2 .\" Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
4 .\" Permission to use, copy, modify, and distribute this software for any
5 .\" purpose with or without fee is hereby granted, provided that the above
6 .\" copyright notice and this permission notice appear in all copies.
8 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 .Nd gotd configuration file
24 is the run-time configuration file for
27 The file format is line-based, with one configuration directive per line.
28 Any lines beginning with a
30 are treated as comments and ignored.
31 .Sh GLOBAL CONFIGURATION
32 The available global configuration directives are as follows:
34 .It Ic unix_socket Ar path
35 Set the path to the unix socket which
38 If not specified, the path
39 .Pa /var/run/gotd.sock
41 .It Ic unix_group Ar group
46 file, which is allowed to access
52 user must be a secondary member of this group.
53 If not specified, the group _gotsh will be used.
61 requires root privileges in order to create its unix socket.
64 drops privileges to the specified
66 If not specified, the user _gotd will be used.
68 .Sh REPOSITORY CONFIGURATION
69 At least one repository context must exist for
72 For each repository, access rules must be configured using the
76 configuration directives.
77 Multiple access rules can be specified, and the last matching rule
78 determines the action taken.
79 If no rule matches, access to the repository is denied.
81 A repository context is declared with a unique
83 followed by repository-specific configuration directives inside curly braces:
85 .Ic repository Ar name Brq ...
90 clients can connect to a repository by including the repository's unique
93 Clients appending the string
97 will also be accepted.
101 may contain path-separators,
103 to expose repositories as part of a virtual client-visible directory hierarchy.
105 The available repository configuration directives are as follows:
107 .It Ic deny Ar identity
108 Deny repository access to users with the username
110 Group names may be matched by prepending a colon
114 Numeric IDs are also accepted.
116 Set the path to the Git repository.
117 .It Ic permit Ar mode Ar identity
118 Permit repository access to users with the username
122 argument must be set to either
124 for read-only access,
127 for read-write access.
128 Group names may be matched by prepending a colon
132 Numeric IDs are also accepted.
135 .Bl -tag -width Ds -compact
136 .It Pa /etc/gotd.conf
142 .Bd -literal -offset indent
143 # Default unix_group and user values:
147 # This repository can be accessed via ssh://user@example.com/src
149 path "/var/git/src.git"
150 permit rw flan_hacker
151 permit rw :developers
155 # This repository can be accessed via
156 # ssh://user@example.com/openbsd/ports
157 repository "openbsd/ports" {
158 path "/var/git/ports.git"