[gitosis-admin.git] / gitosis.conf

#
# Amino gitosis.conf - access control for git
#
# To add a new user here:
#
# 1. Add them *in alphabetical order* in the members list in "group
#    amino" below.
# 2. Add their ssh public key as <username>.pub in the keydir
#    directory
# 
# To add a new *central* repository here:
#
# 1. Add a section called [repo $repo] for anonymous read-only
#    web/git-daemon access in the REPOSITORIES section
#
# 2. Decide who should have write access:
#    a. if it's just admins then you're done
#    b. if it's everybody then list the repo in the "writable=" line
#       in the "all-write" group in the GROUPS section
#    c. if you need special control over access, then add a new group
#       for your repo called "group-$repo"
#
# User repositories are special - see the bottom of the file for the
# gory details but you shouldn't need to change anything there!

##############################################################
###
###  COMMON CONFIG
###
##############################################################

[gitosis]
gitweb = yes
daemon = yes

## Logging level, one of DEBUG, INFO, WARNING, ERROR, CRITICAL
loglevel = WARNING

[group admins]
writable = gitosis-admin gitosis debian.org jigit fuse-music debian-cd-search fake-hwclock abcde steve-config steve-scripts strace-test openstack-debian-images live-wrapper buildd-scripts steve-sigs
members = steve # steve-lump

[group users]
writable = debian-rootfs
members = vassilis

[group abcde]
writable = abcde
members = steve steve-lump colin_tuckley andrew_strong ville

[group vero]
members = andy codehelp daniel leif neil steve vince
writable = vero/*

[group Thermomentum]
members = andy
writable = Thermomentum/*

[group shim-review]
members = steve steve-lump
writable = shim-review

[group debian-art]
members = steve steve-lump
writable = debian-art

[group apt-update]
members = steve steve-lump
writable = apt-update

[group jigdo]
members = steve steve-lump
writable = jigdo

[group efitest]
members = steve steve-lump
writable = efitest

[group training-lab]
members = steve steve-lump
writable = training-lab

[group dotfiles]
members = steve steve-lump
writable = dotfiles

[group dotfiles-readonly]
members =    steve-dotfiles@mjolnir steve-dotfiles@lump # DOTFILES-RO
readonly = dotfiles

## List all our desired users here, in ALPHABETICAL ORDER!
#[group amino]
#members = acox anilsson apapp bcockburn bczerwinski brobertson charris ctaylor dwysokinski elarsson gcrocker gmonell hliebel hnguyen ismith jbyrne jlarsson jmorrissey jsummerfield kchristenson kmonell kwolvaardt landersson lcheng meanor mbrown mfrancomb mlarman mrendahl nmcgovern pluscher rwarren sali sam-test smcintyre snutt wrevens

## Group of contractors with rights to view st-core & aminet and create public repositories
## Also read-only access to Steve's public Aminet 7105 repo
#[group contractors-st]
#readonly = st-core aminet users/smcintyre/aminet-7105
#members = jcox

## And the folks with admin rights here
#[group admins]
#members = gitosis-mirror smcintyre mfrancomb nmcgovern wszachau jmorrissey
#
## Give all Amino users read access to all modules as a default
#[group default-read-only]
#readonly = * users/*/*
#members = @amino
#
## And admins get write access to everything too
#[group default-admin-write]
#writable = * users/*/*
#members = @admins

##############################################################
###
###  END OF COMMON CONFIG (special formatting, do NOT change!)
###
##############################################################

##############################################################
###
###  REPOSITORIES
###
##############################################################

# Below here, add "repo" definitions to fill in the description and
# owner fields for gitweb.

[repo gitosis-admin]
description = Git server admin
owner = Steve McIntyre

[repo gitosis]
description = Gitosis software
owner = Steve McIntyre

[repo debian.org]
description = Debian.org config
owner = Steve McIntyre

[repo jigit]
description = Jigdo tools
owner = Steve McIntyre

[repo efitest]
description = EFI test scripts and binaries
owner = Steve McIntyre

[repo fuse-music]
description = Transcoding filesystem
owner = Steve McIntyre

[repo debian-cd-search]
description = Search for contents of Debian CDs
owner = Steve McIntyre

[repo fake-hwclock]
description = Save/restore system clock on machines without working RTC hardware
owner = Steve McIntyre

[repo abcde]
description = A Better CD Encoder
owner = Steve McIntyre

[repo steve-scripts]
description = Local scripts repo
owner = Steve McIntyre

[repo steve-config]
description = Local config repo
owner = Steve McIntyre

[repo steve-sigs]
description = Local sigrot repo
owner = Steve McIntyre

[repo strace-test]
description = local strace test scripts
owner = Steve McIntyre

[repo openstack-debian-images]
description = local working branch for openstack-debian-images
owner = Steve McIntyre

[repo live-wrapper]
description = local working branch for live-wrapper
owner = Steve McIntyre

[repo buildd-scripts]
description = local scripts for doing Debian rebuilds
owner = Steve McIntyre

[repo shim-review]
description = review repo for shim signing
owner = Steve McIntyre
gitweb = yes
daemon = yes

[repo apt-update]
description = local package for managing apt updates
owner = Steve McIntyre
gitweb = yes
daemon = yes

[repo debian-art]
description = Debian CD/DVD artwork
owner = Steve McIntyre
gitweb = yes
daemon = yes

[repo jigdo]
description = Jigdo upstream work
owner = Steve McIntyre
gitweb = yes
daemon = yes

[repo training-lab]
description = Training lab VM setup
owner = Steve McIntyre
gitweb = yes
daemon = yes

[repo dotfiles]
description = Steve\'s dotfiles
owner = Steve McIntyre
gitweb = no
daemon = no

# Add gitweb and git:// access to the user repositories too.
# The $user in the "repo" line is important, as that's how we look up
# the username when generating the Description and Owner fields in
# gitweb output. If we can find user details for $user, we will
# substitute their name in the Description field, replacing
# '$username'
[repo users/$user/*]
description = Public repository for $username
gitweb = yes
daemon = yes

[repo vero/*]
description = Vero-Apparatus repo
gitweb = no
daemon = yes

#[repo Thermomentum/*]
#description = Thermomentum repo
#gitweb = no
#daemon = no
#owner = Andy Simpkins

##############################################################
###
###  END OF REPOSITORIES (special formatting, do NOT change!)
###
##############################################################

# Anything below here will only apply to the master config on
# glutamine, the central git server in Cambridge. Caches should
# therefore remain read-only for users except admins.


##############################################################
###
###  GROUPS
###
##############################################################

# By default (see rules in the common config section), all
# repositories will be:
# 
# 1. writable by @admins
# 2. readonly by @amino
#
# If you want to give more access to a repository then list it in
# "all-write" or for more fine-grained control add a specific "group"
# definition for it in this section.

[group all-write]
writable = aminet mood meego intel-media intel-ui intel-ems
members = @amino

[group subs-test]
writable = subs-test
members = anilsson mrendahl

[group st-core]
writable = st-core
members = jbyrne snutt anilsson

[group innovation]
writable = innovation
members = gmonell jkwarnmark jsummerfield mfrancomb mrendahl

##############################################################
###
###  END OF GROUPS (special formatting, do NOT change!)
###
##############################################################

##############################################################
###
###  USER REPOSITORY CONFIG
###
##############################################################

# Special group that adds support for repositories of the form
# user/<user>/<foo>.git. Otherwise admins would have to add specific
# entries for every single user repo, and that would quickly become an
# admin nightmare!
#
# The following config group will allow *write* access to
# user/<user>/<foo>.git for the owner ($user) and the @admins group
#
# If you want to allow a specific user (Bob) to have write access to
# a specific user repo (belonging to Alice), you will need to add a
# specific group describing Alice's user repo and list Bob in the
# members field there as normal. That will supplement the normal
# access from the wild-card group entries. Sorry, this *will* require
# admin work.
[group user-write]
members = $user @admins
writable = users/$user/*

##############################################################
###
###  END OF USER REPOSITORY CONFIG (special formatting, do NOT change!)
###
##############################################################

##############################################################
###
###  HOOKS CONFIG
###
##############################################################

# [hooks]
# Immediately after a "git init" call for a new repo, configure the
# new repo appropriately for mirroring and mail notification
# post-init = /usr/local/bin/git-configure-post-receive

##############################################################
###
###  END OF HOOKS CONFIG (special formatting, do NOT change!)
###
##############################################################