LILiK
/
lilik_playbook

## GitLab configuration settings##! This file is generated during initial installation and **is not** modified##! during upgrades.##! Check out the latest version of this file to know about the different##! settings that can be configured by this file, which may be found at:##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with##! the gitlab.rb.template from the currently running version.
##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by##! running `gitlab-ctl reconfigure`
##! In general, the values specified here should reflect what the default value of the attribute will be.##! There are instances where this behavior is not possible or desired. For example, when providing passwords,##! or connecting to third party services.##! In those instances, we endeavour to provide an example configuration.
## GitLab URL##! URL on which GitLab will be reachable.##! For more details on configuring external_url see:##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab##!##! Note: During installation/upgrades, the value of the environment variable##! EXTERNAL_URL will be used to populate/replace this value.##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP##! address from AWS. For more details, see:##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html{% if enable_https %}external_url 'https://{{ server_fqdn }}'{% else %}external_url 'http://{{ server_fqdn }}'{% endif %}
## Roles for multi-instance GitLab##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.##! Options:##!   redis_sentinel_role redis_master_role redis_slave_role geo_primary_role geo_secondary_role##! For more details on each role, see:##! https://docs.gitlab.com/omnibus/roles/README.html#roles##!# roles ['redis_sentinel_role', 'redis_master_role']
## Legend##! The following notations at the beginning of each line may be used to##! differentiate between components of this file and to easily select them using##! a regex.##! ## Titles, subtitles etc##! ##! More information - Description, Docs, Links, Issues etc.##! Configuration settings have a single # followed by a single space at the##! beginning; Remove them to enable the setting.
##! **Configuration settings below are optional.**

##################################################################################################################################################################                Configuration Settings for GitLab CE and EE                 ##################################################################################################################################################################
################################################################################## gitlab.yml configuration##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md################################################################################# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'# gitlab_rails['gitlab_ssh_user'] = ''# gitlab_rails['time_zone'] = 'UTC'
### Request duration###! Tells the rails application how long it has to complete a request###! This value needs to be lower than the worker timeout set in unicorn/puma.###! By default, we'll allow 95% of the the worker timeout# gitlab_rails['max_request_duration_seconds'] = 57
### Email Settings# gitlab_rails['gitlab_email_enabled'] = true# gitlab_rails['gitlab_email_from'] = 'example@example.com'# gitlab_rails['gitlab_email_display_name'] = 'Example'# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'# gitlab_rails['gitlab_email_subject_suffix'] = ''# gitlab_rails['gitlab_email_smime_enabled'] = false# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
### GitLab user privileges# gitlab_rails['gitlab_default_can_create_group'] = true# gitlab_rails['gitlab_username_changing_enabled'] = true
### Default Theme# gitlab_rails['gitlab_default_theme'] = 2
### Default project feature settings# gitlab_rails['gitlab_default_projects_features_issues'] = true# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true# gitlab_rails['gitlab_default_projects_features_wiki'] = true# gitlab_rails['gitlab_default_projects_features_snippets'] = true# gitlab_rails['gitlab_default_projects_features_builds'] = true# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
### Automatic issue closing###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more###! information about this pattern.# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
### Download location###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file###! is created in the following directory.###! Should not be the same path, or a sub directory of any of the `git_data_dirs`# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
### Gravatar Settings# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
### Auxiliary jobs###! Periodically executed jobs, to self-heal Gitlab, do external###! synchronizations, etc.###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job###!       https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
### Webhook Settings###! Number of seconds to wait for HTTP response after sending webhook HTTP POST###! request (default: 10)# gitlab_rails['webhook_timeout'] = 10
### GraphQL Settings###! Tells the rails application how long it has to complete a GraphQL request.###! We suggest this value to be higher than the database timeout value###! and lower than the worker timeout set in unicorn/puma. (default: 30)# gitlab_rails['graphql_timeout'] = 30
### Trusted proxies###! Customize if you have GitLab behind a reverse proxy which is running on a###! different machine.###! **Add the IP address for your reverse proxy to the list, otherwise users###!   will appear signed in from that address.**# gitlab_rails['trusted_proxies'] = []
### Content Security Policy####! Customize if you want to enable the Content-Security-Policy header, which####! can help thwart JavaScript cross-site scripting (XSS) attacks.####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP# gitlab_rails['content_security_policy'] = {#  'enabled' => false,#  'report_only' => false,#  # Each directive is a String (e.g. "'self'").#  'directives' => {#    'base_uri' => nil,#    'child_src' => nil,#    'connect_src' => nil,#    'default_src' => nil,#    'font_src' => nil,#    'form_action' => nil,#    'frame_ancestors' => nil,#    'frame_src' => nil,#    'img_src' => nil,#    'manifest_src' => nil,#    'media_src' => nil,#    'object_src' => nil,#    'script_src' => nil,#    'style_src' => nil,#    'worker_src' => nil,#    'report_uri' => nil,#  }# }
### Monitoring settings###! IP whitelist controlling access to monitoring endpoints# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']###! Time between sampling of unicorn socket metrics, in seconds# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
### Shutdown settings###! Defines an interval to block healthcheck,###! but continue accepting application requests.# gitlab_rails['shutdown_blackout_seconds'] = 10
### Reply by email###! Allow users to comment on issues and merge requests by replying to###! notification emails.###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html# gitlab_rails['incoming_email_enabled'] = true
#### Incoming Email Address####! The email address including the `%{key}` placeholder that will be replaced####! to reference the item being replied to.####! **The placeholder can be omitted but if present, it must appear in the####!   "user" part of the address (before the `@`).**# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
#### Email account username####! **With third party providers, this is usually the full email address.**####! **With self-hosted email servers, this is usually the user part of the####!   email address.**# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
#### Email account password# gitlab_rails['incoming_email_password'] = "[REDACTED]"
#### IMAP Settings# gitlab_rails['incoming_email_host'] = "imap.gmail.com"# gitlab_rails['incoming_email_port'] = 993# gitlab_rails['incoming_email_ssl'] = true# gitlab_rails['incoming_email_start_tls'] = false
#### Incoming Mailbox Settings (via `mail_room`)####! The mailbox where incoming mail will end up. Usually "inbox".# gitlab_rails['incoming_email_mailbox_name'] = "inbox"####! The IDLE command timeout.# gitlab_rails['incoming_email_idle_timeout'] = 60####! The file name for internal `mail_room` JSON logfile# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
####! The format of mail_room crash logs# mailroom['exit_log_format'] = "plain"
### Job Artifacts# gitlab_rails['artifacts_enabled'] = true# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"####! Job artifacts Object Store####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage# gitlab_rails['artifacts_object_store_enabled'] = false# gitlab_rails['artifacts_object_store_direct_upload'] = false# gitlab_rails['artifacts_object_store_background_upload'] = true# gitlab_rails['artifacts_object_store_proxy_download'] = false# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"# gitlab_rails['artifacts_object_store_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',#   # # The below options configure an S3 compatible host instead of AWS#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces#   # 'host' => 's3.amazonaws.com',#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'# }
### External merge request diffs# gitlab_rails['external_diffs_enabled'] = false# gitlab_rails['external_diffs_when'] = nil# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"# gitlab_rails['external_diffs_object_store_enabled'] = false# gitlab_rails['external_diffs_object_store_direct_upload'] = false# gitlab_rails['external_diffs_object_store_background_upload'] = false# gitlab_rails['external_diffs_object_store_proxy_download'] = false# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"# gitlab_rails['external_diffs_object_store_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',#   # # The below options configure an S3 compatible host instead of AWS#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces#   # 'host' => 's3.amazonaws.com',#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'# }
### Git LFS# gitlab_rails['lfs_enabled'] = true# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"# gitlab_rails['lfs_object_store_enabled'] = false# gitlab_rails['lfs_object_store_direct_upload'] = false# gitlab_rails['lfs_object_store_background_upload'] = true# gitlab_rails['lfs_object_store_proxy_download'] = false# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"# gitlab_rails['lfs_object_store_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',#   # # The below options configure an S3 compatible host instead of AWS#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces#   # 'host' => 's3.amazonaws.com',#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'# }
### GitLab uploads###! Docs: https://docs.gitlab.com/ee/administration/uploads.html# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"# gitlab_rails['uploads_base_dir'] = "uploads/-/system"# gitlab_rails['uploads_object_store_enabled'] = false# gitlab_rails['uploads_object_store_direct_upload'] = false# gitlab_rails['uploads_object_store_background_upload'] = true# gitlab_rails['uploads_object_store_proxy_download'] = false# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"# gitlab_rails['uploads_object_store_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',#   # # The below options configure an S3 compatible host instead of AWS#   # 'host' => 's3.amazonaws.com',#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'# }
### Impersonation settings# gitlab_rails['impersonation_enabled'] = true
### Usage Statistics# gitlab_rails['usage_ping_enabled'] = true
### Seat Link setting###! Docs: https://docs.gitlab.com/ee/subscriptions/index.html#seat-link# gitlab_rails['seat_link_enabled'] = true
### GitLab Mattermost###! These settings are void if Mattermost is installed on the same omnibus###! install# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
### LDAP Settings###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html###! **Be careful not to break the indentation in the ldap_servers block. It is###!   in yaml format and the spaces must be retained. Using tabs will not work.**
 gitlab_rails['ldap_enabled'] = true gitlab_rails['prevent_ldap_sign_in'] = false
###! **remember to close this block with 'EOS' below** gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'   main: # 'main' is the GitLab 'provider ID' of this LDAP server     label: 'LDAP'     host: '{{ ldap_server }}'     port: 389     uid: 'cn'     bind_dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'     password: '{{ new_passwd.passwd }}'     encryption: 'start_tls' # "start_tls" or "simple_tls" or "plain"     verify_certificates: true     tls_options:       ca_file: '/etc/gitlab/root_ca.crt'       min_version: 772 # TLSv1.3#     smartcard_auth: false#     active_directory: true#     allow_username_or_email_login: false#     lowercase_usernames: false#     block_auto_created_users: false     base: 'ou=People,{{ ldap_basedn }}'     user_filter: '(authorizedService=gitlab)'#     ## EE only#     group_base: ''#     admin_group: ''#     sync_ssh_keys: false##   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server#     label: 'LDAP'#     host: '_your_ldap_server'#     port: 389#     uid: 'sAMAccountName'#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'#     password: '_the_password_of_the_bind_user'#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"#     verify_certificates: true#     smartcard_auth: false#     active_directory: true#     allow_username_or_email_login: false#     lowercase_usernames: false#     block_auto_created_users: false#     base: ''#     user_filter: ''#     ## EE only#     group_base: ''#     admin_group: ''#     sync_ssh_keys: false EOS
### Smartcard authentication settings###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html# gitlab_rails['smartcard_enabled'] = false# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'# gitlab_rails['smartcard_client_certificate_required_port'] = 3444# gitlab_rails['smartcard_required_for_git_access'] = false# gitlab_rails['smartcard_san_extensions'] = false
### OmniAuth Settings###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html# gitlab_rails['omniauth_enabled'] = nil# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'# gitlab_rails['omniauth_block_auto_created_users'] = true# gitlab_rails['omniauth_auto_link_ldap_user'] = false# gitlab_rails['omniauth_auto_link_saml_user'] = false# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']# gitlab_rails['omniauth_providers'] = [#   {#     "name" => "google_oauth2",#     "app_id" => "YOUR APP ID",#     "app_secret" => "YOUR APP SECRET",#     "args" => { "access_type" => "offline", "approval_prompt" => "" }#   }# ]
### Backup Settings###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
# gitlab_rails['manage_backup_path'] = true# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions# gitlab_rails['backup_archive_permissions'] = 0644
# gitlab_rails['backup_pg_schema'] = 'public'
###! The duration in seconds to keep backups before they are allowed to be deleted# gitlab_rails['backup_keep_time'] = 604800
# gitlab_rails['backup_upload_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AKIAKIAKI',#   'aws_secret_access_key' => 'secret123'# }# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'# gitlab_rails['backup_multipart_chunk_size'] = 104857600
###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for###!   backups**# gitlab_rails['backup_encryption'] = 'AES256'###! The encryption key to use with AWS Server-Side Encryption.###! Setting this value will enable Server-Side Encryption with customer provided keys;###!   otherwise S3-managed keys are used.# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
###! **Specifies Amazon S3 storage class to use for backups. Valid values###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**# gitlab_rails['backup_storage_class'] = 'STANDARD'
###! Skip parts of the backup. Comma separated.###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup#gitlab_rails['env'] = {#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"#}
### Pseudonymizer Settings# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'# gitlab_rails['pseudonymizer_upload_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AKIAKIAKI',#   'aws_secret_access_key' => 'secret123'# }

### For setting up different data storing directory###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory###! **If you want to use a single non-default directory to store git data use a###!   path that doesn't contain symlinks.**# git_data_dirs({#   "default" => {#     "path" => "/mnt/nfs-01/git-data"#    }# })
### Gitaly settings# gitlab_rails['gitaly_token'] = 'secret token'
### For storing GitLab application uploads, eg. LFS objects, build artifacts###! Docs: https://docs.gitlab.com/ee/development/shared_files.html# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
### Wait for file system to be mounted###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
### GitLab Shell settings for GitLab# gitlab_rails['gitlab_shell_ssh_port'] = 22# gitlab_rails['gitlab_shell_git_timeout'] = 800
### Extra customization# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html# gitlab_rails['env'] = {#   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"# }
# gitlab_rails['rack_attack_git_basic_auth'] = {#   'enabled' => false,#   'ip_whitelist' => ["127.0.0.1"],#   'maxretry' => 10,#   'findtime' => 60,#   'bantime' => 3600# }
# Prioritize the Admin Area protected paths throttle settings over the# deprecated Omnibus-managed protected paths throttle. This allows you to keep# gitlab_rails['rack_attack_git_basic_auth'] enabled to run the Git and# container registry failed authentication ban.# See https://gitlab.com/gitlab-org/gitlab/issues/37093# gitlab_rails['rack_attack_admin_area_protected_paths_enabled'] = true
###! **We do not recommend changing these directories.**# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
### GitLab application settings# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"# gitlab_rails['rate_limit_requests_per_period'] = 10# gitlab_rails['rate_limit_period'] = 60
#### Change the initial default admin password and shared runner registration tokens.####! **Only applicable on initial setup, changing these settings after database####!   is created and seeded won't yield any change.**{% if initial_root_password is defined %} gitlab_rails['initial_root_password'] = "{{ initial_root_password }}"{% else %}# gitlab_rails['initial_root_password'] = "password"{% endif %}# gitlab_rails['initial_shared_runners_registration_token'] = "token"
#### Set path to an initial license to be used while bootstrapping GitLab.####! **Only applicable on initial setup, future license updations need to be done via UI.####! Updating the file specified in this path won't yield any change after the first reconfigure run.# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
#### Enable or disable automatic database migrations# gitlab_rails['auto_migrate'] = true
#### This is advanced feature used by large gitlab deployments where loading#### whole RAILS env takes a lot of time.# gitlab_rails['rake_cache_clear'] = true
### GitLab database settings###! Docs: https://docs.gitlab.com/omnibus/settings/database.html###! **Only needed if you use an external database.**# gitlab_rails['db_adapter'] = "postgresql"# gitlab_rails['db_encoding'] = "unicode"# gitlab_rails['db_collation'] = nil# gitlab_rails['db_database'] = "gitlabhq_production"# gitlab_rails['db_pool'] = 1# gitlab_rails['db_username'] = "gitlab"# gitlab_rails['db_password'] = nil# gitlab_rails['db_host'] = nil# gitlab_rails['db_port'] = 5432# gitlab_rails['db_socket'] = nil# gitlab_rails['db_sslmode'] = nil# gitlab_rails['db_sslcompression'] = 0# gitlab_rails['db_sslrootcert'] = nil# gitlab_rails['db_sslcert'] = nil# gitlab_rails['db_sslkey'] = nil# gitlab_rails['db_prepared_statements'] = false# gitlab_rails['db_statements_limit'] = 1000

### GitLab Redis settings###! Connect to your own Redis instance###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
#### Redis TCP connection# gitlab_rails['redis_host'] = "127.0.0.1"# gitlab_rails['redis_port'] = 6379# gitlab_rails['redis_ssl'] = false# gitlab_rails['redis_password'] = nil# gitlab_rails['redis_database'] = 0# gitlab_rails['redis_enable_client'] = true
#### Redis local UNIX socket (will be disabled if TCP method is used)# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
#### Sentinel support####! To have Sentinel working, you must enable Redis TCP connection support####! above and define a few Sentinel hosts below (to get a reliable setup####! at least 3 hosts).####! **You don't need to list every sentinel host, but the ones not listed will####!   not be used in a fail-over situation to query for the new master.**# gitlab_rails['redis_sentinels'] = [#   {'host' => '127.0.0.1', 'port' => 26379},# ]
#### Separate instances support###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances# gitlab_rails['redis_cache_instance'] = nil# gitlab_rails['redis_cache_sentinels'] = nil# gitlab_rails['redis_queues_instance'] = nil# gitlab_rails['redis_queues_sentinels'] = nil# gitlab_rails['redis_shared_state_instance'] = nil# gitlab_rails['redis_shared_sentinels'] = nil
### GitLab email server settings###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html###! **Use smtp instead of sendmail/postfix.**
# gitlab_rails['smtp_enable'] = true# gitlab_rails['smtp_address'] = "smtp.server"# gitlab_rails['smtp_port'] = 465# gitlab_rails['smtp_user_name'] = "smtp user"# gitlab_rails['smtp_password'] = "smtp password"# gitlab_rails['smtp_domain'] = "example.com"# gitlab_rails['smtp_authentication'] = "login"# gitlab_rails['smtp_enable_starttls_auto'] = true# gitlab_rails['smtp_tls'] = false
###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
################################################################################## Container Registry settings##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html################################################################################
# registry_external_url 'https://registry.example.com'
### Settings used by GitLab application# gitlab_rails['registry_enabled'] = true# gitlab_rails['registry_host'] = "registry.gitlab.example.com"# gitlab_rails['registry_port'] = "5005"# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
# Notification secret, it's used to authenticate notification requests to GitLab application# You only need to change this when you use external Registry service, otherwise# it will be taken directly from notification settings of your Registry# gitlab_rails['registry_notification_secret'] = nil
###! **Do not change the following 3 settings unless you know what you are###!   doing**# gitlab_rails['registry_api_url'] = "http://localhost:5000"# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
### Settings used by Registry application# registry['enable'] = true# registry['username'] = "registry"# registry['group'] = "registry"# registry['uid'] = nil# registry['gid'] = nil# registry['dir'] = "/var/opt/gitlab/registry"# registry['registry_http_addr'] = "localhost:5000"# registry['debug_addr'] = "localhost:5001"# registry['log_directory'] = "/var/log/gitlab/registry"# registry['env_directory'] = "/opt/gitlab/etc/registry/env"# registry['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }# registry['log_level'] = "info"# registry['log_formatter'] = "text"# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"# registry['health_storagedriver_enabled'] = true# registry['storage_delete_enabled'] = true# registry['validation_enabled'] = false# registry['autoredirect'] = false# registry['compatibility_schema1_enabled'] = false
### Registry backend storage###! Docs: https://docs.gitlab.com/ee/administration/container_registry.html#container-registry-storage-driver# registry['storage'] = {#   's3' => {#     'accesskey' => 'AKIAKIAKI',#     'secretkey' => 'secret123',#     'region' => 'us-east-1',#     'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'#   }# }
### Registry notifications endpoints# registry['notifications'] = [#   {#     'name' => 'test_endpoint',#     'url' => 'https://gitlab.example.com/notify2',#     'timeout' => '500ms',#     'threshold' => 5,#     'backoff' => '1s',#     'headers' => {#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]#     }#   }# ]### Default registry notifications# registry['default_notifications_timeout'] = "500ms"# registry['default_notifications_threshold'] = 5# registry['default_notifications_backoff'] = "1s"# registry['default_notifications_headers'] = {}
################################################################################## Error Reporting and Logging with Sentry################################################################################# gitlab_rails['sentry_enabled'] = false# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'# gitlab_rails['sentry_environment'] = 'production'
################################################################################## GitLab Workhorse##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md################################################################################
# gitlab_workhorse['enable'] = true# gitlab_workhorse['ha'] = false# gitlab_workhorse['listen_network'] = "unix"# gitlab_workhorse['listen_umask'] = 000# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
##! the empty string is the default in gitlab-workhorse option parser# gitlab_workhorse['auth_socket'] = "''"
##! put an empty string on the command line# gitlab_workhorse['pprof_listen_addr'] = "''"
# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
##! limit number of concurrent API requests, defaults to 0 which is unlimited# gitlab_workhorse['api_limit'] = 0
##! limit number of API requests allowed to be queued, defaults to 0 which##! disables queuing# gitlab_workhorse['api_queue_limit'] = 0
##! duration after which we timeout requests if they sit too long in the queue# gitlab_workhorse['api_queue_duration'] = "30s"
##! Long polling duration for job requesting for runners# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
##! Log format: default is text, can also be json or none.# gitlab_workhorse['log_format'] = "json"
# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"# gitlab_workhorse['env'] = {#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }
################################################################################## GitLab User Settings##! Modify default git user.##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group################################################################################
# user['username'] = "git"# user['group'] = "git"# user['uid'] = nil# user['gid'] = nil
##! The shell for the git user# user['shell'] = "/bin/sh"
##! The home directory for the git user# user['home'] = "/var/opt/gitlab"
# user['git_user_name'] = "GitLab"# user['git_user_email'] = "gitlab@#{node['fqdn']}"
################################################################################## GitLab Unicorn##! Tweak unicorn settings.##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html################################################################################
# unicorn['enable'] = true# unicorn['worker_timeout'] = 60###! Minimum worker_processes is 2 at this moment###! See https://gitlab.com/gitlab-org/gitlab-foss/issues/18771# unicorn['worker_processes'] = 2
### Advanced settings# unicorn['listen'] = 'localhost'# unicorn['port'] = 8080# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'# unicorn['tcp_nopush'] = true# unicorn['backlog_socket'] = 1024
###! **Make sure somaxconn is equal or higher then backlog_socket**# unicorn['somaxconn'] = 1024
###! **We do not recommend changing this setting**# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
### **Only change these settings if you understand well what they mean**###! Docs: https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer###!       https://github.com/kzk/unicorn-worker-killer# unicorn['worker_memory_limit_min'] = "1024 * 1 << 20"# unicorn['worker_memory_limit_max'] = "1280 * 1 << 20"
# unicorn['exporter_enabled'] = false# unicorn['exporter_address'] = "127.0.0.1"# unicorn['exporter_port'] = 8083
################################################################################## GitLab Puma##! Tweak puma settings. You should only use Unicorn or Puma, not both.##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html################################################################################
# puma['enable'] = false# puma['ha'] = false# puma['worker_timeout'] = 60# puma['worker_processes'] = 2# puma['min_threads'] = 1# puma['max_threads'] = 16
### Advanced settings# puma['listen'] = '127.0.0.1'# puma['port'] = 8080# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
###! **We do not recommend changing this setting**# puma['log_directory'] = "/var/log/gitlab/puma"
### **Only change these settings if you understand well what they mean**###! Docs: https://github.com/schneems/puma_worker_killer# puma['per_worker_max_memory_mb'] = 850
# puma['exporter_enabled'] = false# puma['exporter_address'] = "127.0.0.1"# puma['exporter_port'] = 8083
################################################################################## GitLab Sidekiq################################################################################
# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"# sidekiq['log_format'] = "json"# sidekiq['shutdown_timeout'] = 4# sidekiq['concurrency'] = 25# sidekiq['metrics_enabled'] = true# sidekiq['listen_address'] = "localhost"# sidekiq['listen_port'] = 8082
################################################################################## gitlab-shell################################################################################
# gitlab_shell['audit_usernames'] = false# gitlab_shell['log_level'] = 'INFO'# gitlab_shell['log_format'] = 'json'# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
### Migration to Go feature flags###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags# gitlab_shell['migration'] = { enabled: true, features: [] }
### Git trace log file.###! If set, git commands receive GIT_TRACE* environment variables###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging###! An absolute path starting with / – the trace output will be appended to###! that file. It needs to exist so we can check permissions and avoid###! throwing warnings to the users.# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
##! **We do not recommend changing this directory.**# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
################################################################## GitLab PostgreSQL################################################################
###! Changing any of these settings requires a restart of postgresql.###! By default, reconfigure reloads postgresql if it is running. If you###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`###! after reconfigure in order for the changes to take effect.# postgresql['enable'] = true# postgresql['listen_address'] = nil# postgresql['port'] = 5432# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
##! **recommend value is 1/4 of total RAM, up to 14GB.**# postgresql['shared_buffers'] = "256MB"
### Advanced settings# postgresql['ha'] = false# postgresql['dir'] = "/var/opt/gitlab/postgresql"# postgresql['log_directory'] = "/var/log/gitlab/postgresql"# postgresql['log_destination'] = nil# postgresql['logging_collector'] = nil# postgresql['log_truncate_on_rotation'] = nil# postgresql['log_rotation_age'] = nil# postgresql['log_rotation_size'] = nil# postgresql['username'] = "gitlab-psql"# postgresql['group'] = "gitlab-psql"##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'# postgresql['uid'] = nil# postgresql['gid'] = nil# postgresql['shell'] = "/bin/sh"# postgresql['home'] = "/var/opt/gitlab/postgresql"# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"# postgresql['sql_user'] = "gitlab"# postgresql['max_connections'] = 200# postgresql['md5_auth_cidr_addresses'] = []# postgresql['trust_auth_cidr_addresses'] = []# postgresql['wal_buffers'] = "-1"# postgresql['autovacuum_max_workers'] = "3"# postgresql['autovacuum_freeze_max_age'] = "200000000"# postgresql['log_statement'] = nil# postgresql['track_activity_query_size'] = "1024"# postgresql['shared_preload_libraries'] = nil# postgresql['dynamic_shared_memory_type'] = nil# postgresql['hot_standby'] = "off"
### SSL settings# See https://www.postgresql.org/docs/9.6/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details# postgresql['ssl'] = 'on'# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'# postgresql['ssl_cert_file'] = 'server.crt'# postgresql['ssl_key_file'] = 'server.key'# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'# postgresql['ssl_crl_file'] = nil
### Replication settings###! Note, some replication settings do not require a full restart. They are documented below.# postgresql['wal_level'] = "hot_standby"# postgresql['max_wal_senders'] = 5# postgresql['max_replication_slots'] = 0# postgresql['max_locks_per_transaction'] = 128
# Backup/Archive settings# postgresql['archive_mode'] = "off"
###! Changing any of these settings only requires a reload of postgresql. You do not need to###! restart postgresql if you change any of these and run reconfigure.# postgresql['work_mem'] = "16MB"# postgresql['maintenance_work_mem'] = "16MB"# postgresql['checkpoint_segments'] = 10# postgresql['checkpoint_timeout'] = "5min"# postgresql['checkpoint_completion_target'] = 0.9# postgresql['effective_io_concurrency'] = 1# postgresql['checkpoint_warning'] = "30s"# postgresql['effective_cache_size'] = "1MB"# postgresql['shmmax'] =  17179869184 # or 4294967295# postgresql['shmall'] =  4194304 # or 1048575# postgresql['autovacuum'] = "on"# postgresql['log_autovacuum_min_duration'] = "-1"# postgresql['autovacuum_naptime'] = "1min"# postgresql['autovacuum_vacuum_threshold'] = "50"# postgresql['autovacuum_analyze_threshold'] = "50"# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"# postgresql['autovacuum_analyze_scale_factor'] = "0.01"# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"# postgresql['autovacuum_vacuum_cost_limit'] = "-1"# postgresql['statement_timeout'] = "60000"# postgresql['idle_in_transaction_session_timeout'] = "60000"# postgresql['log_line_prefix'] = "%a"# postgresql['max_worker_processes'] = 8# postgresql['max_parallel_workers_per_gather'] = 0# postgresql['log_lock_waits'] = 1# postgresql['deadlock_timeout'] = '5s'# postgresql['track_io_timing'] = 0# postgresql['default_statistics_target'] = 1000
### Available in PostgreSQL 9.6 and later# postgresql['min_wal_size'] = 80MB# postgresql['max_wal_size'] = 1GB
# Backup/Archive settings# postgresql['archive_command'] = nil# postgresql['archive_timeout'] = "0"
### Replication settings# postgresql['sql_replication_user'] = "gitlab_replicator"# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`# postgresql['wal_keep_segments'] = 10# postgresql['max_standby_archive_delay'] = "30s"# postgresql['max_standby_streaming_delay'] = "30s"# postgresql['synchronous_commit'] = on# postgresql['synchronous_standby_names'] = ''# postgresql['hot_standby_feedback'] = 'off'# postgresql['random_page_cost'] = 2.0# postgresql['log_temp_files'] = -1# postgresql['log_checkpoints'] = 'off'# To add custom entries to pg_hba.conf use the following# postgresql['custom_pg_hba_entries'] = {#   APPLICATION: [ # APPLICATION should identify what the settings are used for#     {#       type: example,#       database: example,#       user: example,#       cidr: example,#       method: example,#       option: example#     }#   ]# }# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation# of the values
### Version settings# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks# postgresql['version'] = 10
################################################################################## GitLab Redis##! **Can be disabled if you are using your own Redis instance.**##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html################################################################################
# redis['enable'] = true# redis['ha'] = false# redis['hz'] = 10# redis['dir'] = "/var/opt/gitlab/redis"# redis['log_directory'] = "/var/log/gitlab/redis"# redis['username'] = "gitlab-redis"# redis['group'] = "gitlab-redis"# redis['maxclients'] = "10000"# redis['maxmemory'] = "0"# redis['maxmemory_policy'] = "noeviction"# redis['maxmemory_samples'] = "5"# redis['tcp_backlog'] = 511# redis['tcp_timeout'] = "60"# redis['tcp_keepalive'] = "300"# redis['uid'] = nil# redis['gid'] = nil
### Disable or obfuscate unnecessary redis command names### Uncomment and edit this block to add or remove entries.### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands### for detailed usage#### redis['rename_commands'] = {#   'KEYS': ''#}#
###! **To enable only Redis service in this machine, uncomment###!   one of the lines below (choose master or slave instance types).**###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html###!       https://docs.gitlab.com/ee/administration/high_availability/redis.html# redis_master_role['enable'] = true# redis_slave_role['enable'] = true
### Redis TCP support (will disable UNIX socket transport)# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one# redis['port'] = 6379# redis['password'] = 'redis-password-goes-here'
### Redis Sentinel support###! **You need a master slave Redis replication to be able to do failover**###! **Please read the documentation before enabling it to understand the###!   caveats:**###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
### Replication support#### Slave Redis instance# redis['master'] = false # by default this is true
#### Slave and Sentinel shared configuration####! **Both need to point to the master Redis instance to get replication and####!   heartbeat monitoring**# redis['master_name'] = 'gitlab-redis'# redis['master_ip'] = nil# redis['master_port'] = 6379
#### Support to run redis slaves in a Docker or NAT environment####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat# redis['announce_ip'] = nil# redis['announce_port'] = nil
####! **Master password should have the same value defined in####!   redis['password'] to enable the instance to transition to/from####!   master/slave in a failover event.**# redis['master_password'] = 'redis-password-goes-here'
####! Increase these values when your slaves can't catch up with master# redis['client_output_buffer_limit_normal'] = '0 0 0'# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
#####! Redis snapshotting frequency#####! Set to [] to disable#####! Set to [''] to clear previously set values# redis['save'] = [ '900 1', '300 10', '60 10000' ]
################################################################################## GitLab Web server##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server################################################################################
##! When bundled nginx is disabled we need to add the external webserver user to##! the GitLab webserver group.# web_server['external_users'] = []# web_server['username'] = 'gitlab-www'# web_server['group'] = 'gitlab-www'# web_server['uid'] = nil# web_server['gid'] = nil# web_server['shell'] = '/bin/false'# web_server['home'] = '/var/opt/gitlab/nginx'
################################################################################## GitLab NGINX##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html################################################################################
# nginx['enable'] = true# nginx['client_max_body_size'] = '250m'# nginx['redirect_http_to_https'] = false# nginx['redirect_http_to_https_port'] = 80
##! Most root CA's are included by default# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
##! enable/disable 2-way SSL client authentication# nginx['ssl_verify_client'] = "off"
##! if ssl_verify_client on, verification depth in the client certificates chain# nginx['ssl_verify_depth'] = "1"
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" nginx['ssl_ciphers'] = nil nginx['ssl_prefer_server_ciphers'] = "off"
##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html##!                   https://cipherli.st/** nginx['ssl_protocols'] = "TLSv1.3"
##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** nginx['ssl_session_cache'] = "builtin:1000  shared:MozSSL:10m"
##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** nginx['ssl_session_timeout'] = "5m" nginx['ssl_session_tickets'] = "off"
# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem# nginx['listen_addresses'] = ['*', '[::]']
##! **Defaults to forcing web browsers to always communicate using only HTTPS**##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security# nginx['hsts_max_age'] = 31536000# nginx['hsts_include_subdomains'] = false
##! Defaults to stripping path information when making cross-origin requests# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**# nginx['gzip_enabled'] = true
##! **Override only if you use a reverse proxy**##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port{% if enable_https %} nginx['listen_port'] = "443 proxy_protocol"{% else %}# nginx['listen_port'] = nil{% endif %}
##! **Override only if your reverse proxy internally communicates over HTTP**##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl# nginx['listen_https'] = nil
# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"# nginx['proxy_read_timeout'] = 3600# nginx['proxy_connect_timeout'] = 300# nginx['proxy_set_headers'] = {#  "Host" => "$http_host_with_default",#  "X-Real-IP" => "$remote_addr",#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",#  "X-Forwarded-Proto" => "https",#  "X-Forwarded-Ssl" => "on",#  "Upgrade" => "$http_upgrade",#  "Connection" => "$connection_upgrade"# }# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'# nginx['proxy_cache'] = 'gitlab'# nginx['http2_enabled'] = true nginx['real_ip_trusted_addresses'] = [ '{{ hostvars | ip_from_inventory('vm_gateway') }}' ] nginx['real_ip_header'] = "proxy_protocol"# nginx['real_ip_recursive'] = nil# nginx['custom_error_pages'] = {#   '404' => {#     'title' => 'Example title',#     'header' => 'Example header',#     'message' => 'Example message'#   }# }
### Advanced settings# nginx['dir'] = "/var/opt/gitlab/nginx"# nginx['log_directory'] = "/var/log/gitlab/nginx"# nginx['worker_processes'] = 4# nginx['worker_connections'] = 10240# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'# nginx['sendfile'] = 'on'# nginx['tcp_nopush'] = 'on'# nginx['tcp_nodelay'] = 'on'# nginx['gzip'] = "on"# nginx['gzip_http_version'] = "1.0"# nginx['gzip_comp_level'] = "2"# nginx['gzip_proxied'] = "any"# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]# nginx['keepalive_timeout'] = 65# nginx['cache_max_size'] = '5000m'# nginx['server_names_hash_bucket_size'] = 64##! These paths have proxy_request_buffering disabled# nginx['request_buffering_off_path_regex'] = "\.git/git-receive-pack$|\.git/info/refs?service=git-receive-pack$|\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$"
### Nginx status# nginx['status'] = {#  "enable" => true,#  "listen_addresses" => ["127.0.0.1"],#  "fqdn" => "dev.example.com",#  "port" => 9999,#  "vts_enable" => true,#  "options" => {#    "stub_status" => "on", # Turn on stats#    "server_tokens" => "off", # Don't show the version of NGINX#    "access_log" => "off", # Disable logs for stats#    "allow" => "127.0.0.1", # Only allow access from localhost#    "deny" => "all" # Deny access to anyone else#  }# }
################################################################################## GitLab Logging##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html################################################################################
# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data# logging['svlogd_num'] = 30 # keep 30 rotated log files# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours# logging['svlogd_filter'] = "gzip" # compress logs with gzip# logging['svlogd_udp'] = nil # transmit log messages via UDP# logging['svlogd_prefix'] = nil # custom prefix for log messages# logging['logrotate_frequency'] = "daily" # rotate logs daily# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)# logging['logrotate_size'] = nil # do not rotate by size by default# logging['logrotate_rotate'] = 30 # keep 30 rotated logs# logging['logrotate_compress'] = "compress" # see 'man logrotate'# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'# logging['logrotate_postrotate'] = nil # no postrotate command by default# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
### UDP log forwarding##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
##! remote host to ship log messages to via UDP# logging['udp_log_shipping_host'] = nil
##! override the hostname used when logs are shipped via UDP,##  by default the system hostname will be used.# logging['udp_log_shipping_hostname'] = nil
##! remote port to ship log messages to via UDP# logging['udp_log_shipping_port'] = 514
################################################################################## Logrotate##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate##! You can disable built in logrotate feature.################################################################################# logrotate['enable'] = true# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
################################################################################## Users and groups accounts##! Disable management of users and groups accounts.##! **Set only if creating accounts manually**##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management################################################################################
# manage_accounts['enable'] = false
################################################################################## Storage directories##! Disable managing storage directories##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management################################################################################
##! **Set only if the select directories are created manually**# manage_storage_directories['enable'] = false# manage_storage_directories['manage_etc'] = false
################################################################################## Runtime directory##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory################################################################################
# runtime_dir '/run'
################################################################################## Git##! Advanced setting for configuring git system settings for omnibus-gitlab##! internal git################################################################################
##! For multiple options under one header use array of comma separated values,##! eg.:##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
# omnibus_gitconfig['system'] = {#  "pack" => ["threads = 1"],#  "receive" => ["fsckObjects = true", "advertisePushOptions = true"],#  "repack" => ["writeBitmaps = true"],#  "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],# }
################################################################################## GitLab Pages##! Docs: https://docs.gitlab.com/ee/pages/administration.html################################################################################
##! Define to enable GitLab Pages# pages_external_url "http://pages.example.com/"# gitlab_pages['enable'] = false
##! Configure to expose GitLab Pages on external IP address, serving the HTTP# gitlab_pages['external_http'] = []
##! Configure to expose GitLab Pages on external IP address, serving the HTTPS# gitlab_pages['external_https'] = []
##! Configure to use the default list of cipher suites# gitlab_pages['insecure_ciphers'] = false
##! Configure to enable health check endpoint on GitLab Pages# gitlab_pages['status_uri'] = "/@status"
##! Tune the maximum number of concurrent connections GitLab Pages will handle.##! This should be in the range 1 - 10000, defaulting to 5000.# gitlab_pages['max_connections'] = 5000
##! Configure to use JSON structured logging in GitLab Pages# gitlab_pages['log_format'] = "json"
##! Configure verbose logging for GitLab Pages# gitlab_pages['log_verbose'] = false
##! Error Reporting and Logging with Sentry# gitlab_pages['sentry_enabled'] = false# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'# gitlab_pages['sentry_environment'] = 'production'
##! Listen for requests forwarded by reverse proxy# gitlab_pages['listen_proxy'] = "localhost:8090"
##! Configure GitLab Pages to use an HTTP Proxy# gitlab_pages['http_proxy'] = "http://example:8080"
# gitlab_pages['redirect_http'] = true# gitlab_pages['use_http2'] = true# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
# gitlab_pages['artifacts_server'] = true# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'# gitlab_pages['artifacts_server_timeout'] = 10
##! Environments that do not support bind-mounting should set this parameter to##! true. This is incompatible with the artifacts server# gitlab_pages['inplace_chroot'] = false
##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics# gitlab_pages['metrics_address'] = ":9235"
##! Specifies the minimum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")# gitlab_pages['tls_min_version'] = "ssl3"
##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")# gitlab_pages['tls_max_version'] = "tls1.2"
##! Pages access control# gitlab_pages['access_control'] = false# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present# gitlab_pages['gitlab_secret'] = nil # Generated if not present# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'# gitlab_pages['gitlab_server'] = nil # Defaults to external_url# gitlab_pages['auth_secret'] = nil # Generated if not present
##! GitLab API HTTP client connection timeout# gitlab_pages['gitlab_client_http_timeout'] = "10s"
##! GitLab API JWT Token expiry time"# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
##! Define custom gitlab-pages HTTP headers for the whole instance# gitlab_pages['headers'] = []
##! Shared secret used for authentication between Pages and GitLab# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
################################################################################## GitLab Pages NGINX################################################################################
# All the settings defined in the "GitLab Nginx" section are also available in# this "GitLab Pages NGINX" section, using the key `pages_nginx`.  However,# those settings should be explicitly set. That is, settings given as# `nginx['some_setting']` WILL NOT be automatically replicated as# `pages_nginx['some_setting']` and should be set separately.
# Below you can find settings that are exclusive to "GitLab Pages NGINX"# pages_nginx['enable'] = false
# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
################################################################################## GitLab CI##! Docs: https://docs.gitlab.com/ee/ci/quick_start/README.html################################################################################
# gitlab_ci['gitlab_ci_all_broken_builds'] = true# gitlab_ci['gitlab_ci_add_pusher'] = true# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
################################################################################## GitLab Mattermost##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost################################################################################
# mattermost_external_url 'http://mattermost.example.com'
# mattermost['enable'] = false# mattermost['username'] = 'mattermost'# mattermost['group'] = 'mattermost'# mattermost['uid'] = nil# mattermost['gid'] = nil# mattermost['home'] = '/var/opt/gitlab/mattermost'# mattermost['database_name'] = 'mattermost_production'# mattermost['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }# mattermost['service_address'] = "127.0.0.1"# mattermost['service_port'] = "8065"# mattermost['service_site_url'] = nil# mattermost['service_allowed_untrusted_internal_connections'] = ""# mattermost['service_enable_api_team_deletion'] = true# mattermost['team_site_name'] = "GitLab Mattermost"# mattermost['sql_driver_name'] = 'mysql'# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'# mattermost['gitlab_enable'] = false# mattermost['gitlab_id'] = "12345656"# mattermost['gitlab_secret'] = "123456789"# mattermost['gitlab_scope'] = ""# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
################################################################################## Mattermost NGINX################################################################################
# All the settings defined in the "GitLab Nginx" section are also available in# this "Mattermost NGINX" section, using the key `mattermost_nginx`.  However,# those settings should be explicitly set. That is, settings given as# `nginx['some_setting']` WILL NOT be automatically replicated as# `mattermost_nginx['some_setting']` and should be set separately.
# Below you can find settings that are exclusive to "Mattermost NGINX"# mattermost_nginx['enable'] = false
# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"# mattermost_nginx['proxy_set_headers'] = {#   "Host" => "$http_host",#   "X-Real-IP" => "$remote_addr",#   "X-Forwarded-For" => "$proxy_add_x_forwarded_for",#   "X-Frame-Options" => "SAMEORIGIN",#   "X-Forwarded-Proto" => "https",#   "X-Forwarded-Ssl" => "on",#   "Upgrade" => "$http_upgrade",#   "Connection" => "$connection_upgrade"# }

################################################################################## Registry NGINX################################################################################
# All the settings defined in the "GitLab Nginx" section are also available in# this "Registry NGINX" section, using the key `registry_nginx`.  However, those# settings should be explicitly set. That is, settings given as# `nginx['some_setting']` WILL NOT be automatically replicated as# `registry_nginx['some_setting']` and should be set separately.
# Below you can find settings that are exclusive to "Registry NGINX"# registry_nginx['enable'] = false
# registry_nginx['proxy_set_headers'] = {#  "Host" => "$http_host",#  "X-Real-IP" => "$remote_addr",#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",#  "X-Forwarded-Proto" => "https",#  "X-Forwarded-Ssl" => "on"# }
# When the registry is automatically enabled using the same domain as `external_url`,# it listens on this port# registry_nginx['listen_port'] = 5050
################################################################################## Prometheus##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/################################################################################
###! **To enable only Monitoring service in this machine, uncomment###!   the line below.**###! Docs: https://docs.gitlab.com/ee/administration/high_availability# monitoring_role['enable'] = true
# prometheus['enable'] = true# prometheus['monitor_kubernetes'] = true# prometheus['username'] = 'gitlab-prometheus'# prometheus['group'] = 'gitlab-prometheus'# prometheus['uid'] = nil# prometheus['gid'] = nil# prometheus['shell'] = '/bin/sh'# prometheus['home'] = '/var/opt/gitlab/prometheus'# prometheus['log_directory'] = '/var/log/gitlab/prometheus'# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']# prometheus['scrape_interval'] = 15# prometheus['scrape_timeout'] = 15# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'# prometheus['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }#### Custom scrape configs## Prometheus can scrape additional jobs via scrape_configs.  The default automatically# includes all of the exporters supported by the omnibus config.## See: https://prometheus.io/docs/operating/configuration/#<scrape_config>## Example:## prometheus['scrape_configs'] = [#   {#     'job_name': 'example',#     'static_configs' => [#       'targets' => ['hostname:port'],#     ],#   },# ]#### Custom alertmanager config## To configure external alertmanagers, create an alertmanager config.## See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config## prometheus['alertmanagers'] = [#   {#     'static_configs' => [#       {#         'targets' => [#           'hostname:port'#         ]#       }#     ]#   }# ]#### Custom Prometheus flags## prometheus['flags'] = {#   'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",#   'storage.tsdb.retention.time' => "15d",#   'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"# }
##! Advanced settings. Should be changed only if absolutely needed.# prometheus['listen_address'] = 'localhost:9090'
################################################################################## Prometheus Alertmanager################################################################################
# alertmanager['enable'] = true# alertmanager['home'] = '/var/opt/gitlab/alertmanager'# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'# alertmanager['admin_email'] = 'admin@example.com'# alertmanager['flags'] = {#   'web.listen-address' => "localhost:9093"#   'storage.path' => "/var/opt/gitlab/alertmanager/data"#   'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"# }# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'# alertmanager['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }
##! Advanced settings. Should be changed only if absolutely needed.# alertmanager['listen_address'] = 'localhost:9093'# alertmanager['global'] = {}
################################################################################## Prometheus Node Exporter##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html################################################################################
# node_exporter['enable'] = true# node_exporter['home'] = '/var/opt/gitlab/node-exporter'# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'# node_exporter['flags'] = {#   'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"# }# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'# node_exporter['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }
##! Advanced settings. Should be changed only if absolutely needed.# node_exporter['listen_address'] = 'localhost:9100'
################################################################################## Prometheus Redis exporter##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html################################################################################
# redis_exporter['enable'] = true# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'# redis_exporter['flags'] = {#   'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",# }# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'# redis_exporter['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }
##! Advanced settings. Should be changed only if absolutely needed.# redis_exporter['listen_address'] = 'localhost:9121'
################################################################################## Prometheus Postgres exporter##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html################################################################################
# postgres_exporter['enable'] = true# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'# postgres_exporter['flags'] = {}# postgres_exporter['listen_address'] = 'localhost:9187'# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'# postgres_exporter['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }# postgres_exporter['sslmode'] = nil
################################################################################## Prometheus PgBouncer exporter (EE only)##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html################################################################################
# pgbouncer_exporter['enable'] = false# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"# pgbouncer_exporter['listen_address'] = 'localhost:9188'# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'# pgbouncer_exporter['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }
################################################################################## Prometheus Gitlab exporter##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html################################################################################

# gitlab_exporter['enable'] = true# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
##! Advanced settings. Should be changed only if absolutely needed.# gitlab_exporter['listen_address'] = 'localhost'# gitlab_exporter['listen_port'] = '9168'
##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are##! found.# gitlab_exporter['probe_sidekiq'] = true
# To completely disable prometheus, and all of it's exporters, set to false# prometheus_monitoring['enable'] = true
################################################################################## Grafana Dashboards##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source################################################################################
# grafana['enable'] = true# grafana['log_directory'] = '/var/log/gitlab/grafana'# grafana['home'] = '/var/opt/gitlab/grafana'# grafana['admin_password'] = 'admin'# grafana['allow_user_sign_up'] = false# grafana['basic_auth_enabled'] = false# grafana['disable_login_form'] = true# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'# grafana['gitlab_secret'] = 'GITLAB_SECRET'# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'# grafana['allowed_groups'] = []# grafana['gitlab_auth_sign_up'] = true# grafana['env'] = {#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"# }# grafana['metrics_enabled'] = false# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
### Dashboards## See: http://docs.grafana.org/administration/provisioning/#dashboards## NOTE: Setting this will override the default.## grafana['dashboards'] = [#   {#     'name' => 'GitLab Omnibus',#     'orgId' => 1,#     'folder' => 'GitLab Omnibus',#     'type' => 'file',#     'disableDeletion' => true,#     'updateIntervalSeconds' => 600,#     'options' => {#       'path' => '/opt/gitlab/embedded/service/grafana-dashboards',#     }#   }# ]
### Datasources## See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file## NOTE: Setting this will override the default.## grafana['datasources'] = [#   {#     'name' => 'GitLab Omnibus',#     'type' => 'prometheus',#     'access' => 'proxy',#     'url' => 'http://localhost:9090'#   }# ]
##! Advanced settings. Should be changed only if absolutely needed.# grafana['http_addr'] = 'localhost'# grafana['http_port'] = 3000
################################################################################## Gitaly##! Docs:################################################################################
# The gitaly['enable'] option exists for the purpose of cluster# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .# gitaly['enable'] = true# gitaly['dir'] = "/var/opt/gitlab/gitaly"# gitaly['log_directory'] = "/var/log/gitlab/gitaly"# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"# gitaly['env'] = {#  'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",#  'HOME' => '/var/opt/gitlab'# }
##! internal_socket_dir is the directory that will contain internal gitaly sockets,##! separate from socket_path which is the socket that external clients listen on
# gitaly['internal_socket_dir'] = "/var/opt/gitlab/gitaly"# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"# gitaly['listen_addr'] = "localhost:8075"# gitaly['tls_listen_addr'] = "localhost:9075"# gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem"# gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"# gitaly['prometheus_listen_addr'] = "localhost:9236"# gitaly['logging_level'] = "warn"# gitaly['logging_format'] = "json"# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"# gitaly['logging_sentry_environment'] = "production"# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"# gitaly['auth_token'] = '<secret>'# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced# gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests# gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.# gitaly['concurrency'] = [#   {#     'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",#     'max_per_repo' => 20#   }, {#     'rpc' => "/gitaly.SSHService/SSHUploadPack",#     'max_per_repo' => 5#   }# ]
################################################################################## Praefect##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md################################################################################
# praefect['enable'] = false# praefect['virtual_storage_name'] = "praefect"# praefect['failover_enabled'] = false# praefect['auth_token'] = ""# praefect['auth_transitioning'] = false# praefect['listen_addr'] = "localhost:2305"# praefect['prometheus_listen_addr'] = "localhost:9652"# praefect['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"# praefect['logging_level'] = "warn"# praefect['logging_format'] = "json"# praefect['virtual_storages'] = {#   'default' => {#     'praefect-internal-0' => {#       'address' => 'tcp://10.23.56.78:8075',#       'token' => 'abc123'#     },#     'praefect-internal-1' => {#       'address' => 'tcp://10.76.23.31:8075',#       'token' => 'xyz456'#     }#   },#   'alternative' => {#     'praefect-internal-2' => {#       'address' => 'tcp://10.34.1.16:8075',#       'token' => 'abc321'#     },#     'praefect-internal-3' => {#       'address' => 'tcp://10.23.18.6:8075',#       'token' => 'xyz890'#     }#   }# }# praefect['sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"# praefect['sentry_environment'] = "production"# praefect['database_host'] = 'postgres.internal'# praefect['database_port'] = 5432# praefect['database_user'] = 'praefect'# praefect['database_password'] = 'secret'# praefect['database_dbname'] = 'praefect_production'# praefect['database_sslmode'] = 'disable'# praefect['database_sslcert'] = '/path/to/client-cert'# praefect['database_sslkey'] = '/path/to/client-key'# praefect['database_sslrootcert'] = '/path/to/rootcert'
################################################################################# Storage check################################################################################# storage_check['enable'] = false# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
################################################################################# Let's Encrypt integration################################################################################{% if enable_https %} letsencrypt['enable'] = true letsencrypt['contact_emails'] = [ '{{ letsencrypt_email }}' ] # This should be an array of email addresses to add as contacts letsencrypt['group'] = 'root' letsencrypt['key_size'] = 4096 letsencrypt['owner'] = 'root' letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings letsencrypt['auto_renew'] = true letsencrypt['auto_renew_hour'] = 0 letsencrypt['auto_renew_minute'] = 54 # Should be a number or cron expression, if specified. letsencrypt['auto_renew_day_of_month'] = "*/4"{% else %}# letsencrypt['enable'] = nil# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts# letsencrypt['group'] = 'root'# letsencrypt['key_size'] = 2048# letsencrypt['owner'] = 'root'# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings# letsencrypt['auto_renew'] = true# letsencrypt['auto_renew_hour'] = 0# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.# letsencrypt['auto_renew_day_of_month'] = "*/4"{% endif %}
##! Turn off automatic init system detection. To skip init detection in##! non-docker containers. Recommended not to change.# package['detect_init'] = true
##! Specify maximum number of tasks that can be created by the systemd unit##! Will be populated as TasksMax value to the unit file if user is on a systemd##! version that supports it (>= 227). Will be a no-op if user is not on systemd.# package['systemd_tasks_max'] = 4915
##! Settings to configure order of GitLab's systemd unit.##! Note: We do not recommend changing these values unless absolutely necessary# package['systemd_after'] = 'multi-user.target'# package['systemd_wanted_by'] = 'multi-user.target'##################################################################################################################################################################                  Configuration Settings for GitLab EE only                 ##################################################################################################################################################################

################################################################################## Auxiliary cron jobs applicable to GitLab EE only################################################################################## gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"# gitlab_rails['geo_migrated_local_files_clean_up_worker_cron'] = "15 */6 * * *"# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
################################################################################## Kerberos (EE Only)##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access################################################################################
# gitlab_rails['kerberos_enabled'] = true# gitlab_rails['kerberos_keytab'] = /etc/http.keytab# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM# gitlab_rails['kerberos_use_dedicated_port'] = true# gitlab_rails['kerberos_port'] = 8443# gitlab_rails['kerberos_https'] = true
################################################################################## Package repository (EE Only)##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md################################################################################
# gitlab_rails['packages_enabled'] = true# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"# gitlab_rails['packages_object_store_enabled'] = false# gitlab_rails['packages_object_store_direct_upload'] = false# gitlab_rails['packages_object_store_background_upload'] = true# gitlab_rails['packages_object_store_proxy_download'] = false# gitlab_rails['packages_object_store_remote_directory'] = "packages"# gitlab_rails['packages_object_store_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',#   # # The below options configure an S3 compatible host instead of AWS#   # 'host' => 's3.amazonaws.com',#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'# }
################################################################################## Dependency proxy (EE Only)##! Docs: https://docs.gitlab.com/ee/administration/dependency_proxy.md################################################################################
# gitlab_rails['dependency_proxy_enabled'] = true# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"# gitlab_rails['dependency_proxy_object_store_enabled'] = false# gitlab_rails['dependency_proxy_object_store_direct_upload'] = false# gitlab_rails['dependency_proxy_object_store_background_upload'] = true# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"# gitlab_rails['dependency_proxy_object_store_connection'] = {#   'provider' => 'AWS',#   'region' => 'eu-west-1',#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',#   # # The below options configure an S3 compatible host instead of AWS#   # 'host' => 's3.amazonaws.com',#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'# }
################################################################################## GitLab Sentinel (EE Only)##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel################################################################################
##! **Make sure you configured all redis['master_*'] keys above before##!   continuing.**
##! To enable Sentinel and disable all other services in this machine,##! uncomment the line below (if you've enabled Redis role, it will keep it).##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html# redis_sentinel_role['enable'] = true
# sentinel['enable'] = true
##! Bind to all interfaces, uncomment to specify an IP and bind to a single one# sentinel['bind'] = '0.0.0.0'
##! Uncomment to change default port# sentinel['port'] = 26379
#### Support to run sentinels in a Docker or NAT environment#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
##! Quorum must reflect the amount of voting sentinels it take to start a##! failover.##! **Value must NOT be greater then the amount of sentinels.**##! The quorum can be used to tune Sentinel in two ways:##! 1. If a the quorum is set to a value smaller than the majority of Sentinels##!    we deploy, we are basically making Sentinel more sensible to master##!    failures, triggering a failover as soon as even just a minority of##!    Sentinels is no longer able to talk with the master.##! 2. If a quorum is set to a value greater than the majority of Sentinels, we##!    are making Sentinel able to failover only when there are a very large##!    number (larger than majority) of well connected Sentinels which agree##!    about the master being down.# sentinel['quorum'] = 1
### Consider unresponsive server down after x amount of ms.# sentinel['down_after_milliseconds'] = 10000
### Specifies the failover timeout in milliseconds.##! It is used in many ways:##!##! - The time needed to re-start a failover after a previous failover was##!   already tried against the same master by a given Sentinel, is two##!   times the failover timeout.##!##! - The time needed for a slave replicating to a wrong master according##!   to a Sentinel current configuration, to be forced to replicate##!   with the right master, is exactly the failover timeout (counting since##!   the moment a Sentinel detected the misconfiguration).##!##! - The time needed to cancel a failover that is already in progress but##!   did not produced any configuration change (SLAVEOF NO ONE yet not##!   acknowledged by the promoted slave).##!##! - The maximum time a failover in progress waits for all the slaves to be##!   reconfigured as slaves of the new master. However even after this time##!   the slaves will be reconfigured by the Sentinels anyway, but not with##!   the exact parallel-syncs progression as specified.# sentinel['failover_timeout'] = 60000
################################################################################## GitLab Sidekiq Cluster (EE only)################################################################################
##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes##! besides the default one. These processes can be used to consume a dedicated set##! of queues. This can be used to ensure certain queues always have dedicated##! workers, no matter the amount of jobs that need to be processed.
# sidekiq_cluster['enable'] = false# sidekiq_cluster['ha'] = false# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks# sidekiq_cluster['max_concurrency'] = 50 # The maximum number of threads each Sidekiq process should run# sidekiq_cluster['min_concurrency'] = 0 # The minimum number of threads each Sidekiq process should run
##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a##! Sidekiq process. Multiple queues can be processed by the same process by##! separating them with a comma within the group entry
# sidekiq_cluster['queue_groups'] = [#   "process_commit,post_receive",#   "gitlab_shell"# ]#
##! If negate is enabled then sidekiq-cluster will process all the queues that##! don't match those in queue_groups.
# sidekiq_cluster['negate'] = false
################################################################################## Additional Database Settings (EE only)##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html################################################################################# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
################################################################################## GitLab Geo##! Docs: https://docs.gitlab.com/ee/gitlab-geo################################################################################# geo_primary_role['enable'] = false# geo_secondary_role['enable'] = false
# This is an optional identifier which Geo nodes can use to identify themselves.# For example, if external_url is the same for two secondaries, you must specify# a unique Geo node name for those secondaries.## If it is blank, it defaults to external_url.# gitlab_rails['geo_node_name'] = nil
# gitlab_rails['geo_registry_replication_enabled'] = true# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5000'

################################################################################## GitLab Geo Secondary (EE only)################################################################################# geo_secondary['auto_migrate'] = true# geo_secondary['db_adapter'] = "postgresql"# geo_secondary['db_encoding'] = "unicode"# geo_secondary['db_collation'] = nil# geo_secondary['db_database'] = "gitlabhq_geo_production"# geo_secondary['db_pool'] = 1# geo_secondary['db_username'] = "gitlab_geo"# geo_secondary['db_password'] = nil# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"# geo_secondary['db_port'] = 5431# geo_secondary['db_socket'] = nil# geo_secondary['db_sslmode'] = nil# geo_secondary['db_sslcompression'] = 0# geo_secondary['db_sslrootcert'] = nil# geo_secondary['db_sslca'] = nil# geo_secondary['db_fdw'] = true
################################################################################## GitLab Geo Secondary Tracking Database (EE only)################################################################################
# geo_postgresql['enable'] = false# geo_postgresql['ha'] = false# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'# geo_postgresql['pgbouncer_user'] = nil# geo_postgresql['pgbouncer_user_password'] = nil##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
################################################################################## Unleash##! Docs: https://docs.gitlab.com/ee/user/project/operations/feature_flags.html################################################################################# gitlab_rails['feature_flags_unleash_enabled'] = false# gitlab_rails['feature_flags_unleash_url'] = nil# gitlab_rails['feature_flags_unleash_app_name'] = nil# gitlab_rails['feature_flags_unleash_instance_id'] = nil
################################################################################# Pgbouncer (EE only)# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details################################################################################# pgbouncer['enable'] = false# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'# pgbouncer['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }# pgbouncer['listen_addr'] = '0.0.0.0'# pgbouncer['listen_port'] = '6432'# pgbouncer['pool_mode'] = 'transaction'# pgbouncer['server_reset_query'] = 'DISCARD ALL'# pgbouncer['application_name_add_host'] = '1'# pgbouncer['max_client_conn'] = '2048'# pgbouncer['default_pool_size'] = '100'# pgbouncer['min_pool_size'] = '0'# pgbouncer['reserve_pool_size'] = '5'# pgbouncer['reserve_pool_timeout'] = '5.0'# pgbouncer['server_round_robin'] = '0'# pgbouncer['log_connections'] = '0'# pgbouncer['server_idle_timeout'] = '30'# pgbouncer['dns_max_ttl'] = '15.0'# pgbouncer['dns_zone_check_period'] = '0'# pgbouncer['dns_nxdomain_ttl'] = '15.0'# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'# pgbouncer['databases'] = {#   DATABASE_NAME: {#     host: HOSTNAME,#     port: PORT#     user: USERNAME,#     password: PASSWORD###! generate this with `echo -n '$password + $username' | md5sum`#   }#   ...# }# pgbouncer['logfile'] = nil# pgbouncer['unix_socket_dir'] = nil# pgbouncer['unix_socket_mode'] = '0777'# pgbouncer['unix_socket_group'] = nil# pgbouncer['auth_type'] = 'md5'# pgbouncer['auth_hba_file'] = nil# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'# pgbouncer['users'] = {#   {#     name: USERNAME,#     password: MD5_PASSWORD_HASH#   }# }# postgresql['pgbouncer_user'] = nil# postgresql['pgbouncer_user_password'] = nil# pgbouncer['server_reset_query_always'] = 0# pgbouncer['server_check_query'] = 'select 1'# pgbouncer['server_check_delay'] = 30# pgbouncer['max_db_connections'] = nil# pgbouncer['max_user_connections'] = nil# pgbouncer['syslog'] = 0# pgbouncer['syslog_facility'] = 'daemon'# pgbouncer['syslog_ident'] = 'pgbouncer'# pgbouncer['log_disconnections'] = 1# pgbouncer['log_pooler_errors'] = 1# pgbouncer['stats_period'] = 60# pgbouncer['verbose'] = 0# pgbouncer['server_lifetime'] = 3600# pgbouncer['server_connect_timeout'] = 15# pgbouncer['server_login_retry'] = 15# pgbouncer['query_timeout'] = 0# pgbouncer['query_wait_timeout'] = 120# pgbouncer['client_idle_timeout'] = 0# pgbouncer['client_login_timeout'] = 60# pgbouncer['autodb_idle_timeout'] = 3600# pgbouncer['suspend_timeout'] = 10# pgbouncer['idle_transaction_timeout'] = 0# pgbouncer['pkt_buf'] = 4096# pgbouncer['listen_backlog'] = 128# pgbouncer['sbuf_loopcnt'] = 5# pgbouncer['max_packet_size'] = 2147483647# pgbouncer['tcp_defer_accept'] = 0# pgbouncer['tcp_socket_buffer'] = 0# pgbouncer['tcp_keepalive'] = 1# pgbouncer['tcp_keepcnt'] = 0# pgbouncer['tcp_keepidle'] = 0# pgbouncer['tcp_keepintvl'] = 0# pgbouncer['disable_pqexec'] = 0
## Pgbouncer client TLS options# pgbouncer['client_tls_sslmode'] = 'disable'# pgbouncer['client_tls_ca_file'] = nil# pgbouncer['client_tls_key_file'] = nil# pgbouncer['client_tls_cert_file'] = nil# pgbouncer['client_tls_protocols'] = 'all'# pgbouncer['client_tls_dheparams'] = 'auto'# pgbouncer['client_tls_ecdhcurve'] = 'auto'### Pgbouncer server  TLS options# pgbouncer['server_tls_sslmode'] = 'disable'# pgbouncer['server_tls_ca_file'] = nil# pgbouncer['server_tls_key_file'] = nil# pgbouncer['server_tls_cert_file'] = nil# pgbouncer['server_tls_protocols'] = 'all'# pgbouncer['server_tls_ciphers'] = 'fast'
################################################################################# Repmgr (EE only)################################################################################# repmgr['enable'] = false# repmgr['cluster'] = 'gitlab_cluster'# repmgr['database'] = 'gitlab_repmgr'# repmgr['host'] = nil# repmgr['node_number'] = nil# repmgr['port'] = 5432# repmgr['trust_auth_cidr_addresses'] = []# repmgr['user'] = 'gitlab_repmgr'# repmgr['sslmode'] = 'prefer'# repmgr['sslcompression'] = 0# repmgr['failover'] = 'automatic'# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'# repmgr['node_name'] = nil# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'# repmgr['service_promote_command'] = nil# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
# repmgr['upstream_node'] = nil# repmgr['use_replication_slots'] = false# repmgr['loglevel'] = 'INFO'# repmgr['logfacility'] = 'STDERR'# repmgr['logfile'] = nil
# repmgr['event_notification_command'] = nil# repmgr['event_notifications'] = nil
# repmgr['rsync_options'] = nil# repmgr['ssh_options'] = nil# repmgr['priority'] = nil## HA setting to specify if a node should attempt to be master on initialization# repmgr['master_on_initialization'] = true
# repmgr['retry_promote_interval_secs'] = 300# repmgr['witness_repl_nodes_sync_interval_secs'] = 15# repmgr['reconnect_attempts'] = 6# repmgr['reconnect_interval'] = 10# repmgr['monitor_interval_secs'] = 2# repmgr['master_response_timeout'] = 60# repmgr['daemon'] = true# repmgrd['enable'] = true
################################################################################# Consul (EEP only)################################################################################# consul['enable'] = false# consul['dir'] = '/var/opt/gitlab/consul'# consul['user'] = 'gitlab-consul'# consul['group'] = 'gitlab-consul'# consul['config_file'] = '/var/opt/gitlab/consul/config.json'# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'# consul['data_dir'] = '/var/opt/gitlab/consul/data'# consul['log_directory'] = '/var/log/gitlab/consul'# consul['env_directory'] = '/opt/gitlab/etc/consul/env'# consul['env'] = {#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"# }# consul['monitoring_service_discovery'] = false# consul['node_name'] = nil# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'# consul['configuration'] = {#   'client_addr' => nil,#   'datacenter' => 'gitlab_consul',#   'enable_script_checks' => true,#   'server' => false# }# consul['services'] = []# consul['service_config'] = {#   'postgresql' => {#     'service' => {#       'name' => "postgresql",#       'address' => '',#       'port' => 5432,#       'checks' => [#         {#           'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",#           'interval' => "10s"#         }#       ]#     }#   }# }# consul['watchers'] = {#   'postgresql' => {#     enable: false,#     handler: 'failover_pgbouncer'#   }# }