--- core: baseUrl: ${BASE_URL:""} userAgentCustomization: "CasC test" connectionTimeout: 60 connectionRetryAttempts: 10 # httpProxy: # host: proxy.internal.lan # port: 3128 # username: nexus-user # password: ${PROXY_PASSWORD} # httpsProxy: # host: proxy.internal.lan # port: 3128 # username: nexus-user # password: ${PROXY_PASSWORD} # ntlmHost: dc.internal.lan # ntlmDomain: internal.lan # nonProxyHosts: # - host1.internal.lan # - host2.internal.lan capabilities: - type: analytics-configuration enabled: false - type: OutreachManagementCapability enabled: false security: anonymousAccess: true pruneUsers: true realms: - name: "DockerToken" enabled: true - name: "NpmToken" enabled: true - name: "NuGetApiKey" enabled: true privileges: - id: system-repository-admin-docker-docker-proxy-update enabled: true name: system-repository-admin-docker-docker-proxy-update description: Permit update to docker-proxy repository configuration type: repository-admin properties: format: docker repository: docker-proxy actions: read,update roles: - id: ui-minimal enabled: true source: default name: ui-minimal description: "UI Minimal" privileges: - nx-healthcheck-read - nx-search-read - id: repository-read-docker-proxy enabled: true source: default name: repository-read-docker-proxy description: "Docker Anonymous Access for public proxy repository" privileges: - nx-repository-view-docker-docker-proxy-browse - nx-repository-view-docker-docker-proxy-read - id: repository-read-all enabled: true source: default name: repository-read-all description: "Read All permission for repositories" privileges: - nx-apikey-all - nx-repository-view-*-*-browse - nx-repository-view-*-*-read - id: repository-write-all enabled: true source: default name: repository-write-all description: "Write All permission for repositories" privileges: - nx-apikey-all - nx-repository-view-*-*-* - id: repository-read-nodejs-dist enabled: true source: default name: repository-read-nodejs-dist description: "Read permission for NodeJS Dist repository" privileges: - nx-repository-view-raw-nodejs-dist-browse - nx-repository-view-raw-nodejs-dist-read - id: repository-read-cypress-dist enabled: true source: default name: repository-read-cypress-dist description: "Read permission for Cypress Download repository" privileges: - nx-repository-view-raw-cypress-dist-browse - nx-repository-view-raw-cypress-dist-read users: - username: anonymous firstName: Anonymous lastName: User password: anonymous updateExistingPassword: false email: anonymous@example.org roles: - source: "default" role: ui-minimal - source: "default" role: repository-read-cypress-dist - source: "default" role: repository-read-docker-proxy - source: "default" role: repository-read-nodejs-dist - username: johndoe firstName: John lastName: Doe password: "${file:/run/secrets/password_johndoe}" updateExistingPassword: true email: johndoe@example.org roles: - source: "default" role: nx-admin - username: janedoe firstName: Jane lastName: Doe password: changeme updateExistingPassword: false email: janedoe@example.org roles: - source: "default" role: ui-minimal - source: "default" role: repository-write-all repository: pruneBlobStores: true blobStores: - name: apt type: File attributes: file: path: apt blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: docker type: File attributes: file: path: docker blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: golang type: File attributes: file: path: golang blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: maven type: File attributes: file: path: maven blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: npm type: File attributes: file: path: npm blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: nuget type: File attributes: file: path: nuget blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: raw type: File attributes: file: path: raw blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: rubygems type: File attributes: file: path: rubygems blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: pypi type: File attributes: file: path: pypi blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota - name: yum type: File attributes: file: path: yum blobStoreQuotaConfig: quotaLimitBytes: 10240000000 quotaType: spaceUsedQuota pruneCleanupPolicies: true cleanupPolicies: - name: cleanup-everything format: ALL_FORMATS notes: '' criteria: lastDownloaded: 864000 - name: cleanup-apt-proxy format: apt notes: '' criteria: lastDownloaded: 864000 - name: cleanup-docker-proxy format: docker notes: '' criteria: lastDownloaded: 864000 - name: cleanup-golang-proxy format: go notes: '' criteria: lastDownloaded: 864000 - name: cleanup-maven-proxy format: maven2 notes: '' criteria: lastDownloaded: 864000 - name: cleanup-npm-proxy format: npm notes: '' criteria: lastDownloaded: 864000 - name: cleanup-nuget-proxy format: nuget notes: '' criteria: lastDownloaded: 864000 - name: cleanup-pypi-proxy format: pypi notes: '' criteria: lastDownloaded: 864000 - name: cleanup-raw-proxy format: raw notes: '' criteria: lastDownloaded: 864000 - name: cleanup-rubygems-proxy format: rubygems notes: '' criteria: lastDownloaded: 864000 - name: cleanup-yum-proxy format: yum notes: '' criteria: lastDownloaded: 864000 pruneRepositories: true repositories: # https://help.sonatype.com/repomanager3/formats/apt-repositories - name: apt-hosted online: true recipeName: apt-hosted attributes: apt: distribution: focal aptSigning: keypair: "${file:/run/secrets/gpg_key_example}" passphrase: "${file:/run/secrets/gpg_passphrase_example}" storage: blobStoreName: apt strictContentTypeValidation: true writePolicy: ALLOW_ONCE cleanup: policyName: - None - name: apt-ubuntu online: true recipeName: apt-proxy attributes: apt: distribution: focal aptSigning: keypair: "${file:/run/secrets/gpg_key_example}" passphrase: "${file:/run/secrets/gpg_passphrase_example}" proxy: contentMaxAge: -1 remoteUrl: https://archive.ubuntu.com/ubuntu/ metadataMaxAge: 1440 storage: blobStoreName: apt strictContentTypeValidation: true writePolicy: ALLOW_ONCE cleanup: policyName: - cleanup-apt-proxy - name: chromedriver-dist online: true recipeName: raw-proxy attributes: raw: contentDisposition: ATTACHMENT proxy: remoteUrl: https://chromedriver.storage.googleapis.com/ contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: raw strictContentTypeValidation: true negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-raw-proxy - name: cypress-dist online: true recipeName: raw-proxy attributes: raw: contentDisposition: ATTACHMENT proxy: remoteUrl: https://download.cypress.io/ contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: raw strictContentTypeValidation: true negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-raw-proxy # https://help.sonatype.com/repomanager3/formats/docker-registry - name: docker-hosted online: true recipeName: docker-hosted attributes: docker: forceBasicAuth: true # Do not permit anonymous access to this repository v1Enabled: true # httpPort: 8082 # Uncomment to activate # httpsPort: 8083 # Requires Nexus Jetty be configured to use SSL Certificates storage: blobStoreName: docker strictContentTypeValidation: true writePolicy: ALLOW cleanup: policyName: - None - name: docker-proxy online: true recipeName: docker-proxy attributes: docker: forceBasicAuth: false # Allow anonymous access v1Enabled: true proxy: remoteUrl: https://registry-1.docker.io contentMaxAge: -1.0 metadataMaxAge: 1440.0 dockerProxy: indexType: HUB cacheForeignLayers: true foreignLayerUrlWhitelist: - '.*' httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: docker strictContentTypeValidation: true routingRules: routingRuleId: null negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-docker-proxy - name: docker online: true recipeName: docker-group attributes: docker: forceBasicAuth: false # Each repo uses its own setting v1Enabled: true storage: blobStoreName: docker strictContentTypeValidation: true group: memberNames: - "docker-hosted" - "docker-proxy" # https://help.sonatype.com/repomanager3/formats/go-repositories # GOPROXY should point to the _group_ repository URL # golang requires anonymous access for this to work - name: golang-gonexus-proxy online: true recipeName: go-proxy attributes: golang: forceBasicAuth: false # Allow anonymous access v1Enabled: true proxy: remoteUrl: https://gonexus.dev contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: golang strictContentTypeValidation: true routingRules: routingRuleId: null negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-golang-proxy - name: golang-group online: true recipeName: go-group attributes: golang: forceBasicAuth: false # Each repo uses its own setting v1Enabled: true storage: blobStoreName: golang strictContentTypeValidation: true group: memberNames: - "golang-gonexus-proxy" # https://help.sonatype.com/repomanager3/formats/maven-repositories - name: maven-snapshots online: true recipeName: maven2-hosted attributes: maven: versionPolicy: SNAPSHOT layoutPolicy: STRICT storage: writePolicy: ALLOW strictContentTypeValidation: true blobStoreName: maven - name: maven-releases online: true recipeName: maven2-hosted attributes: maven: versionPolicy: RELEASE layoutPolicy: STRICT storage: writePolicy: ALLOW_ONCE strictContentTypeValidation: true blobStoreName: maven - name: maven-central online: true recipeName: maven2-proxy attributes: proxy: contentMaxAge: -1 remoteUrl: https://repo1.maven.org/maven2/ metadataMaxAge: 1440 negativeCache: timeToLive: 1440 enabled: true storage: strictContentTypeValidation: false blobStoreName: maven httpclient: connection: blocked: false autoBlock: true maven: versionPolicy: RELEASE layoutPolicy: PERMISSIVE cleanup: policyName: - cleanup-maven-proxy - name: maven online: true recipeName: maven2-group attributes: maven: versionPolicy: MIXED group: memberNames: - "maven-snapshots" - "maven-releases" - "maven-central" storage: blobStoreName: maven # https://help.sonatype.com/repomanager3/formats/npm-registry - name: npm-hosted online: true recipeName: npm-hosted attributes: storage: blobStoreName: npm strictContentTypeValidation: true writePolicy: ALLOW_ONCE cleanup: policyName: - None - name: npm-proxy online: true recipeName: npm-proxy attributes: proxy: remoteUrl: https://registry.npmjs.org contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: npm strictContentTypeValidation: true routingRules: routingRuleId: null negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-npm-proxy - name: npm online: true recipeName: npm-group attributes: storage: blobStoreName: npm strictContentTypeValidation: true group: memberNames: - "npm-proxy" - "npm-hosted" # NuGet Support: https://help.sonatype.com/repomanager3/formats/nuget-repositories # v3 URLs must be used if v3 proxy is present - name: nuget-proxy online: true recipeName: nuget-proxy attributes: proxy: remoteUrl: https://api.nuget.org/v3/index.json contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: nuget strictContentTypeValidation: true negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-nuget-proxy - name: nuget-hosted online: true recipeName: nuget-hosted attributes: storage: blobStoreName: nuget strictContentTypeValidation: true writePolicy: ALLOW_ONCE - name: nuget online: true recipeName: nuget-group attributes: storage: blobStoreName: nuget strictContentTypeValidation: true group: memberNames: - "nuget-hosted" - "nuget-proxy" # https://help.sonatype.com/repomanager3/formats/pypi-repositories - name: pypi-proxy online: true recipeName: pypi-proxy attributes: proxy: remoteUrl: https://pypi.org/ contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: pypi strictContentTypeValidation: true negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-pypi-proxy - name: pypi-hosted online: true recipeName: pypi-hosted attributes: storage: blobStoreName: pypi strictContentTypeValidation: true writePolicy: ALLOW_ONCE - name: pypi-group online: true recipeName: pypi-group attributes: storage: blobStoreName: pypi strictContentTypeValidation: true group: memberNames: - "pypi-hosted" - "pypi-proxy" # https://help.sonatype.com/repomanager3/formats/raw-repositories - name: raw-hosted online: true recipeName: raw-hosted attributes: storage: blobStoreName: raw strictContentTypeValidation: true writePolicy: ALLOW cleanup: policyName: - None # How to configure proprietary component - requires Nexus firewall raw: contentDisposition: ATTACHMENT # or inline component: proprietaryComponents: true - name: nodejs-dist online: true recipeName: raw-proxy attributes: raw: contentDisposition: ATTACHMENT proxy: remoteUrl: https://nodejs.org/dist/ contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: raw strictContentTypeValidation: true negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-raw-proxy # https://help.sonatype.com/repomanager3/formats/rubygems-repositories - name: rubygems-proxy online: true recipeName: rubygems-proxy attributes: proxy: remoteUrl: https://rubygems.org/ contentMaxAge: -1.0 metadataMaxAge: 1440.0 httpclient: blocked: false autoBlock: true connection: useTrustStore: false storage: blobStoreName: rubygems strictContentTypeValidation: true negativeCache: enabled: true timeToLive: 1440.0 cleanup: policyName: - cleanup-rubygems-proxy - name: rubygems-hosted online: true recipeName: rubygems-hosted attributes: storage: blobStoreName: rubygems strictContentTypeValidation: true writePolicy: ALLOW_ONCE - name: rubygems-group online: true recipeName: rubygems-group attributes: storage: blobStoreName: rubygems strictContentTypeValidation: true group: memberNames: - "rubygems-hosted" - "rubygems-proxy" # https://help.sonatype.com/repomanager3/formats/yum-repositories # Please read the documentation around repodataDepth - name: yum-hosted online: true recipeName: yum-hosted attributes: yum: repodataDepth: 3 deployPolicy: STRICT # PERMISSIVE for maven yum deployment storage: blobStoreName: yum strictContentTypeValidation: true writePolicy: ALLOW cleanup: policyName: - None - name: yum-centos online: true recipeName: yum-proxy attributes: yum: repodataDepth: 3 deployPolicy: STRICT # PERMISSIVE for maven yum deployment yumSigning: keypair: "${file:/run/secrets/gpg_key_example}" passphrase: "${file:/run/secrets/gpg_passphrase_example}" httpclient: blocked: false autoBlock: true connection: useTrustStore: false negativeCache: enabled: true timeToLive: 1440.0 proxy: contentMaxAge: -1 remoteUrl: http://mirror.centos.org/centos/ metadataMaxAge: 1440 storage: blobStoreName: yum strictContentTypeValidation: true writePolicy: ALLOW_ONCE cleanup: policyName: - cleanup-yum-proxy - name: yum-group online: true recipeName: yum-group attributes: group: memberNames: - yum-hosted - yum-centos yumSigning: keypair: "${file:/run/secrets/gpg_key_example}" passphrase: "${file:/run/secrets/gpg_passphrase_example}" storage: blobStoreName: yum strictContentTypeValidation: true cleanup: policyName: - cleanup-yum-proxy