Merge branch master into rorcz

[girocco.git] / Girocco / Config.pm

package Girocco::Config;

use strict;
use warnings;


#
##  --------------
##  Basic settings
##  --------------
#

# Name of the service (typically a single word or a domain name)
# (no spaces allowed)
our $name = "repo.or.cz";

# Nickname of the service (undef for initial part of $name upto first '.')
# (no spaces allowed)
our $nickname = "rorcz";

# Title of the service (as shown in gitweb)
# (may contain spaces)
our $title = "Public Git Hosting";

# Path to the Git binary to use (you MUST set this, even if to /usr/bin/git!)
our $git_bin = '/home/repo/bin/git';

# Path to the git-daemon binary to use (undef to use default)
# If $gitpullurl is undef this will never be used (assuming no git inetd
# service has been set up in that case).
# The default if this is undef is `$git_bin --exec-path`/git-daemon
our $git_daemon_bin = undef;

# Path to the git-http-backend binary to use (undef to use default)
# If both $httppullurl and $httpspushurl are undef this will never be used
# The default if this is undef is `$git_bin --exec-path`/git-http-backend
our $git_http_backend_bin = undef;

# Name (if in $PATH) or full path to netcat executable that accepts a -U option
# to connect to a unix socket.  This may simply be 'nc' on many systems.
our $nc_openbsd_bin = 'nc.openbsd';

# Path to POSIX sh executable to use.  Set to undef to use /bin/sh
our $posix_sh_bin = undef;

# Path to Perl executable to use.  Set to undef to use Perl found in $PATH
our $perl_bin = undef;

# Path to the sendmail instance to use.  It should understand the -f <from>, -i and -t
# options as well as accepting a list of recipient addresses in order to be used here.
# You MUST set this, even if to '/usr/sbin/sendmail'!
# Setting this to 'sendmail.pl' is special and will automatically be expanded to
# a full path to the ../bin/sendmail.pl executable in this Girocco installation.
# sendmail.pl is a sendmail-compatible script that delivers the message directly
# using SMTP to a mail relay host.  This is the recommended configuration as it
# minimizes the information exposed to recipients (no sender account names or uids),
# can talk to an SMTP server on another host (eliminating the need for a working
# sendmail and/or SMTP server on this host) and avoids any unwanted address rewriting.
# By default it expects the mail relay to be listening on localhost port 25.
# See the sendmail.pl section below for more information on configuring sendmail.pl.
our $sendmail_bin = 'sendmail.pl';

# E-mail of the site admin
our $admin = 'admin@repo.or.cz';

# Sender of emails
# This is the SMTP 'MAIL FROM:' value
# It will be passed to $sendmail_bin with the -f option
# Some sites may not allow non-privileged users to pass the -f option to
# $sendmail_bin.  In that case set this to undef and no -f option will be
# passed which means the 'MAIL FROM:' value will be the user the mail is
# sent as (either $cgi_user or $mirror_user depending on the activity).
# To avoid having bounce emails go to $admin, this may be set to something
# else such as 'admin-noreply@example.org' and then the 'admin-noreply' address
# may be redirected to /dev/null.  Setting this to '' or '<>' is not
# recommended because that will likely cause the emails to be marked as SPAM
# by the receiver's SPAM filter.  If $sendmail_bin is set to 'sendmail.pl' this
# value must be acceptable to the receiving SMTP server as a 'MAIL FROM:' value.
# If this is set to undef and 'sendmail.pl' is used, the 'MAIL FROM:' value will
# be the user the mail is sent as (either $cgi_user or $mirror_user).
our $sender = 'admin-noreply@repo.or.cz';

# Copy $admin on failure/recovery messages?
our $admincc = 0;

# Girocco branch to use for html.cgi view source links (undef for HEAD)
our $giroccobranch = 'rorcz';

# PATH adjustments
# If the PATH needs to be customized to find required executables on
# the system, it can be done here.
# For example something like this:
#$ENV{PATH} = substr(`/usr/bin/getconf PATH`,0,-1).":/usr/local/bin";


#
##  ----------------------
##  Git user agent strings
##  ----------------------
#

# Git clients (i.e. fetch/clone) always send a user agent string when fetching
# over HTTP.  Since version 1.7.12.1 an 'agent=' capability string is included
# as well which affects git:, smart HTTP and ssh: protocols.

# These settings allow the default user agent string to be changed independently
# for fetch/clone operations (only matters if $mirror is true) and server
# operations (some other Git client fetching from us).  Note that it is not
# possible to suppress the capability entirely although it can be set to an
# empty string.  If these values are not set, the default user agent string
# will be used.  Typically (unless Git was built with non-standard options) the
# default is "git/" plus the version.  So for example "git/1.8.5.6" or
# "git/2.1.4" might be seen.

# One might want to change the default user agent strings in order to prevent
# an attacker from learning the exact Git version being used to avoid being
# able to quickly target any version-specific vulnerabilities.  Note that
# no matter what's set here, an attacker can easily determine whether a server
# is running JGit, libgit2 or Git and for Git whether it's version 1.7.12.1 or
# later.  A reasonable value to hide the exact Git version number while
# remaining compatible with servers that require a "Git/" user agent string
# would be something like "git/2" or even just "git/".

# The GIT_USER_AGENT value to use when acting as a client (i.e. clone/fetch)
# This value is only used if $mirror is true and at least one mirror is set up.
# Setting this to the empty string will suppress the HTTP User-Agent header,
# but will still include an "agent=" capability in the packet protocol.  The
# empty string is not recommended because some servers match on "git/".
# Leave undef to use the default Git user agent string
# IMPORTANT: some server sites will refuse to serve up Git repositories unless
# the client user agent string contains "Git/" (matched case insensitively)!
our $git_client_ua = undef;

# The GIT_USER_AGENT value to use when acting as a server (i.e. some Git client
# is fetching/cloning from us).
# Leave undef to use the default Git user agent string
our $git_server_ua = undef;


#
##  -------------
##  Feature knobs
##  -------------
#

# Enable mirroring mode if true (see "Foreign VCS mirrors" section below) 
our $mirror = 1;

# Enable push mode if true
our $push = 1;

# If both $mirror and $push are enabled, setting this to 'mirror' pre-selects
# mirror mode on the initial regproj display, otherwise 'push' mode will be
# pre-selected.  When forking the initial mode will be 'push' if $push enabled.
our $initial_regproj_mode = 'mirror';

# Enable user management if true; this means the interface for registering
# user accounts and uploading SSH keys. This implies full chroot.
our $manage_users = 1;

# Minimum key length (in bits) for uploaded SSH RSA/DSA keys.
# If this is not set (i.e. undef) keys as small as 512 bits will be allowed.
# Nowadays keys less than 2048 bits in length should probably not be allowed.
# Note, however, that versions of OpenSSH starting with 4.3p1 will only generate
# DSA keys of exactly 1024 bits in length even though that length is no longer
# recommended.  (OpenSSL can be used to generate DSA keys with lengths > 1024.)
# OpenSSH does not have any problem generating RSA keys longer than 1024 bits.
# This setting is only checked when new keys are added so setting it/increasing it
# will not affect existing keys.  For maximum compatibility a value of 1024 may
# be used however 2048 is recommended.  Setting it to anything other than 1024,
# 2048 or 3072 may have the side effect of making it very difficult to generate
# DSA keys that satisfy the restriction (but RSA keys should not be a problem).
# Note that no matter what setting is specified here keys smaller than 512 bits
# will never be allowed via the reguser.cgi/edituser.cgi interface.
# RECOMMENDED VALUE: 2048 (ok) or 3072 (better)
our $min_key_length = 1024;

# Disable DSA public keys?
# If this is set to 1, adding DSA keys at reguser.cgi/edituser.cgi time will be
# prohibited.  If $pushurl is undef then this is implicitly set to 1 since DSA
# keys are not usable with https push.
# OpenSSH will only generate 1024 bit DSA keys starting with version 4.3p1.
# Even if OpenSSL is used to generate a longer DSA key (which can then be used
# with OpenSSH), the SSH protocol itself still forces use of SHA-1 in the DSA
# signature blob which tends to defeat the purpose of going to a longer key in
# the first place.  So it may be better from a security standpoint to simply
# disable DSA keys especially if $min_key_length and $rsakeylength have been set
# to something higher such as 3072 or 4096.  This setting is only checked when
# new keys are added so setting it/increasing it will not affect existing keys.
# There is no way to disable DSA keys in the OpenSSH server config file itself.
# If this is set to 1, no ssh_host_dsa_key will be generated or used with the
# sshd running in the jail (but if the sshd_config has already been generated
# in the jail, it must be removed and 'sudo make install' run again or otherwise
# the sshd_config needs to be edited by hand for the change to take effect).
# RECOMMENDED VALUE: 1
our $disable_dsa = 0;

# Enable the special 'mob' user if set to 'mob'
our $mob = "mob";

# Let users set admin passwords; if false, all password inputs are assumed empty.
# This will make new projects use empty passwords and all operations on them
# unrestricted, but you will be able to do no operations on previously created
# projects you have set a password on.
our $project_passwords = 1;

# How to determine project owner; 'email' adds a form item asking for their
# email contact, 'source' takes realname of owner of source repository if it
# is a local path (and empty string otherwise). 'source' is suitable in case
# the site operates only as mirror of purely local-filesystem repositories.
our $project_owners = 'email';

# Which project fields to make editable, out of 'shortdesc', 'homepage',
# 'README', 'notifymail', 'summaryonly', 'notifytag' and 'notifyjson'
# 'notifycia' was used by the now defunct CIA service and while allowing it to
# be edited does work and the value is saved, the value is totally ignored by Girocco
our @project_fields = qw(homepage shortdesc README notifymail summaryonly notifytag notifyjson);

# Minimal number of seconds to pass between two updates of a project.
our $min_mirror_interval = 3600; # 1 hour

# Minimal number of seconds to pass between two garbage collections of a project.
our $min_gc_interval = 604800; # 1 week

# Maximum window memory size when repacking.  If this is set, it will be used
# instead of the automatically computed value if it's less than that value.
# May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
our $max_gc_window_memory_size = undef;

# Maximum big file threshold size when repacking.  If this is set, it will be
# used instead of the automatically computed value if it's less than that value.
# May use a 'k', 'm', or 'g' suffix otherwise value is in bytes.
our $max_gc_big_file_threshold_size = undef;

# Whether or not to run the ../bin/update-pwd-db script whenever the etc/passwd
# database is changed.  This is typically needed (i.e. set to a true value) for
# FreeBSD style systems when using an sshd chroot jail for push access.  So if
# $pushurl is undef or the system Girocco is running on is not like FreeBSD
# (e.g. a master.passwd file that must be transformed into pwd.db and spwd.db), then
# this setting should normally be left false (i.e. 0).  See comments in the
# provided ../bin/update-pwd-db script about when and how it's invoked.
our $update_pwd_db = 0;

# Port the sshd running in the jail should listen on
# Be sure to update $pushurl to match
# Not used if $pushurl is undef
our $sshd_jail_port = 22;

# If this is true then host names used in mirror source URLs will be checked
# and any that are not DNS names (i.e. IPv4 or IPv6) or match one of the DNS
# host names in any of the URL settings below will be rejected.
our $restrict_mirror_hosts = 1;

# If $restrict_mirror_hosts is enabled this is the minimum number of labels
# required in a valid dns name.  Normally 2 is the correct value, but if
# Girocco is being used internally where a common default or search domain
# is set for everyone then this should be changed to 1 to allow a dns name
# with a single label in it.  No matter what is set here at least 1 label
# is always required when $restrict_mirror_hosts is enabled.
our $min_dns_labels = 2;

# If $xmllint_readme is true then the contents of the README.html section
# will be passed through xmllint and any errors must be corrected before
# it can be saved.  If this is set to true then xmllint must be in the $PATH.
# RECOMMENDED VALUE: 1
our $xmllint_readme = 1;


#
##  -------------------
##  Foreign VCS mirrors
##  -------------------
#

# Note that if any of these settings are changed from true to false, then
# any pre-existing mirrors using the now-disabled foreign VCS will stop
# updating, new mirrors using the now-disabled foreign VCS will be disallowed
# and attempts to update ANY project settings for a pre-existing project that
# uses a now-disabled foreign VCS source URL will also be disallowed.

# If $mirror is true and $mirror_svn is true then mirrors from svn source
# repositories will be allowed (and be converted to Git).  These URLs have
# the form svn://... or svn+http://... or svn+https://...
# Note that for this to work the "svn" command line command must be available
# in PATH and the "git svn" commands must work (which generally requires both
# Perl and the subversion perl bindings be installed).
our $mirror_svn = 1;

# Prior to Git v1.5.1, git-svn always used a log window size of 1000.
# Starting with Git v1.5.1, git-svn defaults to using a log window size of 100
# and provides a --log-window-size= option to change it.  Starting with Git
# v2.2.0, git-svn disconnects and reconnects to the server every log window size
# interval to attempt to reduce memory use by git-svn.  If $svn_log_window_size
# is undefined, Girocco will use a log window size of 250 (instead of the
# the default 100).  If $svn_log_window_size is set, Girocco will use that
# value instead.  Beware that setting it too low (i.e. < 50) will almost
# certainly cause performance issues if not failures.  Unless there are concerns
# about git-svn memory use on a server with extremely limited memory, the
# value of 250 that Girocco uses by default should be fine.  Obviously if
# $mirror or $mirror_svn is false this setting is irrelevant.
our $svn_log_window_size = undef;

# If $mirror is true and $mirror_darcs is true then mirrors from darcs source
# repositories will be allowed (and be converted to Git).  These URLs have
# the form darcs://...
# Note that for this to work the "darcs" command line command must be available
# in PATH and so must python (required to run the darcs-fast-export script).
our $mirror_darcs = 1;

# If $mirror is true and $mirror_bzr is true then mirrors from bzr source
# repositories will be allowed (and be converted to Git).  These URLs have
# the form bzr://...
# Note that for this to work the "bzr" command line command must be available
# in PATH (it's a python script so python is required as well).
our $mirror_bzr = 1;

# If $mirror is true and $mirror_hg is true then mirrors from hg source
# repositories will be allowed (and be converted to Git).  These URLs have
# the form hg+http://... or hg+https://...
# Note that for this to work the "hg" command line command must be available
# in PATH and so must python (required to run the hg-fast-export.py script).
# Note that if the PYTHON environment variable is set that will be used instead
# of just plain "python" to run the hg-fast-export.py script (which needs to
# be able to import from mercurial).
our $mirror_hg = 1;


#
##  -----
##  Paths
##  -----
#

# Path where the main chunk of Girocco files will be installed
# This will get COMPLETELY OVERWRITTEN by each make install!!!
our $basedir = '/home/repo/repomgr';

# Path where the automatically generated non-user certificates will be stored
# (The per-user certificates are always stored in $chroot/etc/sshcerts/)
# This is preserved by each make install and MUST NOT be under $basedir!
# Not used unless $httpspushurl is defined
our $certsdir = '/home/repo/certs';

# The repository collection
# "$reporoot/_recyclebin" will also be created for use by toolbox/trash-project.pl
our $reporoot = "/srv/git";

# The repository collection's location within the chroot jail
# Normally $reporoot will be bind mounted onto $chroot/$jailreporoot
# Should NOT start with '/'
our $jailreporoot = "srv/git";

# The chroot for ssh pushing; location for project database and other run-time
# data even in non-chroot setups
our $chroot = "/home/repo/j";

# The gitweb files web directory (corresponds to $gitwebfiles)
# Note that it is safe to place this under $basedir since it's set up after
# $basedir is completely replaced during install time.  Be WARNED, however,
# that normally the install process only adds/replaces things in $webroot,
# but if $webroot is under $basedir then it will be completely removed and
# rebuilt each time "make install" is run.  This will make gitweb/git-browser
# web services very briefly unavailable while this is happening.
our $webroot = "/home/repo/www";

# The CGI-enabled web directory (corresponds to $gitweburl and $webadmurl)
# This will not be web-accessible except that if any aliases point to
# a *.cgi file in here it will be allowed to run as a cgi-script.
# Note that it is safe to place this under $basedir since it's set up after
# $basedir is completely replaced during install time.  Be WARNED, however,
# that normally the install process only adds/replaces things in $cgiroot,
# but if $cgiroot is under $basedir then it will be completely removed and
# rebuilt each time "make install" is run.  This will make gitweb/git-browser
# web services very briefly unavailable while this is happening.
our $cgiroot = "/home/repo/cgibin";

# A web-accessible symlink to $reporoot (corresponds to $httppullurl, can be undef)
# If using the sample apache.conf (with paths suitably updated) this is not required
# to serve either smart or non-smart HTTP repositories to the Git client
our $webreporoot = "/home/repo/www/r";

# The location to store the project list cache, gitweb project list and gitweb
# cache file.  Normally this should not be changed.  Note that it must be in
# a directory that is writable by $mirror_user and $cgi_user (just in case the
# cache file is missing).  The directory should have its group set to $owning_group.
# Again, this setting should not normally need to be changed.
our $projlist_cache_dir = "$chroot/etc";


#
##  ----------------------------------------------------
##  Certificates (only used if $httpspushurl is defined)
##  ----------------------------------------------------
#

# path to root certificate (undef to use automatic root cert)
# this certificate is made available for easy download and should be whatever
# the root certificate is for the https certificate being used by the web server
our $rootcert = undef;

# The certificate to sign user push client authentication certificates with (undef for auto)
# The automatically generated certificate should always be fine
our $clientcert = undef;

# The private key for $clientcert (undef for auto)
# The automatically generated key should always be fine
our $clientkey = undef;

# The client certificate chain suffix (a pemseq file to append to user client certs) (undef for auto)
# The automatically generated chain should always be fine
# This suffix will also be appended to the $mobusercert before making it available for download
our $clientcertsuffix = undef;

# The mob user certificate signed by $clientcert (undef for auto)
# The automatically generated certificate should always be fine
# Not used unless $mob is set to 'mob'
# The $clientcertsuffix will be appended before making $mobusercert available for download
our $mobusercert = undef;

# The private key for $mobusercert (undef for auto)
# The automatically generated key should always be fine
# Not used unless $mob is set to 'mob'
our $mobuserkey = undef;

# Server alt names to embed in the auto-generated girocco_www_crt.pem certificate.
# The common name (CN) in the server certificate is the host name from $httpspushurl.
# By default no server alt names are embedded (not even the host from $httpspushurl).
# If the web server configuration is not using this auto-generated server certificate
# then the values set here will have no impact and this setting can be ignored.
# To embed server alternative names, list each (separated by spaces).  The names
# may be DNS names, IPv4 addresses or IPv6 addresses (NO surrounding '[' ']' please).
# If ANY DNS names are included here be sure to also include the host name from
# the $httpspushurl or else standards-conforming clients will fail with a host name
# mismatch error when they attempt to verify the connection.
#our $wwwcertaltnames = 'example.com www.example.com git.example.com 127.0.0.1 ::1';
our $wwwcertaltnames = undef;

# The key length for automatically generated RSA private keys (in bits).
# These keys are then used to create the automatically generated certificates.
# If undef or set to a value less than 2048, then 2048 will be used.
# Set to 3072 to generate more secure keys/certificates.  Set to 4096 (or higher) for
# even greater security.  Be warned that setting to a non-multiple of 8 and/or greater
# than 4096 could negatively impact compatibility with some clients.
# The values 2048, 3072 and 4096 are expected to be compatible with all clients.
# Note that OpenSSL has no problem with > 4096 or non-multiple of 8 lengths.
# See also the $min_key_length setting above to restrict user key sizes.
# This value is also used when generating the ssh_host_rsa_key for the chroot jail sshd.
# RECOMMENDED VALUE: 3072
our $rsakeylength = undef;


#
##  -------------
##  URL addresses
##  -------------
#

# URL of the gitweb.cgi script (must be in pathinfo mode).  If the sample
# apache.conf configuration is used, the trailing "/w" is optional.
our $gitweburl = "http://repo.or.cz";

# URL of the extra gitweb files (CSS, .js files, images, ...)
our $gitwebfiles = "http://repo.or.cz";

# URL of the Girocco CGI web admin interface (Girocco cgi/ subdirectory)
# e.g. reguser.cgi, edituser.cgi, regproj.cgi, editproj.cgi etc.
our $webadmurl = "http://repo.or.cz";

# URL of the Girocco CGI bundles information generator (Girocco cgi/bundles.cgi)
# If the sample apache.conf configuration is used, the trailing "/b" is optional.
# This is different from $httpbundleurl.  This URL lists all available bundles
# for a project and returns that as an HTML page.
our $bundlesurl = "http://repo.or.cz";

# URL of the Girocco CGI html templater (Girocco cgi/html.cgi)
# If mod_rewrite is enabled and the sample apache.conf configuration is used,
# the trailing "/h" is optional when the template file name ends in ".html"
# (which all the provided ones do).
our $htmlurl = "http://repo.or.cz";

# HTTP URL of the repository collection (undef if N/A)
# If the sample apache.conf configuration is used, the trailing "/r" is optional.
our $httppullurl = "http://repo.or.cz";

# HTTP URL of the repository collection when fetching a bundle (undef if N/A)
# Normally this will be the same as $httppullurl, but note that the bundle
# fetching logic is located in git-http-backend-verify so whatever URL is
# given here MUST end up running the git-http-backend-verify script!
# For example, if we're fetching the 'clone.bundle' for the 'girocco.git'
# repository, the final URL will be "$httpbundleurl/girocco.git/clone.bundle"
# If the sample apache.conf configuration is used, the trailing "/r" is optional.
# This is different from $bundlesurl.  This URL fetches a single Git-format
# .bundle file that is only usable with the 'git bundle' command.
our $httpbundleurl = "http://repo.or.cz";

# HTTPS push URL of the repository collection (undef if N/A)
# If this is defined, the openssl command must be available
# The sample apache.conf configuration requires mod_ssl, mod_authn_anon and
# mod_rewrite be enabled to support https push operations.
# Normally this should be set to $httppullurl with http: replaced with https:
# If the sample apache.conf configuration is used, the trailing "/r" is optional.
our $httpspushurl = "https://repo.or.cz";

# Git URL of the repository collection (undef if N/A)
# (You need to set up git-daemon on your system, and Girocco will not
# do this particular thing for you.)
our $gitpullurl = "git://repo.or.cz";

# Pushy SSH URL of the repository collection (undef if N/A)
# Note that the "/$jailreporoot" portion is optional and will be automatically
# added if appropriate when omitted by the client so this URL can typically
# be made the same as $gitpullurl with git: replaced with ssh:
our $pushurl = "ssh://repo.or.cz";

# URL of gitweb of this Girocco instance (set to undef if you're not nice
# to the community)
our $giroccourl = "$Girocco::Config::gitweburl/girocco.git";


#
## -------------------
## web server controls
## -------------------
#

# If true then non-smart HTTP access will be disabled
# There's normally no reason to leave non-smart HTTP access enabled
# since downloadable bundles are provided.  However, in case the
# non-smart HTTP access is needed for some reason, this can be set to undef or 0.
# This affects access via http: AND https: and processing of apache.conf.in.
# Note that this setting does not affect gitweb, ssh: or git: URL access in any way.
# RECOMMENDED VALUE: 1
our $SmartHTTPOnly = 0;

# If true, the https <VirtualHost ...> section in apache.conf.in will be
# automatically enabled when it's converted to apache.conf by the conversion
# script.  Do NOT enable this unless the required Apache modules are present
# and loaded (mod_ssl, mod_rewrite, mod_authn_anon) AND $httpspushurl is
# defined above otherwise the server will fail to start (with various errors)
# when the resulting apache.conf is used.
our $TLSHost = 1;


#
##  ------------------------
##  Some templating settings
##  ------------------------
#

# Legal warning (on reguser and regproj pages)
our $legalese = <<EOT;
<p>By submitting this form, you are confirming that you will mirror or push
only free software and redistributing it will not violate any law
of Czech Republic.
<sup><a href="/h/about.html">(more details)</a></sup>
</p>
EOT

# Pre-configured mirror sources (set to undef for none)
# Arrayref of name - record pairs, the record has these attributes:
#       label: The label of this source
#       url: The template URL; %1, %2, ... will be substituted for inputs
#       desc: Optional VERY short description
#       link: Optional URL to make the desc point at
#       inputs: Arrayref of hashref input records:
#               label: Label of input record 
#               suffix: Optional suffix
#       If the inputs arrayref is undef, single URL input is shown,
#       pre-filled with url (probably empty string).
our $mirror_sources = [
        {
                label => 'Anywhere',
                url => '',
                desc => 'Any HTTP/Git/rsync pull URL - bring it on!',
                inputs => undef
        },
        {
                label => 'GitHub',
                url => 'git://github.com/%1/%2.git',
                desc => 'GitHub Social Code Hosting',
                link => 'http://github.com/',
                inputs => [ { label => 'User:' }, { label => 'Project:', suffix => '.git' } ]
        },
        {
                label => 'GitLab',
                url => 'https://gitlab.com/%1/%2.git',
                desc => 'Engulfed the Green and Orange Boxes',
                link => 'https://gitlab.com/',
                inputs => [ { label => 'Project:' }, { label => 'Repository:', suffix => '.git' } ]
        }
];

# You can customize the gitweb interface widely by editing
# gitweb/gitweb_config.perl


#
##  -------------------
##  Permission settings
##  -------------------
#

# Girocco needs some way to manipulate write permissions to various parts of
# all repositories; this concerns three entities:
# - www-data: the web interface needs to be able to rewrite few files within
# the repository
# - repo: a user designated for cronjobs; handles mirroring and repacking;
# this one is optional if not $mirror
# - others: the designated users that are supposed to be able to push; they
# may have account either within chroot, or outside of it

# There are several ways how to use Girocco based on a combination of the
# following settings.

# (Non-chroot) UNIX user the CGI scripts run on; note that if some non-related
# untrusted CGI scripts run on this account too, that can be a big security
# problem and you'll probably need to set up suexec (poor you).
# This must always be set.
our $cgi_user = 'www-data';

# (Non-chroot) UNIX user performing mirroring jobs; this is the user who
# should run all the daemons and cronjobs and
# the user who should be running make install (if not root).
# This must always be set.
our $mirror_user = 'repo';

# (Non-chroot) UNIX group owning the repositories by default; it owns whole
# mirror repositories and at least web-writable metadata of push repositories.
# If you undefine this, all the data will become WORLD-WRITABLE.
# Both $cgi_user and $mirror_user should be members of this group!
our $owning_group = 'repo';

# Whether to use chroot jail for pushing; this must be always the same
# as $manage_users.
# TODO: Gitosis support for $manage_users and not $chrooted?
our $chrooted = $manage_users;

# How to control permissions of push-writable data in push repositories:
# * 'Group' for the traditional model: The $chroot/etc/group project database
#   file is used as the UNIX group(5) file; the directories have gid appropriate
#   for the particular repository and are group-writable. This works only if
#   $chrooted so that users are put in the proper groups on login when using
#   SSH push.  Smart HTTPS push does not require a chroot to work -- simply
#   run "make install" as the non-root $mirror_user user, but leave
#   $manage_users and $chrooted enabled.
# * 'ACL' for a model based on POSIX ACL: The directories are coupled with ACLs
#   listing the users with push permissions. This works for both chroot and
#   non-chroot setups, however it requires ACL support within the filesystem.
#   This option is BASICALLY UNTESTED, too. And UNIMPLEMENTED. :-)
# * 'Hooks' for a relaxed model: The directories are world-writable and push
#   permission control is purely hook-driven. This is INSECURE and works only
#   when you trust all your users; on the other hand, the attack vectors are
#   mostly just DoS or fully-traceable tinkering.
our $permission_control = 'Group';

# Path to alternate screen multiuser acl file (see screen/README, undef for none)
our $screen_acl_file = undef;

# Reserved project name and user name suffixes.
#
# Note that with personal mob branches enabled, a user name can end up being a
# file name after having a 'mob.' prefix added or a directory name after having
# a 'mob_' prefix added.  If there is ANY possibility that a file with a
# .suffix name may need to be served by the web server, lc(suffix) SHOULD be in
# this hash!  Pre-existing project names or user names with a suffix in this
# table can continue to be used, but no new projects or users can be created
# that have a suffix (case-insensitive) listed here.
our %reserved_suffixes = (
        # Entries must be lowercase WITHOUT a leading '.'
        bmp => 1,
        bz2 => 1,
        cgi => 1,
        css => 1,
        dmg => 1,
        fcgi => 1,
        gif => 1,
        gz => 1,
        htm => 1,
        html => 1,
        ico => 1,
        jp2 => 1,
        jpeg => 1,
        jpg => 1,
        jpg2 => 1,
        js => 1,
        pdf => 1,
        pem => 1,
        php => 1,
        png => 1,
        shtml => 1,
        svg => 1,
        svgz => 1,
        tar => 1,
        text => 1,
        tgz => 1,
        tif => 1,
        tiff => 1,
        txt => 1,
        xbm => 1,
        xht => 1,
        xhtml => 1,
        xz => 1,
        zip => 1,
);


#
##  -------------------------
##  sendmail.pl configuration
##  -------------------------
#

# Full information on available sendmail.pl settings can be found by running
# ../bin/sendmail.pl -v -h

# These settings will only used if $sendmail_bin is set to 'sendmail.pl'

# sendmail.pl host name
#$ENV{'SENDMAIL_PL_HOST'} = 'localhost'; # localhost is the default

# sendmail.pl port name
#$ENV{'SENDMAIL_PL_PORT'} = '25'; # port 25 is the default

# sendmail.pl nc executable
#$ENV{'SENDMAIL_PL_NCBIN'} = "$chroot/bin/nc.openbsd"; # default is nc found in $PATH

# sendmail.pl nc options
# multiple options may be included, e.g. '-4 -X connect -x 192.168.100.10:8080'
#$ENV{'SENDMAIL_PL_NCOPT'} = '-4'; # force IPv4, default is to allow IPv4 & IPv6


#
## -------------------------
## Obscure Tuneable Features
## -------------------------
#

# Throttle classes configured here override the defaults for them that
# are located in taskd/taskd.pl.  See comments in that file for more info.
our @throttle_classes = ();

# Any tag names listed here will be allowed even if they would otherwise not be.
our @allowed_tags = ();

# Any tag names listed here will be disallowed in addition to the standard
# list of nonsense words etc. that are blocked as tags.
our @blocked_tags = ();

# If there are no more than this many objects, then all deltas will be
# recomputed when gc takes place.  Note that this does not affect any
# fast-import created packs as they ALWAYS have their deltas recomputed.
# Also when combining small packs, if the total object count in the packs
# to be combined is no more than this then the new, combined pack will have
# its deltas recomputed during the combine operation.
# Leave undef to use the default (which should generally be fine).
# Lowering this from the default can increase disk use.
# Values less than 1000 * number of CPU cores will be silently ignored.
our $new_delta_threshold = undef;

# If this is set to a true value, then core.packedGitWindowSize will be set
# to 1 MiB the same as if Git was compiled with NO_MMAP set.  If this is NOT
# set, core.packedGitWindowSize will be set to 32 MiB (even on 64-bit) to avoid
# memory blowout.  If your Git was built with NO_MMAP set and will not work
# without NO_MMAP set, you MUST set this to a true value!
our $git_no_mmap = undef;

# If set to a true value, the "X-Girocco: $gitweburl" header included in all
# Girocco-generated emails will be suppressed.
our $suppress_x_girocco = undef;


#
## ------------------------
## Sanity checks & defaults
## ------------------------
#
#  Changing anything in this section can result in unexpected breakage

# Couple of sanity checks and default settings (do not change these)
use Digest::MD5 qw(md5);
use MIME::Base64 qw(encode_base64);
$name =~ s/\s+/_/gs;
$nickname = lc((split(/[.]/, $name))[0]) unless $nickname;
$nickname =~ s/\s+/_/gs;
our $tmpsuffix = substr(encode_base64(md5($name.':'.$nickname)),0,6);
$tmpsuffix =~ tr,+/,=_,;
($mirror_user) or die "Girocco::Config: \$mirror_user must be set even if to current user";
($basedir) or die "Girocco::Config: \$basedir must be set";
($sendmail_bin) or die "Girocco::Config: \$sendmail_bin must be set";
$sendmail_bin = "$basedir/bin/sendmail.pl" if $sendmail_bin eq "sendmail.pl";
$screen_acl_file = "$basedir/screen/giroccoacl" unless $screen_acl_file;
$jailreporoot =~ s,^/+,,;
($reporoot) or die "Girocco::Config \$reporoot must be set";
($jailreporoot) or die "Girocco::Config \$jailreporoot must be set";
(not $mob or $mob eq 'mob') or die "Girocco::Config \$mob must be undef (or '') or 'mob'";
(not $min_key_length or $min_key_length =~ /^[1-9][0-9]*$/)
        or die "Girocco::Config \$min_key_length must be undef or numeric";
$admincc = $admincc ? 1 : 0;
$rootcert = "$certsdir/girocco_root_crt.pem" if $httpspushurl && !$rootcert;
$clientcert = "$certsdir/girocco_client_crt.pem" if $httpspushurl && !$clientcert;
$clientkey = "$certsdir/girocco_client_key.pem" if $httpspushurl && !$clientkey;
$clientcertsuffix = "$certsdir/girocco_client_suffix.pem" if $httpspushurl && !$clientcertsuffix;
$mobusercert = "$certsdir/girocco_mob_user_crt.pem" if $httpspushurl && $mob && !$mobusercert;
$mobuserkey = "$certsdir/girocco_mob_user_key.pem" if $httpspushurl && $mob && !$mobuserkey;
our $mobpushurl = $pushurl;
$mobpushurl =~ s,^ssh://,ssh://mob@,i if $mobpushurl;
$disable_dsa = 1 unless $pushurl;
$disable_dsa = $disable_dsa ? 1 : '';
our $httpdnsname = ($gitweburl =~ m,https?://([A-Za-z0-9.-]+),i) ? lc($1) : undef if $gitweburl;
our $httpsdnsname = ($httpspushurl =~ m,https://([A-Za-z0-9.-]+),i) ? lc($1) : undef if $httpspushurl;
($mirror or $push) or die "Girocco::Config: neither \$mirror nor \$push is set?!";
(not $push or ($pushurl or $httpspushurl or $gitpullurl or $httppullurl)) or die "Girocco::Config: no pull URL is set";
(not $push or ($pushurl or $httpspushurl)) or die "Girocco::Config: \$push set but \$pushurl and \$httpspushurl are undef";
(not $mirror or $mirror_user) or die "Girocco::Config: \$mirror set but \$mirror_user is undef";
($manage_users == $chrooted) or die "Girocco::Config: \$manage_users and \$chrooted must be set to the same value";
(not $chrooted or $permission_control ne 'ACL') or die "Girocco::Config: resolving uids for ACL not supported when using chroot";
(grep { $permission_control eq $_ } qw(Group Hooks)) or die "Girocco::Config: \$permission_control must be set to Group or Hooks";
($chrooted or not $mob) or die "Girocco::Config: mob user supported only in the chrooted mode";
(not $httpspushurl or $httpsdnsname) or die "Girocco::Config invalid \$httpspushurl does not start with https://domainname";
(not $svn_log_window_size or $svn_log_window_size =~ /^[1-9][0-9]*$/)
        or die "Girocco::Config \$svn_log_window_size must be undef or numeric";
(not $posix_sh_bin or $posix_sh_bin !~ /\s/) or die "Girocco::Config: \$posix_sh_bin must not contain any whitespace";
(not $perl_bin or $perl_bin !~ /\s/) or die "Girocco::Config: \$perl_bin must not contain any whitespace";
!$git_no_mmap and $git_no_mmap = undef;
!$suppress_x_girocco and $suppress_x_girocco = undef;

# Make sure Git has a consistent and reproducible environment

$ENV{'XDG_CONFIG_HOME'} = $chroot.'/var/empty';
$ENV{'HOME'} = $chroot.'/etc/girocco';
$ENV{'TMPDIR'} = '/tmp';
$ENV{'GIT_CONFIG_NOSYSTEM'} = 1;
$ENV{'GIT_ATTR_NOSYSTEM'} = 1;
$ENV{'GIT_NO_REPLACE_OBJECTS'} = 1;
$ENV{'GIT_TERMINAL_PROMPT'} = 0;
$ENV{'GIT_ASKPASS'} = $basedir.'/bin/git-askpass-password';
delete $ENV{'GIT_USER_AGENT'};
$ENV{'GIT_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
delete $ENV{'GIT_HTTP_USER_AGENT'};
$ENV{'GIT_HTTP_USER_AGENT'} = $git_client_ua if defined($git_client_ua);
delete $ENV{'GIT_CONFIG_PARAMETERS'};

# Guarantee a sane umask for Girocco

umask(umask() & ~0770);

1;