2 3efd8e31 2022-10-23 thomas .\" Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
4 3efd8e31 2022-10-23 thomas .\" Permission to use, copy, modify, and distribute this software for any
5 3efd8e31 2022-10-23 thomas .\" purpose with or without fee is hereby granted, provided that the above
6 3efd8e31 2022-10-23 thomas .\" copyright notice and this permission notice appear in all copies.
8 3efd8e31 2022-10-23 thomas .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 3efd8e31 2022-10-23 thomas .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 3efd8e31 2022-10-23 thomas .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 3efd8e31 2022-10-23 thomas .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 3efd8e31 2022-10-23 thomas .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 3efd8e31 2022-10-23 thomas .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 3efd8e31 2022-10-23 thomas .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 3efd8e31 2022-10-23 thomas .Dd $Mdocdate$
17 3efd8e31 2022-10-23 thomas .Dt GOTD.CONF 5
20 3efd8e31 2022-10-23 thomas .Nm gotd.conf
21 3efd8e31 2022-10-23 thomas .Nd gotd configuration file
22 3efd8e31 2022-10-23 thomas .Sh DESCRIPTION
24 3efd8e31 2022-10-23 thomas is the run-time configuration file for
25 3efd8e31 2022-10-23 thomas .Xr gotd 8 .
27 3efd8e31 2022-10-23 thomas The file format is line-based, with one configuration directive per line.
28 3efd8e31 2022-10-23 thomas Any lines beginning with a
30 3efd8e31 2022-10-23 thomas are treated as comments and ignored.
31 3efd8e31 2022-10-23 thomas .Sh GLOBAL CONFIGURATION
32 3efd8e31 2022-10-23 thomas The available global configuration directives are as follows:
33 3efd8e31 2022-10-23 thomas .Bl -tag -width Ds
34 3efd8e31 2022-10-23 thomas .It Ic unix_socket Ar path
35 3efd8e31 2022-10-23 thomas Set the path to the unix socket which
36 3efd8e31 2022-10-23 thomas .Xr gotd 8
37 3efd8e31 2022-10-23 thomas should listen on.
38 3efd8e31 2022-10-23 thomas If not specified, the path
39 3efd8e31 2022-10-23 thomas .Pa /var/run/gotd.sock
40 3efd8e31 2022-10-23 thomas will be used.
41 3efd8e31 2022-10-23 thomas .It Ic unix_group Ar group
43 3efd8e31 2022-10-23 thomas .Ar group ,
44 3efd8e31 2022-10-23 thomas defined in the
45 3efd8e31 2022-10-23 thomas .Xr group 5
46 3efd8e31 2022-10-23 thomas file, which is allowed to access
47 3efd8e31 2022-10-23 thomas .Xr gotd 8
49 3efd8e31 2022-10-23 thomas .Xr gotsh 1 .
51 3efd8e31 2022-10-23 thomas .Xr gotd 8
52 3efd8e31 2022-10-23 thomas user must be a secondary member of this group.
53 3efd8e31 2022-10-23 thomas If not specified, the group _gotsh will be used.
54 3efd8e31 2022-10-23 thomas .It Ic user Ar user
57 3efd8e31 2022-10-23 thomas which will run
58 3efd8e31 2022-10-23 thomas .Xr gotd 8 .
59 3efd8e31 2022-10-23 thomas Initially,
60 3efd8e31 2022-10-23 thomas .Xr gotd 8
61 3efd8e31 2022-10-23 thomas requires root privileges in order to create its unix socket and start
62 3efd8e31 2022-10-23 thomas child processes in a
63 3efd8e31 2022-10-23 thomas .Xr chroot 2
64 3efd8e31 2022-10-23 thomas environment.
65 3efd8e31 2022-10-23 thomas Afterwards,
66 3efd8e31 2022-10-23 thomas .Xr gotd 8
67 3efd8e31 2022-10-23 thomas drops privileges to the specified
68 3efd8e31 2022-10-23 thomas .Ar user .
69 3efd8e31 2022-10-23 thomas If not specified, the user _gotd will be used.
71 3efd8e31 2022-10-23 thomas .Sh REPOSITORY CONFIGURATION
72 3efd8e31 2022-10-23 thomas At least one repository context must exist for
73 3efd8e31 2022-10-23 thomas .Xr gotd 8
74 3efd8e31 2022-10-23 thomas to function.
75 729a7e24 2022-11-17 thomas For each repository, access rules must be configured using the
76 729a7e24 2022-11-17 thomas .Ic permit
79 729a7e24 2022-11-17 thomas configuration directives.
80 729a7e24 2022-11-17 thomas Multiple access rules can be specified, and the last matching rule
81 729a7e24 2022-11-17 thomas determines the action taken.
82 729a7e24 2022-11-17 thomas If no rule matches, access to the repository is denied.
84 3efd8e31 2022-10-23 thomas A repository context is declared with a unique
85 3efd8e31 2022-10-23 thomas .Ar name ,
86 3efd8e31 2022-10-23 thomas followed by repository-specific configuration directives inside curly braces:
88 3efd8e31 2022-10-23 thomas .Ic repository Ar name Brq ...
93 3efd8e31 2022-10-23 thomas clients can connect to a repository by including the repository's unique
95 3efd8e31 2022-10-23 thomas in the request URL.
96 3efd8e31 2022-10-23 thomas Clients appending the string
100 3efd8e31 2022-10-23 thomas will also be accepted.
102 3efd8e31 2022-10-23 thomas If desired, the
104 3efd8e31 2022-10-23 thomas may contain path-separators,
106 3efd8e31 2022-10-23 thomas to expose repositories as part of a virtual client-visible directory hierarchy.
108 3efd8e31 2022-10-23 thomas The available repository configuration directives are as follows:
109 3efd8e31 2022-10-23 thomas .Bl -tag -width Ds
110 729a7e24 2022-11-17 thomas .It Ic deny Ar identity
111 729a7e24 2022-11-17 thomas Deny repository access to users with the username
112 729a7e24 2022-11-17 thomas .Ar identity .
113 729a7e24 2022-11-17 thomas Group names may be matched by prepending a colon
114 729a7e24 2022-11-17 thomas .Pq Sq \&:
116 729a7e24 2022-11-17 thomas .Ar identity .
117 729a7e24 2022-11-17 thomas Numeric IDs are also accepted.
118 3efd8e31 2022-10-23 thomas .It Ic path Ar path
119 3efd8e31 2022-10-23 thomas Set the path to the Git repository.
120 729a7e24 2022-11-17 thomas .It Ic permit Ar mode Ar identity
121 729a7e24 2022-11-17 thomas Permit repository access to users with the username
122 729a7e24 2022-11-17 thomas .Ar identity .
125 729a7e24 2022-11-17 thomas argument must be set to either
127 729a7e24 2022-11-17 thomas for read-only access,
130 729a7e24 2022-11-17 thomas for read-write access.
131 729a7e24 2022-11-17 thomas Group names may be matched by prepending a colon
132 729a7e24 2022-11-17 thomas .Pq Sq \&:
134 729a7e24 2022-11-17 thomas .Ar identity .
135 729a7e24 2022-11-17 thomas Numeric IDs are also accepted.
137 3efd8e31 2022-10-23 thomas .Sh FILES
138 3efd8e31 2022-10-23 thomas .Bl -tag -width Ds -compact
139 3efd8e31 2022-10-23 thomas .It Pa /etc/gotd.conf
140 3efd8e31 2022-10-23 thomas Location of the
142 3efd8e31 2022-10-23 thomas configuration file.
144 3efd8e31 2022-10-23 thomas .Sh EXAMPLES
145 3efd8e31 2022-10-23 thomas .Bd -literal -offset indent
146 3efd8e31 2022-10-23 thomas # Default unix_group and user values:
147 3efd8e31 2022-10-23 thomas unix_group _gotsh
148 3efd8e31 2022-10-23 thomas user _gotd
150 3efd8e31 2022-10-23 thomas # This repository can be accessed via ssh://user@example.com/src
151 3efd8e31 2022-10-23 thomas repository "src" {
152 3efd8e31 2022-10-23 thomas path "/var/git/src.git"
153 729a7e24 2022-11-17 thomas permit rw flan_hacker
154 729a7e24 2022-11-17 thomas permit rw :developers
155 729a7e24 2022-11-17 thomas permit ro anonymous
158 3efd8e31 2022-10-23 thomas # This repository can be accessed via
159 3efd8e31 2022-10-23 thomas # ssh://user@example.com/openbsd/ports
160 3efd8e31 2022-10-23 thomas repository "openbsd/ports" {
161 3efd8e31 2022-10-23 thomas path "/var/git/ports.git"
162 729a7e24 2022-11-17 thomas permit rw :porters
163 729a7e24 2022-11-17 thomas permit ro anonymous
164 729a7e24 2022-11-17 thomas deny flan_hacker
167 3efd8e31 2022-10-23 thomas .Sh SEE ALSO
168 3efd8e31 2022-10-23 thomas .Xr got 1 ,
169 3efd8e31 2022-10-23 thomas .Xr gotsh 1 ,
170 3efd8e31 2022-10-23 thomas .Xr group 5 ,
171 3efd8e31 2022-10-23 thomas .Xr gotd 8
