summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbill-auger <mr.j.spam.me@gmail.com>2019-12-10 19:01:05 -0500
committerbill-auger <mr.j.spam.me@gmail.com>2019-12-11 11:04:31 -0500
commitf20acaf76d5151e6cf650e668247fdab3a5918ed (patch)
treef5128a003f528b695f4433a7ba8f2a75d27f3fc0
parent6ea9b96edf81b40edca4958c42b603fa1f20df0d (diff)
re-organize hackers YAML model
-rw-r--r--parabola-hackers.yml46
1 files changed, 22 insertions, 24 deletions
diff --git a/parabola-hackers.yml b/parabola-hackers.yml
index b993e6c..e2eef55 100644
--- a/parabola-hackers.yml
+++ b/parabola-hackers.yml
@@ -1,50 +1,48 @@
---
-# Where to look for "${uid}.yml" files
-yamldir: "/var/lib/hackers-git/users"
-
-# Which groups imply membership in other groups (since UNIX groups
-# can't be nested).
+# Which meta-groups imply membership in other groups
+# (since UNIX groups can't be nested).
#
-# That is, if you are in the 'hackers' group, you are also in the
-# 'repo' and 'git' groups, even if they aren't listed.
+# e.g. 'hackers' are also in the 'repo' and 'git' groups
groupgroups:
- # high-level groups
+ # mutually-exclusive general groups
+ bots:
+ - keyring-trusted
+ fellows:
+ - email
hackers:
- administrators
- committers
- email
- keyring-trusted
- packagers
- fellows:
- - email
trustedusers:
- keyring-secondary
- bots:
- - keyring-trusted
- # capability groups
- committers:
- - git
- packagers:
- - repo
+ # fine-grained capability groups
administrators:
- log
- ssh
- systemd-journal
- wheel
+ committers:
+ - git
+ packagers:
+ - repo
-# Groups that are system users that can be ssh'ed into.
+# Groups that are have associated system users that can be SSH'ed into.
#
-# So, if 'lukeshu' is in the 'repo' group, he can ssh to
-# 'repo'@hostname.
+# e.g. those with 'repo' in their group tree, can SSH as the repo user.
ssh_pseudo_users:
-- repo
- git
+- repo
-# The message, if any, that is presented to the user when password
-# modification through PAM is prohibited.
-pam_password_prohibit_message: ''
+# Where to look for "${uid}.yml" files
+yamldir: "/var/lib/hackers-git/users"
# Where to keep files that can be cached between versions when making
# the pacman keyring.
keyring_cachedir: "/var/cache/parabola-hackers"
+
+# The message, if any, that is presented to the user when password
+# modification through PAM is prohibited.
+pam_password_prohibit_message: ''