# # Amino gitosis.conf - access control for git # # To add a new user here: # # 1. Add them *in alphabetical order* in the members list in "group # amino" below. # 2. Add their ssh public key as .pub in the keydir # directory # # To add a new *central* repository here: # # 1. Add a section called [repo $repo] for anonymous read-only # web/git-daemon access in the REPOSITORIES section # # 2. Decide who should have write access: # a. if it's just admins then you're done # b. if it's everybody then list the repo in the "writable=" line # in the "all-write" group in the GROUPS section # c. if you need special control over access, then add a new group # for your repo called "group-$repo" # # User repositories are special - see the bottom of the file for the # gory details but you shouldn't need to change anything there! ############################################################## ### ### COMMON CONFIG ### ############################################################## [gitosis] gitweb = yes daemon = yes ## Logging level, one of DEBUG, INFO, WARNING, ERROR, CRITICAL loglevel = WARNING [group admins] writable = gitosis-admin gitosis debian.org jigit fuse-music debian-cd-search fake-hwclock abcde steve-scripts strace-test openstack-debian-images live-wrapper buildd-scripts steve-sigs members = steve # stemci01 [group users] writable = debian-rootfs members = vassilis [group abcde] writable = abcde members = steve stemci01 colin_tuckley andrew_strong ville [group vero] members = andy codehelp daniel leif neil steve vince writable = vero/* [group Thermomentum] members = andy writable = Thermomentum/* [group shim-review] members = steve stemci01 writable = shim-review [group apt-update] members = steve stemci01 writable = apt-update [group jigdo] members = steve stemci01 writable = jigdo [group efitest] members = steve stemci01 writable = efitest [group dotfiles] members = steve stemci01 writable = dotfiles [group dotfiles-readonly] members = steve-dotfiles@mjolnir # DOTFILES-RO readonly = dotfiles ## List all our desired users here, in ALPHABETICAL ORDER! #[group amino] #members = acox anilsson apapp bcockburn bczerwinski brobertson charris ctaylor dwysokinski elarsson gcrocker gmonell hliebel hnguyen ismith jbyrne jlarsson jmorrissey jsummerfield kchristenson kmonell kwolvaardt landersson lcheng meanor mbrown mfrancomb mlarman mrendahl nmcgovern pluscher rwarren sali sam-test smcintyre snutt wrevens ## Group of contractors with rights to view st-core & aminet and create public repositories ## Also read-only access to Steve's public Aminet 7105 repo #[group contractors-st] #readonly = st-core aminet users/smcintyre/aminet-7105 #members = jcox ## And the folks with admin rights here #[group admins] #members = gitosis-mirror smcintyre mfrancomb nmcgovern wszachau jmorrissey # ## Give all Amino users read access to all modules as a default #[group default-read-only] #readonly = * users/*/* #members = @amino # ## And admins get write access to everything too #[group default-admin-write] #writable = * users/*/* #members = @admins ############################################################## ### ### END OF COMMON CONFIG (special formatting, do NOT change!) ### ############################################################## ############################################################## ### ### REPOSITORIES ### ############################################################## # Below here, add "repo" definitions to fill in the description and # owner fields for gitweb. [repo gitosis-admin] description = Git server admin owner = Steve McIntyre [repo gitosis] description = Gitosis software owner = Steve McIntyre [repo debian.org] description = Debian.org config owner = Steve McIntyre [repo jigit] description = Jigdo tools owner = Steve McIntyre [repo efitest] description = EFI test scripts and binaries owner = Steve McIntyre [repo fuse-music] description = Transcoding filesystem owner = Steve McIntyre [repo debian-cd-search] description = Search for contents of Debian CDs owner = Steve McIntyre [repo fake-hwclock] description = Save/restore system clock on machines without working RTC hardware owner = Steve McIntyre [repo abcde] description = A Better CD Encoder owner = Steve McIntyre [repo steve-scripts] description = Local scripts repo owner = Steve McIntyre [repo steve-sigs] description = Local sigrot repo owner = Steve McIntyre [repo strace-test] description = local strace test scripts owner = Steve McIntyre [repo openstack-debian-images] description = local working branch for openstack-debian-images owner = Steve McIntyre [repo live-wrapper] description = local working branch for live-wrapper owner = Steve McIntyre [repo buildd-scripts] description = local scripts for doing Debian rebuilds owner = Steve McIntyre [repo shim-review] description = review repo for shim signing owner = Steve McIntyre gitweb = yes daemon = yes [repo apt-update] description = local package for managing apt updates owner = Steve McIntyre gitweb = yes daemon = yes [repo jigdo] description = Jigdo upstream work owner = Steve McIntyre gitweb = yes daemon = yes [repo dotfiles] description = Steve\'s dotfiles owner = Steve McIntyre gitweb = no daemon = no # Add gitweb and git:// access to the user repositories too. # The $user in the "repo" line is important, as that's how we look up # the username when generating the Description and Owner fields in # gitweb output. If we can find user details for $user, we will # substitute their name in the Description field, replacing # '$username' [repo users/$user/*] description = Public repository for $username gitweb = yes daemon = yes [repo vero/*] description = Vero-Apparatus repo gitweb = no daemon = yes #[repo Thermomentum/*] #description = Thermomentum repo #gitweb = no #daemon = no #owner = Andy Simpkins ############################################################## ### ### END OF REPOSITORIES (special formatting, do NOT change!) ### ############################################################## # Anything below here will only apply to the master config on # glutamine, the central git server in Cambridge. Caches should # therefore remain read-only for users except admins. ############################################################## ### ### GROUPS ### ############################################################## # By default (see rules in the common config section), all # repositories will be: # # 1. writable by @admins # 2. readonly by @amino # # If you want to give more access to a repository then list it in # "all-write" or for more fine-grained control add a specific "group" # definition for it in this section. [group all-write] writable = aminet mood meego intel-media intel-ui intel-ems members = @amino [group subs-test] writable = subs-test members = anilsson mrendahl [group st-core] writable = st-core members = jbyrne snutt anilsson [group innovation] writable = innovation members = gmonell jkwarnmark jsummerfield mfrancomb mrendahl ############################################################## ### ### END OF GROUPS (special formatting, do NOT change!) ### ############################################################## ############################################################## ### ### USER REPOSITORY CONFIG ### ############################################################## # Special group that adds support for repositories of the form # user//.git. Otherwise admins would have to add specific # entries for every single user repo, and that would quickly become an # admin nightmare! # # The following config group will allow *write* access to # user//.git for the owner ($user) and the @admins group # # If you want to allow a specific user (Bob) to have write access to # a specific user repo (belonging to Alice), you will need to add a # specific group describing Alice's user repo and list Bob in the # members field there as normal. That will supplement the normal # access from the wild-card group entries. Sorry, this *will* require # admin work. [group user-write] members = $user @admins writable = users/$user/* ############################################################## ### ### END OF USER REPOSITORY CONFIG (special formatting, do NOT change!) ### ############################################################## ############################################################## ### ### HOOKS CONFIG ### ############################################################## # [hooks] # Immediately after a "git init" call for a new repo, configure the # new repo appropriately for mirroring and mail notification # post-init = /usr/local/bin/git-configure-post-receive ############################################################## ### ### END OF HOOKS CONFIG (special formatting, do NOT change!) ### ##############################################################