chore: replace passlib with bcrypt

passlib uses deprecated crypt module which is deprecated and scheduled
for removal in 3.13. Unfortunately, this module seems to be
unmaintained, so this commit replaces passlib with bcrypt, unfortunately
breaking current passwords

docs/migrations/2.12.0.rst

@@ -0,0 +1,46 @@
+To 2.12.0
+---------
+
+This release includes paths migration. Unlike usual case, no automatic migration is performed because it might break user configuration. The following noticeable changes have been made:
+
+* Path to pre-built packages now includes repository name, i.e. it has been changed from ``/var/lib/ahriman/packages/x86_64`` to ``/var/lib/ahriman/packages/aur/x86_64``.
+* Path to pacman databases now includes repository name too, it has been changed from ``/var/lib/ahriman/pacman/x86_64`` to ``/var/lib/ahriman/pacman/aur/x86_64``.
+* Path to repository itself also includes repository name, from ``/var/lib/ahriman/repository/x86_64`` to ``/var/lib/ahriman/repository/aur/x86_64``.
+
+In order to migrate to the new filesystem tree the following actions are required:
+
+#.
+   Stop and disable all services, e.g. timer and web service:
+
+   .. code-block:: shell
+
+      sudo systemctl disable --now ahriman@x86_64.timer
+      sudo systemctl disable --now ahriman-web@x86_64
+
+#.
+   Create directory tree. It can be done by running ``ahriman service-tree-migrate`` subcommand. It performs copying between the old repository tree and the new one. Alternatively directories can be copied by hands.
+
+#.
+   Edit configuration in case if anything is pointing to the old path, e.g. HTML report generation, in the way in which it will point to the directory inside repository specific one, e.g. ``/var/lib/ahriman/repository/x86_64`` to ``/var/lib/ahriman/repository/aur/x86_64``.
+
+#.
+   Run setup command (i.e. ``ahriman service-setup``) again with the same arguments as used before. This step can be done manually by editing devtools pacman configuration (``/usr/share/devtools/pacman.conf.d/ahriman-x86_64.conf`` by default) replacing ``Server`` with path to the repository, e.g.:
+
+   .. code-block:: ini
+
+      [aur]
+      SigLevel = Optional TrustAll
+      Server = file:///var/lib/ahriman/repository/aur/x86_64
+
+   In case of manual interventions make sure to remove architecture reference from ``web`` sections (if any) to avoid ambiguity.
+
+#.
+   Make sure to update remote synchronization services if any. Almost all of them rely on current repository tree by default, so it is required to setup either redirects or configure to synchronize to the old locations (e.g. ``object_path`` option for S3 synchronization).
+
+#.
+   Enable and start services again. Unit template parameter should include both repository architecture and name, dash separated, e.g. ``x86_64-aur``, where ``x86_64`` is the repository architecture and ``aur`` is the repository name:
+
+   .. code-block:: shell
+
+      sudo systemctl enable --now ahriman@x86_64-aur.timer
+      sudo systemctl enable --now ahriman-web

docs/migrations/2.16.0.rst

@@ -0,0 +1,16 @@
+To 2.16.0
+---------
+
+This release replaces ``passlib`` dependency with ``bcrypt``.
+
+The reason behind this change is that python developers have deprecated and scheduled for removal ``crypt`` module, which is used by ``passlib``. (By the way, they recommend to use ``passlib`` as a replacement.) Unfortunately, it appears that ``passlib`` is unmaintained (see `the issue <https://foss.heptapod.net/python-libs/passlib/-/issues/187>`__), so the only solution is to migrate to anoher library.
+
+Because passwords are stored as hashes, it is near to impossible to shadow change passwords in database, the manual intervention is required if:
+
+#. Authentication is used.
+#. Notification provider is ``configuration`` or a user with explicitly set password exists.
+
+Manual steps might look as:
+
+#. Get list of users with their roles ``ahriman user-list``.
+#. For each user run update command, i.e. ``ahriman user-add <username> -R <role>``. Type password when it will be requested.

docs/migrations/2.9.0.rst

@@ -0,0 +1,11 @@
+To 2.9.0
+--------
+
+This release includes major upgrade for the newest devtools and archlinux repository structure. In order to upgrade package need to:
+
+#. Upgrade to the latest major release of python (3.11) (required by other changes).
+#. Upgrade devtools to the latest release.
+#. Backup local settings, ``/etc/ahriman.ini.d/00-setup-overrides.ini`` by default.
+#. Run setup command (i.e. ``ahriman service-setup``) again with the same arguments as used before. This step can be done manually by moving ``devtools`` configuration (something like ``/usr/share/devtools/pacman-ahriman*.conf``) to new location ``/usr/share/devtools/pacman.conf.d/`` under name ``ahriman.conf``. After that make sure to remove any ``community`` mentions from configurations (e.g. ``/usr/share/devtools/pacman.conf.d/ahriman.conf``, ``/etc/ahriman.ini``) if there were any. The only thing which will change is ``devtools`` configuration.
+#. Remove build chroot as it is incompatible, e.g. ``sudo ahriman service-clean --chroot``.
+#. Run ``sudo -u ahriman ahriman update --no-aur --no-local --no-manual -yy`` in order to update local databases.

docs/migrations/index.rst

@@ -0,0 +1,14 @@
+Manual migrations
+=================
+
+Normally the most of migrations are handled automatically after application start, however, some upgrades require manual interventions; this document describes them.
+
+Upgrades to breakpoints
+-----------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   2.9.0
+   2.12.0
+   2.16.0