mirror of
https://github.com/arcan1s/ahriman.git
synced 2025-04-24 15:27:17 +00:00
Evgeniy Alekseev
20962f0385
In this feature target option must allways point to section name instead of type. Type will be read from type option. In case if type option is not presented it will try to check if section with architecture exists (e.g. target = email, section = email:x86_64); if it does, the correct section name and type will be used. Otherwise it will check if the specified section exists; if it does, seection name and type will be returned.
168 lines
10 KiB
Markdown
168 lines
10 KiB
Markdown
# ahriman configuration
|
|
|
|
Some groups can be specified for each architecture separately. E.g. if there are `build` and `build:x86_64` groups it will use the option from `build:x86_64` for the `x86_64` architecture and `build` for any other (architecture specific group has higher priority). In case if both groups are presented, architecture specific options will be merged into global ones overriding them.
|
|
|
|
## `settings` group
|
|
|
|
Base configuration settings.
|
|
|
|
* `include` - path to directory with configuration files overrides, string, required.
|
|
* `logging` - path to logging configuration, string, required. Check `logging.ini` for reference.
|
|
|
|
## `alpm` group
|
|
|
|
libalpm and AUR related configuration.
|
|
|
|
* `aur_url` - base url for AUR, string, required.
|
|
* `database` - path to pacman local database cache, string, required.
|
|
* `repositories` - list of pacman repositories, space separated list of strings, required.
|
|
* `root` - root for alpm library, string, required.
|
|
|
|
## `auth` group
|
|
|
|
Base authorization settings. `OAuth` provider requires `aioauth-client` library to be installed.
|
|
|
|
* `target` - specifies authorization provider, string, optional, default `disabled`. Allowed values are `disabled`, `configuration`, `oauth`.
|
|
* `client_id` - OAuth2 application client ID, string, required in case if `oauth` is used.
|
|
* `client_secret` - OAuth2 application client secret key, string, required in case if `oauth` is used.
|
|
* `max_age` - parameter which controls both cookie expiration and token expiration inside the service, integer, optional, default is 7 days.
|
|
* `oauth_provider` - OAuth2 provider class name as is in `aioauth-client` (e.g. `GoogleClient`, `GithubClient` etc), string, required in case if `oauth` is used.
|
|
* `oauth_scopes` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. `https://www.googleapis.com/auth/userinfo.email` for `GoogleClient` or `user:email` for `GithubClient`, space separated list of strings, required in case if `oauth` is used.
|
|
* `safe_build_status` - allow requesting status page without authorization, boolean, required.
|
|
* `salt` - password hash salt, string, required in case if authorization enabled (automatically generated by `create-user` subcommand).
|
|
|
|
## `auth:*` groups
|
|
|
|
Authorization mapping. Group name must refer to user access level, i.e. it should be one of `auth:read` (read hidden pages), `auth:write` (everything is allowed).
|
|
|
|
Key is always username (case-insensitive), option value depends on authorization provider:
|
|
|
|
* `OAuth` - by default requires only usernames and ignores values. But in case of direct login method call (via POST request) it will act as `Mapping` authorization method.
|
|
* `Mapping` (default) - reads salted password hashes from values, uses SHA512 in order to hash passwords. Password can be set by using `create-user` subcommand.
|
|
|
|
## `build:*` groups
|
|
|
|
Build related configuration. Group name must refer to architecture, e.g. it should be `build:x86_64` for x86_64 architecture.
|
|
|
|
* `archbuild_flags` - additional flags passed to `archbuild` command, space separated list of strings, optional.
|
|
* `build_command` - default build command, string, required.
|
|
* `ignore_packages` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional.
|
|
* `makepkg_flags` - additional flags passed to `makepkg` command, space separated list of strings, optional.
|
|
* `makechrootpkg_flags` - additional flags passed to `makechrootpkg` command, space separated list of strings, optional.
|
|
|
|
## `repository` group
|
|
|
|
Base repository settings.
|
|
|
|
* `name` - repository name, string, required.
|
|
* `root` - root path for application, string, required.
|
|
|
|
## `sign:*` groups
|
|
|
|
Settings for signing packages or repository. Group name must refer to architecture, e.g. it should be `sign:x86_64` for x86_64 architecture.
|
|
|
|
* `target` - configuration flag to enable signing, space separated list of strings, required. Allowed values are `package` (sign each package separately), `repository` (sign repository database file).
|
|
* `key` - default PGP key, string, required. This key will also be used for database signing if enabled.
|
|
* `key_*` settings - PGP key which will be used for specific packages, string, optional. For example, if there is `key_yay` option the specified key will be used for yay package and default key for others.
|
|
|
|
## `report` group
|
|
|
|
Report generation settings.
|
|
|
|
* `target` - list of reports to be generated, space separated list of strings, required. It must point to valid section (or to section with architecture), e.g. `somerandomname` must point to existing section, `email` must point to one of `email` of `email:x86_64` (with architecture it has higher priority).
|
|
|
|
Type will be read from several ways:
|
|
|
|
* In case if `type` option set inside the section, it will be used.
|
|
* Otherwise, it will look for type from section name removing architecture name.
|
|
* And finally, it will use section name as type.
|
|
|
|
### `email` type
|
|
|
|
Section name must be either `email` (plus optional architecture name, e.g. `email:x86_64`) or random name with `type` set.
|
|
|
|
* `type` - type of the report, string, optional, must be set to `email` if exists.
|
|
* `full_template_path` - path to Jinja2 template for full package description index, string, optional.
|
|
* `homepage` - link to homepage, string, optional.
|
|
* `host` - SMTP host for sending emails, string, required.
|
|
* `link_path` - prefix for HTML links, string, required.
|
|
* `no_empty_report` - skip report generation for empty packages list, boolean, optional, default `yes`.
|
|
* `password` - SMTP password to authenticate, string, optional.
|
|
* `port` - SMTP port for sending emails, int, required.
|
|
* `receivers` - SMTP receiver addresses, space separated list of strings, required.
|
|
* `sender` - SMTP sender address, string, required.
|
|
* `ssl` - SSL mode for SMTP connection, one of `ssl`, `starttls`, `disabled`, optional, default `disabled`.
|
|
* `template_path` - path to Jinja2 template, string, required.
|
|
* `user` - SMTP user to authenticate, string, optional.
|
|
|
|
### `html` type
|
|
|
|
Section name must be either `html` (plus optional architecture name, e.g. `html:x86_64`) or random name with `type` set.
|
|
|
|
* `type` - type of the report, string, optional, must be set to `html` if exists.
|
|
* `path` - path to html report file, string, required.
|
|
* `homepage` - link to homepage, string, optional.
|
|
* `link_path` - prefix for HTML links, string, required.
|
|
* `template_path` - path to Jinja2 template, string, required.
|
|
|
|
## `upload` group
|
|
|
|
Remote synchronization settings.
|
|
|
|
* `target` - list of synchronizations to be used, space separated list of strings, required. It must point to valid section (or to section with architecture), e.g. `somerandomname` must point to existing section, `github` must point to one of `github` of `github:x86_64` (with architecture it has higher priority).
|
|
|
|
Type will be read from several ways:
|
|
|
|
* In case if `type` option set inside the section, it will be used.
|
|
* Otherwise, it will look for type from section name removing architecture name.
|
|
* And finally, it will use section name as type.
|
|
|
|
### `github` type
|
|
|
|
This feature requires Github key creation (see below). Section name must be either `github` (plus optional architecture name, e.g. `github:x86_64`) or random name with `type` set.
|
|
|
|
* `type` - type of the upload, string, optional, must be set to `github` if exists.
|
|
* `owner` - Github repository owner, string, required.
|
|
* `password` - created Github API key. In order to create it do the following:
|
|
1. Go to [settings page](https://github.com/settings/profile).
|
|
2. Switch to [developers settings](https://github.com/settings/apps).
|
|
3. Switch to [personal access tokens](https://github.com/settings/tokens).
|
|
4. Generate new token. Required scope is `public_repo` (or `repo` for private repository support).
|
|
* `repository` - Github repository name, string, required. Repository must be created before any action and must have active branch (e.g. with readme).
|
|
* `username` - Github authorization user, string, required. Basically the same as `owner`.
|
|
|
|
### `rsync` type
|
|
|
|
Requires `rsync` package to be installed. Do not forget to configure ssh for user `ahriman`. Section name must be either `rsync` (plus optional architecture name, e.g. `rsync:x86_64`) or random name with `type` set.
|
|
|
|
* `type` - type of the upload, string, optional, must be set to `rsync` if exists.
|
|
* `command` - rsync command to run, space separated list of string, required.
|
|
* `remote` - remote server to rsync (e.g. `1.2.3.4:path/to/sync`), string, required.
|
|
|
|
### `s3` type
|
|
|
|
Requires `boto3` library to be installed. Section name must be either `s3` (plus optional architecture name, e.g. `s3:x86_64`) or random name with `type` set.
|
|
|
|
* `type` - type of the upload, string, optional, must be set to `github` if exists.
|
|
* `access_key` - AWS access key ID, string, required.
|
|
* `bucket` - bucket name (e.g. `bucket`), string, required.
|
|
* `chunk_size` - chunk size for calculating entity tags, int, optional, default 8 * 1024 * 1024.
|
|
* `region` - bucket region (e.g. `eu-central-1`), string, required.
|
|
* `secret_key` - AWS secret access key, string, required.
|
|
|
|
## `web:*` groups
|
|
|
|
Web server settings. If any of `host`/`port` is not set, web integration will be disabled. Group name must refer to architecture, e.g. it should be `web:x86_64` for x86_64 architecture. This feature requires `aiohttp` libraries to be installed.
|
|
|
|
* `address` - optional address in form `proto://host:port` (`port` can be omitted in case of default `proto` ports), will be used instead of `http://{host}:{port}` in case if set, string, optional. This option is required in case if `OAuth` provider is used.
|
|
* `debug` - enable debug toolbar, boolean, optional, default `no`.
|
|
* `debug_check_host` - check hosts to access debug toolbar, boolean, optional, default `no`.
|
|
* `debug_allowed_hosts` - allowed hosts to get access to debug toolbar, space separated list of string, optional.
|
|
* `host` - host to bind, string, optional.
|
|
* `index_url` - full url of the repository index page, string, optional.
|
|
* `password` - password to authorize in web service in order to update service status, string, required in case if authorization enabled.
|
|
* `port` - port to bind, int, optional.
|
|
* `static_path` - path to directory with static files, string, required.
|
|
* `templates` - path to templates directory, string, required.
|
|
* `username` - username to authorize in web service in order to update service status, string, required in case if authorization enabled.
|