summaryrefslogtreecommitdiff
path: root/parabola-hackers.yml
diff options
context:
space:
mode:
Diffstat (limited to 'parabola-hackers.yml')
-rw-r--r--parabola-hackers.yml46
1 files changed, 22 insertions, 24 deletions
diff --git a/parabola-hackers.yml b/parabola-hackers.yml
index b993e6c..e2eef55 100644
--- a/parabola-hackers.yml
+++ b/parabola-hackers.yml
@@ -1,50 +1,48 @@
---
-# Where to look for "${uid}.yml" files
-yamldir: "/var/lib/hackers-git/users"
-
-# Which groups imply membership in other groups (since UNIX groups
-# can't be nested).
+# Which meta-groups imply membership in other groups
+# (since UNIX groups can't be nested).
#
-# That is, if you are in the 'hackers' group, you are also in the
-# 'repo' and 'git' groups, even if they aren't listed.
+# e.g. 'hackers' are also in the 'repo' and 'git' groups
groupgroups:
- # high-level groups
+ # mutually-exclusive general groups
+ bots:
+ - keyring-trusted
+ fellows:
+ - email
hackers:
- administrators
- committers
- email
- keyring-trusted
- packagers
- fellows:
- - email
trustedusers:
- keyring-secondary
- bots:
- - keyring-trusted
- # capability groups
- committers:
- - git
- packagers:
- - repo
+ # fine-grained capability groups
administrators:
- log
- ssh
- systemd-journal
- wheel
+ committers:
+ - git
+ packagers:
+ - repo
-# Groups that are system users that can be ssh'ed into.
+# Groups that are have associated system users that can be SSH'ed into.
#
-# So, if 'lukeshu' is in the 'repo' group, he can ssh to
-# 'repo'@hostname.
+# e.g. those with 'repo' in their group tree, can SSH as the repo user.
ssh_pseudo_users:
-- repo
- git
+- repo
-# The message, if any, that is presented to the user when password
-# modification through PAM is prohibited.
-pam_password_prohibit_message: ''
+# Where to look for "${uid}.yml" files
+yamldir: "/var/lib/hackers-git/users"
# Where to keep files that can be cached between versions when making
# the pacman keyring.
keyring_cachedir: "/var/cache/parabola-hackers"
+
+# The message, if any, that is presented to the user when password
+# modification through PAM is prohibited.
+pam_password_prohibit_message: ''