From d489b4438ded736c61a7dadeb87a6bd90ea53b50 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sat, 16 Dec 2023 06:00:25 -0500
Subject: gitolite: Create separate config for normalmode repository semantics

The previous content of gitolite.conf defined the standard access rules
for normalmode.  These are now moved to a new file which will be baked
into the gitolite docker image and not managed by the gitolite-admin
repository.

This will allow for easier management of the normalmode rules via this
git repository (aka, part of the normalmode distribution) and prevent
the need for user intervention and to stomp on gitolite-admin to adopt
new updates.  The goal is to give users nearly complete ownership of
their gitolite.conf file.

Added to the gitolite.conf template is a definition for a new @creators
group.  The normalmode rules are updated to permit only users from this
group to create and own new wildcard repositories.  This allows creating
new users which can only contribute to other's repos (as either a
MAINTAINER or CONTRIBUTOR), or access private repos.

As alluded by the previous paragraph, administrators may define private
repos within gitolite using normalmode.  This is done by manually
configuring them in gitolite.conf.  This use-case has always been
possible, but has only recently been tested to confirm that the access
restrictions are compatible with the rest of normalmode's operations.
(aka: Nothing is leaked via cgit, and the normalmode access rules don't
break anything).  Easing this use-case is another reason for the clean
separation of config files.

Signed-off-by: Malfurious <m@lfurio.us>
---
 gitolite/dotfiles/gl_normalmode.conf | 10 ++++++++++
 gitolite/gitolite.conf               | 12 ++----------
 2 files changed, 12 insertions(+), 10 deletions(-)
 create mode 100644 gitolite/dotfiles/gl_normalmode.conf

diff --git a/gitolite/dotfiles/gl_normalmode.conf b/gitolite/dotfiles/gl_normalmode.conf
new file mode 100644
index 0000000..2589d2a
--- /dev/null
+++ b/gitolite/dotfiles/gl_normalmode.conf
@@ -0,0 +1,10 @@
+repo gitolite-admin @all
+    RW+                 =   @administrators
+
+repo CREATOR/..*
+    C                   =   @creators
+    RW+                 =   CREATOR MAINTAINERS
+    RW+ contrib/USER/   =   CONTRIBUTORS
+    R                   =   @all
+
+    config gitweb.owner =   %GL_CREATOR
diff --git a/gitolite/gitolite.conf b/gitolite/gitolite.conf
index 89eb558..7e1e73b 100644
--- a/gitolite/gitolite.conf
+++ b/gitolite/gitolite.conf
@@ -1,12 +1,4 @@
 @administrators         =   %ADMIN
+@creators               =   @administrators
 
-repo gitolite-admin
-    RW+                 =   @administrators
-
-repo CREATOR/..*
-    C                   =   @all
-    RW+                 =   CREATOR MAINTAINERS
-    RW+ contrib/USER/   =   CONTRIBUTORS
-    R                   =   @all
-
-    config gitweb.owner =   %GL_CREATOR
+include "/git/gl_normalmode.conf"
-- 
cgit v1.2.3