Move gitano skeleton to /usr/share/trove-setup/

23 files changed, 557 insertions, 0 deletions

diff --git a/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua b/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua
new file mode 100644
index 0000000..d1b3864
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/global-hooks/post-receive.lua
@@ -0,0 +1,105 @@
+-- mason-notify.post-receive.lua
+--
+-- Global post-receive hook which notifies Mason of any and all refs updates
+-- (except refs/gitano/*) which happen.
+--
+-- It notifies Mason *before* passing the updates on to the project hook.
+--
+-- Copyright 2012 Codethink Limited
+--
+-- This is a part of Trove and re-use is limited to Baserock systems only.
+--
+
+local project_hook, repo, updates = ...
+
+local EMPTY_SHA = ("0"):rep(40)
+
+local masonhost = "##MASON_HOST##:##MASON_PORT##"
+local basepath = "/1.0"
+local urlbases = {
+   "git://##TROVE_HOSTNAME##/",
+   "ssh://git@##TROVE_HOSTNAME##/",
+}
+
+local notify_mason = false
+
+for ref in pairs(updates) do
+   if not ref:match("^refs/gitano/") then
+      notify_mason = true
+   end
+end
+
+if notify_mason and repo.name ~= "gitano-admin" then
+   -- Build the report...
+   local masoninfo, indent_level = {}, 0
+   local function _(...)
+      masoninfo[#masoninfo+1] = ("    "):rep(indent_level) .. table.concat({...})
+   end
+   local function indent()
+      indent_level = indent_level + 1
+   end
+   local function dedent()
+      indent_level = indent_level - 1
+   end
+   _ "{" indent()
+   
+   _ '"urls": [' indent()
+
+   for i = 1, #urlbases do
+      local comma = (i==#urlbases) and "" or ","
+      _(("%q,"):format(urlbases[i] .. repo.name))
+      _(("%q%s"):format(urlbases[i] .. repo.name .. ".git", comma))
+   end
+
+   dedent() _ "],"
+
+   _ '"changes": [' indent()
+
+   local toreport = {}
+   for ref, info in pairs(updates) do
+      if not ref:match("^refs/gitano") then
+	 local action
+	 if info.oldsha == EMPTY_SHA then
+	    action = "create"
+	 elseif info.newsha == EMPTY_SHA then
+	    action = "delete"
+	 else
+	    action = "update"
+	 end
+	 toreport[#toreport+1] = { 
+	    ('"ref": %q,'):format(ref),
+	    ('"action": %q,'):format(action),
+	    ('"old": %q,'):format(info.oldsha),
+	    ('"new": %q'):format(info.newsha)
+	 }
+      end
+   end
+   for i = 1, #toreport do
+      local comma = (i==#toreport) and "" or ","
+      _ "{" indent()
+      for __, ent in ipairs(toreport[i]) do
+	 _(ent)
+      end
+      dedent() _("}", comma)
+   end
+   dedent() _ "]"
+
+   dedent() _ "}"
+
+   -- And finalise the JSON object
+   _("")
+   masoninfo = table.concat(masoninfo, "\n")
+   log.state("Notifying Mason of changes...")
+
+   local code, msg, headers, content =
+      http.post(masonhost, basepath, "application/json", masoninfo)
+   if code ~= "200" then
+      log.state("Notification failed somehow")
+   end
+   for line in content:gmatch("([^\r\n]*)\r?\n") do
+      log.state("Mason: " .. line)
+   end
+end
+
+-- Finally, chain to the project hook
+return project_hook(repo, updates)
diff --git a/share/gitano/skel/gitano-admin/groups/local-config-admins.conf b/share/gitano/skel/gitano-admin/groups/local-config-admins.conf
new file mode 100644
index 0000000..435a297
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/groups/local-config-admins.conf
@@ -0,0 +1 @@
+description "Users who are permitted to administer the local-config project"
diff --git a/share/gitano/skel/gitano-admin/groups/local-config-managers.conf b/share/gitano/skel/gitano-admin/groups/local-config-managers.conf
new file mode 100644
index 0000000..711be8f
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/groups/local-config-managers.conf
@@ -0,0 +1,3 @@
+description "Users who are permitted to manage the local-config project"
+
+subgroups["*"] "local-config-admins"
diff --git a/share/gitano/skel/gitano-admin/groups/local-config-readers.conf b/share/gitano/skel/gitano-admin/groups/local-config-readers.conf
new file mode 100644
index 0000000..63e6bb3
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/groups/local-config-readers.conf
@@ -0,0 +1,5 @@
+description "Users who are permitted to read from the local-config project"
+
+members["*"] "lorry"
+
+subgroups["*"] "local-config-writers"
diff --git a/share/gitano/skel/gitano-admin/groups/local-config-writers.conf b/share/gitano/skel/gitano-admin/groups/local-config-writers.conf
new file mode 100644
index 0000000..9bbff24
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/groups/local-config-writers.conf
@@ -0,0 +1,3 @@
+description "Users who are permitted to write to the local-config project"
+
+subgroups["*"] "local-config-managers"
diff --git a/share/gitano/skel/gitano-admin/groups/trove-admin.conf b/share/gitano/skel/gitano-admin/groups/trove-admin.conf
new file mode 100644
index 0000000..e912653
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/groups/trove-admin.conf
@@ -0,0 +1 @@
+description "Trove-local administration"
diff --git a/share/gitano/skel/gitano-admin/groups/workers.conf b/share/gitano/skel/gitano-admin/groups/workers.conf
new file mode 100644
index 0000000..5586538
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/groups/workers.conf
@@ -0,0 +1,4 @@
+description "Workers who have read-access to everything"
+
+members["*"] "distbuild"
+members["*"] "mason"
diff --git a/share/gitano/skel/gitano-admin/rules/adminchecks.lace b/share/gitano/skel/gitano-admin/rules/adminchecks.lace
new file mode 100644
index 0000000..ffe99a0
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/adminchecks.lace
@@ -0,0 +1,25 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Core project administration rules
+
+# Called with ref known to be refs/gitano/admin
+
+# Administrators already got to do anything, so this is for non-admins
+
+# Non-admin members may not delete the admin ref
+deny "Non-administrators may not delete the admin ref" op_deleteref
+
+# Otherwise, the project's owner is allowed to alter the admin tree
+allow "Project owner may alter the admin ref" is_owner repo_is_personal
+
+# Project admins may alter admin refs
+allow "Project admins may alter the admin ref of project repos" repo_is_local_project project_admin
+
+# Any other opportunities for altering the admin ref must be provided
+# by the project's rules
diff --git a/share/gitano/skel/gitano-admin/rules/aschecks.lace b/share/gitano/skel/gitano-admin/rules/aschecks.lace
new file mode 100644
index 0000000..fc76440
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/aschecks.lace
@@ -0,0 +1,30 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Rules for when we're running as another user.
+
+# Only 'deny' things which are not allowed.  If you 'allow' then it will allow
+# the actual operation, not just fail to deny the fact that it's 'as' someone
+# else.
+
+define as_is_admin as_group gitano-admin
+
+# trove-admin members are permitted to run sshkey and whoami on behalf
+# of others in order to check users and grant access, providing the target
+# user is not part of the gitano-admin group.
+
+define as_is_trove_admin as_group trove-admin
+define as_trove_admin_ok allof as_is_trove_admin !is_admin op_self
+
+# You are permitted to do things 'as' others if and only if the caller is
+# either a member of the administration group, or else meets the above
+# requirements.
+define as_is_ok anyof as_is_admin as_trove_admin_ok
+
+# Explicitly deny any impersonation operation which does not meet the above.
+deny "You may not run things as another user unless you are an admin" !as_is_ok
diff --git a/share/gitano/skel/gitano-admin/rules/core.lace b/share/gitano/skel/gitano-admin/rules/core.lace
new file mode 100644
index 0000000..dab7cfb
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/core.lace
@@ -0,0 +1,47 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Core ruleset definitions for Trove.
+
+default deny "Trove ruleset failed to define result.  Access denied."
+
+include global:defines
+
+# The users in the administration group (gitano-admin) may do anything
+# they choose (providing they're not being impersonated).  By default
+# Only the user created as part of trove-setup has this level of access.
+allow "Administrators can do anything" is_admin !if_asanother
+
+# Now let's decide if we can use 'as'
+include global:aschecks if_asanother
+
+# Operations which are against 'self' get checked next
+include global:selfchecks
+
+# Administration operations (users, groups) next
+include global:siteadmin op_is_admin
+
+# Site-defined rules for repository creation
+include global:createrepo op_createrepo
+
+# Site-defined rules for repository renaming
+include global:renamerepo op_renamerepo
+
+# Site-defined rules for repository destruction
+include global:destroyrepo op_destroyrepo
+
+# Site-defined rules for project repositories, including admin of them
+include global:project
+
+# Now the project rules themselves
+include main
+
+# If you're running your access control somewhat more openly than most, You can
+# now uncomment the following and allow git:// access to *everything* which is
+# not the admin repository
+# allow "Anonymous access is okay" op_read !is_admin_repo
diff --git a/share/gitano/skel/gitano-admin/rules/createrepo.lace b/share/gitano/skel/gitano-admin/rules/createrepo.lace
new file mode 100644
index 0000000..bf4683e
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/createrepo.lace
@@ -0,0 +1,23 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Rules related to creating repositories
+
+# Administrators have already been permitted whatever they like
+# so this is for site-wide non-admins.
+
+##PEOPLE_COMMENT##allow "Personal repo creation is okay" repo_is_personal
+
+# Allow people in *-admins to create repositories under <foo>
+allow "Project admins may make project repositories" repo_is_local_project project_admin
+
+# Allow lorry to create repositories anywhere but the local project root
+allow "Lorry may create lorryable repos" is_lorry lorryable_repo
+
+# Otherwise the default is that non-admins can't create repositories
+deny "Repository creation is not permitted."
diff --git a/share/gitano/skel/gitano-admin/rules/defines.lace b/share/gitano/skel/gitano-admin/rules/defines.lace
new file mode 100644
index 0000000..380948a
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/defines.lace
@@ -0,0 +1,106 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012,2013 Codethink Limited
+#
+# Core definitions for access control
+
+# Gitano provided definitions first
+
+# User/group related
+define is_admin group gitano-admin
+define is_owner owner ${user}
+define is_anonymous user gitano/anonymous
+
+define if_asanother as_user ~.
+
+# Self-related operations
+define op_whoami operation whoami
+define op_sshkey operation sshkey
+define op_passwd operation passwd
+define op_self anyof op_whoami op_sshkey op_passwd
+
+# Admin-related operations
+
+## Users
+define op_useradd operation useradd
+define op_userdel operation userdel
+define op_userlist operation userlist
+define op_useremail operation useremail
+define op_username operation username
+define op_user anyof op_userlist op_useradd op_userdel op_useremail op_username
+
+## Groups
+define op_grouplist operation grouplist
+define op_groupshow operation groupshow
+define op_groupadd operation groupadd
+define op_groupdel operation groupdel
+define op_groupadduser operation groupadduser
+define op_groupdeluser operation groupdeluser
+define op_groupaddgroup operation groupaddgroup
+define op_groupdelgroup operation groupdelgroup
+define op_groupdescription operation groupdescription
+define op_group anyof op_grouplist op_groupshow op_groupadd op_groupdel op_groupadduser op_groupdeluser op_groupaddgroup op_groupdelgroup op_groupdescription
+
+## Aggregation of admin ops
+define op_is_admin anyof op_user op_group
+
+# Primary repository-related operations
+define op_read operation read
+define op_write operation write
+define op_createrepo operation createrepo
+define op_renamerepo operation renamerepo
+define op_destroyrepo operation destroyrepo
+
+# Remote configuration operations
+define op_config_show operation config_show
+define op_config_set operation config_set
+define op_config_del operation config_del
+define op_is_config anyof op_config_show op_config_set op_config_del
+
+# Reference update related operations
+define op_createref operation createref
+define op_deleteref operation deleteref
+define op_fastforward operation updaterefff
+define op_forcedupdate operation updaterefnonff
+
+# Combinator operations
+define op_is_basic anyof op_read op_write
+define op_is_update anyof op_fastforward op_forcedupdate
+define op_is_normal anyof op_fastforward op_createref op_deleteref
+
+# Administration
+define is_admin_repo repository gitano-admin
+define is_gitano_ref ref ~^refs/gitano/
+define is_admin_ref ref refs/gitano/admin
+
+#
+#
+# Trove definitions after here
+#
+#
+
+define repo_is_personal repository ~^##ESC_PERSONAL_PREFIX##/${user}/
+define ref_is_personal ref ~^refs/heads/##ESC_PREFIX##/${user}/
+define repo_is_local_project repository ~^##ESC_PREFIX##/[^/]+/
+
+define project_reader  group ${repository/2}-readers
+define project_writer  group ${repository/2}-writers
+define project_admin   group ${repository/2}-admins
+define project_manager group ${repository/2}-managers
+
+define master_ref ref ~^refs/heads/master$
+
+define op_is_reffy anyof op_is_normal op_forcedupdate
+
+define trove_site_admin group trove-admin
+define target_group_gitano_admin targetgroup gitano-admin
+
+define is_lorry user lorry
+define is_local_ref ref ~^refs/heads/##ESC_PREFIX##/
+define lorryable_repo allof !repo_is_local_project !repo_is_personal !is_admin_repo
+
+define is_worker group workers
diff --git a/share/gitano/skel/gitano-admin/rules/destroyrepo.lace b/share/gitano/skel/gitano-admin/rules/destroyrepo.lace
new file mode 100644
index 0000000..6e6b446
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/destroyrepo.lace
@@ -0,0 +1,20 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Rules related to the destroying of repositories
+
+# Owners may destroy personal repositories
+allow "You may destroy your own repositories" is_owner repo_is_personal
+
+# Project admins may destroy repos inside their projects
+allow "Project admins may destroy project repos" repo_is_local_project project_admin
+
+# Allow lorry to destroy repositories anywhere but the local project root
+allow "Lorry may destroy lorryable repos" is_lorry lorryable_repo
+
+deny "You may not destroy repositories you do not own"
diff --git a/share/gitano/skel/gitano-admin/rules/other-project.lace b/share/gitano/skel/gitano-admin/rules/other-project.lace
new file mode 100644
index 0000000..7bc80cc
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/other-project.lace
@@ -0,0 +1,25 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012,2013 Codethink Limited
+#
+# Rules for any repository not under ##PREFIX##
+
+# This is, by default, /baserock/ and /delta/
+
+# There are two classes of accessors here.  Lorry and Others
+allow "Anyone may read here" op_read
+allow "Anyone may write here" op_write !is_anonymous
+
+# Lorry can do anything reffy which is not inside the local refs
+allow "Lorry may touch everything but refs/heads/##PREFIX##" op_is_reffy is_lorry !is_local_ref
+
+# Noone can rewind/rebase outside of their personal refs
+deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !is_lorry !ref_is_personal
+
+# Everyone else can do reffy things inside refs/heads/##PREFIX##
+allow "Project writers may alter any refs" op_is_reffy !is_lorry is_local_ref
+
diff --git a/share/gitano/skel/gitano-admin/rules/project.lace b/share/gitano/skel/gitano-admin/rules/project.lace
new file mode 100644
index 0000000..aa5e1e2
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/project.lace
@@ -0,0 +1,38 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Core project administration rules
+
+# Admins already got allowed, so this is for non-admin users only
+allow "Owners can always read and write" op_is_basic is_owner repo_is_personal
+
+# Any non-gitano-admin repo is readable to the lorry user and the worker group
+allow "Lorry may read" op_read is_lorry lorryable_repo
+allow "Workers may read" op_read !is_admin_repo is_worker
+
+# Force /baserock and /delta to always be anon-readable which means git:// will
+# work.  This is part of the core ruleset for Baserock because /baserock/ and
+# /delta/ are always open source.
+define is_baserock_repo repository ~^baserock/
+define is_delta_repo repository ~^delta/
+define is_opensource_repo anyof is_baserock_repo is_delta_repo
+
+allow "Anonymous access always allowed" op_read !is_admin_repo is_opensource_repo
+
+# Project remote-configuration rules (set-head etc)
+include global:remoteconfigchecks op_is_config
+
+# Okay, if we're altering the admin ref, in we go
+include global:adminchecks is_admin_ref
+
+# Now we're into branch operations.
+# Owners of personal repositories can do any reffy operation
+allow "Owners can create refs" op_is_reffy is_owner repo_is_personal
+
+include global:trove-project repo_is_local_project
+include global:other-project lorryable_repo
diff --git a/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace b/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace
new file mode 100644
index 0000000..6f88f5f
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/remoteconfigchecks.lace
@@ -0,0 +1,20 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Remote config checks
+
+# Owners may do any remote admin operation they choose
+allow "Owners may remote-admin their repositories" is_owner repo_is_personal
+
+# *-admins may remote-admin their project's repositories
+allow "Project admins may admin project repos" repo_is_local_project project_admin
+
+# lorry may remote-admin lorryable repositories
+allow "Lorry may admin lorry repos" is_lorry lorryable_repo
+
+deny "You may not configure this repository remotely"
diff --git a/share/gitano/skel/gitano-admin/rules/renamerepo.lace b/share/gitano/skel/gitano-admin/rules/renamerepo.lace
new file mode 100644
index 0000000..e4a51be
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/renamerepo.lace
@@ -0,0 +1,19 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Rules related to renaming repositories
+
+# Owners may rename their own repositories
+allow "Owners may rename repositories" op_renamerepo repo_is_personal is_owner
+
+# Project admins may rename repos provided they're admin of source *and* target
+# Since the rename operation checks 'create' for the target, we can just
+# check the source here
+allow "Admins may rename project repositories" op_renamerepo repo_is_local_project project_admin
+
+deny "You may not rename a repository you do not own"
diff --git a/share/gitano/skel/gitano-admin/rules/selfchecks.lace b/share/gitano/skel/gitano-admin/rules/selfchecks.lace
new file mode 100644
index 0000000..83ef778
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/selfchecks.lace
@@ -0,0 +1,15 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Checks against self-like operations.
+
+allow "You may ask who you are" op_whoami
+
+allow "You may manage your own ssh keys" op_sshkey
+
+allow "You may change your own password" op_passwd
diff --git a/share/gitano/skel/gitano-admin/rules/siteadmin.lace b/share/gitano/skel/gitano-admin/rules/siteadmin.lace
new file mode 100644
index 0000000..06c71bb
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/siteadmin.lace
@@ -0,0 +1,32 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012 Codethink Limited
+#
+# Site administration rules
+
+# You must explicitly allow site administration here for anyone who
+# has the rights to do site admin but isn't an administrator.
+
+# trove_site_admin is a predicate which matches members of the trove-admin
+# group (The site-wide user/group administration group which is not the full
+# administration group)
+allow "Trove Site Admins can manage users" trove_site_admin op_user
+allow "Trove Site Admins can manage groups other than gitano-admin" trove_site_admin op_group !target_group_gitano_admin
+
+# XXX-managers members are permitted to edit XXX-* groups
+define trove_may_admin_target_group group ${targetgroup/prefix}-managers
+define target_group_has_hyphen targetgroup ~%-
+allow "Trove project managers can manage the groups for their projects" op_group target_group_has_hyphen trove_may_admin_target_group
+
+# Anyone is permitted to look at the people in trove-admin and *-managers
+define trove_target_group_is_trove_admin targetgroup trove-admin
+define trove_target_group_is_project_managers targetgroup ~^.+-managers$
+define trove_show_target_ok anyof trove_target_group_is_trove_admin trove_target_group_is_project_managers
+allow "Anyone may see admin groups" op_groupshow trove_show_target_ok
+
+# Otherwise we always deny site administration
+deny "You may not perform site administration"
diff --git a/share/gitano/skel/gitano-admin/rules/trove-project.lace b/share/gitano/skel/gitano-admin/rules/trove-project.lace
new file mode 100644
index 0000000..383ba98
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/rules/trove-project.lace
@@ -0,0 +1,29 @@
+#  _____                   
+# |_   _| __ _____   _____ 
+#   | || '__/ _ \ \ / / _ \
+#   | || | | (_) \ V /  __/
+#   |_||_|  \___/ \_/ \___|
+#
+# Copyright 2012,2013 Codethink Limited
+#
+# Rules for ##PREFIX##/... repositories
+
+# Reading the repository
+allow "Project readers may read" op_read project_reader
+deny "This repository is not for you" op_read
+
+# Basic writes to the repo
+allow "Project writers may write" op_write project_writer
+deny "This repository is not for you" op_write
+
+# Ref based rules for the repo
+deny "Non-personal branches may not be rewound/rebased" op_forcedupdate !ref_is_personal
+
+## Master
+allow "Master may be created" op_createref master_ref
+allow "Master may be altered" op_is_update master_ref
+deny "Master may not be deleted" op_deleteref master_ref
+
+## Anything else.
+allow "Project writers may alter any refs" op_is_reffy !master_ref project_writer
+
diff --git a/share/gitano/skel/gitano-admin/users/distbuild/user.conf b/share/gitano/skel/gitano-admin/users/distbuild/user.conf
new file mode 100644
index 0000000..62ac3f5
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/users/distbuild/user.conf
@@ -0,0 +1,2 @@
+email_address "distbuild@##TROVE_HOSTNAME##"
+real_name "Baserock Distributed Build Service"
diff --git a/share/gitano/skel/gitano-admin/users/lorry/user.conf b/share/gitano/skel/gitano-admin/users/lorry/user.conf
new file mode 100644
index 0000000..f21fac7
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/users/lorry/user.conf
@@ -0,0 +1,2 @@
+email_address "lorry@##TROVE_HOSTNAME##"
+real_name "Source Code Lorry Service"
diff --git a/share/gitano/skel/gitano-admin/users/mason/user.conf b/share/gitano/skel/gitano-admin/users/mason/user.conf
new file mode 100644
index 0000000..639de4e
--- /dev/null
+++ b/share/gitano/skel/gitano-admin/users/mason/user.conf
@@ -0,0 +1,2 @@
+email_address "mason@##TROVE_HOSTNAME##"
+real_name "Baserock Continuous Integration Service"