arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-06-28 06:41:43 +00:00
Code Issues Projects Releases Wiki Activity

chore: add configuration recipes

Browse Source
This commit is contained in:
Evgenii Alekseev
2023-12-18 16:38:29 +02:00
parent 5fb93bd331
commit c130f52163
50 changed files with 1214 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
recipes/README.md Normal file
View File

@ -0,0 +1,15 @@
# Recipes
Collection of the examples of docker compose configuration files, which covers some specific cases. Not for production use.
## Configurations
* [Check](check): double process service; one with periodic checks (automatic build disabled) and other one is with the web service.
* [Daemon](daemon): service with periodic repository checks.
* [Distributed](distributed): cluster of three nodes, one with web interface and two workers which are responsible for build process.
* [Distrubuted manual](distributed-manual): same as [distributed](distributed), but two nodes and update process must be run on worker node manually.
* [i686](i686): non-x86_64 architecture setup.
* [Multi repo](multirepo): run web service with two separated repositories.
* [Pull](pull): normal service, but in addition with pulling packages from another source (e.g. GitHub repository).
* [Sign](sign): create repository with database signing.
* [Web](web): simple web service with authentication enabled.

7
recipes/check/README.md Normal file
View File

@ -0,0 +1,7 @@
# Check
1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
2. Setup repository named `ahriman-demo` with architecture `x86_64`.
3. Start web server at port `8080`.
4. Start periodic updates check as separated container without building.
5. Repository is available at `http://localhost:8080/repo`.

79
recipes/check/compose.yml Normal file
View File

@ -0,0 +1,79 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: web
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
worker:
image: arcan1s/ahriman:edge
depends_on:
- backend
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: repo-daemon --dry-run
configs:
nginx:
file: nginx.conf
service:
file: service.ini
secrets:
password:
environment: AHRIMAN_PASSWORD
volumes:
repository:

18
recipes/check/nginx.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-Proto $scheme;
proxy_pass http://backend:8080;
}
}

2
recipes/check/service.ini Normal file
View File

@ -0,0 +1,2 @@
[auth]
target = configuration

5
recipes/daemon/README.md Normal file
View File

@ -0,0 +1,5 @@
# Daemon
1. Setup repository named `ahriman-demo` with architecture `x86_64`.
2. Start service in daemon mode with periodic (once per day) repository update.
3. Repository is available at `http://localhost:8080/repo`.

42
recipes/daemon/compose.yml Normal file
View File

@ -0,0 +1,42 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_REPOSITORY: ahriman-demo
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: repo-daemon
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
configs:
nginx:
file: nginx.conf
volumes:
repository:

9
recipes/daemon/nginx.conf Normal file
View File

@ -0,0 +1,9 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
}

8
recipes/distributed-manual/README.md Normal file
View File

@ -0,0 +1,8 @@
# Distributed manual
1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
2. Setup repository named `ahriman-demo` with architecture `x86_64`.
3. Start web server at port `8080`.
4. Start service in daemon mode with periodic (once per day) repository update.
5. All updates from worker daemon instance are uploaded to the web service.
6. Repository is available at `http://localhost:8080/repo`.

77
recipes/distributed-manual/compose.yml Normal file
View File

@ -0,0 +1,77 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: web
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
worker:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_REPOSITORY_SERVER: http://frontend/repo/$$repo/$$arch
configs:
- source: worker
target: /etc/ahriman.ini.d/99-settings.ini
command: daemon
configs:
nginx:
file: nginx.conf
service:
file: service.ini
worker:
file: worker.ini
secrets:
password:
environment: AHRIMAN_PASSWORD
volumes:
repository:

18
recipes/distributed-manual/nginx.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-Proto $scheme;
proxy_pass http://backend:8080;
}
}

6
recipes/distributed-manual/service.ini Normal file
View File

@ -0,0 +1,6 @@
[auth]
target = mapping
[web]
enable_archive_upload = yes
wait_timeout = 0

19
recipes/distributed-manual/worker.ini Normal file
View File

@ -0,0 +1,19 @@
[build]
triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger ahriman.core.gitremote.RemotePushTrigger
[status]
address = http://backend:8080
username = demo
password = $AHRIMAN_PASSWORD
[report]
target = remote-call
[remote-call]
manual = yes
wait_timeout = 0
[upload]
target = remote-service
[remote-service]

11
recipes/distributed/README.md Normal file
View File

@ -0,0 +1,11 @@
# Distributed
1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
2. Setup repository named `ahriman-demo` with architecture `x86_64`.
3. Start web server at port `8080`.
4. Start two workers.
5. All updates triggered by the web server will be passed to workers.
6. All updates from worker instances are uploaded to the web service.
7. Repository is available at `http://localhost:8080/repo`.
Note, in this configuration, workers are spawned in replicated mode, thus the backend accesses them in round-robin-like manner.

85
recipes/distributed/compose.yml Normal file
View File

@ -0,0 +1,85 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: web
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
worker:
image: arcan1s/ahriman:edge
privileged: true
deploy:
mode: replicated
replicas: 2
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_REPOSITORY_SERVER: http://frontend/repo/$$repo/$$arch
configs:
- source: worker
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
command: web
configs:
nginx:
file: nginx.conf
service:
file: service.ini
worker:
file: worker.ini
secrets:
password:
environment: AHRIMAN_PASSWORD
volumes:
repository:

18
recipes/distributed/nginx.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-Proto $scheme;
proxy_pass http://backend:8080;
}
}

13
recipes/distributed/service.ini Normal file
View File

@ -0,0 +1,13 @@
[auth]
target = mapping
[build]
workers = http://worker:8080 http://worker:8080
[status]
username = demo
password = $AHRIMAN_PASSWORD
[web]
enable_archive_upload = yes
wait_timeout = 0

22
recipes/distributed/worker.ini Normal file
View File

@ -0,0 +1,22 @@
[auth]
target = mapping
[build]
triggers = ahriman.core.upload.UploadTrigger ahriman.core.report.ReportTrigger
[status]
address = http://backend:8080
username = demo
password = $AHRIMAN_PASSWORD
[report]
target = remote-call
[remote-call]
manual = yes
wait_timeout = 0
[upload]
target = remote-service
[remote-service]

9
recipes/i686/Dockerfile Normal file
View File

@ -0,0 +1,9 @@
FROM arcan1s/ahriman:edge
ENV ARCH32_KEYRING_VERSION="20231126-1.0"
RUN pacman-key --init
RUN pacman -Sy --noconfirm wget && \
wget -nv http://pool.mirror.archlinux32.org/i686/core/archlinux32-keyring-${ARCH32_KEYRING_VERSION}-any.pkg.tar.zst && \
pacman -U --noconfirm archlinux32-keyring-${ARCH32_KEYRING_VERSION}-any.pkg.tar.zst

9
recipes/i686/README.md Normal file
View File

@ -0,0 +1,9 @@
# i686
This example uses hybrid setup from FAQ, because archlinux32 has outdated devtools package. So it distributes custom `makepkg.conf` and `pacman.conf` (which are copied from archlinux32 package) and builds custom image with archlinux32 keyring.
1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
2. Build image from distributed `Dockerfile`.
3. Setup repository named `ahriman-demo` with architecture `i686`.
4. Start web server at port `8080`.
5. Repository is available at `http://localhost:8080/repo`.

70
recipes/i686/compose.yml Normal file
View File

@ -0,0 +1,70 @@
services:
backend:
image: ahriman-i686
build: .
privileged: true
environment:
AHRIMAN_ARCHITECTURE: i686
AHRIMAN_DEBUG: yes
AHRIMAN_MULTILIB:
AHRIMAN_OUTPUT: console
AHRIMAN_PACMAN_MIRROR: https://de.mirror.archlinux32.org/$$arch/$$repo
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
configs:
- source: makepkg
target: /usr/share/devtools/makepkg.conf.d/i686.conf
- source: pacman
target: /usr/share/devtools/pacman.conf.d/extra-i686.conf
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: web
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
configs:
makepkg:
file: makepkg.conf
nginx:
file: nginx.conf
pacman:
file: pacman.conf
service:
file: service.ini
secrets:
password:
environment: AHRIMAN_PASSWORD
volumes:
repository:

162
recipes/i686/makepkg.conf Normal file
View File

@ -0,0 +1,162 @@
#!/hint/bash
# shellcheck disable=2034
#
# /etc/makepkg.conf
#
#########################################################################
# SOURCE ACQUISITION
#########################################################################
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync --no-motd -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
# /usr/bin/wget
#-- The package required by makepkg to download VCS sources
# Format: 'protocol::package'
VCSCLIENTS=('bzr::bzr'
'fossil::fossil'
'git::git'
'hg::mercurial'
'svn::subversion')
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
#########################################################################
#
CARCH="i686"
CHOST="i686-pc-linux-gnu"
#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=i686 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \
-fstack-clash-protection "
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
LTOFLAGS="-flto=auto"
#RUSTFLAGS="-C opt-level=2"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
#DEBUG_RUSTFLAGS="-C debuginfo=2"
#########################################################################
# BUILD ENVIRONMENT
#########################################################################
#
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- distcc: Use the Distributed C/C++/ObjC compiler
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
#-- sign: Generate PGP signature file
#
BUILDENV=(!distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#-- Specify a directory for package building.
#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
#-- docs: Save doc directories specified by DOC_DIRS
#-- libtool: Leave libtool (.la) files in packages
#-- staticlibs: Leave static library (.a) files in packages
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
#-- debug: Add debugging flags as specified in DEBUG_* variables
#-- lto: Add compile flags for building with link time optimization
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
INTEGRITY_CHECK=(sha256)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#-- Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#-- Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#-- Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#-- Directory to store source code in for debug packages
DBGSRCDIR="/usr/src/debug"
#########################################################################
# PACKAGE OUTPUT
#########################################################################
#
# Default: put built package and cached source in build directory
#
#-- Destination: specify a fixed directory where all packages will be placed
#PKGDEST=/home/packages
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
#SRCPKGDEST=/home/srcpackages
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
#-- Specify a key to use for package signing
#GPGKEY=""
#########################################################################
# COMPRESSION DEFAULTS
#########################################################################
#
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -T0 --ultra -20 -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -c -f)
#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
PKGEXT='.pkg.tar.zst'
SRCEXT='.src.tar.gz'
#########################################################################
# OTHER
#########################################################################
#
#-- Command used to run pacman as root, instead of trying sudo and su
#PACMAN_AUTH=()
# vim: set ft=sh ts=2 sw=2 et:

18
recipes/i686/nginx.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-Proto $scheme;
proxy_pass http://backend:8080;
}
}

92
recipes/i686/pacman.conf Normal file
View File

@ -0,0 +1,92 @@
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = i686
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
#Color
NoProgressBar
# We cannot check disk space from within a chroot environment
#CheckSpace
VerbosePkgLists
ParallelDownloads = 5
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[testing]
#Include = /etc/pacman.d/mirrorlist
#[community-testing]
#Include = /etc/pacman.d/mirrorlist
[core]
Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

2
recipes/i686/service.ini Normal file
View File

@ -0,0 +1,2 @@
[auth]
target = mapping

7
recipes/multirepo/README.md Normal file
View File

@ -0,0 +1,7 @@
# Multirepo
1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
2. Setup repository named `ahriman-demo` with architecture `x86_64`.
3. Setup additional repository named `another-demo` with architecture `x86_64`.
4. Start web server at port `8080`.
5. Repository is available at `http://localhost:8080/repo`.

59
recipes/multirepo/compose.yml Normal file
View File

@ -0,0 +1,59 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_POSTSETUP_COMMAND: ahriman --architecture x86_64 --repository another-demo service-setup --build-as-user ahriman --packager 'ahriman bot <ahriman@example.com>'
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: web
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
configs:
nginx:
file: nginx.conf
service:
file: service.ini
secrets:
password:
environment: AHRIMAN_PASSWORD
volumes:
repository:

18
recipes/multirepo/nginx.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-Proto $scheme;
proxy_pass http://backend:8080;
}
}

2
recipes/multirepo/service.ini Normal file
View File

@ -0,0 +1,2 @@
[auth]
target = mapping

6
recipes/pull/README.md Normal file
View File

@ -0,0 +1,6 @@
# Pull
1. Setup repository named `ahriman-demo` with architecture `x86_64`.
2. Pull repository with custom packages.
3. Run update process.
4. Repository is available at `http://localhost:8080/repo`.

46
recipes/pull/compose.yml Normal file
View File

@ -0,0 +1,46 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_REPOSITORY: ahriman-demo
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
configs:
nginx:
file: nginx.conf
service:
file: service.ini
volumes:
repository:

9
recipes/pull/nginx.conf Normal file
View File

@ -0,0 +1,9 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
}

5
recipes/pull/service.ini Normal file
View File

@ -0,0 +1,5 @@
[remote-pull]
target = gitremote
[gitremote]
pull_url = https://git.arcanis.me/arcanis/ahriman-local-packages.git

13
recipes/sign/README.md Normal file
View File

@ -0,0 +1,13 @@
# Sign
This example uses generated key. It can be generated as:
```shell
gpg --full-generate-key
gpg --export-secret-keys -a <...> > repository-sign.gpg
```
1. Setup repository named `ahriman-demo` with architecture `x86_64`.
2. Sing repository database with the distributed key.
3. Start service in daemon mode with periodic (once per day) repository update.
4. Repository is available at `http://localhost:8080/repo`.

55
recipes/sign/compose.yml Normal file
View File

@ -0,0 +1,55 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PRESETUP_COMMAND: sudo -u ahriman gpg --import /run/secrets/key
AHRIMAN_REPOSITORY: ahriman-demo
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- key
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: repo-daemon
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
configs:
nginx:
file: nginx.conf
service:
file: service.ini
secrets:
key:
file: repository-sign.gpg
volumes:
repository:

9
recipes/sign/nginx.conf Normal file
View File

@ -0,0 +1,9 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
}

14
recipes/sign/repository-sign.gpg Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PGP PRIVATE KEY BLOCK-----
lFgEZYDhoBYJKwYBBAHaRw8BAQdAj6NB6KZNuIEtyAomhtSaBEHNBKL9j1Q/3pty
Z7ILVLIAAP4sVdcqyyNHfxBiuBF6GH67TWyzJYSwfshjVFesqJ6gjQ9ytAxhaHJp
bWFuIGRlbW+IkwQTFgoAOxYhBDaZYVtNEHBeJbQ7hUFQtEGM2DWPBQJlgOGgAhsD
BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEEFQtEGM2DWPo4oBAKbLc6Pa
zB6iwg/BQ6VHYhCmUWIU5pGo0qukmCxfKCRvAP4hwyzdWJUTB5hiCcUSUdxgIvd7
7+LArvBMDPru9gQ1B5xdBGWA4aASCisGAQQBl1UBBQEBB0C3lWSLfqGFD9H7Ln7W
/aOz/pEA76jYGOKKtfCkHeUDAAMBCAcAAP9BpoFLN8lDiUW80SLJ/ooJZK6ddEqC
78npLEPipG4B4BGgiHgEGBYKACAWIQQ2mWFbTRBwXiW0O4VBULRBjNg1jwUCZYDh
oAIbDAAKCRBBULRBjNg1jz9sAP4hujMGjeKqCphAzQQ4EU3076e1fm6Gn9gBmDAh
zIjTHAEA2/ErVTd0UDY5ApJE/IPXoxfVrOZnEsUvMsRDAEExPw4=
=1cOP
-----END PGP PRIVATE KEY BLOCK-----

3
recipes/sign/service.ini Normal file
View File

@ -0,0 +1,3 @@
[sign]
target = repository
key = 3699615B4D10705E25B43B854150B4418CD8358F

6
recipes/web/README.md Normal file
View File

@ -0,0 +1,6 @@
# Web
1. Create user `demo` with password from `AHRIMAN_PASSWORD` environment variable.
2. Setup repository named `ahriman-demo` with architecture `x86_64`.
3. Start web server at port `8080`.
4. Repository is available at `http://localhost:8080/repo`.

58
recipes/web/compose.yml Normal file
View File

@ -0,0 +1,58 @@
services:
backend:
image: arcan1s/ahriman:edge
privileged: true
environment:
AHRIMAN_DEBUG: yes
AHRIMAN_OUTPUT: console
AHRIMAN_PASSWORD: ${AHRIMAN_PASSWORD}
AHRIMAN_PORT: 8080
AHRIMAN_PRESETUP_COMMAND: (cat /run/secrets/password; echo; cat /run/secrets/password) | sudo -u ahriman ahriman user-add demo -R full
AHRIMAN_REPOSITORY: ahriman-demo
AHRIMAN_UNIX_SOCKET: /var/lib/ahriman/ahriman/ahriman.sock
configs:
- source: service
target: /etc/ahriman.ini.d/99-settings.ini
secrets:
- password
volumes:
- type: volume
source: repository
target: /var/lib/ahriman
volume:
nocopy: true
command: web
frontend:
image: nginx
ports:
- 8080:80
configs:
- source: nginx
target: /etc/nginx/conf.d/default.conf
volumes:
- type: volume
source: repository
target: /srv
read_only: true
volume:
nocopy: true
configs:
nginx:
file: nginx.conf
service:
file: service.ini
secrets:
password:
environment: AHRIMAN_PASSWORD
volumes:
repository:

18
recipes/web/nginx.conf Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
location /repo {
rewrite ^/repo/(.*) /$1 break;
autoindex on;
root /srv/ahriman/repository;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-Proto $scheme;
proxy_pass http://backend:8080;
}
}

2
recipes/web/service.ini Normal file
View File

@ -0,0 +1,2 @@
[auth]
target = mapping