How to Make a git Repository 'pull only'

If you want complex repository access controls, you may want to look into Gerrit. Its primary focus is code review (which is totally worth having as well!), but it also does access control as a side effect.

Otherwise, if you just want something really simple, file permissions are a perfectly good way of handling this on a single machine. So long as a user can't write to the files in the directory containing the repository, they can't push to it. I see nothing inelegant about that at all!

Would a more 'consenting adults' kind of solution work fine?

For example, in git you set up only the remote fetch, and leave the remote push to a dummy non-existing URL, so that a user can't accidentally git push to it.

Edit: this is similar to what is accepted in this question.

You can use gitolite or gitosis. Then you can create lists of users who can pull, push each branch, who can create tags etc.

I know gitolite better than gitosis. The configuration is only a git repository with simple syntax for the files.