All clear! Thanks Stefan :)

PS: Redirecting your response back to the list for others to see (took
this off list by mistake, forgot cc).

Jun 2, 2023 19:15:48 Stefan Sperling <stsp@stsp.name>:

> On Fri, Jun 02, 2023 at 04:53:14PM +0200, Johannes Thyssen Tishman
> wrote:
> > On Fri, Jun 02, 2023 at 02:11:13PM +0200, Stefan Sperling wrote:
> > > On Fri, Jun 02, 2023 at 12:17:59PM +0200, Johannes Thyssen Tishman wrote:
> > > > Hi all,
> > > >
> > > > I recently decided to give Game of Trees a try. So far I've enjoyed how
> > > > easy it is to setup gotd on the server and the per-repo configurations.
> > > > The man pages have been great to get me started. However coming from
> > > > using git{daemon} I am still a little confused about a couple of things
> > > > regarding got and gotd.
> > > >
> > > > Regarding gotd:
> > > >
> > > > Having all repos stored in /var/git, what are the correct permissions
> > > > for these if I have multiple developers with read-write permissions
> > > > working on them? Does gotd handle the permissions of these as specified
> > > > in the /etc/gotd.conf and can I simply have them be owned by
> > > > maindev:maindev for example? Or do I have to do 'chown -R :developers
> > > > repo && chmod g+w repo' for all the repos that need write access by the
> > > > developers group?
> > >
> > > The standard approach for a "main-hub" style server is to have _gotd
> > > own all repositories on disk and add your developers to gotd.conf.
> >
> > How would one create a new repository in this case? As root and then
> > chown _gotd:_gotd?
>
> Yes, chown -R _gotd:_gotd will do.
>
> > > There are cases where using a UID other than _gotd can be useful.
> > > For example, I sometimes run gotd as my own user when I just want to
> > > push changes repos on another system such as a VM and I don't have
> > > Git installed in the VM. The same makes sense for single-user servers
> > > where the user also runs scripts that synchronize repositories in
> > > the background.
> >
> > Ah I see. My server is indeed a single-user server, however if I run
> > gotd as my user, would others still be able to contribute if given rw
> > permissions in /etc/gotd.conf?
>
> Yes. gotd needs root during initial startup (e.g. to open the listening
> socket) but once it is up and running everything boils down to running
> as the UID which has filesystem access to the repositories. Other UIDs
> do not need (and should not have) filesystem access to those
> repositories.
> Other users can modify the repositories if have "permit rw" in
> gotd.conf.
> Regardless, filesystem access to repositories always occurs with the
> gotd UID.
>
> > > For now, I would recommend running -current for gotd servers.
> > > OpenBSD 7.3 does not have gitwrapper(1) yet which makes deployment
> > > of gotd a lot easier when used in parallel to Git.
> >
> > Actually my plan is to completely replace git on the server. Would you
> > still recommend -current when not working in parallel to Git?
>
> -current has some fixes and new features in gotd.
> See the CHANGES file for what changed in gotd since 0.86.
>
> And because -release does not have gitwrapper it is complicated to
> backport gotd fixes to -stable.
>
> If 0.86 works for you then that is fine. If there is some problem
> then please try -current first and report back if it is not yet
> fixed there.
>
> > Also out
> > of curiosity, why would someone want to work both with got and git at
> > the same time on a server?
>
> In multi-user systems this might be common. Or there might be official
> repositories exposed by gotd and private repositories somewhere in the
> home directory of a user.
>
> > > > Regarding /etc/gotd.conf, is it in the developers plans to allow for
> > > > per-directory/wildcard configurations. E.g:
> > > >
> > > >     repository ".*" {
> > > > 	path "/var/git/*"
> > > > 	permit rw :devs
> > > > 	permit ro anonymous
> > > >     }
> > >
> > > No, because then gitwrapper won't know which repositories are supposed
> > > to be managed by gotd.
> >
> > So gitwrapper determines the repos that are to be managed by gotd by
> > parsing /etc/gotd.conf?
>
> Yes.
>
> For cases where some users do not use gotsh as their login shell
> gitwrapper
> is better than having to fiddle with PATH in the sshd config to decide
> whether git-upload-pack or gotsh should run when the user's client logs
> in and runs 'git-upload-pack /some/repo'.
>
> > > gotd uses the list of repositories in the configuration file to know
> > > what it needs to unveil(). This is why a restart is needed when a new
> > > repository is added.
> > >
> > > Of course this could be changed to have gotd list a directory at startup
> > > and unveil all the repositories within, but that seems more error prone
> > > than an explicit listing and still wouldn't avoid the need to restart.
> >
> > Understood, thank you. Nothing a script can't automate anyways.
>
> Restarts are very quick, too. And 'gotctl info' can tell you whether
> there are active clients that would get an error during restarts.
>
> > > You can use 'got send' or 'git push' to add files to an empty repository
> > > that sits on the server.  Of course will need need to run 'got import'
> > > anyway to populate a local repository with a commit that can be sent.
> >
> > Awesome, this will do! Question though: I couldn't find how to configure
> > a remote repository for a local repository in the man pages aside from
> > manually adding it to got.conf. Is this the only way?
>
> Yes, there is no equivalent to 'git config' or anything like that.
> Editing got.conf is the only way right now. Just add an empty repo
> as a new remote and send to it. This should work.
>
> > Thank you very much for your time Stefan.
>
> Sure :)