When you configure a repository cluster, all nodes are currently writable masters.

There are some reasonable use cases for making some subset of the cluster read-only. For example:

• You are decommissioning an old device, and want to prevent it from becoming a cluster leader. This use case is likely strong enough to support this feature on its own.
• (Maybe) You have Terran and Lunar offices which mostly work on different repositories, or one is way smaller than the other. Although you maintain a Lunar cluster device for all your primarily-Terran repositories, you want users at the lunar site to bear the entire cost of slow writes when they perform a push, to optimize for performance on the Terran site.
• (Particularly in the near term, you want to work around horrible bugs with master/master?)

In the second case, you may not actually want to prevent writes, just discourage writes. If the terran site was down, automated failover to lunar writes is probably better than no writes, so maybe this is really just a ranking problem.

This isn't difficult to implement and the first use case is a solid one where this is obviously the right tool, so I think this is worth building even if all other use cases are really ranking problems.