summaryrefslogtreecommitdiff
path: root/images/git/gitolite
diff options
context:
space:
mode:
Diffstat (limited to 'images/git/gitolite')
-rw-r--r--images/git/gitolite/admin.pub1
-rw-r--r--images/git/gitolite/generate_certs.sh7
-rw-r--r--images/git/gitolite/gitolite.rc204
-rw-r--r--images/git/gitolite/sshd_config55
4 files changed, 267 insertions, 0 deletions
diff --git a/images/git/gitolite/admin.pub b/images/git/gitolite/admin.pub
new file mode 100644
index 0000000..cd1e155
--- /dev/null
+++ b/images/git/gitolite/admin.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDuNResYJNUNlReRIxPMMnI3hAaW5dNs3E2qoeqHsU/nwnL+czVKOkHnG8gQaKSN7q0wVP3o3ozSsGHdYBJ0YrAYMccOPGkPJ6Aua/7LBkxTc1bVbGrPAEVDYfvNKTU0KjbOfUt6bAbtx1KzbzttBHRR14AxHSUH3ELja6a1foATQWyArLmykmo8aFp75n9+b8XVkmtVtSB0VFibMGwLekNgTD1zOZfzqjxD2EQop279Y8s9kfadpxznONLBNgNUZEzkk++MTh2a6OXW4WA2+dH8WaG2hwjghYbqSDlYe9yjyxhRS0ZtUuVlxlMlTsn0MIt/fYlYNSJts4I11ehBQFkzWUv/i/BgKFKX2M1A5fZTI9emlKJ/Iz3EyXNg1VNc/8iCVaWMpKUbT8Hao8qvwihoZegyVZRmCbUDyxVpjy2Qyl3/dl8mjsYbzYK6CyLo198rCeSrYlF7c81KikPmNuibzSL0UHvA94HK7hVWfu+iZKPZOYVdIle25+hZcL+s7GROy5iGWA9qwgaqXShbqhyyg/lXCY8MdyDBdomWrdk9SvQ0hbNLwSrNlcHAoO3H8/HRcoW4/faiFsm8SFF4RnsIYfVNKCUYlf4kspbHUxUWuEMtOxpo/uu3Zs7hI+TQL9FKwrLRgnu72sx0Y1o4PIGHUldSgzoYAxL+EaF3qgYhoOyiVFa5IRioaG9FRFJ1hboq+0XxQXYzJ8z9CrRa/Gxrp/Etqdevm8IjuOWelDAR4UPgeQsvjHvZVxLOGay8wBtA0/My9meouPDn7jzPjfFUcmdB99PM/PfrqJBC+WdldEfURrAeax6b2LidFl3bN4BLGwK0BlPybjgj7jm1THMnnM4F7BmhzA8MN1tmcEIiZSbW3lRjMxTikGkhvq1NbMp/k6ZmMkwJcwORSJRVdji3wYOuQxl2/u+Ey2NtBXyA5TomPvkWR/h9us+2/8WOxVlpjs6PtYEguehLbuqPWANM1FG9ngAMc1yGMp9YXPKQn+xVvOssOK6VoAu57q9zHJ5GQe8Pm6+2Qpq7hWRDkxIfnDGAeLDIlHa4JunX+okSCH14fx2PpwRfQ1UUhp5wnDtcAfkWGmq82HQknAigNWih5LqPthfjMuhUUcgYsciWYFKZbum4/yecfXUUx9SlcAwVrEZ+kwvNw1UsjrRtITsCBaBlSDpioyXYmJ6ldxUOKZiqAvAKeB0zRF3xpALWZuADh22BzWaNeLL8Gw5uR9TV7PGQ9wpd07SRsdabqLtYqg2P0/t+zPlKHNkL80vZjmuYJeHZ6Zmv3K4PsKEsHG3nXcA8PUI09IfvBbUnzlUb46V5K2O6E3iiSeQBRv7jWEkwGZy9/lBMUM7Qxw3a9Hv till@hoeppner.ws
diff --git a/images/git/gitolite/generate_certs.sh b/images/git/gitolite/generate_certs.sh
new file mode 100644
index 0000000..3b75a9d
--- /dev/null
+++ b/images/git/gitolite/generate_certs.sh
@@ -0,0 +1,7 @@
+if [ ! -e /data/ssh/host_rsa_key ]; then
+ echo "Generating host keys"
+ ssh-keygen -t rsa -f /data/ssh/host_rsa_key
+ ssh-keygen -t dsa -f /data/ssh/host_dsa_key
+ ssh-keygen -t ecdsa -f /data/ssh/host_ecdsa_key
+ ssh-keygen -t ed25519 -f /data/ssh/host_ed25519_key
+fi
diff --git a/images/git/gitolite/gitolite.rc b/images/git/gitolite/gitolite.rc
new file mode 100644
index 0000000..2ab1369
--- /dev/null
+++ b/images/git/gitolite/gitolite.rc
@@ -0,0 +1,204 @@
+# configuration variables for gitolite
+
+# This file is in perl syntax. But you do NOT need to know perl to edit it --
+# just mind the commas, use single quotes unless you know what you're doing,
+# and make sure the brackets and braces stay matched up!
+
+# (Tip: perl allows a comma after the last item in a list also!)
+
+# HELP for commands can be had by running the command with "-h".
+
+# HELP for all the other FEATURES can be found in the documentation (look for
+# "list of non-core programs shipped with gitolite" in the master index) or
+# directly in the corresponding source file.
+
+%RC = (
+ #GL_REPO_BASE => '/data/projects/',
+ #GL_ADMIN_BASE => '/data/',
+
+ # ------------------------------------------------------------------
+
+ # default umask gives you perms of '0700'; see the rc file docs for
+ # how/why you might change this
+ UMASK => 0002,
+
+ # look for "git-config" in the documentation
+ GIT_CONFIG_KEYS => 'hooks\.readme url.*insteadOf',
+
+ WRITER_CAN_UPDATE_DESC => 1,
+
+ # comment out if you don't need all the extra detail in the logfile
+ LOG_EXTRA => 1,
+ # logging options
+ # 1. leave this section as is for 'normal' gitolite logging (default)
+ # 2. uncomment this line to log ONLY to syslog:
+ # LOG_DEST => 'syslog',
+ # 3. uncomment this line to log to syslog and the normal gitolite log:
+ # LOG_DEST => 'syslog,normal',
+ # 4. prefixing "repo-log," to any of the above will **also** log just the
+ # update records to "gl-log" in the bare repo directory:
+ # LOG_DEST => 'repo-log,normal',
+ # LOG_DEST => 'repo-log,syslog',
+ # LOG_DEST => 'repo-log,syslog,normal',
+
+ # roles. add more roles (like MANAGER, TESTER, ...) here.
+ # WARNING: if you make changes to this hash, you MUST run 'gitolite
+ # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
+ ROLES => {
+ READERS => 1,
+ WRITERS => 1,
+ },
+
+ # enable caching (currently only Redis). PLEASE RTFM BEFORE USING!!!
+ # CACHE => 'Redis',
+
+ # ------------------------------------------------------------------
+
+ # rc variables used by various features
+
+ # the 'info' command prints this as additional info, if it is set
+ # SITE_INFO => 'Please see http://blahblah/gitolite for more help',
+
+ # the CpuTime feature uses these
+ # display user, system, and elapsed times to user after each git operation
+ # DISPLAY_CPU_TIME => 1,
+ # display a warning if total CPU times (u, s, cu, cs) crosses this limit
+ # CPU_TIME_WARN_LIMIT => 0.1,
+
+ # the Mirroring feature needs this
+ # HOSTNAME => "foo",
+
+ # TTL for redis cache; PLEASE SEE DOCUMENTATION BEFORE UNCOMMENTING!
+ # CACHE_TTL => 600,
+
+ # ------------------------------------------------------------------
+
+ # suggested locations for site-local gitolite code (see cust.html)
+
+ # this one is managed directly on the server
+ # LOCAL_CODE => "$ENV{HOME}/local",
+
+ # or you can use this, which lets you put everything in a subdirectory
+ # called "local" in your gitolite-admin repo. For a SECURITY WARNING
+ # on this, see http://gitolite.com/gitolite/non-core.html#pushcode
+ # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
+
+ # ------------------------------------------------------------------
+
+ # List of commands and features to enable
+
+ ENABLE => [
+
+ # COMMANDS
+
+ # These are the commands enabled by default
+ 'help',
+ 'desc',
+ 'info',
+ 'perms',
+ 'writable',
+
+ # Uncomment or add new commands here.
+ 'create',
+ # 'fork',
+ # 'mirror',
+ # 'readme',
+ # 'sskm',
+ 'D',
+
+ # These FEATURES are enabled by default.
+
+ # essential (unless you're using smart-http mode)
+ 'ssh-authkeys',
+
+ # creates git-config entries from gitolite.conf file entries like 'config foo.bar = baz'
+ 'git-config',
+
+ # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
+ 'daemon',
+
+ # creates projects.list file; if you don't use gitweb, comment this out
+ 'gitweb',
+
+ # These FEATURES are disabled by default; uncomment to enable. If you
+ # need to add new ones, ask on the mailing list :-)
+
+ # user-visible behaviour
+
+ # prevent wild repos auto-create on fetch/clone
+ # 'no-create-on-read',
+ # no auto-create at all (don't forget to enable the 'create' command!)
+ # 'no-auto-create',
+
+ # access a repo by another (possibly legacy) name
+ # 'Alias',
+
+ # give some users direct shell access. See documentation in
+ # sts.html for details on the following two choices.
+ # "Shell $ENV{HOME}/.gitolite.shell-users",
+ # 'Shell alice bob',
+
+ # set default roles from lines like 'option default.roles-1 = ...', etc.
+ # 'set-default-roles',
+
+ # show more detailed messages on deny
+ # 'expand-deny-messages',
+
+ # show a message of the day
+ # 'Motd',
+
+ # system admin stuff
+
+ # enable mirroring (don't forget to set the HOSTNAME too!)
+ # 'Mirroring',
+
+ # allow people to submit pub files with more than one key in them
+ # 'ssh-authkeys-split',
+
+ # selective read control hack
+ # 'partial-copy',
+
+ # manage local, gitolite-controlled, copies of read-only upstream repos
+ 'upstream',
+
+ # updates 'description' file instead of 'gitweb.description' config item
+ 'cgit',
+
+ # allow repo-specific hooks to be added
+ # 'repo-specific-hooks',
+
+ # performance, logging, monitoring...
+
+ # be nice
+ # 'renice 10',
+
+ # log CPU times (user, system, cumulative user, cumulative system)
+ # 'CpuTime',
+
+ # syntactic_sugar for gitolite.conf and included files
+
+ # allow backslash-escaped continuation lines in gitolite.conf
+ # 'continuation-lines',
+
+ # create implicit user groups from directory names in keydir/
+ # 'keysubdirs-as-groups',
+
+ # allow simple line-oriented macros
+ # 'macros',
+
+ # Kindergarten mode
+
+ # disallow various things that sensible people shouldn't be doing anyway
+ # 'Kindergarten',
+ ],
+
+);
+
+# ------------------------------------------------------------------------------
+# per perl rules, this should be the last line in such a file:
+1;
+
+# Local variables:
+# mode: perl
+# End:
+# vim: set syn=perl:
diff --git a/images/git/gitolite/sshd_config b/images/git/gitolite/sshd_config
new file mode 100644
index 0000000..15b448f
--- /dev/null
+++ b/images/git/gitolite/sshd_config
@@ -0,0 +1,55 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 22
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /data/ssh/host_rsa_key
+HostKey /data/ssh/host_dsa_key
+HostKey /data/ssh/host_ecdsa_key
+HostKey /data/ssh/host_ed25519_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Logging
+SyslogFacility AUTH
+LogLevel VERBOSE
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+PubkeyAuthentication yes
+AuthorizedKeysFile /data/git/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+X11Forwarding no
+PrintMotd no
+TCPKeepAlive yes
+#UseLogin no
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# Subsystem sftp /usr/lib/openssh/sftp-server