aptly/aptly-mirror.conf

# ---------------------------------------------------------------------------
# aptly-mirror.conf — Configuration for aptly-mirror.sh
# ---------------------------------------------------------------------------
#
# This file is sourced by aptly-mirror.sh. It uses plain bash syntax.
# To override the default location, set APTLY_MIRROR_CONF or pass -c <path>.
#

# ---------------------------------------------------------------------------
# General settings
# ---------------------------------------------------------------------------

# Architectures to mirror (space-separated for multiple, e.g. "amd64 arm64")
ARCHITECTURES="amd64"

# GPG keyring for repository signature verification (empty = default trustedkeys.gpg)
GPG_KEYRING=""

# Set to 1 to skip GPG signature verification (not recommended for production)
IGNORE_SIGNATURES=0

# Number of old snapshot sets to retain during cleanup (0 = keep only current)
KEEP_SNAPSHOTS=2

# Download speed limit in KiB/s (0 = unlimited)
DOWNLOAD_LIMIT=0

# Set to 1 to skip GPG signing when publishing (useful if no GPG key configured)
SKIP_SIGNING=0

# ---------------------------------------------------------------------------
# Storage paths
# ---------------------------------------------------------------------------

# Root directory for aptly data (mirrors, snapshots, db)
# Leave empty to use aptly's default (~/.aptly)
APTLY_ROOT=""

# Directory where published repositories are served from
# Leave empty to use aptly's default (~/.aptly/public)
PUBLISH_ROOT=""


# ---------------------------------------------------------------------------
# Debian mirrors
# ---------------------------------------------------------------------------

DEBIAN_MIRROR="http://deb.debian.org/debian"
DEBIAN_SECURITY_MIRROR="http://security.debian.org/debian-security"

# Debian releases: codename -> version number
declare -A DEBIAN_RELEASES=(
    [bullseye]="11"
    [bookworm]="12"
    [trixie]="13"
)

# Components for Debian 11 and earlier (before non-free-firmware split)
DEBIAN_COMPONENTS_LEGACY="main contrib non-free"
# Components for Debian 12+ (non-free-firmware is a separate component)
DEBIAN_COMPONENTS_MODERN="main contrib non-free non-free-firmware"

# Security mirror components use an "updates/" prefix (applies to all Debian releases)
DEBIAN_SECURITY_COMPONENTS_LEGACY="updates/main updates/contrib updates/non-free"
DEBIAN_SECURITY_COMPONENTS_MODERN="updates/main updates/contrib updates/non-free updates/non-free-firmware"

# ---------------------------------------------------------------------------
# Ubuntu mirrors
# ---------------------------------------------------------------------------

UBUNTU_MIRROR="http://archive.ubuntu.com/ubuntu"
UBUNTU_SECURITY_MIRROR="http://security.ubuntu.com/ubuntu"

# Ubuntu releases: codename -> version number
declare -A UBUNTU_RELEASES=(
    [focal]="20.04"
    [jammy]="22.04"
    [noble]="24.04"
    [resolute]="26.04"
)

UBUNTU_COMPONENTS="main restricted universe multiverse"

# ---------------------------------------------------------------------------
# GPG keys
# ---------------------------------------------------------------------------

# Debian archive signing key fingerprints
DEBIAN_GPG_KEYS=(
    "1F89983E0081FDE018F3CC9673A4F27B8DD47936"  # Debian Archive (11/bullseye)
    "A7236886F3CCCAAD148A27F80E98404D386FA1D9"  # Debian Archive (12/bookworm)
    "B7C5D7829D669F88788D4C1BEFCC6169C4AE0E3C"  # Debian Security Archive
    "4D64FEC119C2029067D6E791F8D2585B8783D481"  # Debian Stable Release Key
    "A48449044AAD5C5DEEDE9B19B7B0C1CF28EA3E34"  # Debian Archive (13/trixie)
    "89C87ACEA5DD6B8E6A7068808E9F831205B4BA95"  # Debian Security Archive (13/trixie)
)

# Ubuntu archive signing key fingerprints
UBUNTU_GPG_KEYS=(
    "3B4FE6ACC0B21F32"  # Ubuntu Archive
    "871920D1991BC93C"  # Ubuntu Archive (older)
)

# GPG keyserver to fetch keys from
GPG_KEYSERVER="hkps://keyserver.ubuntu.com"