From f20acaf76d5151e6cf650e668247fdab3a5918ed Mon Sep 17 00:00:00 2001 From: bill-auger Date: Tue, 10 Dec 2019 19:01:05 -0500 Subject: re-organize hackers YAML model --- parabola-hackers.yml | 46 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/parabola-hackers.yml b/parabola-hackers.yml index b993e6c..e2eef55 100644 --- a/parabola-hackers.yml +++ b/parabola-hackers.yml @@ -1,50 +1,48 @@ --- -# Where to look for "${uid}.yml" files -yamldir: "/var/lib/hackers-git/users" - -# Which groups imply membership in other groups (since UNIX groups -# can't be nested). +# Which meta-groups imply membership in other groups +# (since UNIX groups can't be nested). # -# That is, if you are in the 'hackers' group, you are also in the -# 'repo' and 'git' groups, even if they aren't listed. +# e.g. 'hackers' are also in the 'repo' and 'git' groups groupgroups: - # high-level groups + # mutually-exclusive general groups + bots: + - keyring-trusted + fellows: + - email hackers: - administrators - committers - email - keyring-trusted - packagers - fellows: - - email trustedusers: - keyring-secondary - bots: - - keyring-trusted - # capability groups - committers: - - git - packagers: - - repo + # fine-grained capability groups administrators: - log - ssh - systemd-journal - wheel + committers: + - git + packagers: + - repo -# Groups that are system users that can be ssh'ed into. +# Groups that are have associated system users that can be SSH'ed into. # -# So, if 'lukeshu' is in the 'repo' group, he can ssh to -# 'repo'@hostname. +# e.g. those with 'repo' in their group tree, can SSH as the repo user. ssh_pseudo_users: -- repo - git +- repo -# The message, if any, that is presented to the user when password -# modification through PAM is prohibited. -pam_password_prohibit_message: '' +# Where to look for "${uid}.yml" files +yamldir: "/var/lib/hackers-git/users" # Where to keep files that can be cached between versions when making # the pacman keyring. keyring_cachedir: "/var/cache/parabola-hackers" + +# The message, if any, that is presented to the user when password +# modification through PAM is prohibited. +pam_password_prohibit_message: '' -- cgit v1.2.2