chore: add configuration recipes

2025-06-28 14:51:43 +00:00 · 2023-12-18 16:38:29 +02:00
parent 5fb93bd331
commit c130f52163
50 changed files with 1214 additions and 42 deletions
--- a/recipes/sign/README.md
+++ b/recipes/sign/README.md
@ -0,0 +1,13 @@
+# Sign
+
+This example uses generated key. It can be generated as:
+
+```shell
+gpg --full-generate-key
+gpg --export-secret-keys -a <...> > repository-sign.gpg
+```
+
+1. Setup repository named `ahriman-demo` with architecture `x86_64`.
+2. Sing repository database with the distributed key.
+3. Start service in daemon mode with periodic (once per day) repository update.
+4. Repository is available at `http://localhost:8080/repo`.
--- a/recipes/sign/compose.yml
+++ b/recipes/sign/compose.yml
@ -0,0 +1,55 @@
+services:
+  backend:
+    image: arcan1s/ahriman:edge
+    privileged: true
+
+    environment:
+      AHRIMAN_DEBUG: yes
+      AHRIMAN_OUTPUT: console
+      AHRIMAN_PRESETUP_COMMAND: sudo -u ahriman gpg --import /run/secrets/key
+      AHRIMAN_REPOSITORY: ahriman-demo
+
+    configs:
+      - source: service
+        target: /etc/ahriman.ini.d/99-settings.ini
+    secrets:
+      - key
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /var/lib/ahriman
+        volume:
+          nocopy: true
+
+    command: repo-daemon
+
+  frontend:
+    image: nginx
+    ports:
+      - 8080:80
+
+    configs:
+      - source: nginx
+        target: /etc/nginx/conf.d/default.conf
+
+    volumes:
+      - type: volume
+        source: repository
+        target: /srv
+        read_only: true
+        volume:
+          nocopy: true
+
+configs:
+  nginx:
+    file: nginx.conf
+  service:
+    file: service.ini
+
+secrets:
+  key:
+    file: repository-sign.gpg
+
+volumes:
+  repository:
--- a/recipes/sign/nginx.conf
+++ b/recipes/sign/nginx.conf
@ -0,0 +1,9 @@
+server {
+    listen 80;
+
+    location /repo {
+        rewrite ^/repo/(.*) /$1 break;
+        autoindex on;
+        root /srv/ahriman/repository;
+    }
+}
--- a/recipes/sign/repository-sign.gpg
+++ b/recipes/sign/repository-sign.gpg
@ -0,0 +1,14 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lFgEZYDhoBYJKwYBBAHaRw8BAQdAj6NB6KZNuIEtyAomhtSaBEHNBKL9j1Q/3pty
+Z7ILVLIAAP4sVdcqyyNHfxBiuBF6GH67TWyzJYSwfshjVFesqJ6gjQ9ytAxhaHJp
+bWFuIGRlbW+IkwQTFgoAOxYhBDaZYVtNEHBeJbQ7hUFQtEGM2DWPBQJlgOGgAhsD
+BQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEEFQtEGM2DWPo4oBAKbLc6Pa
+zB6iwg/BQ6VHYhCmUWIU5pGo0qukmCxfKCRvAP4hwyzdWJUTB5hiCcUSUdxgIvd7
+7+LArvBMDPru9gQ1B5xdBGWA4aASCisGAQQBl1UBBQEBB0C3lWSLfqGFD9H7Ln7W
+/aOz/pEA76jYGOKKtfCkHeUDAAMBCAcAAP9BpoFLN8lDiUW80SLJ/ooJZK6ddEqC
+78npLEPipG4B4BGgiHgEGBYKACAWIQQ2mWFbTRBwXiW0O4VBULRBjNg1jwUCZYDh
+oAIbDAAKCRBBULRBjNg1jz9sAP4hujMGjeKqCphAzQQ4EU3076e1fm6Gn9gBmDAh
+zIjTHAEA2/ErVTd0UDY5ApJE/IPXoxfVrOZnEsUvMsRDAEExPw4=
+=1cOP
+-----END PGP PRIVATE KEY BLOCK-----
--- a/recipes/sign/service.ini
+++ b/recipes/sign/service.ini
@ -0,0 +1,3 @@
+[sign]
+target = repository
+key = 3699615B4D10705E25B43B854150B4418CD8358F