apt/yum repositories implementation design wanted

This is probably 100% valid for cinc-auditor and/or other parts too, but let's start here. We can adopt it for other parts when needed.

I would like to work on the yum/dnf/apt repository support in the next days (this year :)), and would like to align on the implementation design. Most likely @ramereth is the main peer for my questions here (but anybody else is welcome to contribute too!)

I would like to build an understanding of our current build process and infrastructure first and continue with feature design after that.

as far I understand the current setup and build process:

• the http://downloads.cinc.sh has currently the structure needed by omnitruck
• we have two jobs related to publishing:
  • deployment job uploads the built artifacts to some download host
  • publishing job uses a special runner (tagged with downloads) and invokes sync-from-master on another mirror host (in order to pickup content from download host and publish it via mirror infrastructure?)
• is the http://downloads.cinc.sh this mirror infrastructure?

Questions:

• Can I access somehow the download/mirror hosts? If yes, how?
• Does it make sense to place access credentials to our 1Password vault?
• What about the setup of downloads runner, it's probably configured as a shell runner?
• What about this sync-from-master script, is it somewhere in our CINC repositories or is it something from OSL mirror infrastructure?
• What about the sudo rules on the downloads runner, that is the purpose of them?

I would also like to create a documentation about this process, mostly for CINC maintainers. Does it make sense to use our website for that? Or just a new repository docs and simple markdown?