docs: update configuration references in docs

2025-10-30 21:33:43 +00:00 · 2024-09-22 14:59:45 +03:00
parent 1acff852d0
commit ce75ccb405
7 changed files with 35 additions and 35 deletions
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -25,7 +25,7 @@ Configuration allows string interpolation from the same configuration file, e.g.
   key = ${anoher_key}
   another_key = value

-will read value for the ``section.key`` option from ``section.another_key``. In case if the cross-section reference is required, the ``${section:another_key}`` notation must be used. It also allows string interpolation from environment variables, e.g.:
+will read value for the ``key`` option from ``another_key`` in the same section. In case if the cross-section reference is required, the ``${section:another_key}`` notation must be used. It also allows string interpolation from environment variables, e.g.:

 .. code-block:: ini

@ -43,7 +43,7 @@ will try to read value from ``SECRET`` environment variable. In case if the requ
   key = ${home}
   home = $HOME

-will eventually lead ``section1.key`` option to be set to the value of ``HOME`` environment variable (if available).
+will eventually lead ``key`` option in section ``section1`` to be set to the value of ``HOME`` environment variable (if available).

 There is also additional subcommand which will allow to validate configuration and print found errors. In order to do so, run ``service-config-validate`` subcommand, e.g.:

@ -379,7 +379,7 @@ Requires ``rsync`` package to be installed. Do not forget to configure ssh for u

 * ``type`` - type of the upload, string, optional, must be set to ``rsync`` if exists.
 * ``command`` - rsync command to run, space separated list of string, required.
-* ``remote`` - remote server to rsync (e.g. ``1.2.3.4:path/to/sync``), string, required.
+* ``remote`` - remote server to rsync (e.g. ``ahriman@10.0.0.1:/srv/repo``), string, required.

 ``s3`` type
 ^^^^^^^^^^^
--- a/docs/faq/distributed.rst
+++ b/docs/faq/distributed.rst
@ -8,8 +8,8 @@ Remote synchronization and remote server call

 This setup requires at least two instances of the service:

-#. Web service (with opt-in authorization enabled), later will be referenced as ``master`` node.
-#. Application instances responsible for build, later will be referenced as ``worker`` nodes.
+#. Web service (with opt-in authorization enabled), later will be referenced as **master** node.
+#. Application instances responsible for build, later will be referenced as **worker** nodes.

 In this example the following settings are assumed:

@ -70,7 +70,7 @@ Worker nodes configuration
      username = worker-user
      password = very-secure-password

-   As it has been mentioned above, ``status.address`` must be available for workers. In case if unix socket is used, it can be passed in the same option as usual. Optional ``status.username``/``status.password`` can be supplied in case if authentication was enabled on master node.
+   As it has been mentioned above, ``${status:address}`` must be available for workers. In case if unix socket is used, it can be passed in the same option as usual. Optional ``${status:username}``/``${status:password}`` can be supplied in case if authentication was enabled on master node.

 #.
   Each worker must call master node on success:
@ -83,7 +83,7 @@ Worker nodes configuration
      [remote-call]
      manual = yes

-   After success synchronization (see above), the built packages will be put into directory, from which they will be read during manual update, thus ``remote-call.manual`` flag is required.
+   After success synchronization (see above), the built packages will be put into directory, from which they will be read during manual update, thus ``${remote-call:manual}`` flag is required.

 #.
   Change order of trigger runs. This step is required, because by default the report trigger is called before the upload trigger and we would like to achieve the opposite:
@ -202,12 +202,12 @@ This action must be done in two steps:
 Delegate builds to remote workers
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-This setup heavily uses upload feature described above and, in addition, also delegates build process automatically to build machines. Same as above, there must be at least two instances available (``master`` and ``worker``), however, all ``worker`` nodes must be run in the web service mode.
+This setup heavily uses upload feature described above and, in addition, also delegates build process automatically to build machines. Same as above, there must be at least two instances available (**master** and **worker**), however, all **worker** nodes must be run in the web service mode.

 Master node configuration
 """""""""""""""""""""""""

-In addition to the configuration above, the worker list must be defined in configuration file (``build.workers`` option), i.e.:
+In addition to the configuration above, the worker list must be defined in configuration file (``${build:workers}`` option), i.e.:

 .. code-block:: ini

@ -218,7 +218,7 @@ In addition to the configuration above, the worker list must be defined in confi
   enable_archive_upload = yes
   wait_timeout = 0

-In the example above, ``https://worker1.example.com`` and ``https://worker2.example.com`` are remote ``worker`` node addresses available for ``master`` node.
+In the example above, ``https://worker1.example.com`` and ``https://worker2.example.com`` are remote **worker** node addresses available for **master** node.

 In case if authentication is required (which is recommended way to setup it), it can be set by using ``status`` section as usual.

@ -229,7 +229,7 @@ It is required to point to the master node repository, otherwise internal depend

 Also, in case if authentication is enabled, the same user with the same password must be created for all workers.

-It is also recommended to set ``web.wait_timeout`` to infinite in case of multiple conflicting runs and ``service_only`` to ``yes`` in order to disable status endpoints.
+It is also recommended to set ``${web:wait_timeout}`` to infinite in case of multiple conflicting runs and ``${web:service_only}`` to ``yes`` in order to disable status endpoints.

 Other settings are the same as mentioned above.

@ -297,19 +297,19 @@ Command to run worker nodes (considering there will be two workers, one is on ``
   docker run --privileged -p 8081:8081 -e AHRIMAN_PORT=8081 -v worker.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web
   docker run --privileged -p 8082:8082 -e AHRIMAN_PORT=8082 -v worker.ini:/etc/ahriman.ini.d/overrides.ini arcan1s/ahriman:latest web

-Unlike the previous setup, it doesn't require to mount repository root for ``worker`` nodes, because they don't use it anyway.
+Unlike the previous setup, it doesn't require to mount repository root for **worker** nodes, because they don't use it anyway.

 Check proof-of-concept setup `here <https://github.com/arcan1s/ahriman/tree/master/recipes/distributed>`__.

 Addition of new package, package removal, repository update
 """""""""""""""""""""""""""""""""""""""""""""""""""""""""""

-In all scenarios, update process must be run only on ``master`` node. Unlike the manually distributed packages described above, automatic update must be enabled only for ``master`` node.
+In all scenarios, update process must be run only on **master** node. Unlike the manually distributed packages described above, automatic update must be enabled only for **master** node.

 Automatic worker nodes discovery
 """"""""""""""""""""""""""""""""

-Instead of setting ``build.workers`` option it is also possible to configure services to load worker list dynamically. To do so, the ``ahriman.core.distributed.WorkerLoaderTrigger`` and ``ahriman.core.distributed.WorkerTrigger`` must be used for ``master`` and ``worker`` nodes repsectively. See recipes for more details.
+Instead of setting ``${build:workers}`` option explicitly it is also possible to configure services to load worker list dynamically. To do so, the ``ahriman.core.distributed.WorkerLoaderTrigger`` and ``ahriman.core.distributed.WorkerTrigger`` must be used for **master** and **worker** nodes respectively. See recipes for more details.

 Known limitations
 """""""""""""""""
@ -317,4 +317,4 @@ Known limitations
 * Workers don't support local packages. However, it is possible to build custom packages by providing sources by using ``ahriman.core.gitremote.RemotePullTrigger`` trigger.
 * No dynamic nodes discovery. In case if one of worker nodes is unavailable, the build process will fail.
 * No pkgrel bump on conflicts.
-* The identical user must be created for all workers. However, the ``master`` node user can be different from this one.
+* The identical user must be created for all workers. However, the **master** node user can be different from this one.
--- a/docs/faq/general.rst
+++ b/docs/faq/general.rst
@ -375,7 +375,7 @@ After the success build the application extracts all linked libraries and used d

 In order to disable this check completely, the ``--no-check-files`` flag can be used.

-In addition, there is possibility to control paths which will be used for checking, by using option ``build.scan_paths``, which supports regular expressions. Leaving ``build.scan_paths`` blank will effectively disable any check too.
+In addition, there is possibility to control paths which will be used for checking, by using option ``${build:scan_paths}``, which supports regular expressions. Leaving ``${build:scan_paths}`` blank will effectively disable any check too.

 How to install built packages
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--- a/docs/faq/maintenance-packages.rst
+++ b/docs/faq/maintenance-packages.rst
@ -14,7 +14,7 @@ The application provides special plugin which generates keyring package. This pl
      [keyring]
      target = keyring-generator

-   By default it will use ``sign.key`` as trusted key and all other keys as packagers ones. For all available options refer to :doc:`configuration </configuration>`.
+   By default it will use ``${sign:key}`` as trusted key and all other keys as packagers ones. For all available options refer to :doc:`configuration </configuration>`.

 #.
   Create package source files:
@ -52,7 +52,7 @@ The application provides special plugin which generates mirrorlist package also.
      [mirrorlist-generator]
      servers = https://repo.example.com/$arch

-   The ``mirrorlist-generator.servers`` must contain list of available mirrors, the ``$arch`` and ``$repo`` variables are supported. For more options kindly refer to :doc:`configuration </configuration>`.
+   The ``${mirrorlist-generator:servers}`` must contain list of available mirrors, the ``$arch`` and ``$repo`` variables are supported. For more options kindly refer to :doc:`configuration </configuration>`.

 #.
   Create package source files:
--- a/docs/faq/reporting.rst
+++ b/docs/faq/reporting.rst
@ -108,12 +108,12 @@ How to post build report to telegram
      chat_id = @ahriman
      link_path = http://example.com/aur-clone/x86_64

-   ``api_key`` is the one sent by `@BotFather <https://t.me/botfather>`__, ``chat_id`` is the value retrieved from previous step.
+   ``${api_key}`` is the one sent by `@BotFather <https://t.me/botfather>`__, ``${chat_id}`` is the value retrieved from previous step.

 If you did everything fine you should receive the message with the next update. Quick credentials check can be done by using the following command:

 .. code-block:: shell

-   curl 'https://api.telegram.org/bot{api_key}/sendMessage?chat_id={chat_id}&text=hello'
+   curl 'https://api.telegram.org/bot${api_key}/sendMessage?chat_id=${chat_id}&text=hello'

-(replace ``{chat_id}`` and ``{api_key}`` with the values from configuration).
+(replace ``${chat_id}`` and ``${api_key}`` with the values from configuration).
--- a/docs/faq/web.rst
+++ b/docs/faq/web.rst
@ -41,7 +41,7 @@ How to enable basic authorization
      target = configuration
      salt = somerandomstring

-   The ``salt`` parameter is optional, but recommended, and can be set to any (random) string.
+   The ``${auth:salt}`` parameter is optional, but recommended, and can be set to any (random) string.

 #.
   In order to provide access for reporting from application instances you can (the recommended way) use unix sockets by the following configuration (note, that it requires ``python-requests-unixsocket2`` package to be installed):
@ -53,7 +53,7 @@ How to enable basic authorization

   This socket path must be available for web service instance and must be available for all application instances (e.g. in case if you are using docker container - see above - you need to make sure that the socket is passed to the root filesystem).

-   By the way, unix socket variable will be automatically set in case if ``--web-unix-socket`` argument is supplied to the ``setup`` subcommand.
+   By the way, unix socket variable will be automatically set in case if ``--web-unix-socket`` argument is supplied to the ``service-setup`` subcommand.

   Alternatively, you need to create user for the service:

@ -96,7 +96,7 @@ How to enable OAuth authorization
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 #. 
-   Create OAuth web application, download its ``client_id`` and ``client_secret``.
+   Create OAuth web application, download its ``${auth:client_id}`` and ``${auth:client_secret}``.

 #.
   Guess what? Install dependencies:
@ -118,10 +118,10 @@ How to enable OAuth authorization
      [web]
      address = https://example.com

-   Configure ``oauth_provider`` and ``oauth_scopes`` in case if you would like to use different from Google provider. Scope must grant access to user email. ``web.address`` is required to make callback URL available from internet.
+   Configure ``${auth:oauth_provider}`` and ``${auth:oauth_scopes}`` in case if you would like to use different from Google provider. Scope must grant access to user email. ``${web:address}`` is required to make callback URL available from internet.

 #. 
-   If you are not going to use unix socket, you also need to create service user (remember to set ``auth.salt`` option before if required):
+   If you are not going to use unix socket, you also need to create service user (remember to set ``${auth:salt}`` option before if required):

   .. code-block:: shell

--- a/package/share/ahriman/settings/ahriman.ini
+++ b/package/share/ahriman/settings/ahriman.ini
@ -3,7 +3,7 @@
 include = ahriman.ini.d
 ; Relative path to configuration used by logging package.
 logging = ahriman.ini.d/logging.ini
-; Perform database migrations on the application start. Do not touch this option unless you know what are you doing.
+; Perform database migrations on the application start. Do not touch this option unless you know what you are doing.
 ;apply_migrations = yes
 ; Path to the application SQLite database.
 database = ${repository:root}/ahriman.db
@ -24,7 +24,7 @@ sync_files_database = yes
 use_ahriman_cache = yes

 [auth]
-; Authentication provider, must be one of disabled, configuration, oauth.
+; Authentication provider, must be one of disabled, configuration, pam, oauth.
 target = disabled
 ; Allow read-only endpoint to be called without authentication.
 allow_read_only = yes
@ -34,7 +34,7 @@ allow_read_only = yes
 ; Cookie secret key to be used for cookies encryption. Must be valid 32 bytes URL-safe base64-encoded string.
 ; If not set, it will be generated automatically.
 ;cookie_secret_key =
-; Name of the secondary group to be used as admin group in the service.
+; Name of the secondary group to be used as admin group in the service. Required if pam is used.
 ;full_access_group = wheel
 ; Authentication cookie expiration in seconds.
 ;max_age = 604800
@ -44,7 +44,7 @@ allow_read_only = yes
 ;oauth_provider = GoogleClient
 ; Scopes list for OAuth2 provider. Required if oauth is used.
 ;oauth_scopes = https://www.googleapis.com/auth/userinfo.email
-; Allow login as root user (only if PAM is used).
+; Allow login as root user (only applicable if PAM is used).
 ;permit_root_login = no
 ; Optional password salt.
 ;salt =
@ -89,10 +89,10 @@ target =
 ; Global switch to enable or disable status reporting.
 enabled = yes
 ; Address of the remote service, e.g.:
-;     address = http://1.0.0.1:8080
+;     address = http://127.0.0.1:8080
 ; In case if unix sockets are used, it might point to the valid socket with encoded path, e.g.:
 ;     address = http+unix://%2Fvar%2Flib%2Fahriman%2Fsocket
-;address =
+;address = http://${web:host}:${web:port}
 ; Optional password for authentication (if enabled).
 ;password =
 ; Do not log HTTP errors if occurs.
@ -104,15 +104,15 @@ suppress_http_log_errors = yes

 [web]
 ; External address of the web service. Will be used for some features like OAuth. If none set will be generated as
-;     address = http://web.host:web.port
-;address =
+;     address = http://${web:host}:${web:port}
+;address = http://${web:host}:${web:port}
 ; Enable file upload endpoint used by some triggers.
 ;enable_archive_upload = no
 ; Address to bind the server.
 host = 127.0.0.1
 ; Full URL to the repository index page used by templates.
 ;index_url =
-; Max file size in bytes which can be uploaded to the server.
+; Max file size in bytes which can be uploaded to the server. Requires ${web:enable_archive_upload} to be enabled.
 ;max_body_size =
 ; Port to listen. Must be set, if the web service is enabled.
 ;port =