echo(void * cls,
if (url != NULL)
free(url);
url = request->url;
- host = request->host;
+ host = request->host->host;
http_code = MHD_HTTP_OK;
last_modified = request->last_modified;
time_total = request->time_total;
@@ -607,10 +590,8 @@ void sighup_callback(int signal) {
write_log(stdout, "Received SIGHUP, resetting bad status for hosts.\n");
while (tmphosts->host != NULL) {
- tmphosts->pacserve.badtime = 0;
- tmphosts->pacserve.badcount = 0;
- tmphosts->pacdbserve.badtime = 0;
- tmphosts->pacdbserve.badcount = 0;
+ tmphosts->badtime = 0;
+ tmphosts->badcount = 0;
tmphosts = tmphosts->next;
}
}
@@ -624,7 +605,7 @@ int main(int argc, char ** argv) {
uint16_t port;
struct ignore_interfaces * tmp_ignore_interfaces;
AvahiClient *client = NULL;
- AvahiServiceBrowser *pacserve = NULL, *pacdbserve = NULL;
+ AvahiServiceBrowser *pacserve = NULL;
int error, i, ret = 1;
struct MHD_Daemon * mhd;
struct hosts * tmphosts;
@@ -672,17 +653,15 @@ int main(int argc, char ** argv) {
/* allocate first struct element as dummy */
hosts = malloc(sizeof(struct hosts));
hosts->host = NULL;
- hosts->pacserve.online = 0;
- hosts->pacserve.badtime = 0;
- hosts->pacdbserve.online = 0;
- hosts->pacdbserve.badtime = 0;
+ hosts->online = 0;
+ hosts->badtime = 0;
hosts->next = NULL;
ignore_interfaces = malloc(sizeof(struct ignore_interfaces));
ignore_interfaces->interface = NULL;
ignore_interfaces->next = NULL;
- /* Probing for static pacserve and pacdbserve hosts takes some time.
+ /* Probing for static pacserve hosts takes some time.
* Receiving a SIGHUP at this time could kill us. So register signal
* SIGHUP here before probing. */
signal(SIGHUP, sighup_callback);
@@ -758,25 +737,6 @@ int main(int argc, char ** argv) {
free(values);
}
- /* add static pacdbserve hosts */
- if ((inistring = iniparser_getstring(ini, "general:pacdbserve hosts", NULL)) != NULL) {
- values = strdup(inistring);
- value = strtok(values, DELIMITER);
- while (value != NULL) {
- if (verbose > 0)
- write_log(stdout, "Adding static pacdbserve host: %s\n", value);
-
- if (strchr(value, ':') != NULL) {
- port = atoi(strchr(value, ':') + 1);
- *strchr(value, ':') = 0;
- } else
- port = PORT_PACDBSERVE;
- add_host(value, AVAHI_PROTO_UNSPEC, NULL, port, PACDBSERVE);
- value = strtok(NULL, DELIMITER);
- }
- free(values);
- }
-
/* done reading config file, free */
iniparser_freedict(ini);
}
@@ -800,13 +760,6 @@ int main(int argc, char ** argv) {
goto fail;
}
- /* create the service browser for PACDBSERVE */
- if ((pacdbserve = avahi_service_browser_new(client, AVAHI_IF_UNSPEC,
- use_proto, PACDBSERVE, NULL, 0, browse_callback, client)) == NULL) {
- write_log(stderr, "Failed to create service browser: %s\n", avahi_strerror(avahi_client_errno(client)));
- goto fail;
- }
-
/* prepare struct to make microhttpd listen on localhost only */
address.sin_family = AF_INET;
address.sin_port = htons(PORT_PACREDIR);
@@ -861,9 +814,6 @@ fail:
ignore_interfaces = tmp_ignore_interfaces;
}
- if (pacdbserve)
- avahi_service_browser_free(pacdbserve);
-
if (pacserve)
avahi_service_browser_free(pacserve);
diff --git a/pacredir.conf b/pacredir.conf
index 5dcf738..9045af7 100644
--- a/pacredir.conf
+++ b/pacredir.conf
@@ -28,10 +28,9 @@ protocol = IPv4
# You may want to add hosts that do not announce their services via avahi or
# are connected to a different network segment. Add them here. IPv6 addresses
# have to be enclosed in square brackets.
-# Please note that pacdbserve hosts depend on the servers architecture!
+# Please note that pacserve hosts depend on the servers architecture!
#pacserve hosts = test1.domain
#pacserve hosts = test1.domain test2.domain
-#pacdbserve hosts = test3.domain test4.domain
# Give extra verbosity for more output.
verbose = 0
diff --git a/pacredir.h b/pacredir.h
index fa26dbd..75017b7 100644
--- a/pacredir.h
+++ b/pacredir.h
@@ -44,18 +44,6 @@
#define PROGNAME "pacredir"
-/* services */
-struct services {
- /* network port */
- uint16_t port;
- /* true if host/service is online */
- uint8_t online;
- /* unix timestamp of last bad request */
- __time_t badtime;
- /* count the number of bad requests */
- unsigned int badcount;
-};
-
/* hosts */
struct hosts {
/* host name */
@@ -64,9 +52,14 @@ struct hosts {
AvahiProtocol proto;
/* resolved address */
char address[AVAHI_ADDRESS_STR_MAX];
- /* online status and bad time for services */
- struct services pacserve;
- struct services pacdbserve;
+ /* network port */
+ uint16_t port;
+ /* true if host/service is online */
+ uint8_t online;
+ /* unix timestamp of last bad request */
+ __time_t badtime;
+ /* count the number of bad requests */
+ unsigned int badcount;
/* pointer to next struct element */
struct hosts * next;
};
@@ -81,10 +74,8 @@ struct ignore_interfaces {
/* request */
struct request {
- /* host name */
- const char * host;
- /* pointer to service */
- struct services * service;
+ /* host infos */
+ struct hosts * host;
/* url */
char * url;
/* HTTP status code */
@@ -100,7 +91,7 @@ int write_log(FILE *stream, const char *format, ...);
/* get_fqdn */
char * get_fqdn(const char * hostname, const char * domainname);
/* get_url */
-char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const char * uri);
+char * get_url(const char * hostname, AvahiProtocol proto, const char * address, const uint16_t port, const uint8_t dbfile, const char * uri);
/* add_host */
int add_host(const char * host, AvahiProtocol proto, const char * address, const uint16_t port, const char * type);
diff --git a/systemd/pacdbserve.service b/systemd/pacdbserve.service
deleted file mode 100644
index a94238d..0000000
--- a/systemd/pacdbserve.service
+++ /dev/null
@@ -1,14 +0,0 @@
-[Unit]
-Description=Darkhttpd to serve pacman db files
-After=network.target
-
-[Service]
-ExecStart=/usr/bin/pacdbserve /var/lib/pacman/sync/ --ipv6 --port 7079 --no-listing
-DynamicUser=on
-ProtectSystem=full
-ProtectHome=on
-PrivateDevices=on
-NoNewPrivileges=on
-
-[Install]
-WantedBy=multi-user.target
diff --git a/systemd/pacredir.service b/systemd/pacredir.service
index 2e890f7..561b4cd 100644
--- a/systemd/pacredir.service
+++ b/systemd/pacredir.service
@@ -16,4 +16,3 @@ NoNewPrivileges=on
[Install]
WantedBy=multi-user.target
Also=pacserve.service
-Also=pacdbserve.service
diff --git a/systemd/pacserve.service b/systemd/pacserve.service
index 1e414db..e3e2401 100644
--- a/systemd/pacserve.service
+++ b/systemd/pacserve.service
@@ -1,9 +1,10 @@
[Unit]
-Description=Darkhttpd to serve pacman cache
-After=network.target
+Description=Serve pacman database files and package archives
+After=systemd-tmpfiles-setup.service network.target
[Service]
-ExecStart=/usr/bin/pacserve /var/cache/pacman/pkg/ --ipv6 --port 7078 --no-listing
+ExecStart=/usr/bin/pacserve /run/pacserve/ --ipv6 --port 7078 --no-listing
+BindReadOnlyPaths=/var/cache/pacman/pkg:/run/pacserve/pkg /var/lib/pacman/sync:/run/pacserve/db
DynamicUser=on
ProtectSystem=full
ProtectHome=on
diff --git a/systemd/tmpfiles.conf b/systemd/tmpfiles.conf
new file mode 100644
index 0000000..f1da220
--- /dev/null
+++ b/systemd/tmpfiles.conf
@@ -0,0 +1,2 @@
+d /var/cache/pacman/pkg - - - -
+d /var/lib/pacman/sync - - - -