6 files changed, 67 insertions(+), 6 deletions(-)

M docs/CONFIGURATION.md
M group_vars/all/default.yml
M roles/builds.sr.ht/README.md
M roles/builds.sr.ht/defaults/main.yml
M roles/builds.sr.ht/tasks/worker.yml
M roles/sr.ht-core/templates/config.ini

@@ 139,7 139,7 @@ srht_email_privkey: |
     KEYHERE
 ```
 
-## Forward facing changes
+## Configure the frontend
 Sourcehut allows you to customize the instance name and contact adress,
 this playbook exposes these options as follows:
 ```yaml

@@ 91,3 91,14 @@ srht_service_key: ""
 # A secret key to encrypt internal messages with. Use `srht-keygen network` to
 # generate this key. It must be consistent between all services and nodes.
 srht_network_key: ""
+
+# S3 ARTIFACT UPLOADING
+# s3 server url
+# https will automatiically be prepended to this
+srht_s3_upstream: "s3.{{ srht_domain }}"
+# s3 acces key
+# used for authentification
+srht_s3_access_key: ""
+# s3 secret key
+# used for authentification
+srht_s3_secret_key: ""

@@ 18,6 18,42 @@ and you probably do not need to change it.
 `buildssrht_runner_mem` allows you to specify the amount of memory (RAM)
 the worker container/VM is allowed to use.
 
+#### Artifact uploads
+To use the `artifacts` option to automatically upload artifacts,
+you have to setup s3 object storage.
+
+**This requires access to an s3 storage server like minio or AWS**,
+for example you could use 
+[the minio docker container](https://hub.docker.com/r/minio/minio/).
+
+Using the admin panel of your s3 storage solution,
+create a new bucket (for example `builds.sr.ht`) 
+and create a new *access-key* with write permission for that bucket.
+(NOTE: this will also generate a *secret-key* that will only be shown once,
+so make sure to copy it).
+
+After creating the bucket and keys,
+open you secret file and configure the following variables:
+
+``` yaml
+# s3 server url
+srht_s3_upstream: "s3.{{ srht_domain }}"
+# s3 bucket name
+buildssrht_s3_bucket: "builds.sr.ht"
+# s3 prefix
+buildssrht_s3_prefix: ""
+# s3 acces key
+# used for authentification
+srht_s3_access_key: ""
+# s3 secret key
+# used for authentification
+srht_s3_secret_key: ""
+```
+
+Note that `srht_s3_*` affects configuration options for your whole instance,
+and thus require you to rerun the full playbook 
+(as the change files in `sr.ht-core`)
+
 ### Setting up an Alpine Linux image
 Creating images should differ on a platform by platform basis,
 but lets walk through a basic alpine setup.

@@ 10,3 10,17 @@ buildssrht_runner_mem: "2048M"
 # how long the runner may be active
 # see buildssrht_runner_timeout for more
 buildssrht_runner_timeout: "45m"
+
+# S3 ARTIFACT UPLOADING
+# currently at most 8 artifacts per job are accepted,
+# where each artifact may only be 1GB in size.
+# The bucket location is also hardcoded to us-east-1
+# for more implementation-related restrictions see here:
+# https://git.sr.ht/~sircmpwn/builds.sr.ht/tree/master/item/worker/tasks.go
+#
+# format: https://<upstream>/<bucket>/<prefix>~<username><jobid><rnd><file>
+#
+# s3 bucket name
+buildssrht_s3_bucket: "builds.sr.ht"
+# s3 prefix
+buildssrht_s3_prefix: ""

@@ 54,8 54,8 @@
       # Configure the S3 bucket and prefix for object storage. Leave empty to disable
       # object storage. Bucket is required to enable object storage; prefix is
       # optional.
-      s3-bucket=
-      s3-prefix=
+      s3-prefix={{ buildssrht_s3_prefix }}
+      s3-bucket={{ buildssrht_s3_bucket }}
   register: conf
 
 - name: Overwrite default runner setup

@@ 53,9 53,9 @@ global-domain={{ srht_domain }}
 # Configure S3-compatible object storage for services. Optional.
 #
 # Minio is recommended as a FOSS solution over AWS: https://min.io
-s3-upstream=
-s3-access-key=
-s3-secret-key=
+s3-upstream={{ srht_s3_upstream }}
+s3-access-key={{ srht_s3_access_key }}
+s3-secret-key={{ srht_s3_secret_key }}
 
 [mail]
 #