I have been tasked with changing Git a bit, and have failed to find anything of relevance on the interwebs - and I am in dire need of directions.
What we have:
a bunch of branches, with the main being
As @chicks said, you can absolutely get the features you want using something like GitLab. User restrictions (as in "only
teamcity has write-access to this branch") are available out of the box, and there is generally support for server-side hooks that you could use to implement your second requirement.
It's certainly possible to implement the same restrictions on your own, simply serving out git repositories over ssh, but it requires some development effort on your part. The general model is:
gituser to include metadata that can be used to identify the user associated with an incoming push,
There are examples of doing these things here and there; for example, this is an older answer I wrote describing how to ensure that the email address on commits matches the identity of the connecting user.
Using a pre-packaged solution like GitLab will almost invariabely make more sense than trying to roll-your-own.