From c3e4b42c98dd433bbc2f90beeae102a4993c17e5 Mon Sep 17 00:00:00 2001 From: Malfurious Date: Wed, 13 Sep 2023 04:18:16 -0400 Subject: gitolite: Consolidate config files into a single directory The repository is being reworked to decouple its roles as normalmode source and gitolite-admin config. The gitolite-admin repository will be entirely separate. So there is no need to keep the conf or local directories around where they are at. Signed-off-by: Malfurious --- conf/.gitconfig | 6 - conf/.gitolite.rc | 206 ---------------------------------- conf/gitolite.conf | 12 -- docker/sshd_config | 22 ---- gitolite/dotfiles/.gitconfig | 6 + gitolite/dotfiles/.gitolite.rc | 206 ++++++++++++++++++++++++++++++++++ gitolite/dotfiles/local/triggers/push | 18 +++ gitolite/gitolite.conf | 12 ++ gitolite/sshd_config | 22 ++++ local/triggers/push | 18 --- 10 files changed, 264 insertions(+), 264 deletions(-) delete mode 100644 conf/.gitconfig delete mode 100644 conf/.gitolite.rc delete mode 100644 conf/gitolite.conf delete mode 100644 docker/sshd_config create mode 100644 gitolite/dotfiles/.gitconfig create mode 100644 gitolite/dotfiles/.gitolite.rc create mode 100755 gitolite/dotfiles/local/triggers/push create mode 100644 gitolite/gitolite.conf create mode 100644 gitolite/sshd_config delete mode 100755 local/triggers/push diff --git a/conf/.gitconfig b/conf/.gitconfig deleted file mode 100644 index a998fec..0000000 --- a/conf/.gitconfig +++ /dev/null @@ -1,6 +0,0 @@ -[init] - defaultBranch = master -[user] - useConfigOnly = true - name = gitolite - email = gitolite diff --git a/conf/.gitolite.rc b/conf/.gitolite.rc deleted file mode 100644 index 25a5231..0000000 --- a/conf/.gitolite.rc +++ /dev/null @@ -1,206 +0,0 @@ -# configuration variables for gitolite - -# This file is in perl syntax. But you do NOT need to know perl to edit it -- -# just mind the commas, use single quotes unless you know what you're doing, -# and make sure the brackets and braces stay matched up! - -# (Tip: perl allows a comma after the last item in a list also!) - -# HELP for commands can be had by running the command with "-h". - -# HELP for all the other FEATURES can be found in the documentation (look for -# "list of non-core programs shipped with gitolite" in the master index) or -# directly in the corresponding source file. - -%RC = ( - - # ------------------------------------------------------------------ - - # default umask gives you perms of '0700'; see the rc file docs for - # how/why you might change this - UMASK => 0022, - - # look for "git-config" in the documentation - GIT_CONFIG_KEYS => 'gitweb.owner', - - # comment out if you don't need all the extra detail in the logfile - LOG_EXTRA => 1, - # logging options - # 1. leave this section as is for 'normal' gitolite logging (default) - # 2. uncomment this line to log ONLY to syslog: - # LOG_DEST => 'syslog', - # 3. uncomment this line to log to syslog and the normal gitolite log: - # LOG_DEST => 'syslog,normal', - # 4. prefixing "repo-log," to any of the above will **also** log just the - # update records to "gl-log" in the bare repo directory: - # LOG_DEST => 'repo-log,normal', - # LOG_DEST => 'repo-log,syslog', - # LOG_DEST => 'repo-log,syslog,normal', - # syslog 'facility': defaults to 'local0', uncomment if needed. For example: - # LOG_FACILITY => 'local4', - - # roles. add more roles (like MANAGER, TESTER, ...) here. - # WARNING: if you make changes to this hash, you MUST run 'gitolite - # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' - ROLES => { - CONTRIBUTORS => 1, - MAINTAINERS => 1, - }, - - # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! - # CACHE => 'Redis', - - # ------------------------------------------------------------------ - - # rc variables used by various features - - # the 'info' command prints this as additional info, if it is set - # SITE_INFO => 'Please see http://blahblah/gitolite for more help', - - # the CpuTime feature uses these - # display user, system, and elapsed times to user after each git operation - # DISPLAY_CPU_TIME => 1, - # display a warning if total CPU times (u, s, cu, cs) crosses this limit - # CPU_TIME_WARN_LIMIT => 0.1, - - # the Mirroring feature needs this - # HOSTNAME => "foo", - - # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! - # CACHE_TTL => 600, - - # ------------------------------------------------------------------ - - # suggested locations for site-local gitolite code (see cust.html) - - # this one is managed directly on the server - # LOCAL_CODE => "$ENV{HOME}/local", - - # or you can use this, which lets you put everything in a subdirectory - # called "local" in your gitolite-admin repo. For a SECURITY WARNING - # on this, see http://gitolite.com/gitolite/non-core.html#pushcode - LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", - - # ------------------------------------------------------------------ - - # List of commands and features to enable - - POST_GIT => [ - 'push', - ], - - ENABLE => [ - - # COMMANDS - - # These are the commands enabled by default - 'help', - 'desc', - 'info', - 'perms', - #'writable', - - # Uncomment or add new commands here. - # 'create', - # 'fork', - # 'mirror', - # 'readme', - # 'sskm', - 'D', - - # These FEATURES are enabled by default. - - # essential (unless you're using smart-http mode) - 'ssh-authkeys', - - # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz' - 'git-config', - - # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out - #'daemon', - - # creates projects.list file; if you don't use gitweb, comment this out - #'gitweb', - - # These FEATURES are disabled by default; uncomment to enable. If you - # need to add new ones, ask on the mailing list :-) - - # user-visible behaviour - - # prevent wild repos auto-create on fetch/clone - # 'no-create-on-read', - # no auto-create at all (don't forget to enable the 'create' command!) - # 'no-auto-create', - - # access a repo by another (possibly legacy) name - # 'Alias', - - # give some users direct shell access. See documentation in - # sts.html for details on the following two choices. - # "Shell $ENV{HOME}/.gitolite.shell-users", - # 'Shell alice bob', - - # set default roles from lines like 'option default.roles-1 = ...', etc. - # 'set-default-roles', - - # show more detailed messages on deny - # 'expand-deny-messages', - - # show a message of the day - # 'Motd', - - # system admin stuff - - # enable mirroring (don't forget to set the HOSTNAME too!) - # 'Mirroring', - - # allow people to submit pub files with more than one key in them - # 'ssh-authkeys-split', - - # selective read control hack - # 'partial-copy', - - # manage local, gitolite-controlled, copies of read-only upstream repos - # 'upstream', - - # updates 'description' file instead of 'gitweb.description' config item - 'cgit', - - # allow repo-specific hooks to be added - # 'repo-specific-hooks', - - # performance, logging, monitoring... - - # be nice - # 'renice 10', - - # log CPU times (user, system, cumulative user, cumulative system) - # 'CpuTime', - - # syntactic_sugar for gitolite.conf and included files - - # allow backslash-escaped continuation lines in gitolite.conf - # 'continuation-lines', - - # create implicit user groups from directory names in keydir/ - # 'keysubdirs-as-groups', - - # allow simple line-oriented macros - # 'macros', - - # Kindergarten mode - - # disallow various things that sensible people shouldn't be doing anyway - # 'Kindergarten', - ], - -); - -# ------------------------------------------------------------------------------ -# per perl rules, this should be the last line in such a file: -1; - -# Local variables: -# mode: perl -# End: -# vim: set syn=perl: diff --git a/conf/gitolite.conf b/conf/gitolite.conf deleted file mode 100644 index a1602d0..0000000 --- a/conf/gitolite.conf +++ /dev/null @@ -1,12 +0,0 @@ -@administrators = admin - -repo gitolite-admin - RW+ = @administrators - -repo CREATOR/..* - C = @all - RW+ = CREATOR MAINTAINERS - RW+ contrib/USER/ = CONTRIBUTORS - R = @all - - config gitweb.owner = %GL_CREATOR diff --git a/docker/sshd_config b/docker/sshd_config deleted file mode 100644 index efc0c52..0000000 --- a/docker/sshd_config +++ /dev/null @@ -1,22 +0,0 @@ -Port 22 - -HostKey /hostkeys/etc/ssh/ssh_host_rsa_key -HostKey /hostkeys/etc/ssh/ssh_host_ecdsa_key -HostKey /hostkeys/etc/ssh/ssh_host_ed25519_key - -# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 -# but this is overridden so installations will only check .ssh/authorized_keys -AuthorizedKeysFile .ssh/authorized_keys - -UsePAM yes -PermitRootLogin no -PasswordAuthentication no -KbdInteractiveAuthentication no -AllowAgentForwarding no -AllowTcpForwarding no -GatewayPorts no -X11Forwarding no -PermitTTY no -PrintLastLog no -PermitUserEnvironment no -PermitTunnel no diff --git a/gitolite/dotfiles/.gitconfig b/gitolite/dotfiles/.gitconfig new file mode 100644 index 0000000..a998fec --- /dev/null +++ b/gitolite/dotfiles/.gitconfig @@ -0,0 +1,6 @@ +[init] + defaultBranch = master +[user] + useConfigOnly = true + name = gitolite + email = gitolite diff --git a/gitolite/dotfiles/.gitolite.rc b/gitolite/dotfiles/.gitolite.rc new file mode 100644 index 0000000..25a5231 --- /dev/null +++ b/gitolite/dotfiles/.gitolite.rc @@ -0,0 +1,206 @@ +# configuration variables for gitolite + +# This file is in perl syntax. But you do NOT need to know perl to edit it -- +# just mind the commas, use single quotes unless you know what you're doing, +# and make sure the brackets and braces stay matched up! + +# (Tip: perl allows a comma after the last item in a list also!) + +# HELP for commands can be had by running the command with "-h". + +# HELP for all the other FEATURES can be found in the documentation (look for +# "list of non-core programs shipped with gitolite" in the master index) or +# directly in the corresponding source file. + +%RC = ( + + # ------------------------------------------------------------------ + + # default umask gives you perms of '0700'; see the rc file docs for + # how/why you might change this + UMASK => 0022, + + # look for "git-config" in the documentation + GIT_CONFIG_KEYS => 'gitweb.owner', + + # comment out if you don't need all the extra detail in the logfile + LOG_EXTRA => 1, + # logging options + # 1. leave this section as is for 'normal' gitolite logging (default) + # 2. uncomment this line to log ONLY to syslog: + # LOG_DEST => 'syslog', + # 3. uncomment this line to log to syslog and the normal gitolite log: + # LOG_DEST => 'syslog,normal', + # 4. prefixing "repo-log," to any of the above will **also** log just the + # update records to "gl-log" in the bare repo directory: + # LOG_DEST => 'repo-log,normal', + # LOG_DEST => 'repo-log,syslog', + # LOG_DEST => 'repo-log,syslog,normal', + # syslog 'facility': defaults to 'local0', uncomment if needed. For example: + # LOG_FACILITY => 'local4', + + # roles. add more roles (like MANAGER, TESTER, ...) here. + # WARNING: if you make changes to this hash, you MUST run 'gitolite + # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE' + ROLES => { + CONTRIBUTORS => 1, + MAINTAINERS => 1, + }, + + # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!! + # CACHE => 'Redis', + + # ------------------------------------------------------------------ + + # rc variables used by various features + + # the 'info' command prints this as additional info, if it is set + # SITE_INFO => 'Please see http://blahblah/gitolite for more help', + + # the CpuTime feature uses these + # display user, system, and elapsed times to user after each git operation + # DISPLAY_CPU_TIME => 1, + # display a warning if total CPU times (u, s, cu, cs) crosses this limit + # CPU_TIME_WARN_LIMIT => 0.1, + + # the Mirroring feature needs this + # HOSTNAME => "foo", + + # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING! + # CACHE_TTL => 600, + + # ------------------------------------------------------------------ + + # suggested locations for site-local gitolite code (see cust.html) + + # this one is managed directly on the server + # LOCAL_CODE => "$ENV{HOME}/local", + + # or you can use this, which lets you put everything in a subdirectory + # called "local" in your gitolite-admin repo. For a SECURITY WARNING + # on this, see http://gitolite.com/gitolite/non-core.html#pushcode + LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local", + + # ------------------------------------------------------------------ + + # List of commands and features to enable + + POST_GIT => [ + 'push', + ], + + ENABLE => [ + + # COMMANDS + + # These are the commands enabled by default + 'help', + 'desc', + 'info', + 'perms', + #'writable', + + # Uncomment or add new commands here. + # 'create', + # 'fork', + # 'mirror', + # 'readme', + # 'sskm', + 'D', + + # These FEATURES are enabled by default. + + # essential (unless you're using smart-http mode) + 'ssh-authkeys', + + # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz' + 'git-config', + + # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out + #'daemon', + + # creates projects.list file; if you don't use gitweb, comment this out + #'gitweb', + + # These FEATURES are disabled by default; uncomment to enable. If you + # need to add new ones, ask on the mailing list :-) + + # user-visible behaviour + + # prevent wild repos auto-create on fetch/clone + # 'no-create-on-read', + # no auto-create at all (don't forget to enable the 'create' command!) + # 'no-auto-create', + + # access a repo by another (possibly legacy) name + # 'Alias', + + # give some users direct shell access. See documentation in + # sts.html for details on the following two choices. + # "Shell $ENV{HOME}/.gitolite.shell-users", + # 'Shell alice bob', + + # set default roles from lines like 'option default.roles-1 = ...', etc. + # 'set-default-roles', + + # show more detailed messages on deny + # 'expand-deny-messages', + + # show a message of the day + # 'Motd', + + # system admin stuff + + # enable mirroring (don't forget to set the HOSTNAME too!) + # 'Mirroring', + + # allow people to submit pub files with more than one key in them + # 'ssh-authkeys-split', + + # selective read control hack + # 'partial-copy', + + # manage local, gitolite-controlled, copies of read-only upstream repos + # 'upstream', + + # updates 'description' file instead of 'gitweb.description' config item + 'cgit', + + # allow repo-specific hooks to be added + # 'repo-specific-hooks', + + # performance, logging, monitoring... + + # be nice + # 'renice 10', + + # log CPU times (user, system, cumulative user, cumulative system) + # 'CpuTime', + + # syntactic_sugar for gitolite.conf and included files + + # allow backslash-escaped continuation lines in gitolite.conf + # 'continuation-lines', + + # create implicit user groups from directory names in keydir/ + # 'keysubdirs-as-groups', + + # allow simple line-oriented macros + # 'macros', + + # Kindergarten mode + + # disallow various things that sensible people shouldn't be doing anyway + # 'Kindergarten', + ], + +); + +# ------------------------------------------------------------------------------ +# per perl rules, this should be the last line in such a file: +1; + +# Local variables: +# mode: perl +# End: +# vim: set syn=perl: diff --git a/gitolite/dotfiles/local/triggers/push b/gitolite/dotfiles/local/triggers/push new file mode 100755 index 0000000..7a3cb56 --- /dev/null +++ b/gitolite/dotfiles/local/triggers/push @@ -0,0 +1,18 @@ +#!/bin/sh + +[ "$4" = "W" ] || exit 0 + +cd "$GL_REPO_BASE/$2.git" +head=$(git symbolic-ref HEAD) + +if ! [ -f "$head" ]; then + set -- refs/heads/* + if [ "$#" -eq 1 ]; then + git symbolic-ref HEAD "$1" + echo "NOTICE: Default branch set to $1" >&2 + else + echo "WARNING: The default branch is $head, but no such branch exists" >&2 + fi +fi + +git log -1 --all --date-order --format=%ci >agefile diff --git a/gitolite/gitolite.conf b/gitolite/gitolite.conf new file mode 100644 index 0000000..a1602d0 --- /dev/null +++ b/gitolite/gitolite.conf @@ -0,0 +1,12 @@ +@administrators = admin + +repo gitolite-admin + RW+ = @administrators + +repo CREATOR/..* + C = @all + RW+ = CREATOR MAINTAINERS + RW+ contrib/USER/ = CONTRIBUTORS + R = @all + + config gitweb.owner = %GL_CREATOR diff --git a/gitolite/sshd_config b/gitolite/sshd_config new file mode 100644 index 0000000..efc0c52 --- /dev/null +++ b/gitolite/sshd_config @@ -0,0 +1,22 @@ +Port 22 + +HostKey /hostkeys/etc/ssh/ssh_host_rsa_key +HostKey /hostkeys/etc/ssh/ssh_host_ecdsa_key +HostKey /hostkeys/etc/ssh/ssh_host_ed25519_key + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +UsePAM yes +PermitRootLogin no +PasswordAuthentication no +KbdInteractiveAuthentication no +AllowAgentForwarding no +AllowTcpForwarding no +GatewayPorts no +X11Forwarding no +PermitTTY no +PrintLastLog no +PermitUserEnvironment no +PermitTunnel no diff --git a/local/triggers/push b/local/triggers/push deleted file mode 100755 index 7a3cb56..0000000 --- a/local/triggers/push +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh - -[ "$4" = "W" ] || exit 0 - -cd "$GL_REPO_BASE/$2.git" -head=$(git symbolic-ref HEAD) - -if ! [ -f "$head" ]; then - set -- refs/heads/* - if [ "$#" -eq 1 ]; then - git symbolic-ref HEAD "$1" - echo "NOTICE: Default branch set to $1" >&2 - else - echo "WARNING: The default branch is $head, but no such branch exists" >&2 - fi -fi - -git log -1 --all --date-order --format=%ci >agefile -- cgit v1.2.3