Blob


1 .\"
2 .\" Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 .\"
4 .\" Permission to use, copy, modify, and distribute this software for any
5 .\" purpose with or without fee is hereby granted, provided that the above
6 .\" copyright notice and this permission notice appear in all copies.
7 .\"
8 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 .\"
16 .Dd $Mdocdate$
17 .Dt GOTD.CONF 5
18 .Os
19 .Sh NAME
20 .Nm gotd.conf
21 .Nd gotd configuration file
22 .Sh DESCRIPTION
23 .Nm
24 is the run-time configuration file for
25 .Xr gotd 8 .
26 .Pp
27 The file format is line-based, with one configuration directive per line.
28 Comments can be put anywhere in the file using a hash mark
29 .Pq Sq # ,
30 and extend to the end of the current line.
31 Arguments names not beginning with a letter, digit or underscore,
32 as well as reserved words
33 .Pq such as Ic listen , Ic repository No or Ic user ,
34 must be quoted.
35 Arguments containing whitespace should be surrounded by double quotes
36 .Pq \&" .
37 .Pp
38 Macros can be defined that are later expanded in context.
39 Macro names must start with a letter, digit, or underscore, and may
40 contain any of those characters, but may not be reserved words.
41 Macros are not expanded inside quotes.
42 For example:
43 .Bd -literal -offset indent
44 path = "/var/run/gotd.sock"
45 listen on $path
46 .Ed
47 .Sh GLOBAL CONFIGURATION
48 The available global configuration directives are as follows:
49 .Bl -tag -width Ds
50 .It Ic connection Ar option
51 Set the specified options and limits for connections to the
52 .Xr gotd 8
53 unix socket.
54 .Pp
55 The
56 .Ic connection
57 directive may be specified multiple times, and multiple
58 .Ar option
59 arguments may be specified within curly braces:
60 .Pp
61 .Ic connection Brq Ar ...
62 .Pp
63 Each option should only be specified once.
64 If a given option is listed multiple times, the last line which sets this
65 option wins.
66 .Pp
67 Valid connection options are:
68 .Bl -tag -width Ds
69 .It Ic request timeout Ar seconds
70 Specify the inactivity timeout for operations between client and server.
71 If this timeout is exceeded while a Git protocol request is being processed,
72 the request will be aborted and the connection will be terminated.
73 .Pp
74 The timeout value may also have a suffix indicating its unit of measure.
75 Supported suffixes are:
76 .Pp
77 .Bl -tag -compact -width tenletters
78 .It Ar s No or Ar S
79 seconds
80 .It Ar m No or Ar M
81 minutes
82 .It Ar h No or Ar H
83 hours
84 .El
85 .Pp
86 The default timeout is 1h (3600 seconds, one hour).
87 This should only be changed if legitimate requests are exceeding the default
88 timeout for some reason, such as the server spending an extraordinary
89 amount of time generating a pack file.
90 .It Ic limit Ic user Ar identity Ar number
91 Limit the maximum amount of concurrent connections by the user with
92 the username
93 .Ar identity
94 to
95 .Ar number .
96 Numeric user IDs are also accepted.
97 .Pp
98 The default per-user limit is 4.
99 This should only be changed if concurrent connections from a given user are
100 expected to exceed the default limit, for example if an anonymous user
101 is granted read access and many concurrent connections will share this
102 anonymous user identity.
103 .El
104 .It Ic listen on Ar path
105 Set the path to the unix socket which
106 .Xr gotd 8
107 should listen on.
108 If not specified, the path
109 .Pa /var/run/gotd.sock
110 will be used.
111 .It Ic user Ar user
112 Set the
113 .Ar user
114 which will run
115 .Xr gotd 8 .
116 Initially,
117 .Xr gotd 8
118 requires root privileges in order to create its unix socket.
119 Afterwards,
120 .Xr gotd 8
121 drops privileges to the specified
122 .Ar user .
123 If not specified, the user _gotd will be used.
124 Numeric user IDs are also accepted.
125 .El
126 .Sh REPOSITORY CONFIGURATION
127 At least one repository context must exist for
128 .Xr gotd 8
129 to function.
130 For each repository, access rules must be configured using the
131 .Ic permit
132 and
133 .Ic deny
134 configuration directives.
135 Multiple access rules can be specified, and the last matching rule
136 determines the action taken.
137 If no rule matches, access to the repository is denied.
138 .Pp
139 A repository context is declared with a unique
140 .Ar name ,
141 followed by repository-specific configuration directives inside curly braces:
142 .Pp
143 .Ic repository Ar name Brq ...
144 .Pp
145 .Xr got 1
146 and
147 .Xr git 1
148 clients can connect to a repository by including the repository's unique
149 .Ar name
150 in the request URL.
151 Clients appending the string
152 .Dq .git
153 to the
154 .Ar name
155 will also be accepted.
156 .Pp
157 If desired, the
158 .Ar name
159 may contain path-separators,
160 .Dq / ,
161 to expose repositories as part of a virtual client-visible directory hierarchy.
162 .Pp
163 The available repository configuration directives are as follows:
164 .Bl -tag -width Ds
165 .It Ic deny Ar identity
166 Deny repository access to users with the username
167 .Ar identity .
168 Group names may be matched by prepending a colon
169 .Pq Sq \&:
170 to
171 .Ar identity .
172 Numeric IDs are also accepted.
173 .It Ic path Ar path
174 Set the path to the Git repository.
175 Must be specified.
176 .It Ic permit Ar mode Ar identity
177 Permit repository access to users with the username
178 .Ar identity .
179 The
180 .Ar mode
181 argument must be set to either
182 .Ic ro
183 for read-only access,
184 or
185 .Ic rw
186 for read-write access.
187 Group names may be matched by prepending a colon
188 .Pq Sq \&:
189 to
190 .Ar identity .
191 Numeric IDs are also accepted.
192 .It Ic protect Brq Ar ...
193 The
194 .Cm protect
195 directive may be used to protect branches and tags in a repository
196 from being overwritten by potentially destructive client-side commands,
197 such as when
198 .Cm got send -f
199 and
200 .Cm git push -f
201 are used to change the history of a branch.
202 .Pp
203 To build a set of protected branches and tags, multiple
204 .Ic protect
205 directives may be specified per repository and
206 multiple
207 .Ic protect
208 directive parameters may be specified within curly braces.
209 .Pp
210 The available
211 .Cm protect
212 parameters are as follows:
213 .Bl -tag -width Ds
214 .It Ic branch Ar name
215 Protect the named branch.
216 The branch may be created if it does not exist yet.
217 Attempts to delete the branch or change its history will be denied.
218 .Pp
219 If the
220 .Ar name
221 does not already begin with
222 .Dq refs/heads/
223 it will be looked up in the
224 .Dq refs/heads/
225 reference namespace.
226 .It Ic branch Ic namespace Ar namespace
227 Protect the given reference namespace, assuming that references in
228 this namespace represent branches.
229 New branches may be created in the namespace.
230 Attempts to change the history of branches or delete them will be denied.
231 .Pp
232 The
233 .Ar namespace
234 argument must be absolute, starting with
235 .Dq refs/ .
236 .It Ic tag Ic namespace Ar namespace
237 Protect the given reference namespace, assuming that references in
238 this namespace represent tags.
239 New tags may be created in the namespace.
240 Attempts to change or delete existing tags will be denied.
241 .Pp
242 The
243 .Ar namespace
244 argument must be absolute, starting with
245 .Dq refs/ .
246 .El
247 .Pp
248 The special reference namespaces
249 .Dq refs/got/
250 and
251 .Dq refs/remotes/
252 do not need to be listed in
253 .Nm .
254 These namespaces are always protected and even attempts to create new
255 references in these namespaces will always be denied.
256 .It Ic notify Brq Ar ...
257 The
258 .Ic notify
259 directive enables notifications about new commits or tags
260 added to the repository.
261 .Pp
262 Notifications via email require an SMTP daemon which accepts mail
263 for forwarding without requiring client authentication or encryption.
264 On
265 .Ox
266 the
267 .Xr smtpd 8
268 daemon can be used for this purpose.
269 The default content of email notifications looks similar to the output of the
270 .Cm got log -d
271 command.
272 .Pp
273 Notifications via HTTP require a HTTP or HTTPS server which is accepting
274 POST requests with or without HTTP Basic authentication.
275 Depending on the use case a custom server-side CGI script may be required
276 for the processing of notifications.
277 HTTP notifications can achieve functionality
278 similar to Git's server-side post-receive hook script with
279 .Xr gotd 8
280 by triggering arbitrary post-commit actions via the HTTP server.
281 .Pp
282 The
283 .Ic notify
284 directive expects parameters which must be enclosed in curly braces.
285 The available parameters are as follows:
286 .Bl -tag -width Ds
287 .It Ic branch Ar name
288 Send notifications about commits to the named branch.
289 The
290 .Ar name
291 will be looked up in the
292 .Dq refs/heads/
293 reference namespace.
294 This directive may be specified multiple times to build a list of
295 branches to send notifications for.
296 If neither a
297 .Ic branch
298 nor a
299 .Ic reference namespace
300 are specified then changes to any reference will trigger notifications.
301 .It Ic reference Ic namespace Ar namespace
302 Send notifications about commits or tags within a reference namespace.
303 This directive may be specified multiple times to build a list of
304 namespaces to send notifications for.
305 If neither a
306 .Ic branch
307 nor a
308 .Ic reference namespace
309 are specified then changes to any reference will trigger notifications.
310 .It Ic email Oo Ic from Ar sender Oc Ic to Ar recipient Oo Ic reply to Ar responder Oc Oo Ic relay Ar hostname Oo Ic port Ar port Oc Oc
311 Send notifications via email to the specified
312 .Ar recipient .
313 This directive may be specified multiple times to build a list of
314 recipients to send notifications to.
315 .Pp
316 The
317 .Ar recipient
318 must be an email addresses that accepts mail.
319 The
320 .Ar sender
321 will be used as the From address.
322 If not specified, the sender defaults to an email address composed of the user
323 account running
324 .Xr gotd 8
325 and the local hostname.
326 .Pp
327 If a
328 .Ar responder
329 is specified via the
330 .Ic reply to
331 directive, the
332 .Ar responder
333 will be used as the Reply-to address.
334 Setting the Reply-to header can be useful if replies should go to a
335 mailing list instead of the
336 .Ar sender ,
337 for example.
338 .Pp
339 By default, mail will be sent to the SMTP server listening on the loopback
340 address 127.0.0.1 on port 25.
341 The
342 .Ic relay
343 and
344 .Ic port
345 directives can be used to specify a different SMTP server address and port.
346 .It Ic url Ar URL Oo Ic auth Ar label Oo Ic insecure Oc Oc Oo Ic hmac Ar label Oc
347 Send notifications via HTTP.
348 This directive may be specified multiple times to build a list of
349 HTTP servers to send notifications to.
350 .Pp
351 The notification will be sent as a POST request to the given
352 .Ar URL ,
353 which must be a valid HTTP URL and begin with either
354 .Dq http://
355 or
356 .Dq https:// .
357 If HTTPS is used, sending of notifications will only succeed if
358 no TLS errors occur.
359 .Pp
360 The optional
361 .Ic auth
362 directive enables HTTP Basic authentication.
363 Authentication credentials must be specified in the separate
364 .Xr gotd-secrets.conf 5
365 file, using the
366 .Ar label
367 as identifier.
368 Unless the
369 .Ic insecure
370 option is specified the notification target
371 .Ar URL
372 must be a
373 .Dq https://
374 URL to avoid leaking of authentication credentials.
375 .Pp
376 If a
377 .Ic hmac
378 secret is provided, the request body will be signed using HMAC, allowing the
379 receiver to verify the notification message's authenticity and integrity.
380 The HMAC secret to use must be specified in the separate
381 .Xr gotd-secrets.conf 5
382 file, using the
383 .Ar label
384 as identifier.
385 The signature uses HMAC-SHA256 and will be sent in the HTTP header
386 .Dq X-Gotd-Signature .
387 .Pp
388 The request body contains a JSON object with a
389 .Dq notifications
390 property containing an array of notification objects.
391 The following notification object properties are always present:
392 .Bl -tag -width authenticated_user
393 .It Dv repo
394 The repository name as a string.
395 .It Dv authenticated_user
396 The committer's user account as authenticated by
397 .Xr gotd 8
398 as a string.
399 .It Dv type
400 The notification object type as a string.
401 .El
402 .Pp
403 Each notification object carries additional type-specific properties.
404 The types and their type-specific properties are:
405 .Bl -tag -width Ds
406 .It Dv commit
407 The commit notification object has the following fields.
408 Except where noted, all are optional.
409 .Bl -tag -width Ds
410 .It Dv short
411 Boolean, indicates whether the object has all the fields set.
412 When several commits are batched in a single send operation, not all of
413 the fields are available for each commit object.
414 .It Dv id
415 The commit ID as string, may be abbreviated.
416 .It Dv committer
417 An object with the committer information with the following fields:
418 .Pp
419 .Bl -tag -compact -width Ds
420 .It Dv full
421 Committer's full name.
422 .It Dv name
423 Committer's name.
424 .It Dv mail
425 Committer's mail address.
426 .It Dv user
427 Committer's username.
428 This is the only field guaranteed to be set.
429 .El
430 .It Dv author
431 An object with the author information.
432 Has the same fields as the
433 .Sq committer
434 but may be unset.
435 .It Dv date
436 Number, representing the number of seconds since the Epoch in UTC.
437 .It Dv short_message
438 The first line of the commit message.
439 This field is always set.
440 .It Dv message
441 The complete commit message, may be unset.
442 .It Dv diffstat
443 An object with the summarized changes, may be unset.
444 Contains a
445 .Sq files
446 field with an array of objects describing the changes per-file and a
447 .Sq total
448 field with the cumulative changes.
449 The changes per-file contains the following fields:
450 .Pp
451 .Bl -tag -compact -width removed
452 .It Dv action
453 A string describing the action, can be
454 .Dq added ,
455 .Dq deleted ,
456 .Dq modified ,
457 .Dq mode changed ,
458 or
459 .Dq unknown .
460 .It Dv file
461 The file path.
462 .It Dv added
463 The number of lines added.
464 .It Dv removed
465 The number of lines removed.
466 .El
467 .Pp
468 The
469 .Sq total
470 object contains two fields:
471 .Sq added
472 and
473 .Sq removed
474 which are the number of added and removed lines respectively.
475 .El
476 .It Dv branch-deleted
477 The branch deleted notifications has the following fields, all guaranteed
478 to be set:
479 .Bl -tag -width Ds
480 .It Dv ref
481 The removed branch reference.
482 .It Dv id
483 The hash of the commit pointed by the deleted branch.
484 .El
485 .It Dv tag
486 The tag notification has the following fields, all guaranteed to be set:
487 .Bl -tag -width Ds
488 .It tag
489 The tag reference.
490 .It tagger
491 The user information, with the same format of the
492 .Sq committer
493 field for the
494 .Sq commit
495 notification but with all the field guaranteed to be set.
496 .It Dv date
497 Number, representing the number of seconds since the Epoch in UTC.
498 .It Dv object
499 The object being tagged.
500 It contains the fields
501 .Sq type
502 with the object type and
503 .Sq id
504 with the object id being tagged.
505 .It Dv message
506 The tag message.
507 .El
508 .El
509 .El
510 .El
511 .Sh FILES
512 .Bl -tag -width Ds -compact
513 .It Pa /etc/gotd.conf
514 Location of the
515 .Nm
516 configuration file.
517 .El
518 .Sh EXAMPLES
519 .Bd -literal -offset indent
520 # Run as the default user:
521 user _gotd
523 # Listen on the default socket:
524 listen on "/var/run/gotd.sock"
526 # This repository can be accessed via ssh://user@example.com/src
527 repository "src" {
528 path "/var/git/src.git"
529 permit rw flan_hacker
530 permit rw :developers
531 permit ro anonymous
533 protect branch "main"
534 protect tag namespace "refs/tags/"
537 # This repository can be accessed via
538 # ssh://user@example.com/openbsd/ports
539 repository "openbsd/ports" {
540 path "/var/git/ports.git"
541 permit rw :porters
542 permit ro anonymous
543 deny flan_hacker
545 protect {
546 branch "main"
547 tag namespace "refs/tags/"
550 notify {
551 branch "main"
552 reference namespace "refs/tags/"
553 email to openbsd-ports-changes@example.com
554 .\" url https://example.com/notify/ user "flan_announcer" password "secret"
558 # Use a larger request timeout value:
559 connection request timeout 2h
561 # Some users are granted a higher concurrent connection limit:
562 connection {
563 limit user flan_hacker 16
564 limit user anonymous 32
566 .Ed
567 .Sh SEE ALSO
568 .Xr got 1 ,
569 .Xr gotsh 1 ,
570 .Xr gotd-secrets.conf 5 ,
571 .Xr gotd 8