| # paths and configuration variables for gitolite |
|
|
| # please read comments before editing |
|
|
| # this file is meant to be pulled into a perl program using "do" or "require". |
|
|
| # You do NOT need to know perl to edit the paths; it should be fairly |
| # self-explanatory and easy to maintain perl syntax :-) |
|
|
| # -------------------------------------- |
| # Do not uncomment these values unless you know what you're doing |
| # $GL_PACKAGE_CONF = ""; |
| # $GL_PACKAGE_HOOKS = ""; |
|
|
| # -------------------------------------- |
|
|
| # -------------------------------------- |
|
|
| # this is where the repos go. If you provide a relative path (not starting |
| # with "/"), it's relative to your $HOME. You may want to put in something |
| # like "/bigdisk" or whatever if your $HOME is too small for the repos, for |
| # example |
|
|
| $REPO_BASE="/path/to/git/repositories/"; |
|
|
| # the default umask for repositories is 0077; change this if you run stuff |
| # like gitweb and find it can't read the repos. Please note the syntax; the |
| # leading 0 is required |
|
|
| $REPO_UMASK = 0002; |
| # $REPO_UMASK = 0027; # gets you 'rwxr-x---' |
| # $REPO_UMASK = 0022; # gets you 'rwxr-xr-x' |
|
|
| # part of the setup of gitweb is a variable called $projects_list (please see |
| # gitweb documentation for more on this). Set this to the same value: |
|
|
| $PROJECTS_LIST = $ENV{HOME} . "/projects.list"; |
|
|
| # -------------------------------------- |
|
|
| # I see no reason anyone may want to change the gitolite admin directory, but |
| # feel free to do so. However, please note that it *must* be an *absolute* |
| # path (i.e., starting with a "/" character) |
|
|
| # gitolite admin directory, files, etc |
|
|
| $GL_ADMINDIR="/etc/gitolite"; |
|
|
| # -------------------------------------- |
|
|
| # templates for location of the log files and format of their names |
|
|
| # I prefer this template (note the %y and %m placeholders) |
| # it produces files like `~/.gitolite/logs/gitolite-2009-09.log` |
|
|
| $GL_LOGT="/var/log/gitolite/gitolite-%y-%m.log"; |
|
|
| # other choices are below, or you can make your own -- but PLEASE MAKE SURE |
| # the directory exists and is writable; gitolite won't do that for you (unless |
| # it is the default, which is "$GL_ADMINDIR/logs") |
|
|
| # $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y-%m-%d.log"; |
| # $GL_LOGT="$GL_ADMINDIR/logs/gitolite-%y.log"; |
|
|
| # -------------------------------------- |
|
|
| # Please DO NOT change these three paths |
|
|
| $GL_CONF="$GL_ADMINDIR/conf/gitolite.conf"; |
| $GL_KEYDIR="$GL_ADMINDIR/keydir"; |
| $GL_CONF_COMPILED="$GL_ADMINDIR/conf/gitolite.conf-compiled.pm"; |
|
|
| # -------------------------------------- |
|
|
| # if git on your server is on a standard path (that is |
| # ssh git@server git --version |
| # works), leave this setting as is. Otherwise, choose one of the |
| # alternatives, or write your own |
|
|
| $GIT_PATH=""; |
| # $GIT_PATH="/opt/bin/"; |
|
|
| # -------------------------------------- |
|
|
| # ---------------------------------------------------------------------- |
| # BIG CONFIG SETTINGS |
|
|
| # Please read doc/big-config.mkd for details |
|
|
| $GL_BIG_CONFIG = 1; |
| $GL_NO_DAEMON_NO_GITWEB = 1; |
| $GL_NO_CREATE_REPOS = 1; |
| $GL_NO_SETUP_AUTHKEYS = 1; |
|
|
| |
| # ---------------------------------------------------------------------- |
| # SECURITY SENSITIVE SETTINGS |
| # |
| # Settings below this point may have security implications. That |
| # usually means that I have not thought hard enough about all the |
| # possible ways to crack security if these settings are enabled. |
|
|
| # Please see details on each setting for specifics, if any. |
| # ---------------------------------------------------------------------- |
|
|
| |
| |
| # -------------------------------------- |
| # ALLOW REPO ADMIN TO SET GITCONFIG KEYS |
| # |
| # Gitolite allows you to set git repo options using the "config" keyword; see |
| # conf/example.conf for details and syntax. |
| # |
| # However, if you are in an installation where the repo admin does not (and |
| # should not) have shell access to the server, then allowing him to set |
| # arbitrary repo config options *may* be a security risk -- some config |
| # settings may allow executing arbitrary commands. |
| # |
| # You have 3 choices. By default $GL_GITCONFIG_KEYS is left empty, which |
| # completely disables this feature (meaning you cannot set git configs from |
| # the repo config). |
|
|
| $GL_GITCONFIG_KEYS = ""; |
|
|
| # The second choice is to give it a space separated list of settings you |
| # consider safe. (These are actually treated as a set of regular expression |
| # patterns, and any one of them must match). For example: |
| # $GL_GITCONFIG_KEYS = "core\.logAllRefUpdates core\..*compression"; |
| # allows repo admins to set one of those 3 config keys (yes, that second |
| # pattern matches two settings from "man git-config", if you look) |
| # |
| # The third choice (which you may have guessed already if you're familiar with |
| # regular expressions) is to allow anything and everything: |
| # $GL_GITCONFIG_KEYS = ".*"; |
|
|
| # -------------------------------------- |
| # EXTERNAL COMMAND HELPER -- HTPASSWD |
|
|
| # security note: runs an external command (htpasswd) with specific arguments, |
| # including a user-chosen "password". |
|
|
| # if you want to enable the "htpasswd" command, give this the absolute path to |
| # whatever file apache (etc) expect to find the passwords in. |
|
|
| $HTPASSWD_FILE = ""; |
|
|
| # Look in doc/3 ("easier to link gitweb authorisation with gitolite" section) |
| # for more details on using this feature. |
|
|
| # -------------------------------------- |
| # EXTERNAL COMMAND HELPER -- RSYNC |
|
|
| # security note: runs an external command (rsync) with specific arguments, all |
| # presumably filled in correctly by the client-side rsync. |
|
|
| # base path of all the files that are accessible via rsync. Must be an |
| # absolute path. Leave it undefined or set to the empty string to disable the |
| # rsync helper. |
|
|
| $RSYNC_BASE = ""; |
|
|
| # $RSYNC_BASE = "/home/git/up-down"; |
| # $RSYNC_BASE = "/tmp/up-down"; |
|
|
| # -------------------------------------- |
| # EXTERNAL COMMAND HELPER -- SVNSERVE |
|
|
| # security note: runs an external command (svnserve) with specific arguments, |
| # as specified below. %u is substituted with the username. |
|
|
| # This setting allows launching svnserve when requested by the ssh client. |
| # This allows using the same SSH setup (hostname/username/public key) for both |
| # SVN and git access. Leave it undefined or set to the empty string to disable |
| # svnserve access. |
|
|
| $SVNSERVE = ""; |
| # $SVNSERVE = "/usr/bin/svnserve -r /var/svn/ -t --tunnel-user=%u"; |
|
|
| # -------------------------------------- |
| # ALLOW REPO CONFIG TO USE WILDCARDS |
|
|
| # security note: this used to in a separate "wildrepos" branch. You can |
| # create repositories based on wild cards, give "ownership" to the specific |
| # user who created it, allow him/her to hand out R and RW permissions to other |
| # users to collaborate, etc. This is powerful stuff, and I've made it as |
| # secure as I can, but it hasn't had the kind of rigorous line-by-line |
| # analysis that the old "master" branch had. |
|
|
| # This has now been rolled into master, with all the functionality gated by |
| # this variable. Set this to 1 if you want to enable the wildrepos features. |
| # Please see doc/4-wildcard-repositories.mkd for details. |
|
|
| $GL_WILDREPOS = 0; |
|
|
| # -------------------------------------- |
| # DEFAULT WILDCARD PERMISSIONS |
|
|
| # If set, this value will be used as the default user-level permission rule of |
| # new wildcard repositories. The user can change this value with the setperms command |
| # as desired after repository creation; it is only a default. Note that @all can be |
| # used here but is special; no other groups can be used in user-level permissions. |
|
|
| # $GL_WILDREPOS_DEFPERMS = 'R = @all'; |
|
|
| # -------------------------------------- |
| # HOOK CHAINING |
|
|
| # by default, the update hook in every repo chains to "update.secondary". |
| # Similarly, the post-update hook in the admin repo chains to |
| # "post-update.secondary". If you're fine with the defaults, there's no need |
| # to do anything here. However, if you want to use different names or paths, |
| # change these variables |
|
|
| # $UPDATE_CHAINS_TO = "hooks/update.secondary"; |
| # $ADMIN_POST_UPDATE_CHAINS_TO = "hooks/post-update.secondary"; |
|
|
| # -------------------------------------- |
| # ADMIN DEFINED COMMANDS |
|
|
| # WARNING: Use this feature only if (a) you really really know what you're |
| # doing or (b) you really don't care too much about security. Please read |
| # doc/admin-defined-commands.mkd for details. |
|
|
| # $GL_ADC_PATH = ""; |
|
|
| # -------------------------------------- |
| # per perl rules, this should be the last line in such a file: |
| 1; |
|
|
| # Local variables: |
| # mode: perl |
| # End: |
| # vim: set syn=perl: |