ahriman/docs/configuration.md

ahriman configuration

Some groups can be specified for each architecture separately. E.g. if there are build and build:x86_64 groups it will use the option from build:x86_64 for the x86_64 architecture and build for any other (architecture specific group has higher priority). In case if both groups are presented, architecture specific options will be merged into global ones overriding them.

settings group

Base configuration settings.

• include - path to directory with configuration files overrides, string, required.
• logging - path to logging configuration, string, required. Check logging.ini for reference.

alpm group

libalpm and AUR related configuration.

• aur_url - base url for AUR, string, required.
• database - path to pacman local database cache, string, required.
• repositories - list of pacman repositories, space separated list of strings, required.
• root - root for alpm library, string, required.

auth group

Base authorization settings. OAuth provider requires aioauth-client library to be installed.

• target - specifies authorization provider, string, optional, default disabled. Allowed values are disabled, configuration, oauth.
• client_id - OAuth2 application client ID, string, required in case if oauth is used.
• client_secret - OAuth2 application client secret key, string, required in case if oauth is used.
• max_age - parameter which controls both cookie expiration and token expiration inside the service, integer, optional, default is 7 days.
• oauth_provider - OAuth2 provider class name as is in aioauth-client (e.g. GoogleClient, GithubClient etc), string, required in case if oauth is used.
• oauth_scopes - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. https://www.googleapis.com/auth/userinfo.email for GoogleClient or user:email for GithubClient, space separated list of strings, required in case if oauth is used.
• safe_build_status - allow requesting status page without authorization, boolean, required.
• salt - password hash salt, string, required in case if authorization enabled (automatically generated by create-user subcommand).

auth:* groups

Authorization mapping. Group name must refer to user access level, i.e. it should be one of auth:read (read hidden pages), auth:write (everything is allowed).

Key is always username (case-insensitive), option value depends on authorization provider:

• OAuth - by default requires only usernames and ignores values. But in case of direct login method call (via POST request) it will act as Mapping authorization method.
• Mapping (default) - reads salted password hashes from values, uses SHA512 in order to hash passwords. Password can be set by using create-user subcommand.

build:* groups

Build related configuration. Group name must refer to architecture, e.g. it should be build:x86_64 for x86_64 architecture.

• archbuild_flags - additional flags passed to archbuild command, space separated list of strings, optional.
• build_command - default build command, string, required.
• ignore_packages - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional.
• makepkg_flags - additional flags passed to makepkg command, space separated list of strings, optional.
• makechrootpkg_flags - additional flags passed to makechrootpkg command, space separated list of strings, optional.

repository group

Base repository settings.

• name - repository name, string, required.
• root - root path for application, string, required.

sign:* groups

Settings for signing packages or repository. Group name must refer to architecture, e.g. it should be sign:x86_64 for x86_64 architecture.

• target - configuration flag to enable signing, space separated list of strings, required. Allowed values are package (sign each package separately), repository (sign repository database file).
• key - default PGP key, string, required. This key will also be used for database signing if enabled.
• key_* settings - PGP key which will be used for specific packages, string, optional. For example, if there is key_yay option the specified key will be used for yay package and default key for others.

report group

Report generation settings.

• target - list of reports to be generated, space separated list of strings, required. It must point to valid section (or to section with architecture), e.g. somerandomname must point to existing section, email must point to one of email of email:x86_64 (with architecture it has higher priority).

Type will be read from several ways:

• In case if type option set inside the section, it will be used.
• Otherwise, it will look for type from section name removing architecture name.
• And finally, it will use section name as type.

email type

Section name must be either email (plus optional architecture name, e.g. email:x86_64) or random name with type set.

• type - type of the report, string, optional, must be set to email if exists.
• full_template_path - path to Jinja2 template for full package description index, string, optional.
• homepage - link to homepage, string, optional.
• host - SMTP host for sending emails, string, required.
• link_path - prefix for HTML links, string, required.
• no_empty_report - skip report generation for empty packages list, boolean, optional, default yes.
• password - SMTP password to authenticate, string, optional.
• port - SMTP port for sending emails, int, required.
• receivers - SMTP receiver addresses, space separated list of strings, required.
• sender - SMTP sender address, string, required.
• ssl - SSL mode for SMTP connection, one of ssl, starttls, disabled, optional, default disabled.
• template_path - path to Jinja2 template, string, required.
• user - SMTP user to authenticate, string, optional.

html type

Section name must be either html (plus optional architecture name, e.g. html:x86_64) or random name with type set.

• type - type of the report, string, optional, must be set to html if exists.
• path - path to html report file, string, required.
• homepage - link to homepage, string, optional.
• link_path - prefix for HTML links, string, required.
• template_path - path to Jinja2 template, string, required.

upload group

Remote synchronization settings.

• target - list of synchronizations to be used, space separated list of strings, required. It must point to valid section (or to section with architecture), e.g. somerandomname must point to existing section, github must point to one of github of github:x86_64 (with architecture it has higher priority).

Type will be read from several ways:

• In case if type option set inside the section, it will be used.
• Otherwise, it will look for type from section name removing architecture name.
• And finally, it will use section name as type.

github type

This feature requires Github key creation (see below). Section name must be either github (plus optional architecture name, e.g. github:x86_64) or random name with type set.

• type - type of the upload, string, optional, must be set to github if exists.
• owner - Github repository owner, string, required.
• password - created Github API key. In order to create it do the following:
  1. Go to settings page.
  2. Switch to developers settings.
  3. Switch to personal access tokens.
  4. Generate new token. Required scope is public_repo (or repo for private repository support).
• repository - Github repository name, string, required. Repository must be created before any action and must have active branch (e.g. with readme).
• username - Github authorization user, string, required. Basically the same as owner.

rsync type

Requires rsync package to be installed. Do not forget to configure ssh for user ahriman. Section name must be either rsync (plus optional architecture name, e.g. rsync:x86_64) or random name with type set.

• type - type of the upload, string, optional, must be set to rsync if exists.
• command - rsync command to run, space separated list of string, required.
• remote - remote server to rsync (e.g. 1.2.3.4:path/to/sync), string, required.

s3 type

Requires boto3 library to be installed. Section name must be either s3 (plus optional architecture name, e.g. s3:x86_64) or random name with type set.

• type - type of the upload, string, optional, must be set to github if exists.
• access_key - AWS access key ID, string, required.
• bucket - bucket name (e.g. bucket), string, required.
• chunk_size - chunk size for calculating entity tags, int, optional, default 8 * 1024 * 1024.
• region - bucket region (e.g. eu-central-1), string, required.
• secret_key - AWS secret access key, string, required.

web:* groups

Web server settings. If any of host/port is not set, web integration will be disabled. Group name must refer to architecture, e.g. it should be web:x86_64 for x86_64 architecture. This feature requires aiohttp libraries to be installed.

• address - optional address in form proto://host:port (port can be omitted in case of default proto ports), will be used instead of http://{host}:{port} in case if set, string, optional. This option is required in case if OAuth provider is used.
• debug - enable debug toolbar, boolean, optional, default no.
• debug_check_host - check hosts to access debug toolbar, boolean, optional, default no.
• debug_allowed_hosts - allowed hosts to get access to debug toolbar, space separated list of string, optional.
• host - host to bind, string, optional.
• index_url - full url of the repository index page, string, optional.
• password - password to authorize in web service in order to update service status, string, required in case if authorization enabled.
• port - port to bind, int, optional.
• static_path - path to directory with static files, string, required.
• templates - path to templates directory, string, required.
• username - username to authorize in web service in order to update service status, string, required in case if authorization enabled.