Last active
August 10, 2016 23:43
-
-
Save dcai/1168657 to your computer and use it in GitHub Desktop.
.gitolite.rc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# paths and configuration variables for gitolite | |
$GL_PACKAGE_CONF="/etc/gitolite"; | |
$GL_PACKAGE_HOOKS="/usr/share/gitolite/hooks"; | |
# please read comments before editing | |
# this file is meant to be pulled into a perl program using "do" or "require". | |
# You do NOT need to know perl to edit the paths; it should be fairly | |
# self-explanatory and easy to maintain perl syntax :-) | |
# -------------------------------------- | |
# Do not uncomment these values unless you know what you're doing | |
# $GL_PACKAGE_CONF = ""; | |
# $GL_PACKAGE_HOOKS = ""; | |
# -------------------------------------- | |
# -------------------------------------- | |
# this is where the repos go. If you provide a relative path (not starting | |
# with "/"), it's relative to your $HOME. You may want to put in something | |
# like "/bigdisk" or whatever if your $HOME is too small for the repos, for | |
# example | |
$REPO_BASE="repositories"; | |
# the default umask for repositories is 0077; change this if you run stuff | |
# like gitweb and find it can't read the repos. Please note the syntax; the | |
# leading 0 is required | |
$REPO_UMASK = 0077; # gets you 'rwx------' | |
# $REPO_UMASK = 0027; # gets you 'rwxr-x---' | |
# $REPO_UMASK = 0022; # gets you 'rwxr-xr-x' | |
# part of the setup of gitweb is a variable called $projects_list (please see | |
# gitweb documentation for more on this). Set this to the same value: | |
$PROJECTS_LIST = $ENV{HOME} . "/projects.list"; | |
# -------------------------------------- | |
# I see no reason anyone may want to change the gitolite admin directory, but | |
# feel free to do so. However, please note that it *must* be an *absolute* | |
# path (i.e., starting with a "/" character) | |
# gitolite admin directory, files, etc | |
$GL_ADMINDIR=$ENV{HOME} . "/.gitolite"; | |
# -------------------------------------- | |
# templates for location of the log files and format of their names | |
# I prefer this template (note the %y and %m placeholders) | |
# it produces files like `~/.gitolite/logs/gitolite-2009-09.log` | |
$GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m.log"; | |
# other choices are below, or you can make your own -- but PLEASE MAKE SURE | |
# the directory exists and is writable; gitolite won't do that for you (unless | |
# it is the default, which is "$GL_ADMINDIR/logs") | |
# $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m-%d.log"; | |
# $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y.log"; | |
# -------------------------------------- | |
# Please DO NOT change these three paths | |
$GL_CONF="$GL_ADMINDIR/conf/gitolite.conf"; | |
$GL_KEYDIR="$GL_ADMINDIR/keydir"; | |
$GL_CONF_COMPILED="$GL_ADMINDIR/conf/gitolite.conf-compiled.pm"; | |
# -------------------------------------- | |
# if git on your server is on a standard path (that is | |
# ssh git@server git --version | |
# works), leave this setting as is. Otherwise, choose one of the | |
# alternatives, or write your own | |
$GIT_PATH=""; | |
# $GIT_PATH="/opt/bin/"; | |
# -------------------------------------- | |
# ---------------------------------------------------------------------- | |
# BIG CONFIG SETTINGS | |
# Please read doc/big-config.mkd for details | |
$GL_BIG_CONFIG = 0; | |
$GL_NO_DAEMON_NO_GITWEB = 0; | |
$GL_NO_CREATE_REPOS = 0; | |
$GL_NO_SETUP_AUTHKEYS = 0; | |
# ---------------------------------------------------------------------- | |
# SECURITY SENSITIVE SETTINGS | |
# | |
# Settings below this point may have security implications. That | |
# usually means that I have not thought hard enough about all the | |
# possible ways to crack security if these settings are enabled. | |
# Please see details on each setting for specifics, if any. | |
# ---------------------------------------------------------------------- | |
# -------------------------------------- | |
# ALLOW REPO ADMIN TO SET GITCONFIG KEYS | |
# | |
# Gitolite allows you to set git repo options using the "config" keyword; see | |
# conf/example.conf for details and syntax. | |
# | |
# However, if you are in an installation where the repo admin does not (and | |
# should not) have shell access to the server, then allowing him to set | |
# arbitrary repo config options *may* be a security risk -- some config | |
# settings may allow executing arbitrary commands. | |
# | |
# You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which | |
# completely disables this feature (meaning you cannot set git configs from | |
# the repo config). | |
$GL_GITCONFIG_KEYS = ""; | |
# The second choice is to give it a space separated list of settings you | |
# consider safe. (These are actually treated as a set of regular expression | |
# patterns, and any one of them must match). For example: | |
# $GL_GITCONFIG_KEYS = "core\.logAllRefUpdates core\..*compression"; | |
# allows repo admins to set one of those 3 config keys (yes, that second | |
# pattern matches two settings from "man git-config", if you look) | |
# | |
# The third choice (which you may have guessed already if you're familiar with | |
# regular expressions) is to allow anything and everything: | |
# $GL_GITCONFIG_KEYS = ".*"; | |
# -------------------------------------- | |
# EXTERNAL COMMAND HELPER -- HTPASSWD | |
# security note: runs an external command (htpasswd) with specific arguments, | |
# including a user-chosen "password". | |
# if you want to enable the "htpasswd" command, give this the absolute path to | |
# whatever file apache (etc) expect to find the passwords in. | |
$HTPASSWD_FILE = ""; | |
# Look in doc/3 ("easier to link gitweb authorisation with gitolite" section) | |
# for more details on using this feature. | |
# -------------------------------------- | |
# EXTERNAL COMMAND HELPER -- RSYNC | |
# security note: runs an external command (rsync) with specific arguments, all | |
# presumably filled in correctly by the client-side rsync. | |
# base path of all the files that are accessible via rsync. Must be an | |
# absolute path. Leave it undefined or set to the empty string to disable the | |
# rsync helper. | |
$RSYNC_BASE = ""; | |
# $RSYNC_BASE = "/home/git/up-down"; | |
# $RSYNC_BASE = "/tmp/up-down"; | |
# -------------------------------------- | |
# EXTERNAL COMMAND HELPER -- SVNSERVE | |
# security note: runs an external command (svnserve) with specific arguments, | |
# as specified below. %u is substituted with the username. | |
# This setting allows launching svnserve when requested by the ssh client. | |
# This allows using the same SSH setup (hostname/username/public key) for both | |
# SVN and git access. Leave it undefined or set to the empty string to disable | |
# svnserve access. | |
$SVNSERVE = ""; | |
# $SVNSERVE = "/usr/bin/svnserve -r /var/svn/ -t --tunnel-user=%u"; | |
# -------------------------------------- | |
# ALLOW REPO CONFIG TO USE WILDCARDS | |
# security note: this used to in a separate "wildrepos" branch. You can | |
# create repositories based on wild cards, give "ownership" to the specific | |
# user who created it, allow him/her to hand out R and RW permissions to other | |
# users to collaborate, etc. This is powerful stuff, and I've made it as | |
# secure as I can, but it hasn't had the kind of rigorous line-by-line | |
# analysis that the old "master" branch had. | |
# This has now been rolled into master, with all the functionality gated by | |
# this variable. Set this to 1 if you want to enable the wildrepos features. | |
# Please see doc/4-wildcard-repositories.mkd for details. | |
$GL_WILDREPOS = 0; | |
# -------------------------------------- | |
# DEFAULT WILDCARD PERMISSIONS | |
# If set, this value will be used as the default user-level permission rule of | |
# new wildcard repositories. The user can change this value with the setperms command | |
# as desired after repository creation; it is only a default. Note that @all can be | |
# used here but is special; no other groups can be used in user-level permissions. | |
# $GL_WILDREPOS_DEFPERMS = 'R = @all'; | |
# -------------------------------------- | |
# HOOK CHAINING | |
# by default, the update hook in every repo chains to "update.secondary". | |
# Similarly, the post-update hook in the admin repo chains to | |
# "post-update.secondary". If you're fine with the defaults, there's no need | |
# to do anything here. However, if you want to use different names or paths, | |
# change these variables | |
# $UPDATE_CHAINS_TO = "hooks/update.secondary"; | |
# $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary"; | |
# -------------------------------------- | |
# ADMIN DEFINED COMMANDS | |
# WARNING: Use this feature only if (a) you really really know what you're | |
# doing or (b) you really don't care too much about security. Please read | |
# doc/admin-defined-commands.mkd for details. | |
# $GL_ADC_PATH = ""; | |
# -------------------------------------- | |
# per perl rules, this should be the last line in such a file: | |
1; | |
# Local variables: | |
# mode: perl | |
# End: | |
# vim: set syn=perl: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment