NAME
gotsysd.conf —
gotsysd configuration file
DESCRIPTION
gotsysd.conf is the run-time configuration
file for gotsysd(8).
The file format is line-based, with one configuration directive
per line. Comments can be put anywhere in the file using a hash mark
(‘#’), and extend to the end of the current line. Arguments
names not beginning with a letter, digit or underscore, as well as reserved
words (such as listen,
repository or
user), must be quoted. Arguments containing
whitespace should be surrounded by double quotes (").
Macros can be defined that are later expanded in context. Macro names must start with a letter, digit, or underscore, and may contain any of those characters, but may not be reserved words. Macros are not expanded inside quotes. For example:
path = "/var/run/gotsysd.sock" listen on $path
GLOBAL CONFIGURATION
The available global configuration directives are as follows:
gotduseruser- The name of the gotd(8) user account. Defauls to “_gotd”. gotsysd(8) will switch to this user account as needed.
listen onpath- Set the path to the unix socket which gotsysd(8) should listen on. If not specified, the path /var/run/gotsysd.sock will be used.
permitidentity- Permit gotsysd(8) unix
socket access to users with the username identity.
Group names may be matched by prepending a colon (‘:’) to
identity. Numeric IDs are also accepted.
Multiple
permitrules can be specified.If no
permitrule is specified, the users root and _gotd are granted access by default. repositorydirectorypath- Set the path to the repository directory within which Git repositories
will be created and managed by gotsysd(8). This repository directory must be owned by and be
exclusively accessible to the gotd(8) user.
If not specified, the path /git will be used.
repositorydenyidentity- Deny repository access to users with the username
identity.
Access rules set in
gotsysd.confapply to all repositories and override conflicting per-repository access rules specified in gotsys.conf(5).Group names may be matched by prepending a colon (‘:’) to identity.
The special user identity “*” (an asterisk) can be used to match all users, including the “anonymous” user.
Multiple access rules can be specified, and the last matching rule determines the action taken. If no rule matches, the per-repository rules specified in gotsys.conf(5) will take effect.
repositorypermitmode identity- Permit repository access to users with the username
identity.
Access rules set in
gotsysd.confapply to all repositories and override conflicting per-repository access rules specified in gotsys.conf(5).The mode argument must be set to either
rofor read-only access, orrwfor read-write access. Group names may be matched by prepending a colon (‘:’) to identity.The special user identity “anonymous” can be used when public read-only access to repositories over SSH is desired. The anonymous user has an empty password, cannot use an SSH public key, and can only be granted read-only access.
The special user identity “*” (an asterisk) can be used to match all users, except the “anonymous” user. Read-only anonymous access must be enabled explicitly.
Multiple access rules can be specified, and the last matching rule determines the action taken. If no rule matches, the per-repository rules specified in gotsys.conf(5) will take effect.
uid rangestart end- Set the start and end (inclusive) of the range from which
gotsysd(8) will allocate
user and group IDs when creating user accounts specified in
gotsys.conf(5). The
start of this range must be greater than 1000 and
must be smaller than the end.
The default range is 5000 to 5999.
useruser- Set the user which will run gotsysd(8). Initially, gotsysd(8) requires root privileges. Afterwards, gotsysd(8) partly drops privileges to its own user and to the gotd(8) user. If not specified, the user _gotsysd will be used. Numeric user IDs are also accepted.
EXAMPLES
The following example shows default settings:
user _gotsysd gotd user _gotd listen on "/var/run/gotsysd.sock" repository directory "/git" uid range 5000 5999
Regardless of what gotsys.conf(5) says, allow the user account “backup-user” to read any repository:
repository permit ro backup-user
Regardless of what gotsys.conf(5) says, make all repositories read-only:
repository permit ro "*"
Regardless of what gotsys.conf(5) says, make all repositories inaccessible:
repository deny "*"