# paths and configuration variables for gitolite

# please read comments before editing

# this file is meant to be pulled into a perl program using "do" or "require".

# You do NOT need to know perl to edit the paths; it should be fairly

# self-explanatory and easy to maintain perl syntax :-)

# --------------------------------------

# Do not uncomment these values unless you know what you're doing

# $GL_PACKAGE_CONF = "";

# $GL_PACKAGE_HOOKS = "";

# --------------------------------------

# --------------------------------------

# this is where the repos go.  If you provide a relative path (not starting

# with "/"), it's relative to your $HOME.  You may want to put in something

# like "/bigdisk" or whatever if your $HOME is too small for the repos, for

# example

$REPO_BASE="/path/to/git/repositories/";

# the default umask for repositories is 0077; change this if you run stuff

# like gitweb and find it can't read the repos.  Please note the syntax;  the

# leading 0 is required

$REPO_UMASK = 0002;

# $REPO_UMASK = 0027;       # gets you 'rwxr-x---'

# $REPO_UMASK = 0022;       # gets you 'rwxr-xr-x'

# part of the setup of gitweb is a variable called $projects_list (please see

# gitweb documentation for more on this).  Set this to the same value:

$PROJECTS_LIST = $ENV{HOME} . "/projects.list";

# --------------------------------------

# I see no reason anyone may want to change the gitolite admin directory, but

# feel free to do so.  However, please note that it *must* be an *absolute*

# path (i.e., starting with a "/" character)

# gitolite admin directory, files, etc

$GL_ADMINDIR="/etc/gitolite";

# --------------------------------------

# templates for location of the log files and format of their names

# I prefer this template (note the %y and %m placeholders)

# it produces files like `~/.gitolite/logs/gitolite-2009-09.log`

$GL_LOGT="/var/log/gitolite/gitolite-%y-%m.log";

# other choices are below, or you can make your own -- but PLEASE MAKE SURE

# the directory exists and is writable; gitolite won't do that for you (unless

# it is the default, which is "$GL_ADMINDIR/logs")

# $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m-%d.log";

# $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y.log";

# --------------------------------------

# Please DO NOT change these three paths

$GL_CONF="$GL_ADMINDIR/conf/gitolite.conf";

$GL_KEYDIR="$GL_ADMINDIR/keydir";

$GL_CONF_COMPILED="$GL_ADMINDIR/conf/gitolite.conf-compiled.pm";

# --------------------------------------

# if git on your server is on a standard path (that is

#       ssh git@server git --version

# works), leave this setting as is.  Otherwise, choose one of the

# alternatives, or write your own

$GIT_PATH="";

# $GIT_PATH="/opt/bin/";

# --------------------------------------

# ----------------------------------------------------------------------

#                   BIG CONFIG SETTINGS

# Please read doc/big-config.mkd for details

$GL_BIG_CONFIG = 1;

$GL_NO_DAEMON_NO_GITWEB = 1;

$GL_NO_CREATE_REPOS = 1;

$GL_NO_SETUP_AUTHKEYS = 1;

# ----------------------------------------------------------------------

#                   SECURITY SENSITIVE SETTINGS

#

#       Settings below this point may have security implications.  That

#       usually means that I have not thought hard enough about all the

#       possible ways to crack security if these settings are enabled.

#       Please see details on each setting for specifics, if any.

# ----------------------------------------------------------------------

# --------------------------------------

# ALLOW REPO ADMIN TO SET GITCONFIG KEYS

#

# Gitolite allows you to set git repo options using the "config" keyword; see

# conf/example.conf for details and syntax.

#

# However, if you are in an installation where the repo admin does not (and

# should not) have shell access to the server, then allowing him to set

# arbitrary repo config options *may* be a security risk -- some config

# settings may allow executing arbitrary commands.

#

# You have 3 choices.  By default $GL_GITCONFIG_KEYS is left empty, which

# completely disables this feature (meaning you cannot set git configs from

# the repo config).

$GL_GITCONFIG_KEYS = "";

# The second choice is to give it a space separated list of settings you

# consider safe.  (These are actually treated as a set of regular expression

# patterns, and any one of them must match).  For example:

# $GL_GITCONFIG_KEYS = "core\.logAllRefUpdates core\..*compression";

# allows repo admins to set one of those 3 config keys (yes, that second

# pattern matches two settings from "man git-config", if you look)

#

# The third choice (which you may have guessed already if you're familiar with

# regular expressions) is to allow anything and everything:

# $GL_GITCONFIG_KEYS = ".*";

# --------------------------------------

# EXTERNAL COMMAND HELPER -- HTPASSWD

# security note: runs an external command (htpasswd) with specific arguments,

# including a user-chosen "password".

# if you want to enable the "htpasswd" command, give this the absolute path to

# whatever file apache (etc) expect to find the passwords in.

$HTPASSWD_FILE = "";

# Look in doc/3 ("easier to link gitweb authorisation with gitolite" section)

# for more details on using this feature.

# --------------------------------------

# EXTERNAL COMMAND HELPER -- RSYNC

# security note: runs an external command (rsync) with specific arguments, all

# presumably filled in correctly by the client-side rsync.

# base path of all the files that are accessible via rsync.  Must be an

# absolute path.  Leave it undefined or set to the empty string to disable the

# rsync helper.

$RSYNC_BASE = "";

# $RSYNC_BASE = "/home/git/up-down";

# $RSYNC_BASE = "/tmp/up-down";

# --------------------------------------

# EXTERNAL COMMAND HELPER -- SVNSERVE

# security note: runs an external command (svnserve) with specific arguments,

# as specified below. %u is substituted with the username.

# This setting allows launching svnserve when requested by the ssh client.

# This allows using the same SSH setup (hostname/username/public key) for both

# SVN and git access. Leave it undefined or set to the empty string to disable

# svnserve access.

$SVNSERVE = "";

# $SVNSERVE = "/usr/bin/svnserve -r /var/svn/ -t --tunnel-user=%u";

# --------------------------------------

# ALLOW REPO CONFIG TO USE WILDCARDS

# security note: this used to in a separate "wildrepos" branch.  You can

# create repositories based on wild cards, give "ownership" to the specific

# user who created it, allow him/her to hand out R and RW permissions to other

# users to collaborate, etc.  This is powerful stuff, and I've made it as

# secure as I can, but it hasn't had the kind of rigorous line-by-line

# analysis that the old "master" branch had.

# This has now been rolled into master, with all the functionality gated by

# this variable.  Set this to 1 if you want to enable the wildrepos features.

# Please see doc/4-wildcard-repositories.mkd for details.

$GL_WILDREPOS = 0;

# --------------------------------------

# DEFAULT WILDCARD PERMISSIONS

# If set, this value will be used as the default user-level permission rule of

# new wildcard repositories. The user can change this value with the setperms command

# as desired after repository creation; it is only a default. Note that @all can be

# used here but is special; no other groups can be used in user-level permissions.

# $GL_WILDREPOS_DEFPERMS = 'R = @all';

# --------------------------------------

# HOOK CHAINING

# by default, the update hook in every repo chains to "update.secondary".

# Similarly, the post-update hook in the admin repo chains to

# "post-update.secondary".  If you're fine with the defaults, there's no need

# to do anything here.  However, if you want to use different names or paths,

# change these variables

# $UPDATE_CHAINS_TO = "hooks/update.secondary";

# $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary";

# --------------------------------------

# ADMIN DEFINED COMMANDS

# WARNING: Use this feature only if (a) you really really know what you're

# doing or (b) you really don't care too much about security.  Please read

# doc/admin-defined-commands.mkd for details.

# $GL_ADC_PATH = "";

# --------------------------------------

# per perl rules, this should be the last line in such a file:

1;

# Local variables:

# mode: perl

# End:

# vim: set syn=perl: