README: Describe forks
[girocco.git] / Girocco / Config.pm
blob0eac97e298fe49062d015f6a9376a992bd8f680f
1 package Girocco::Config;
3 use strict;
4 use warnings;
7 ## Basic settings
9 # Name of the service
10 our $name = "GiroccoEx";
12 # Title of the service (as shown in gitweb)
13 our $title = "Example Girocco Hosting";
15 # Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
16 our $git_bin = '/usr/bin/git';
18 # E-mail of the site admin
19 our $admin = 'admin@example.org';
22 ## Feature knobs
24 # Enable mirroring mode if true
25 our $mirror = 1;
27 # Enable push mode if true
28 our $push = 1;
30 # Enable user management if true; this means the interface for registering
31 # user accounts and uploading SSH keys. This implies full chroot.
32 our $manage_users = 1;
34 # Enable the special 'mob' user if set to 'mob'
35 our $mob = "mob";
37 # Let users set admin passwords; if false, all password inputs are assumed empty.
38 # This will make new projects use empty passwords and all operations on them
39 # unrestricted, but you will be able to do no operations on previously created
40 # projects you have set a password on.
41 our $project_passwords = 1;
43 # How to determine project owner; 'email' adds a form item asking for their
44 # email contact, 'source' takes realname of owner of source repository if it
45 # is a local path (and empty string otherwise). 'source' is suitable in case
46 # the site operates only as mirror of purely local-filesystem repositories.
47 our $project_owners = 'email';
49 # Which project fields to make editable, out of 'shortdesc', 'homepage',
50 # 'README', 'notifymail', 'notifyjson', 'notifycia'. (This is currently
51 # soft restriction - form fields aren't used, but manually injected values
52 # *are* used. Submit a patch if that's an issue for you.)
53 our @project_fields = qw(homepage shortdesc README notifymail notifyjson notifycia);
55 # Minimal number of seconds to pass between two updates of a project.
56 our $min_mirror_interval = 3600; # 1 hour
58 # Minimal number of seconds to pass between two garbage collections of a project.
59 our $min_gc_interval = 604800; # 1 week
62 ## Paths
64 # Path where the main chunk of Girocco files will be installed
65 # This will get COMPLETELY OVERWRITTEN by each make install!!!
66 our $basedir = '/home/repo/repomgr';
68 # The repository collection
69 our $reporoot = "/srv/git";
71 # The chroot for ssh pushing; location for project database and other run-time
72 # data even in non-chroot setups
73 our $chroot = "/home/repo/j";
75 # The gitweb files web directory (corresponds to $gitwebfiles)
76 our $webroot = "/home/repo/WWW";
78 # The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
79 our $cgiroot = "/home/repo/WWW";
81 # A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
82 our $webreporoot = "/home/repo/WWW/r";
85 ## URL addresses
87 # URL of the gitweb.cgi script (must be in pathinfo mode)
88 our $gitweburl = "http://repo.or.cz/w";
90 # URL of the extra gitweb files (CSS, .js files, images, ...)
91 our $gitwebfiles = "http://repo.or.cz";
93 # URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
94 our $webadmurl = "http://repo.or.cz";
96 # URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
97 our $htmlurl = "http://repo.or.cz/h";
99 # HTTP URL of the repository collection (undef if N/A)
100 our $httppullurl = "http://repo.or.cz/r";
102 # Git URL of the repository collection (undef if N/A)
103 # (You need to set up git-daemon on your system, and Girocco will not
104 # do this particular thing for you.)
105 our $gitpullurl = "git://repo.or.cz";
107 # Pushy URL of the repository collection (undef if N/A)
108 our $pushurl = "ssh://repo.or.cz/srv/git";
110 # URL of gitweb of this Girocco instance (set to undef if you're not nice
111 # to the community)
112 our $giroccourl = "$Girocco::Config::gitweburl/girocco.git";
115 ## Some templating settings
117 # Legal warning (on reguser and regproj pages)
118 our $legalese = <<EOT;
119 <p>By submitting this form, you are confirming that you will mirror or push
120 only what we can store and show to anyone else who can visit this site without
121 breaking any law, and that you will be nice to all small furry animals.
122 <sup><a href="$Girocco::Config::htmlurl/about.html">(more details)</a></sup>
123 </p>
126 # Pre-configured mirror sources (set to undef for none)
127 # Arrayref of name - record pairs, the record has these attributes:
128 # label: The label of this source
129 # url: The template URL; %1, %2, ... will be substituted for inputs
130 # desc: Optional VERY short description
131 # link: Optional URL to make the desc point at
132 # inputs: Arrayref of hashref input records:
133 # label: Label of input record
134 # suffix: Optional suffix
135 # If the inputs arrayref is undef, single URL input is shown,
136 # pre-filled with url (probably empty string).
137 our $mirror_sources = [
139 label => 'Anywhere',
140 url => '',
141 desc => 'Any HTTP/Git/rsync pull URL - bring it on!',
142 inputs => undef
145 label => 'GitHub',
146 url => 'git://github.com/%1/%2.git',
147 desc => 'GitHub Social Code Hosting',
148 link => 'http://github.com/',
149 inputs => [ { label => 'User:' }, { label => 'Project:', suffix => '.git' } ]
152 label => 'Gitorious',
153 url => 'git://gitorious.org/%1/%2.git',
154 desc => 'Green and Orange Boxes',
155 link => 'http://gitorious.org/',
156 inputs => [ { label => 'Project:' }, { label => 'Repository:', suffix => '.git' } ]
160 # You can customize the gitweb interface widely by editing
161 # gitweb/gitweb_config.perl
164 ## Permission settings
166 # Note that if you are going to need the fixup root cronjob
167 # ($chrooted and $permission_control eq 'Group'), you need to update
168 # the settings in jobs/fixup.sh as well.
170 # Girocco needs some way to manipulate write permissions to various parts of
171 # all repositories; this concerns three entities:
172 # - www-data: the web interface needs to be able to rewrite few files within
173 # the repository
174 # - repo: a user designated for cronjobs; handles mirroring and repacking;
175 # this one is optional if not $mirror
176 # - others: the designated users that are supposed to be able to push; they
177 # may have account either within chroot, or outside of it
179 # There are several ways how to use Girocco based on a combination of the
180 # following settings.
182 # (Non-chroot) UNIX user the CGI scripts run on; note that if some non-related
183 # untrusted CGI scripts run on this account too, that can be a big security
184 # problem and you'll probably need to set up suexec (poor you).
185 our $cgi_user = 'www-data';
187 # (Non-chroot) UNIX user performing mirroring jobs; this is the user who
188 # should run all the daemons and cronjobs (except the fixup cronjob) and
189 # the user who should be running make install (if not root).
190 our $mirror_user = 'repo';
192 # (Non-chroot) UNIX group owning the repositories by default; it owns whole
193 # mirror repositories and at least web-writable metadata of push repositories.
194 # If you undefine this, all the data will become WORLD-WRITABLE.
195 # Both $cgi_user and $mirror_user should be members of this group!
196 our $owning_group = 'repo';
198 # Whether to use chroot jail for pushing; this must be always the same
199 # as $manage_users.
200 # TODO: Gitosis support for $manage_users and not $chrooted?
201 our $chrooted = $manage_users;
203 # How to control permissions of push-writable data in push repositories:
204 # * 'Group' for the traditional model: The $chroot/etc/group project database
205 # file is used as the UNIX group(5) file; the directories have gid appropriate
206 # for the particular repository and are group-writable. This works only if
207 # $chrooted so that users are put in the proper groups on login. This requires
208 # you also to set up the very crude fixup.sh cronjob for root.
209 # * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
210 # listing the users with push permissions. This works for both chroot and
211 # non-chroot setups, however it requires ACL support within the filesystem.
212 # This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
213 # * 'Hooks' for a relaxed model: The directories are world-writable and push
214 # permission control is purely hook-driven. This is INSECURE and works only
215 # when you trust all your users; on the other hand, the attack vectors are
216 # mostly just DoS or fully-traceable tinkering.
217 our $permission_control = 'Group';
220 # Couple of sanity checks
221 ($mirror or $push) or die "Girocco::Config: neither \$mirror or \$push is set?!";
222 (not $push or ($pushurl or $gitpullurl or $httppullurl)) or die "Girocco::Config: no pull URL is set";
223 (not $push or $pushurl) or die "Girocco::Config: \$push set but \$pushurl is undef";
224 (not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
225 ($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
226 (not $chrooted or $permission_control ne 'ACL') or die "Girocco::Config: resolving uids for ACL not supported when using chroot";
227 (grep { $permission_control eq $_ } qw(Group Hooks)) or die "Girocco::Config: \$permission_control must be set to Group or Hooks";
228 ($chrooted or not $mob) or die "Girocco::Config: mob user supported only in the chrooted mode";