# ahriman configuration Some groups can be specified for each architecture separately. E.g. if there are `build` and `build:x86_64` groups it will use the option from `build:x86_64` for the `x86_64` architecture and `build` for any other (architecture specific group has higher priority). In case if both groups are presented, architecture specific options will be merged into global ones overriding them. ## `settings` group Base configuration settings. * `include` - path to directory with configuration files overrides, string, required. * `logging` - path to logging configuration, string, required. Check `logging.ini` for reference. ## `alpm` group libalpm and AUR related configuration. * `aur_url` - base url for AUR, string, required. * `database` - path to pacman local database cache, string, required. * `repositories` - list of pacman repositories, space separated list of strings, required. * `root` - root for alpm library, string, required. ## `auth` group Base authorization settings. `OAuth` provider requires `aioauth-client` library to be installed. * `target` - specifies authorization provider, string, optional, default `disabled`. Allowed values are `disabled`, `configuration`, `oauth`. * `allow_read_only` - allow requesting read only pages without authorization, boolean, required. * `allowed_paths` - URI paths (exact match) which can be accessed without authorization, space separated list of strings, optional. * `allowed_paths_groups` - URI paths prefixes which can be accessed without authorization, space separated list of strings, optional. * `client_id` - OAuth2 application client ID, string, required in case if `oauth` is used. * `client_secret` - OAuth2 application client secret key, string, required in case if `oauth` is used. * `max_age` - parameter which controls both cookie expiration and token expiration inside the service, integer, optional, default is 7 days. * `oauth_provider` - OAuth2 provider class name as is in `aioauth-client` (e.g. `GoogleClient`, `GithubClient` etc), string, required in case if `oauth` is used. * `oauth_scopes` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. `https://www.googleapis.com/auth/userinfo.email` for `GoogleClient` or `user:email` for `GithubClient`, space separated list of strings, required in case if `oauth` is used. * `salt` - password hash salt, string, required in case if authorization enabled (automatically generated by `create-user` subcommand). ## `auth:*` groups Authorization mapping. Group name must refer to user access level, i.e. it should be one of `auth:read` (read hidden pages), `auth:write` (everything is allowed). Key is always username (case-insensitive), option value depends on authorization provider: * `OAuth` - by default requires only usernames and ignores values. But in case of direct login method call (via POST request) it will act as `Mapping` authorization method. * `Mapping` (default) - reads salted password hashes from values, uses SHA512 in order to hash passwords. Password can be set by using `create-user` subcommand. ## `build:*` groups Build related configuration. Group name must refer to architecture, e.g. it should be `build:x86_64` for x86_64 architecture. * `archbuild_flags` - additional flags passed to `archbuild` command, space separated list of strings, optional. * `build_command` - default build command, string, required. * `ignore_packages` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional. * `makepkg_flags` - additional flags passed to `makepkg` command, space separated list of strings, optional. * `makechrootpkg_flags` - additional flags passed to `makechrootpkg` command, space separated list of strings, optional. ## `repository` group Base repository settings. * `name` - repository name, string, required. * `root` - root path for application, string, required. ## `sign:*` groups Settings for signing packages or repository. Group name must refer to architecture, e.g. it should be `sign:x86_64` for x86_64 architecture. * `target` - configuration flag to enable signing, space separated list of strings, required. Allowed values are `package` (sign each package separately), `repository` (sign repository database file). * `key` - default PGP key, string, required. This key will also be used for database signing if enabled. * `key_*` settings - PGP key which will be used for specific packages, string, optional. For example, if there is `key_yay` option the specified key will be used for yay package and default key for others. ## `report` group Report generation settings. * `target` - list of reports to be generated, space separated list of strings, required. Allowed values are `html`, `email`. ### `email:*` groups Group name must refer to architecture, e.g. it should be `email:x86_64` for x86_64 architecture. * `full_template_path` - path to Jinja2 template for full package description index, string, optional. * `homepage` - link to homepage, string, optional. * `host` - SMTP host for sending emails, string, required. * `link_path` - prefix for HTML links, string, required. * `no_empty_report` - skip report generation for empty packages list, boolean, optional, default `yes`. * `password` - SMTP password to authenticate, string, optional. * `port` - SMTP port for sending emails, int, required. * `receivers` - SMTP receiver addresses, space separated list of strings, required. * `sender` - SMTP sender address, string, required. * `ssl` - SSL mode for SMTP connection, one of `ssl`, `starttls`, `disabled`, optional, default `disabled`. * `template_path` - path to Jinja2 template, string, required. * `user` - SMTP user to authenticate, string, optional. ### `html:*` groups Group name must refer to architecture, e.g. it should be `html:x86_64` for x86_64 architecture. * `path` - path to html report file, string, required. * `homepage` - link to homepage, string, optional. * `link_path` - prefix for HTML links, string, required. * `template_path` - path to Jinja2 template, string, required. ## `upload` group Remote synchronization settings. * `target` - list of synchronizations to be used, space separated list of strings, required. Allowed values are `rsync`, `s3`. ### `rsync:*` groups Group name must refer to architecture, e.g. it should be `rsync:x86_64` for x86_64 architecture. Requires `rsync` package to be installed. Do not forget to configure ssh for user `ahriman`. * `command` - rsync command to run, space separated list of string, required. * `remote` - remote server to rsync (e.g. `1.2.3.4:5678:path/to/sync`), string, required. ### `s3:*` groups Group name must refer to architecture, e.g. it should be `s3:x86_64` for x86_64 architecture. * `access_key` - AWS access key ID, string, required. * `bucket` - bucket name (e.g. `bucket`), string, required. * `chunk_size` - chunk size for calculating entity tags, int, optional, default 8 * 1024 * 1024. * `region` - bucket region (e.g. `eu-central-1`), string, required. * `secret_key` - AWS secret access key, string, required. ## `web:*` groups Web server settings. If any of `host`/`port` is not set, web integration will be disabled. Group name must refer to architecture, e.g. it should be `web:x86_64` for x86_64 architecture. * `address` - optional address in form `proto://host:port` (`port` can be omitted in case of default `proto` ports), will be used instead of `http://{host}:{port}` in case if set, string, optional. This option is required in case if `OAuth` provider is used. * `host` - host to bind, string, optional. * `password` - password to authorize in web service in order to update service status, string, required in case if authorization enabled. * `port` - port to bind, int, optional. * `static_path` - path to directory with static files, string, required. * `templates` - path to templates directory, string, required. * `username` - username to authorize in web service in order to update service status, string, required in case if authorization enabled.