From e32c182728de358ce91c353db95ccf8560f89e50 Mon Sep 17 00:00:00 2001 From: Adphi Date: Tue, 13 Dec 2022 16:11:28 +0100 Subject: [PATCH] init Signed-off-by: Adphi --- .gitignore | 4 + .terraform.lock.hcl | 21 + README.md | 15 + main.tf | 5 + modules/nexus_image/main.tf | 27 ++ modules/nexus_image/output.tf | 4 + modules/nexus_image/variables.tf | 14 + test/default-nexus.yml | 802 +++++++++++++++++++++++++++++++ test/docker-compose.yaml | 29 ++ test/gpg-example.key | 35 ++ test/gpg-example.passphrase | 1 + test/gpg-example.pub | 19 + test/password_johndoe | 1 + 13 files changed, 977 insertions(+) create mode 100644 .gitignore create mode 100644 .terraform.lock.hcl create mode 100644 README.md create mode 100644 main.tf create mode 100644 modules/nexus_image/main.tf create mode 100644 modules/nexus_image/output.tf create mode 100644 modules/nexus_image/variables.tf create mode 100644 test/default-nexus.yml create mode 100644 test/docker-compose.yaml create mode 100644 test/gpg-example.key create mode 100644 test/gpg-example.passphrase create mode 100644 test/gpg-example.pub create mode 100644 test/password_johndoe diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1dc0d77 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +tmp/ +.terraform +terraform.tfstate** +.idea diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..31df3a3 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,21 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/null" { + version = "3.2.1" + hashes = [ + "h1:tSj1mL6OQ8ILGqR2mDu7OYYYWf+hoir0pf9KAQ8IzO8=", + "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840", + "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb", + "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5", + "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238", + "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc", + "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970", + "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2", + "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5", + "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f", + "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694", + ] +} diff --git a/README.md b/README.md new file mode 100644 index 0000000..8318d9d --- /dev/null +++ b/README.md @@ -0,0 +1,15 @@ +# Nexus with casc plugin example + + +```bash +git clone https://git.adphi.net/adphi/nexus-casc-terraform-example +cd nexus-casc-terraform-example + +# edit variables to customize image / version, etc in main.tf +# terraform init +# terraform plan +# terraform apply + +# or use the pre-build image (adphi/nexus3:3.41.1-casc) +docker-compose --project-directory test up +``` diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..294bafa --- /dev/null +++ b/main.tf @@ -0,0 +1,5 @@ +module "nexus_image" { + source = "./modules/nexus_image" + nexus_image = "adphi/nexus3:3.41.1-casc" + nexus_version = "3.41.1" +} diff --git a/modules/nexus_image/main.tf b/modules/nexus_image/main.tf new file mode 100644 index 0000000..648a98e --- /dev/null +++ b/modules/nexus_image/main.tf @@ -0,0 +1,27 @@ +locals { + tmp_dir = "${path.root}/tmp/nexus-casc-plugin" +} + +resource "null_resource" "nexus_image" { + provisioner "local-exec" { + command = "mkdir -p ${local.tmp_dir}" + working_dir = path.root + } + provisioner "local-exec" { + command = "git clone ${var.nexus_repo_url} ${local.tmp_dir}" + working_dir = path.root + } + provisioner "local-exec" { + command = "git checkout v${var.nexus_version}-01.0" + working_dir = local.tmp_dir + } + provisioner "local-exec" { + command = "docker build --pull -t ${var.nexus_image} ${local.tmp_dir}" + } + provisioner "local-exec" { + command = "docker push ${var.nexus_image}" + } + provisioner "local-exec" { + command = "rm -rf ${local.tmp_dir}" + } +} diff --git a/modules/nexus_image/output.tf b/modules/nexus_image/output.tf new file mode 100644 index 0000000..fca76f8 --- /dev/null +++ b/modules/nexus_image/output.tf @@ -0,0 +1,4 @@ +output "nexus_image" { + depends_on = [null_resource.nexus_image] + value = var.nexus_image +} diff --git a/modules/nexus_image/variables.tf b/modules/nexus_image/variables.tf new file mode 100644 index 0000000..de17baf --- /dev/null +++ b/modules/nexus_image/variables.tf @@ -0,0 +1,14 @@ +variable "nexus_repo_url" { + type = string + default = "https://github.com/AdaptiveConsulting/nexus-casc-plugin" +} + +variable nexus_version { + type = string + default = "3.41.1" +} + +variable nexus_image { + type = string + default = "adphi/nexus3:3.41.1-casc" +} diff --git a/test/default-nexus.yml b/test/default-nexus.yml new file mode 100644 index 0000000..bdf9603 --- /dev/null +++ b/test/default-nexus.yml @@ -0,0 +1,802 @@ +--- +core: + baseUrl: ${BASE_URL:""} + userAgentCustomization: "CasC test" + connectionTimeout: 60 + connectionRetryAttempts: 10 + # httpProxy: + # host: proxy.internal.lan + # port: 3128 + # username: nexus-user + # password: ${PROXY_PASSWORD} + # httpsProxy: + # host: proxy.internal.lan + # port: 3128 + # username: nexus-user + # password: ${PROXY_PASSWORD} + # ntlmHost: dc.internal.lan + # ntlmDomain: internal.lan + # nonProxyHosts: + # - host1.internal.lan + # - host2.internal.lan +capabilities: + - type: analytics-configuration + enabled: false + - type: OutreachManagementCapability + enabled: false +security: + anonymousAccess: true + pruneUsers: true + realms: + - name: "DockerToken" + enabled: true + - name: "NpmToken" + enabled: true + - name: "NuGetApiKey" + enabled: true + privileges: + - id: system-repository-admin-docker-docker-proxy-update + enabled: true + name: system-repository-admin-docker-docker-proxy-update + description: Permit update to docker-proxy repository configuration + type: repository-admin + properties: + format: docker + repository: docker-proxy + actions: read,update + roles: + - id: ui-minimal + enabled: true + source: default + name: ui-minimal + description: "UI Minimal" + privileges: + - nx-healthcheck-read + - nx-search-read + - id: repository-read-docker-proxy + enabled: true + source: default + name: repository-read-docker-proxy + description: "Docker Anonymous Access for public proxy repository" + privileges: + - nx-repository-view-docker-docker-proxy-browse + - nx-repository-view-docker-docker-proxy-read + - id: repository-read-all + enabled: true + source: default + name: repository-read-all + description: "Read All permission for repositories" + privileges: + - nx-apikey-all + - nx-repository-view-*-*-browse + - nx-repository-view-*-*-read + - id: repository-write-all + enabled: true + source: default + name: repository-write-all + description: "Write All permission for repositories" + privileges: + - nx-apikey-all + - nx-repository-view-*-*-* + - id: repository-read-nodejs-dist + enabled: true + source: default + name: repository-read-nodejs-dist + description: "Read permission for NodeJS Dist repository" + privileges: + - nx-repository-view-raw-nodejs-dist-browse + - nx-repository-view-raw-nodejs-dist-read + - id: repository-read-cypress-dist + enabled: true + source: default + name: repository-read-cypress-dist + description: "Read permission for Cypress Download repository" + privileges: + - nx-repository-view-raw-cypress-dist-browse + - nx-repository-view-raw-cypress-dist-read + users: + - username: anonymous + firstName: Anonymous + lastName: User + password: anonymous + updateExistingPassword: false + email: anonymous@example.org + roles: + - source: "default" + role: ui-minimal + - source: "default" + role: repository-read-cypress-dist + - source: "default" + role: repository-read-docker-proxy + - source: "default" + role: repository-read-nodejs-dist + - username: johndoe + firstName: John + lastName: Doe + password: "${file:/run/secrets/password_johndoe}" + updateExistingPassword: true + email: johndoe@example.org + roles: + - source: "default" + role: nx-admin + - username: janedoe + firstName: Jane + lastName: Doe + password: changeme + updateExistingPassword: false + email: janedoe@example.org + roles: + - source: "default" + role: ui-minimal + - source: "default" + role: repository-write-all +repository: + pruneBlobStores: true + blobStores: + - name: apt + type: File + attributes: + file: + path: apt + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: docker + type: File + attributes: + file: + path: docker + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: golang + type: File + attributes: + file: + path: golang + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: maven + type: File + attributes: + file: + path: maven + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: npm + type: File + attributes: + file: + path: npm + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: nuget + type: File + attributes: + file: + path: nuget + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: raw + type: File + attributes: + file: + path: raw + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: rubygems + type: File + attributes: + file: + path: rubygems + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: pypi + type: File + attributes: + file: + path: pypi + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + - name: yum + type: File + attributes: + file: + path: yum + blobStoreQuotaConfig: + quotaLimitBytes: 10240000000 + quotaType: spaceUsedQuota + pruneCleanupPolicies: true + cleanupPolicies: + - name: cleanup-everything + format: ALL_FORMATS + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-apt-proxy + format: apt + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-docker-proxy + format: docker + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-golang-proxy + format: go + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-maven-proxy + format: maven2 + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-npm-proxy + format: npm + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-nuget-proxy + format: nuget + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-pypi-proxy + format: pypi + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-raw-proxy + format: raw + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-rubygems-proxy + format: rubygems + notes: '' + criteria: + lastDownloaded: 864000 + - name: cleanup-yum-proxy + format: yum + notes: '' + criteria: + lastDownloaded: 864000 + pruneRepositories: true + repositories: + # https://help.sonatype.com/repomanager3/formats/apt-repositories + - name: apt-hosted + online: true + recipeName: apt-hosted + attributes: + apt: + distribution: focal + aptSigning: + keypair: "${file:/run/secrets/gpg_key_example}" + passphrase: "${file:/run/secrets/gpg_passphrase_example}" + storage: + blobStoreName: apt + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + cleanup: + policyName: + - None + - name: apt-ubuntu + online: true + recipeName: apt-proxy + attributes: + apt: + distribution: focal + aptSigning: + keypair: "${file:/run/secrets/gpg_key_example}" + passphrase: "${file:/run/secrets/gpg_passphrase_example}" + proxy: + contentMaxAge: -1 + remoteUrl: https://archive.ubuntu.com/ubuntu/ + metadataMaxAge: 1440 + storage: + blobStoreName: apt + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + cleanup: + policyName: + - cleanup-apt-proxy + - name: chromedriver-dist + online: true + recipeName: raw-proxy + attributes: + raw: + contentDisposition: ATTACHMENT + proxy: + remoteUrl: https://chromedriver.storage.googleapis.com/ + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: raw + strictContentTypeValidation: true + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-raw-proxy + - name: cypress-dist + online: true + recipeName: raw-proxy + attributes: + raw: + contentDisposition: ATTACHMENT + proxy: + remoteUrl: https://download.cypress.io/ + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: raw + strictContentTypeValidation: true + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-raw-proxy + # https://help.sonatype.com/repomanager3/formats/docker-registry + - name: docker-hosted + online: true + recipeName: docker-hosted + attributes: + docker: + forceBasicAuth: true # Do not permit anonymous access to this repository + v1Enabled: true + # httpPort: 8082 # Uncomment to activate + # httpsPort: 8083 # Requires Nexus Jetty be configured to use SSL Certificates + storage: + blobStoreName: docker + strictContentTypeValidation: true + writePolicy: ALLOW + cleanup: + policyName: + - None + - name: docker-proxy + online: true + recipeName: docker-proxy + attributes: + docker: + forceBasicAuth: false # Allow anonymous access + v1Enabled: true + proxy: + remoteUrl: https://registry-1.docker.io + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + dockerProxy: + indexType: HUB + cacheForeignLayers: true + foreignLayerUrlWhitelist: + - '.*' + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: docker + strictContentTypeValidation: true + routingRules: + routingRuleId: null + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-docker-proxy + - name: docker + online: true + recipeName: docker-group + attributes: + docker: + forceBasicAuth: false # Each repo uses its own setting + v1Enabled: true + storage: + blobStoreName: docker + strictContentTypeValidation: true + group: + memberNames: + - "docker-hosted" + - "docker-proxy" + # https://help.sonatype.com/repomanager3/formats/go-repositories + # GOPROXY should point to the _group_ repository URL + # golang requires anonymous access for this to work + - name: golang-gonexus-proxy + online: true + recipeName: go-proxy + attributes: + golang: + forceBasicAuth: false # Allow anonymous access + v1Enabled: true + proxy: + remoteUrl: https://gonexus.dev + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: golang + strictContentTypeValidation: true + routingRules: + routingRuleId: null + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-golang-proxy + - name: golang-group + online: true + recipeName: go-group + attributes: + golang: + forceBasicAuth: false # Each repo uses its own setting + v1Enabled: true + storage: + blobStoreName: golang + strictContentTypeValidation: true + group: + memberNames: + - "golang-gonexus-proxy" + # https://help.sonatype.com/repomanager3/formats/maven-repositories + - name: maven-snapshots + online: true + recipeName: maven2-hosted + attributes: + maven: + versionPolicy: SNAPSHOT + layoutPolicy: STRICT + storage: + writePolicy: ALLOW + strictContentTypeValidation: true + blobStoreName: maven + - name: maven-releases + online: true + recipeName: maven2-hosted + attributes: + maven: + versionPolicy: RELEASE + layoutPolicy: STRICT + storage: + writePolicy: ALLOW_ONCE + strictContentTypeValidation: true + blobStoreName: maven + - name: maven-central + online: true + recipeName: maven2-proxy + attributes: + proxy: + contentMaxAge: -1 + remoteUrl: https://repo1.maven.org/maven2/ + metadataMaxAge: 1440 + negativeCache: + timeToLive: 1440 + enabled: true + storage: + strictContentTypeValidation: false + blobStoreName: maven + httpclient: + connection: + blocked: false + autoBlock: true + maven: + versionPolicy: RELEASE + layoutPolicy: PERMISSIVE + cleanup: + policyName: + - cleanup-maven-proxy + - name: maven + online: true + recipeName: maven2-group + attributes: + maven: + versionPolicy: MIXED + group: + memberNames: + - "maven-snapshots" + - "maven-releases" + - "maven-central" + storage: + blobStoreName: maven + # https://help.sonatype.com/repomanager3/formats/npm-registry + - name: npm-hosted + online: true + recipeName: npm-hosted + attributes: + storage: + blobStoreName: npm + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + cleanup: + policyName: + - None + - name: npm-proxy + online: true + recipeName: npm-proxy + attributes: + proxy: + remoteUrl: https://registry.npmjs.org + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: npm + strictContentTypeValidation: true + routingRules: + routingRuleId: null + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-npm-proxy + - name: npm + online: true + recipeName: npm-group + attributes: + storage: + blobStoreName: npm + strictContentTypeValidation: true + group: + memberNames: + - "npm-proxy" + - "npm-hosted" + # NuGet Support: https://help.sonatype.com/repomanager3/formats/nuget-repositories + # v3 URLs must be used if v3 proxy is present + - name: nuget-proxy + online: true + recipeName: nuget-proxy + attributes: + proxy: + remoteUrl: https://api.nuget.org/v3/index.json + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: nuget + strictContentTypeValidation: true + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-nuget-proxy + - name: nuget-hosted + online: true + recipeName: nuget-hosted + attributes: + storage: + blobStoreName: nuget + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + - name: nuget + online: true + recipeName: nuget-group + attributes: + storage: + blobStoreName: nuget + strictContentTypeValidation: true + group: + memberNames: + - "nuget-hosted" + - "nuget-proxy" + # https://help.sonatype.com/repomanager3/formats/pypi-repositories + - name: pypi-proxy + online: true + recipeName: pypi-proxy + attributes: + proxy: + remoteUrl: https://pypi.org/ + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: pypi + strictContentTypeValidation: true + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-pypi-proxy + - name: pypi-hosted + online: true + recipeName: pypi-hosted + attributes: + storage: + blobStoreName: pypi + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + - name: pypi-group + online: true + recipeName: pypi-group + attributes: + storage: + blobStoreName: pypi + strictContentTypeValidation: true + group: + memberNames: + - "pypi-hosted" + - "pypi-proxy" + # https://help.sonatype.com/repomanager3/formats/raw-repositories + - name: raw-hosted + online: true + recipeName: raw-hosted + attributes: + storage: + blobStoreName: raw + strictContentTypeValidation: true + writePolicy: ALLOW + cleanup: + policyName: + - None + # How to configure proprietary component - requires Nexus firewall + raw: + contentDisposition: ATTACHMENT # or inline + component: + proprietaryComponents: true + - name: nodejs-dist + online: true + recipeName: raw-proxy + attributes: + raw: + contentDisposition: ATTACHMENT + proxy: + remoteUrl: https://nodejs.org/dist/ + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: raw + strictContentTypeValidation: true + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-raw-proxy + # https://help.sonatype.com/repomanager3/formats/rubygems-repositories + - name: rubygems-proxy + online: true + recipeName: rubygems-proxy + attributes: + proxy: + remoteUrl: https://rubygems.org/ + contentMaxAge: -1.0 + metadataMaxAge: 1440.0 + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + storage: + blobStoreName: rubygems + strictContentTypeValidation: true + negativeCache: + enabled: true + timeToLive: 1440.0 + cleanup: + policyName: + - cleanup-rubygems-proxy + - name: rubygems-hosted + online: true + recipeName: rubygems-hosted + attributes: + storage: + blobStoreName: rubygems + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + - name: rubygems-group + online: true + recipeName: rubygems-group + attributes: + storage: + blobStoreName: rubygems + strictContentTypeValidation: true + group: + memberNames: + - "rubygems-hosted" + - "rubygems-proxy" + # https://help.sonatype.com/repomanager3/formats/yum-repositories + # Please read the documentation around repodataDepth + - name: yum-hosted + online: true + recipeName: yum-hosted + attributes: + yum: + repodataDepth: 3 + deployPolicy: STRICT # PERMISSIVE for maven yum deployment + storage: + blobStoreName: yum + strictContentTypeValidation: true + writePolicy: ALLOW + cleanup: + policyName: + - None + - name: yum-centos + online: true + recipeName: yum-proxy + attributes: + yum: + repodataDepth: 3 + deployPolicy: STRICT # PERMISSIVE for maven yum deployment + yumSigning: + keypair: "${file:/run/secrets/gpg_key_example}" + passphrase: "${file:/run/secrets/gpg_passphrase_example}" + httpclient: + blocked: false + autoBlock: true + connection: + useTrustStore: false + negativeCache: + enabled: true + timeToLive: 1440.0 + proxy: + contentMaxAge: -1 + remoteUrl: http://mirror.centos.org/centos/ + metadataMaxAge: 1440 + storage: + blobStoreName: yum + strictContentTypeValidation: true + writePolicy: ALLOW_ONCE + cleanup: + policyName: + - cleanup-yum-proxy + - name: yum-group + online: true + recipeName: yum-group + attributes: + group: + memberNames: + - yum-hosted + - yum-centos + yumSigning: + keypair: "${file:/run/secrets/gpg_key_example}" + passphrase: "${file:/run/secrets/gpg_passphrase_example}" + storage: + blobStoreName: yum + strictContentTypeValidation: true + cleanup: + policyName: + - cleanup-yum-proxy diff --git a/test/docker-compose.yaml b/test/docker-compose.yaml new file mode 100644 index 0000000..ca6a9ca --- /dev/null +++ b/test/docker-compose.yaml @@ -0,0 +1,29 @@ +version: '3.8' +services: + nexus: + image: 'adphi/nexus3:3.41.1-casc' + container_name: 'nexus' + user: 'nexus' + environment: + BASE_URL: 'http://localhost:8081' + NEXUS_SECURITY_RANDOMPASSWORD: 'false' + NEXUS_CASC_CONFIG: '/opt/nexus.yml' + # INSTALL4J_ADD_VM_PARAMS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005" + ports: + - 8081:8081 + expose: + - 8081 + volumes: + - './default-nexus.yml:/opt/nexus.yml:ro' + secrets: + - password_johndoe + - gpg_key_example + - gpg_passphrase_example + +secrets: + password_johndoe: + file: ./password_johndoe + gpg_key_example: + file: ./gpg-example.key + gpg_passphrase_example: + file: ./gpg-example.passphrase diff --git a/test/gpg-example.key b/test/gpg-example.key new file mode 100644 index 0000000..45412b0 --- /dev/null +++ b/test/gpg-example.key @@ -0,0 +1,35 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lQIGBGBEBNcBBADN8jxtYqw4HKbqZqEG7syfeK7MtHH3maGqmHG83vsHCTOJa8+G +CdotqU5obGhKKLsgvKj/Gm6QJkUFQY5s7DjoddOnkxZVNLcJHhPTaXQMRrYTeBi4 +25PiMajac3Y0ts/EMwh9ii/FVFAz+CIpGfhHEAWQNXZ77wQa9rav4imvSwARAQAB +/gcDAi/Ucb/jSoO2/8y1P6ayfZ9HKRIhkAmgtzOLjp9RJ247cGxpvU7v1fSt7FgX +IUTYosk4LAmj7tzx0VxP//9plMAakVoc0KnwOrybjOUxWTq5EBk9yh0MBzBzLeHG +89PqfojRC+1KBJCzl+0lJHSvt6lkJHllOTiBXLH2ofbWm2Kyb19tFRNf+RMTzQ1o +eVi66HHZgG37CDYS0lPm9YU3QDOFert/bcasqzInLON7zGG6NFth8hgK/HHMoCgT +RmdbV7V55cVAGRVa1utzuKY9JxovWKCwgCTzS50pd4B9T6xe8O7+DNapjutE/o3y +J/4x2Ae9S3A6V49ju7U6u8UVIdfaB6sWKifOqIvOc6m07NYbi5Nnz4ykrYeCqtli ++BKO5nKiRXdY4x2gDEV56DIA1f0fOCLjEKZdLodaA8Sp8iTGvVlGFcgHndISTKpk +WGDDExuJO1Ls9r7a9Z9PvOqZOE8cdib1/F18d3fl+XGdkf1CQ4D44W+0HUV4YW1w +bGUgPGV4YW1wbGVAZXhhbXBsZS5jb20+iM4EEwEKADgWIQQXa2yOr0SRmj4qjI+S +Eq/EdJf/IQUCYEQE1wIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCSEq/E +dJf/IcjBA/9z9n1BgmY1JBAEbLi7KxdY+YLE6xWq7tgg2vxwGemERGar89EDwmsr +NZCaJBURn95oVKdzQ6tabgmM/jm9lPhsMcMhMnzjUVfTQ2uE1liCJMzTcInxEWFD +WbxOgbI6OglZE4+2hpZPn/sZ2Gak/+HJy2/6tDCnnmzCnzPcYJxCeJ0CBgRgRATX +AQQAy9EPr/y4e1MDgL9LDATohmSXkCDobQeCmgI8+FY2c7cEq0LVwOPfUjDcBpBV +Pqdbg/VECNHklNUtevX1nnNdkX0cwYE4MJbx+bnNPx9QsvKoGbXmj2NmNJpWXhsZ +N/hJgwfyj407LDr6CrpSiMNpYb0QxKxtqWGwHQWjoY4TSHUAEQEAAf4HAwJgDoqE +Drn98v99ujzyo+2Vwmxd9+MBJlOaFD/LMLTmQekaUQZkTjk7jiOueNjRpFBJjpU5 +bb+8XvsyRBmJ2MDyKs47sSLFcQz//d8mms39S2r+zWTBowC1s489SZK46gdhypcs +yziw6xdjcocRoAx5gMX1PHtnTT3jtXityjgimF2MbabQ6fu9IQ1bLIt9I0Z1iYsp +WPDF91WEEfxs1W+i0RKONrfcleRIUU9wnk/X83ABQPPWZocJhfEfLWnTO+oO4lBi +3wMyF0o64IjufLjC7QRmELU3QAMVnuqdCNOLfF8xCvlaTCUAiz20xq4vZEeQjVjn +iPiCw8UV08nGfITEVOffhxj9l11CUkI/DSrgbkeLSTybs++eC/iZElDik/kQvnEm +aHMkV+EMMUY/pmZGicz3pr5zEaqHTk1lu9qZYJcNWb9kNuw7ju1z8QDN8uXW7vTJ +SSEb/TGfZh/Wr85wNzRHBnPbmFzuFdsr++qz1W4k2W4tiLYEGAEKACAWIQQXa2yO +r0SRmj4qjI+SEq/EdJf/IQUCYEQE1wIbDAAKCRCSEq/EdJf/IQ+EBACO488Na08y +NQL8mBfBtcCnwTCe7kJNHi4Jw5xciiUPC4Fu4bODCqanHBJIlEwkkz8xWw/JRj// +D8qiZ0FqJ0EbXXx8sF4UmKkcTV9c0K/9pWUMsRjRgkD5nnUp2A+LPCZFlgQZMtvh +uARFigR4P8GJyJD/aLRYc0eJSD60gn3ywA== +=Kieb +-----END PGP PRIVATE KEY BLOCK----- diff --git a/test/gpg-example.passphrase b/test/gpg-example.passphrase new file mode 100644 index 0000000..6f203d3 --- /dev/null +++ b/test/gpg-example.passphrase @@ -0,0 +1 @@ +admin123 diff --git a/test/gpg-example.pub b/test/gpg-example.pub new file mode 100644 index 0000000..1bdd14d --- /dev/null +++ b/test/gpg-example.pub @@ -0,0 +1,19 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mI0EYEQE1wEEAM3yPG1irDgcpupmoQbuzJ94rsy0cfeZoaqYcbze+wcJM4lrz4YJ +2i2pTmhsaEoouyC8qP8abpAmRQVBjmzsOOh106eTFlU0twkeE9NpdAxGthN4GLjb +k+IxqNpzdjS2z8QzCH2KL8VUUDP4IikZ+EcQBZA1dnvvBBr2tq/iKa9LABEBAAG0 +HUV4YW1wbGUgPGV4YW1wbGVAZXhhbXBsZS5jb20+iM4EEwEKADgWIQQXa2yOr0SR +mj4qjI+SEq/EdJf/IQUCYEQE1wIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK +CRCSEq/EdJf/IcjBA/9z9n1BgmY1JBAEbLi7KxdY+YLE6xWq7tgg2vxwGemERGar +89EDwmsrNZCaJBURn95oVKdzQ6tabgmM/jm9lPhsMcMhMnzjUVfTQ2uE1liCJMzT +cInxEWFDWbxOgbI6OglZE4+2hpZPn/sZ2Gak/+HJy2/6tDCnnmzCnzPcYJxCeLiN +BGBEBNcBBADL0Q+v/Lh7UwOAv0sMBOiGZJeQIOhtB4KaAjz4VjZztwSrQtXA499S +MNwGkFU+p1uD9UQI0eSU1S169fWec12RfRzBgTgwlvH5uc0/H1Cy8qgZteaPY2Y0 +mlZeGxk3+EmDB/KPjTssOvoKulKIw2lhvRDErG2pYbAdBaOhjhNIdQARAQABiLYE +GAEKACAWIQQXa2yOr0SRmj4qjI+SEq/EdJf/IQUCYEQE1wIbDAAKCRCSEq/EdJf/ +IQ+EBACO488Na08yNQL8mBfBtcCnwTCe7kJNHi4Jw5xciiUPC4Fu4bODCqanHBJI +lEwkkz8xWw/JRj//D8qiZ0FqJ0EbXXx8sF4UmKkcTV9c0K/9pWUMsRjRgkD5nnUp +2A+LPCZFlgQZMtvhuARFigR4P8GJyJD/aLRYc0eJSD60gn3ywA== +=Gdw2 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/test/password_johndoe b/test/password_johndoe new file mode 100644 index 0000000..32e9c62 --- /dev/null +++ b/test/password_johndoe @@ -0,0 +1 @@ +admin123 \ No newline at end of file