add gitlab roles

projects.yaml

@@ -0,0 +1,9 @@
+---
+- hosts: biff
+  roles:
+      - role: lxc_guest
+        vm_name: projects
+        # distro: sid
+- hosts: projects
+  roles:
+      - role: gitlab

roles/gitlab/handlers/main.yaml

@@ -0,0 +1,2 @@
+- name: restart gitlab-ce
+  shell: gitlab-ctl restart

roles/gitlab/meta/main.yaml

@@ -0,0 +1,5 @@
+---
+dependencies:
+  - role: postgresql
+  - role: nginx
+    parent_role_path: "gitlab"

roles/gitlab/tasks/main.yaml

@@ -0,0 +1,62 @@
+- name: install apt-transport-https package
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+      - apt-transport-https
+
+- name: add gitlab omnibus apt key
+  apt_key:
+    url: https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey
+    state: present
+
+- name: add gitlab omnibus repository
+  apt_repository: repo='deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ jessie main' state=present
+
+- name: install gitlab package
+  apt:
+    name: "{{ item }}"
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+  with_items:
+      - gitlab-ce
+
+- block:
+    - name: create gitlab DB
+      postgresql_db: name=gitlabhq_production
+    - name: create gitlab DB user
+      postgresql_user:
+        name: gitlab-psql
+        # password: "{{ password }}"
+        db: gitlabhq_production
+        priv: ALL
+        role_attr_flags: SUPERUSER
+  become: true
+  become_method: su
+  become_user: postgres
+
+# - name: copy lilik-150x54.png
+#   copy:
+#     src: lilik-150x54.png
+#     dest: /usr/share/roundcube/skins/classic/images/
+
+- name: copy my-gitlab.rb
+  template:
+      src: "my-gitlab.rb.j2"
+      dest: "/etc/gitlab/my-gitlab.rb"
+      mode: 0600
+  notify: restart gitlab-ce
+
+- name: include my-gitlab.rb
+  lineinfile:
+    dest: /etc/gitlab/gitlab.rb
+    insertafter: EOF
+    line: eval File.open('/etc/gitlab/my-gitlab.rb').read
+  notify: restart gitlab-ce
+
+- name: reconfigure gitlab-ce
+  shell: gitlab-ctl reconfigure
+  notify: restart gitlab-ce

roles/gitlab/templates/gitlab.conf.nginx.j2

@@ -0,0 +1,54 @@
+#upstream gitlab {
+#    server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
+#    proxy_pass http://localhost:8080;
+#}
+
+server {
+  listen *:80;
+
+
+  server_name projects.lilik.it;
+
+  client_max_body_size 0;
+
+
+#location ~* \.(git) {
+#    proxy_read_timeout      300;
+#    proxy_connect_timeout   300;
+#    proxy_redirect          off;
+
+#    proxy_set_header   X-Forwarded-Proto $scheme;
+#    proxy_set_header   Host              $http_host;
+#    proxy_set_header   X-Real-IP         $remote_addr;
+#    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+#    proxy_set_header   X-Frame-Options   SAMEORIGIN;
+#    proxy_pass http://gitlab;
+#    proxy_pass http://localhost:8080;
+#}
+
+  location / {
+    ## If you use HTTPS make sure you disable gzip compression
+    ## to be safe against BREACH attack.
+
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      3600;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+
+    proxy_http_version 1.1;
+
+    proxy_set_header Host projects.leader.lilik.it;
+    proxy_set_header X-Forwarded-Host "";
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto http;
+
+    proxy_pass http://localhost:8181;
+    proxy_hide_header    Content-Security-Policy;
+    proxy_hide_header    X-Frame-Options;
+ }
+
+
+}

roles/gitlab/templates/my-gitlab.rb.j2

@@ -0,0 +1,40 @@
+external_url  'http://projects.lilik.it'
+gitlab_rails['gitlab_default_projects_features_issues'] = true
+gitlab_rails['gitlab_default_projects_features_wiki'] = true
+gitlab_rails['gitlab_default_projects_features_snippets'] = true
+gitlab_rails['ldap_enabled'] = true
+gitlab_rails['ldap_servers'] = YAML.load <<-EOS
+  main:
+    label: 'LDAP'
+    host: 'ldap2.lilik.it'
+    port: 389
+    uid: 'mail'
+    method: 'plain'
+    base: 'vd=lilik.it,o=hosting,dc=lilik,dc=it'
+    user_filter: '(memberOf=cn=projects,o=Group,dc=lilik,dc=it)'
+    attributes:
+      username: ['uid', 'userid', 'sAMAccountName']
+      email:    ['mail', 'email', 'userPrincipalName']
+      name:       'cn'
+      first_name: 'givenName'
+      last_name:  'sn'
+EOS
+gitlab_rails['gitlab_shell_ssh_port'] = 8082
+gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_address'] = "mail.lilik.it"
+gitlab_rails['smtp_port'] = 25
+
+unicorn['worker_processes'] = 1 # default is 2
+
+gitlab_workhorse['listen_network'] = "tcp"
+gitlab_workhorse['listen_addr'] = "localhost:8181"
+
+gitlab_rails['db_adapter'] = "postgresql"
+gitlab_rails['db_encoding'] = 'utf8'
+gitlab_rails['db_username'] = "gitlab-psql"
+gitlab_rails['db_host'] = nil
+gitlab_rails['db_socket'] = "/var/run/postgresql/"
+gitlab_rails['db_port'] = nil
+
+postgresql['enable'] = false
+nginx['enable'] = false

roles/gitlab/vars/main.yml

@@ -0,0 +1,2 @@
+config_names:
+  - gitlab