@ -1,13 +1,14 @@ | |||||
--- | --- | ||||
- hosts: biff | |||||
- hosts: emmett | |||||
roles: | roles: | ||||
- role: lxc_guest | - role: lxc_guest | ||||
vm_name: projects | |||||
# distro: sid | |||||
vm_name: projects2 | |||||
- role: ssh_server | - role: ssh_server | ||||
ansible_connection: lxc_ssh | ansible_connection: lxc_ssh | ||||
ansible_docker_extra_args: projects | |||||
- hosts: projects | |||||
ansible_docker_extra_args: projects2 | |||||
- hosts: projects2 | |||||
roles: | roles: | ||||
- role: dns_record | |||||
- role: gitlab | |||||
- role: dns_record | |||||
- role: reverse_proxy | |||||
hostname: projects2 | |||||
- role: gitlab |
@ -0,0 +1,3 @@ | |||||
fqdn: '{{ ansible_hostname }}.lilik.it' | |||||
ssh_port: 8022 | |||||
ldap_server: ldap.dmz.lilik |
@ -1,2 +0,0 @@ | |||||
- name: restart gitlab-ce | |||||
shell: gitlab-ctl restart |
@ -1,65 +1,27 @@ | |||||
- name: install apt-transport-https package | |||||
apt: | |||||
name: "{{ item }}" | |||||
state: present | |||||
update_cache: yes | |||||
cache_valid_time: 3600 | |||||
with_items: | |||||
- apt-transport-https | |||||
- name: add gitlab omnibus apt key | |||||
apt_key: | |||||
url: https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey | |||||
state: present | |||||
- name: add gitlab omnibus repository | |||||
apt_repository: | |||||
repo: 'deb https://packages.gitlab.com/gitlab/gitlab-ce/debian/ jessie main' | |||||
state: present | |||||
- name: install gitlab package | |||||
apt: | |||||
name: "{{ item }}" | |||||
state: present | |||||
update_cache: yes | |||||
cache_valid_time: 3600 | |||||
with_items: | |||||
- gitlab-ce | |||||
- block: | |||||
- name: create gitlab DB | |||||
postgresql_db: | |||||
name: gitlabhq_production | |||||
- name: create gitlab DB user | |||||
postgresql_user: | |||||
name: gitlab-psql | |||||
# password: "{{ password }}" | |||||
db: gitlabhq_production | |||||
priv: ALL | |||||
role_attr_flags: SUPERUSER | |||||
become: true | |||||
become_method: su | |||||
become_user: postgres | |||||
# - name: copy lilik-150x54.png | |||||
# copy: | |||||
# src: lilik-150x54.png | |||||
# dest: /usr/share/roundcube/skins/classic/images/ | |||||
- name: copy my-gitlab.rb | |||||
# see /usr/share/doc/gitlab/README.Debian.gz | |||||
# for instruction on how to migrate and reset root password | |||||
- name: configure gitlab (fqdn) | |||||
debconf: | |||||
name: 'gitlab' | |||||
question: 'gitlab/fqdn' | |||||
vtype: 'string' | |||||
value: '{{ fqdn }}' | |||||
- include_role: | |||||
name: service | |||||
vars: | |||||
service_name: gitlab | |||||
service_packages: | |||||
- gitlab | |||||
- name: remove debian nginx configuration | |||||
file: | |||||
path: '/etc/nginx/sites-enabled/{{ fqdn }}' | |||||
state: absent | |||||
- name: copy my-gitlab.yml | |||||
template: | template: | ||||
src: "my-gitlab.rb.j2" | |||||
dest: "/etc/gitlab/my-gitlab.rb" | |||||
mode: 0600 | |||||
notify: restart gitlab-ce | |||||
- name: include my-gitlab.rb | |||||
lineinfile: | |||||
dest: /etc/gitlab/gitlab.rb | |||||
insertafter: EOF | |||||
line: eval File.open('/etc/gitlab/my-gitlab.rb').read | |||||
notify: restart gitlab-ce | |||||
- name: reconfigure gitlab-ce | |||||
shell: gitlab-ctl reconfigure | |||||
notify: restart gitlab-ce | |||||
src: "gitlab.yml.j2" | |||||
dest: "/etc/gitlab/gitlab.yml" | |||||
notify: restart gitlab |
@ -1,54 +0,0 @@ | |||||
#upstream gitlab { | |||||
# server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket; | |||||
# proxy_pass http://localhost:8080; | |||||
#} | |||||
server { | |||||
listen *:80; | |||||
server_name projects.lilik.it; | |||||
client_max_body_size 0; | |||||
#location ~* \.(git) { | |||||
# proxy_read_timeout 300; | |||||
# proxy_connect_timeout 300; | |||||
# proxy_redirect off; | |||||
# proxy_set_header X-Forwarded-Proto $scheme; | |||||
# proxy_set_header Host $http_host; | |||||
# proxy_set_header X-Real-IP $remote_addr; | |||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||||
# proxy_set_header X-Frame-Options SAMEORIGIN; | |||||
# proxy_pass http://gitlab; | |||||
# proxy_pass http://localhost:8080; | |||||
#} | |||||
location / { | |||||
## If you use HTTPS make sure you disable gzip compression | |||||
## to be safe against BREACH attack. | |||||
## https://github.com/gitlabhq/gitlabhq/issues/694 | |||||
## Some requests take more than 30 seconds. | |||||
proxy_read_timeout 3600; | |||||
proxy_connect_timeout 300; | |||||
proxy_redirect off; | |||||
proxy_http_version 1.1; | |||||
proxy_set_header Host projects.leader.lilik.it; | |||||
proxy_set_header X-Forwarded-Host ""; | |||||
proxy_set_header X-Real-IP $remote_addr; | |||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||||
proxy_set_header X-Forwarded-Proto http; | |||||
proxy_pass http://localhost:8181; | |||||
proxy_hide_header Content-Security-Policy; | |||||
proxy_hide_header X-Frame-Options; | |||||
} | |||||
} |
@ -0,0 +1,440 @@ | |||||
# # # # # # # # # # # # # # # # # # | |||||
# GitLab application config file # | |||||
# # # # # # # # # # # # # # # # # # | |||||
# | |||||
########################### NOTE ##################################### | |||||
# This file should not receive new settings. All configuration options # | |||||
# that do not require an application restart are being moved to # | |||||
# ApplicationSetting model! # | |||||
# If you change this file in a Merge Request, please also create # | |||||
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests # | |||||
######################################################################## | |||||
# | |||||
# | |||||
# How to use: | |||||
# 1. Copy file as gitlab.yml | |||||
# 2. Update gitlab -> host with your fully qualified domain name | |||||
# 3. Update gitlab -> email_from | |||||
# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git | |||||
# IMPORTANT: If Git was installed in a different location use that instead. | |||||
# You can check with `which git`. If a wrong path of Git is specified, it will | |||||
# result in various issues such as failures of GitLab CI builds. | |||||
# 5. Review this configuration file for other settings you may want to adjust | |||||
# For Debian specific changes: See /usr/share/doc/README.Debian | |||||
production: &base | |||||
# | |||||
# 1. GitLab app settings | |||||
# ========================== | |||||
## GitLab settings | |||||
gitlab: | |||||
## Web server settings (note: host is the FQDN, do not include http://) | |||||
# Using environmental variables from /etc/gitlab/gitlab-debian.conf | |||||
host: {{ fqdn }} | |||||
#port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details | |||||
https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details | |||||
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one | |||||
# (you'd obviously need to replace ssh.host_example.com with your own host). | |||||
# Otherwise, ssh host will be set to the `host:` value above | |||||
# ssh_host: ssh.host_example.com | |||||
# WARNING: See config/application.rb under "Relative url support" for the list of | |||||
# other files that need to be changed for relative url support | |||||
# relative_url_root: /gitlab | |||||
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git') | |||||
user: gitlab #gitlab_user (DON'T REMOVE THIS COMMENT) | |||||
user_home: /var/lib/gitlab | |||||
## Date & Time settings | |||||
# Uncomment and customize if you want to change the default time zone of GitLab application. | |||||
# To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production` | |||||
# time_zone: 'UTC' | |||||
## Email settings | |||||
# Uncomment and set to false if you need to disable email sending from GitLab (default: true) | |||||
# email_enabled: true | |||||
# Email address used in the "From" field in mails sent by GitLab | |||||
# Using environmental variables from /etc/gitlab/gitlab-debian.conf | |||||
# email_from: example@example.com | |||||
# email_display_name: GitLab | |||||
# email_reply_to: noreply@example.com | |||||
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample | |||||
# default_can_create_group: false # default: true | |||||
# username_changing_enabled: false # default: true - User can change her username/namespace | |||||
## Default theme ID | |||||
## 1 - Graphite | |||||
## 2 - Charcoal | |||||
## 3 - Green | |||||
## 4 - Gray | |||||
## 5 - Violet | |||||
## 6 - Blue | |||||
# default_theme: 2 # default: 2 | |||||
## Automatic issue closing | |||||
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed. | |||||
# This happens when the commit is pushed or merged into the default branch of a project. | |||||
# When not specified the default issue_closing_pattern as specified below will be used. | |||||
# Tip: you can test your closing pattern at http://rubular.com. | |||||
# issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?#\d+(?:(?:, *| +and +)?))+)' | |||||
## Default project features settings | |||||
default_projects_features: | |||||
issues: true | |||||
merge_requests: true | |||||
wiki: true | |||||
snippets: true | |||||
## Webhook settings | |||||
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) | |||||
# webhook_timeout: 10 | |||||
## Repository downloads directory | |||||
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. | |||||
# The default is 'tmp/repositories' relative to the root of the Rails app. | |||||
# repository_downloads_path: tmp/repositories | |||||
## Reply by email | |||||
# Allow users to comment on issues and merge requests by replying to notification emails. | |||||
# For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html | |||||
incoming_email: | |||||
enabled: false | |||||
address: "incoming+%{key}@gitlab.example.com" | |||||
## Gravatar | |||||
## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html | |||||
gravatar: | |||||
enabled: false # Use user avatar image from Gravatar.com (default: true) | |||||
# gravatar urls: possible placeholders: %{hash} %{size} %{email} | |||||
# plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon | |||||
# ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon | |||||
# | |||||
# 2. GitLab CI settings | |||||
# ========================== | |||||
gitlab_ci: | |||||
# Default project notifications settings: | |||||
# | |||||
# Send emails only on broken builds (default: true) | |||||
# all_broken_builds: true | |||||
# | |||||
# Add pusher to recipients list (default: false) | |||||
# add_pusher: true | |||||
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root | |||||
# builds_path: builds/ | |||||
# | |||||
# 3. Auth settings | |||||
# ========================== | |||||
## LDAP settings | |||||
# You can inspect a sample of the LDAP users with login access by running: | |||||
# bundle exec rake gitlab:ldap:check RAILS_ENV=production | |||||
ldap: | |||||
enabled: true | |||||
servers: | |||||
########################################################################## | |||||
# | |||||
# Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab | |||||
# Enterprise Edition now supports connecting to multiple LDAP servers. | |||||
# | |||||
# If you are updating from the old (pre-7.4) syntax, you MUST give your | |||||
# old server the ID 'main'. | |||||
# | |||||
########################################################################## | |||||
main: # 'main' is the GitLab 'provider ID' of this LDAP server | |||||
## label | |||||
# | |||||
# A human-friendly name for your LDAP server. It is OK to change the label later, | |||||
# for instance if you find out it is too large to fit on the web page. | |||||
# | |||||
# Example: 'Paris' or 'Acme, Ltd.' | |||||
label: 'LDAP' | |||||
host: '{{ ldap_server }}' | |||||
port: 389 | |||||
uid: 'uid' | |||||
method: 'plain' # "tls" or "ssl" or "plain" | |||||
#bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |||||
#password: '_the_password_of_the_bind_user' | |||||
# This setting specifies if LDAP server is Active Directory LDAP server. | |||||
# For non AD servers it skips the AD specific queries. | |||||
# If your LDAP server is not AD, set this to false. | |||||
active_directory: false | |||||
# If allow_username_or_email_login is enabled, GitLab will ignore everything | |||||
# after the first '@' in the LDAP username submitted by the user on login. | |||||
# | |||||
# Example: | |||||
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; | |||||
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. | |||||
# | |||||
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to | |||||
# disable this setting, because the userPrincipalName contains an '@'. | |||||
allow_username_or_email_login: true | |||||
# To maintain tight control over the number of active users on your GitLab installation, | |||||
# enable this setting to keep new users blocked until they have been cleared by the admin | |||||
# (default: false). | |||||
block_auto_created_users: false | |||||
# Base where we can search for users | |||||
# | |||||
# Ex. ou=People,dc=gitlab,dc=example | |||||
# | |||||
base: 'o=People,dc=lilik,dc=it' | |||||
# Filter LDAP users | |||||
# | |||||
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515 | |||||
# Ex. (employeeType=developer) | |||||
# | |||||
# Note: GitLab does not support omniauth-ldap's custom filter syntax. | |||||
# | |||||
user_filter: '(memberOf=cn=projects,o=Group,dc=lilik,dc=it)' | |||||
# LDAP attributes that GitLab will use to create an account for the LDAP user. | |||||
# The specified attribute can either be the attribute name as a string (e.g. 'mail'), | |||||
# or an array of attribute names to try in order (e.g. ['mail', 'email']). | |||||
# Note that the user's LDAP login will always be the attribute specified as `uid` above. | |||||
attributes: | |||||
# The username will be used in paths for the user's own projects | |||||
# (like `gitlab.example.com/username/project`) and when mentioning | |||||
# them in issues, merge request and comments (like `@username`). | |||||
# If the attribute specified for `username` contains an email address, | |||||
# the GitLab username will be the part of the email address before the '@'. | |||||
username: ['uid', 'userid', 'sAMAccountName'] | |||||
email: ['mail', 'email', 'userPrincipalName'] | |||||
# If no full name could be found at the attribute specified for `name`, | |||||
# the full name is determined using the attributes specified for | |||||
# `first_name` and `last_name`. | |||||
name: 'cn' | |||||
first_name: 'givenName' | |||||
last_name: 'sn' | |||||
group_base: 'o=Group,dc=lilik,dc=it' | |||||
admin_group: 'admin' | |||||
# GitLab EE only: add more LDAP servers | |||||
# Choose an ID made of a-z and 0-9 . This ID will be stored in the database | |||||
# so that GitLab can remember which LDAP server a user belongs to. | |||||
# uswest2: | |||||
# label: | |||||
# host: | |||||
# .... | |||||
## OmniAuth settings | |||||
omniauth: | |||||
# Allow login via Twitter, Google, etc. using OmniAuth providers | |||||
enabled: false | |||||
# Uncomment this to automatically sign in with a specific omniauth provider's without | |||||
# showing GitLab's sign-in page (default: show the GitLab sign-in page) | |||||
# auto_sign_in_with_provider: saml | |||||
# CAUTION! | |||||
# This allows users to login without having a user account first (default: false). | |||||
# User accounts will be created automatically when authentication was successful. | |||||
allow_single_sign_on: false | |||||
# Locks down those users until they have been cleared by the admin (default: true). | |||||
block_auto_created_users: true | |||||
# Look up new users in LDAP servers. If a match is found (same uid), automatically | |||||
# link the omniauth identity with the LDAP account. (default: false) | |||||
auto_link_ldap_user: false | |||||
## Auth providers | |||||
# Uncomment the following lines and fill in the data of the auth provider you want to use | |||||
# If your favorite auth provider is not listed you can use others: | |||||
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations | |||||
# The 'app_id' and 'app_secret' parameters are always passed as the first two | |||||
# arguments, followed by optional 'args' which can be either a hash or an array. | |||||
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html | |||||
providers: | |||||
# - { name: 'google_oauth2', | |||||
# label: 'Google', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET', | |||||
# args: { access_type: 'offline', approval_prompt: '' } } | |||||
# - { name: 'twitter', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET' } | |||||
# - { name: 'github', | |||||
# label: 'GitHub', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET', | |||||
# args: { scope: 'user:email' } } | |||||
# - { name: 'gitlab', | |||||
# label: 'GitLab.com', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET', | |||||
# args: { scope: 'api' } } | |||||
# - { name: 'bitbucket', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET' } | |||||
# - { name: 'saml', | |||||
# label: 'Our SAML Provider', | |||||
# args: { | |||||
# assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', | |||||
# idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', | |||||
# idp_sso_target_url: 'https://login.example.com/idp', | |||||
# issuer: 'https://gitlab.example.com', | |||||
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' | |||||
# } } | |||||
# - { name: 'crowd', | |||||
# args: { | |||||
# crowd_server_url: 'CROWD SERVER URL', | |||||
# application_name: 'YOUR_APP_NAME', | |||||
# application_password: 'YOUR_APP_PASSWORD' } } | |||||
# | |||||
# 4. Advanced settings | |||||
# ========================== | |||||
# GitLab Satellites | |||||
satellites: | |||||
# Relative paths are relative to Rails.root (default: tmp/repo_satellites/) | |||||
path: /home/git/gitlab-satellites/ | |||||
timeout: 30 | |||||
## Backup settings | |||||
backup: | |||||
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) | |||||
# archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600) | |||||
# keep_time: 604800 # default: 0 (forever) (in seconds) | |||||
# pg_schema: public # default: nil, it means that all schemas will be backed up | |||||
# upload: | |||||
# # Fog storage connection settings, see http://fog.io/storage/ . | |||||
# connection: | |||||
# provider: AWS | |||||
# region: eu-west-1 | |||||
# aws_access_key_id: AKIAKIAKI | |||||
# aws_secret_access_key: 'secret123' | |||||
# # The remote 'directory' to store your backups. For S3, this would be the bucket name. | |||||
# remote_directory: 'my.s3.bucket' | |||||
# # Use multipart uploads when file size reaches 100MB, see | |||||
# # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html | |||||
# multipart_chunk_size: 104857600 | |||||
## GitLab Shell settings | |||||
gitlab_shell: | |||||
path: /usr/share/gitlab-shell/ | |||||
# REPOS_PATH MUST NOT BE A SYMLINK!!! | |||||
repos_path: /var/lib/gitlab/repositories/ | |||||
hooks_path: /usr/share/gitlab-shell/hooks/ | |||||
# File that contains the secret key for verifying access for gitlab-shell. | |||||
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). | |||||
secret_file: /var/lib/gitlab/.gitlab_shell_secret | |||||
# Git over HTTP | |||||
upload_pack: true | |||||
receive_pack: true | |||||
# If you use non-standard ssh port you need to specify it | |||||
ssh_port: {{ ssh_port }} | |||||
## Git settings | |||||
# CAUTION! | |||||
# Use the default values unless you really know what you are doing | |||||
git: | |||||
bin_path: /usr/bin/git | |||||
# The next value is the maximum memory size grit can use | |||||
# Given in number of bytes per git object (e.g. a commit) | |||||
# This value can be increased if you have very large commits | |||||
max_size: 20971520 # 20.megabytes | |||||
# Git timeout to read a commit, in seconds | |||||
timeout: 10 | |||||
# | |||||
# 5. Extra customization | |||||
# ========================== | |||||
extra: | |||||
## Google analytics. Uncomment if you want it | |||||
# google_analytics_id: '_your_tracking_id' | |||||
## Piwik analytics. | |||||
# piwik_url: '_your_piwik_url' | |||||
# piwik_site_id: '_your_piwik_site_id' | |||||
rack_attack: | |||||
git_basic_auth: | |||||
# Rack Attack IP banning enabled | |||||
# enabled: true | |||||
# | |||||
# Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers | |||||
# ip_whitelist: ["127.0.0.1"] | |||||
# | |||||
# Limit the number of Git HTTP authentication attempts per IP | |||||
# maxretry: 10 | |||||
# | |||||
# Reset the auth attempt counter per IP after 60 seconds | |||||
# findtime: 60 | |||||
# | |||||
# Ban an IP for one hour (3600s) after too many auth attempts | |||||
# bantime: 3600 | |||||
development: | |||||
<<: *base | |||||
test: | |||||
<<: *base | |||||
gravatar: | |||||
enabled: true | |||||
gitlab: | |||||
host: localhost | |||||
port: 80 | |||||
# When you run tests we clone and setup gitlab-shell | |||||
# In order to setup it correctly you need to specify | |||||
# your system username you use to run GitLab | |||||
user: gitlab | |||||
email_from: example@example.com | |||||
email_display_name: GitLab | |||||
email_reply_to: noreply@example.com | |||||
satellites: | |||||
path: tmp/tests/gitlab-satellites/ | |||||
backup: | |||||
path: tmp/tests/backups | |||||
gitlab_shell: | |||||
path: /usr/share/gitlab-shell/ | |||||
repos_path: tmp/tests/repositories/ | |||||
hooks_path: /usr/share/gitlab-shell/hooks/ | |||||
secret_file: tmp/tests/gitlab-shell/.gitlab_shell_secret | |||||
issues_tracker: | |||||
redmine: | |||||
title: "Redmine" | |||||
project_url: "http://redmine/projects/:issues_tracker_id" | |||||
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" | |||||
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" | |||||
ldap: | |||||
enabled: false | |||||
servers: | |||||
main: | |||||
label: ldap | |||||
host: 127.0.0.1 | |||||
port: 3890 | |||||
uid: 'uid' | |||||
method: 'plain' # "tls" or "ssl" or "plain" | |||||
base: 'dc=example,dc=com' | |||||
user_filter: '' | |||||
group_base: 'ou=groups,dc=example,dc=com' | |||||
admin_group: '' | |||||
sync_ssh_keys: false | |||||
staging: | |||||
<<: *base |
@ -0,0 +1,437 @@ | |||||
# # # # # # # # # # # # # # # # # # | |||||
# GitLab application config file # | |||||
# # # # # # # # # # # # # # # # # # | |||||
# | |||||
########################### NOTE ##################################### | |||||
# This file should not receive new settings. All configuration options # | |||||
# that do not require an application restart are being moved to # | |||||
# ApplicationSetting model! # | |||||
# If you change this file in a Merge Request, please also create # | |||||
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests # | |||||
######################################################################## | |||||
# | |||||
# | |||||
# How to use: | |||||
# 1. Copy file as gitlab.yml | |||||
# 2. Update gitlab -> host with your fully qualified domain name | |||||
# 3. Update gitlab -> email_from | |||||
# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git | |||||
# IMPORTANT: If Git was installed in a different location use that instead. | |||||
# You can check with `which git`. If a wrong path of Git is specified, it will | |||||
# result in various issues such as failures of GitLab CI builds. | |||||
# 5. Review this configuration file for other settings you may want to adjust | |||||
# For Debian specific changes: See /usr/share/doc/README.Debian | |||||
production: &base | |||||
# | |||||
# 1. GitLab app settings | |||||
# ========================== | |||||
## GitLab settings | |||||
gitlab: | |||||
## Web server settings (note: host is the FQDN, do not include http://) | |||||
# Using environmental variables from /etc/gitlab/gitlab-debian.conf | |||||
#host: localhost | |||||
#port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details | |||||
https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details | |||||
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one | |||||
# (you'd obviously need to replace ssh.host_example.com with your own host). | |||||
# Otherwise, ssh host will be set to the `host:` value above | |||||
# ssh_host: ssh.host_example.com | |||||
# WARNING: See config/application.rb under "Relative url support" for the list of | |||||
# other files that need to be changed for relative url support | |||||
# relative_url_root: /gitlab | |||||
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git') | |||||
user: gitlab #gitlab_user (DON'T REMOVE THIS COMMENT) | |||||
user_home: /var/lib/gitlab | |||||
## Date & Time settings | |||||
# Uncomment and customize if you want to change the default time zone of GitLab application. | |||||
# To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production` | |||||
# time_zone: 'UTC' | |||||
## Email settings | |||||
# Uncomment and set to false if you need to disable email sending from GitLab (default: true) | |||||
# email_enabled: true | |||||
# Email address used in the "From" field in mails sent by GitLab | |||||
# Using environmental variables from /etc/gitlab/gitlab-debian.conf | |||||
# email_from: example@example.com | |||||
# email_display_name: GitLab | |||||
# email_reply_to: noreply@example.com | |||||
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample | |||||
# default_can_create_group: false # default: true | |||||
# username_changing_enabled: false # default: true - User can change her username/namespace | |||||
## Default theme ID | |||||
## 1 - Graphite | |||||
## 2 - Charcoal | |||||
## 3 - Green | |||||
## 4 - Gray | |||||
## 5 - Violet | |||||
## 6 - Blue | |||||
# default_theme: 2 # default: 2 | |||||
## Automatic issue closing | |||||
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed. | |||||
# This happens when the commit is pushed or merged into the default branch of a project. | |||||
# When not specified the default issue_closing_pattern as specified below will be used. | |||||
# Tip: you can test your closing pattern at http://rubular.com. | |||||
# issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?#\d+(?:(?:, *| +and +)?))+)' | |||||
## Default project features settings | |||||
default_projects_features: | |||||
issues: true | |||||
merge_requests: true | |||||
wiki: true | |||||
snippets: false | |||||
## Webhook settings | |||||
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) | |||||
# webhook_timeout: 10 | |||||
## Repository downloads directory | |||||
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. | |||||
# The default is 'tmp/repositories' relative to the root of the Rails app. | |||||
# repository_downloads_path: tmp/repositories | |||||
## Reply by email | |||||
# Allow users to comment on issues and merge requests by replying to notification emails. | |||||
# For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html | |||||
incoming_email: | |||||
enabled: false | |||||
address: "incoming+%{key}@gitlab.example.com" | |||||
## Gravatar | |||||
## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html | |||||
gravatar: | |||||
enabled: true # Use user avatar image from Gravatar.com (default: true) | |||||
# gravatar urls: possible placeholders: %{hash} %{size} %{email} | |||||
# plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon | |||||
# ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon | |||||
# | |||||
# 2. GitLab CI settings | |||||
# ========================== | |||||
gitlab_ci: | |||||
# Default project notifications settings: | |||||
# | |||||
# Send emails only on broken builds (default: true) | |||||
# all_broken_builds: true | |||||
# | |||||
# Add pusher to recipients list (default: false) | |||||
# add_pusher: true | |||||
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root | |||||
# builds_path: builds/ | |||||
# | |||||
# 3. Auth settings | |||||
# ========================== | |||||
## LDAP settings | |||||
# You can inspect a sample of the LDAP users with login access by running: | |||||
# bundle exec rake gitlab:ldap:check RAILS_ENV=production | |||||
ldap: | |||||
enabled: false | |||||
servers: | |||||
########################################################################## | |||||
# | |||||
# Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab | |||||
# Enterprise Edition now supports connecting to multiple LDAP servers. | |||||
# | |||||
# If you are updating from the old (pre-7.4) syntax, you MUST give your | |||||
# old server the ID 'main'. | |||||
# | |||||
########################################################################## | |||||
main: # 'main' is the GitLab 'provider ID' of this LDAP server | |||||
## label | |||||
# | |||||
# A human-friendly name for your LDAP server. It is OK to change the label later, | |||||
# for instance if you find out it is too large to fit on the web page. | |||||
# | |||||
# Example: 'Paris' or 'Acme, Ltd.' | |||||
label: 'LDAP' | |||||
host: '_your_ldap_server' | |||||
port: 389 | |||||
uid: 'sAMAccountName' | |||||
method: 'plain' # "tls" or "ssl" or "plain" | |||||
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' | |||||
password: '_the_password_of_the_bind_user' | |||||
# This setting specifies if LDAP server is Active Directory LDAP server. | |||||
# For non AD servers it skips the AD specific queries. | |||||
# If your LDAP server is not AD, set this to false. | |||||
active_directory: true | |||||
# If allow_username_or_email_login is enabled, GitLab will ignore everything | |||||
# after the first '@' in the LDAP username submitted by the user on login. | |||||
# | |||||
# Example: | |||||
# - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; | |||||
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. | |||||
# | |||||
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to | |||||
# disable this setting, because the userPrincipalName contains an '@'. | |||||
allow_username_or_email_login: false | |||||
# To maintain tight control over the number of active users on your GitLab installation, | |||||
# enable this setting to keep new users blocked until they have been cleared by the admin | |||||
# (default: false). | |||||
block_auto_created_users: false | |||||
# Base where we can search for users | |||||
# | |||||
# Ex. ou=People,dc=gitlab,dc=example | |||||
# | |||||
base: '' | |||||
# Filter LDAP users | |||||
# | |||||
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515 | |||||
# Ex. (employeeType=developer) | |||||
# | |||||
# Note: GitLab does not support omniauth-ldap's custom filter syntax. | |||||
# | |||||
user_filter: '' | |||||
# LDAP attributes that GitLab will use to create an account for the LDAP user. | |||||
# The specified attribute can either be the attribute name as a string (e.g. 'mail'), | |||||
# or an array of attribute names to try in order (e.g. ['mail', 'email']). | |||||
# Note that the user's LDAP login will always be the attribute specified as `uid` above. | |||||
attributes: | |||||
# The username will be used in paths for the user's own projects | |||||
# (like `gitlab.example.com/username/project`) and when mentioning | |||||
# them in issues, merge request and comments (like `@username`). | |||||
# If the attribute specified for `username` contains an email address, | |||||
# the GitLab username will be the part of the email address before the '@'. | |||||
username: ['uid', 'userid', 'sAMAccountName'] | |||||
email: ['mail', 'email', 'userPrincipalName'] | |||||
# If no full name could be found at the attribute specified for `name`, | |||||
# the full name is determined using the attributes specified for | |||||
# `first_name` and `last_name`. | |||||
name: 'cn' | |||||
first_name: 'givenName' | |||||
last_name: 'sn' | |||||
# GitLab EE only: add more LDAP servers | |||||
# Choose an ID made of a-z and 0-9 . This ID will be stored in the database | |||||
# so that GitLab can remember which LDAP server a user belongs to. | |||||
# uswest2: | |||||
# label: | |||||
# host: | |||||
# .... | |||||
## OmniAuth settings | |||||
omniauth: | |||||
# Allow login via Twitter, Google, etc. using OmniAuth providers | |||||
enabled: false | |||||
# Uncomment this to automatically sign in with a specific omniauth provider's without | |||||
# showing GitLab's sign-in page (default: show the GitLab sign-in page) | |||||
# auto_sign_in_with_provider: saml | |||||
# CAUTION! | |||||
# This allows users to login without having a user account first (default: false). | |||||
# User accounts will be created automatically when authentication was successful. | |||||
allow_single_sign_on: false | |||||
# Locks down those users until they have been cleared by the admin (default: true). | |||||
block_auto_created_users: true | |||||
# Look up new users in LDAP servers. If a match is found (same uid), automatically | |||||
# link the omniauth identity with the LDAP account. (default: false) | |||||
auto_link_ldap_user: false | |||||
## Auth providers | |||||
# Uncomment the following lines and fill in the data of the auth provider you want to use | |||||
# If your favorite auth provider is not listed you can use others: | |||||
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations | |||||
# The 'app_id' and 'app_secret' parameters are always passed as the first two | |||||
# arguments, followed by optional 'args' which can be either a hash or an array. | |||||
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html | |||||
providers: | |||||
# - { name: 'google_oauth2', | |||||
# label: 'Google', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET', | |||||
# args: { access_type: 'offline', approval_prompt: '' } } | |||||
# - { name: 'twitter', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET' } | |||||
# - { name: 'github', | |||||
# label: 'GitHub', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET', | |||||
# args: { scope: 'user:email' } } | |||||
# - { name: 'gitlab', | |||||
# label: 'GitLab.com', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET', | |||||
# args: { scope: 'api' } } | |||||
# - { name: 'bitbucket', | |||||
# app_id: 'YOUR_APP_ID', | |||||
# app_secret: 'YOUR_APP_SECRET' } | |||||
# - { name: 'saml', | |||||
# label: 'Our SAML Provider', | |||||
# args: { | |||||
# assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', | |||||
# idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', | |||||
# idp_sso_target_url: 'https://login.example.com/idp', | |||||
# issuer: 'https://gitlab.example.com', | |||||
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' | |||||
# } } | |||||
# - { name: 'crowd', | |||||
# args: { | |||||
# crowd_server_url: 'CROWD SERVER URL', | |||||
# application_name: 'YOUR_APP_NAME', | |||||
# application_password: 'YOUR_APP_PASSWORD' } } | |||||
# | |||||
# 4. Advanced settings | |||||
# ========================== | |||||
# GitLab Satellites | |||||
satellites: | |||||
# Relative paths are relative to Rails.root (default: tmp/repo_satellites/) | |||||
path: /home/git/gitlab-satellites/ | |||||
timeout: 30 | |||||
## Backup settings | |||||
backup: | |||||
path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) | |||||
# archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600) | |||||
# keep_time: 604800 # default: 0 (forever) (in seconds) | |||||
# pg_schema: public # default: nil, it means that all schemas will be backed up | |||||
# upload: | |||||
# # Fog storage connection settings, see http://fog.io/storage/ . | |||||
# connection: | |||||
# provider: AWS | |||||
# region: eu-west-1 | |||||
# aws_access_key_id: AKIAKIAKI | |||||
# aws_secret_access_key: 'secret123' | |||||
# # The remote 'directory' to store your backups. For S3, this would be the bucket name. | |||||
# remote_directory: 'my.s3.bucket' | |||||
# # Use multipart uploads when file size reaches 100MB, see | |||||
# # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html | |||||
# multipart_chunk_size: 104857600 | |||||
## GitLab Shell settings | |||||
gitlab_shell: | |||||
path: /usr/share/gitlab-shell/ | |||||
# REPOS_PATH MUST NOT BE A SYMLINK!!! | |||||
repos_path: /var/lib/gitlab/repositories/ | |||||
hooks_path: /usr/share/gitlab-shell/hooks/ | |||||
# File that contains the secret key for verifying access for gitlab-shell. | |||||
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). | |||||
secret_file: /var/lib/gitlab/.gitlab_shell_secret | |||||
# Git over HTTP | |||||
upload_pack: true | |||||
receive_pack: true | |||||
# If you use non-standard ssh port you need to specify it | |||||
# ssh_port: 22 | |||||
## Git settings | |||||
# CAUTION! | |||||
# Use the default values unless you really know what you are doing | |||||
git: | |||||
bin_path: /usr/bin/git | |||||
# The next value is the maximum memory size grit can use | |||||
# Given in number of bytes per git object (e.g. a commit) | |||||
# This value can be increased if you have very large commits | |||||
max_size: 20971520 # 20.megabytes | |||||
# Git timeout to read a commit, in seconds | |||||
timeout: 10 | |||||
# | |||||
# 5. Extra customization | |||||
# ========================== | |||||
extra: | |||||
## Google analytics. Uncomment if you want it | |||||
# google_analytics_id: '_your_tracking_id' | |||||
## Piwik analytics. | |||||
# piwik_url: '_your_piwik_url' | |||||
# piwik_site_id: '_your_piwik_site_id' | |||||
rack_attack: | |||||
git_basic_auth: | |||||
# Rack Attack IP banning enabled | |||||
# enabled: true | |||||
# | |||||
# Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers | |||||
# ip_whitelist: ["127.0.0.1"] | |||||
# | |||||
# Limit the number of Git HTTP authentication attempts per IP | |||||
# maxretry: 10 | |||||
# | |||||
# Reset the auth attempt counter per IP after 60 seconds | |||||
# findtime: 60 | |||||
# | |||||
# Ban an IP for one hour (3600s) after too many auth attempts | |||||
# bantime: 3600 | |||||
development: | |||||
<<: *base | |||||
test: | |||||
<<: *base | |||||
gravatar: | |||||
enabled: true | |||||
gitlab: | |||||
host: localhost | |||||
port: 80 | |||||
# When you run tests we clone and setup gitlab-shell | |||||
# In order to setup it correctly you need to specify | |||||
# your system username you use to run GitLab | |||||
user: gitlab | |||||
email_from: example@example.com | |||||
email_display_name: GitLab | |||||
email_reply_to: noreply@example.com | |||||
satellites: | |||||
path: tmp/tests/gitlab-satellites/ | |||||
backup: | |||||
path: tmp/tests/backups | |||||
gitlab_shell: | |||||
path: /usr/share/gitlab-shell/ | |||||
repos_path: tmp/tests/repositories/ | |||||
hooks_path: /usr/share/gitlab-shell/hooks/ | |||||
secret_file: tmp/tests/gitlab-shell/.gitlab_shell_secret | |||||
issues_tracker: | |||||
redmine: | |||||
title: "Redmine" | |||||
project_url: "http://redmine/projects/:issues_tracker_id" | |||||
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" | |||||
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" | |||||
ldap: | |||||
enabled: false | |||||
servers: | |||||
main: | |||||
label: ldap | |||||
host: 127.0.0.1 | |||||
port: 3890 | |||||
uid: 'uid' | |||||
method: 'plain' # "tls" or "ssl" or "plain" | |||||
base: 'dc=example,dc=com' | |||||
user_filter: '' | |||||
group_base: 'ou=groups,dc=example,dc=com' | |||||
admin_group: '' | |||||
sync_ssh_keys: false | |||||
staging: | |||||
<<: *base |
@ -1,40 +0,0 @@ | |||||
external_url 'http://projects.lilik.it' | |||||
gitlab_rails['gitlab_default_projects_features_issues'] = true | |||||
gitlab_rails['gitlab_default_projects_features_wiki'] = true | |||||
gitlab_rails['gitlab_default_projects_features_snippets'] = true | |||||
gitlab_rails['ldap_enabled'] = true | |||||
gitlab_rails['ldap_servers'] = YAML.load <<-EOS | |||||
main: | |||||
label: 'LDAP' | |||||
host: 'ldap2.lilik.it' | |||||
port: 389 | |||||
uid: 'mail' | |||||
method: 'plain' | |||||
base: 'vd=lilik.it,o=hosting,dc=lilik,dc=it' | |||||
user_filter: '(memberOf=cn=projects,o=Group,dc=lilik,dc=it)' | |||||
attributes: | |||||
username: ['uid', 'userid', 'sAMAccountName'] | |||||
email: ['mail', 'email', 'userPrincipalName'] | |||||
name: 'cn' | |||||
first_name: 'givenName' | |||||
last_name: 'sn' | |||||
EOS | |||||
gitlab_rails['gitlab_shell_ssh_port'] = 8082 | |||||
gitlab_rails['smtp_enable'] = true | |||||
gitlab_rails['smtp_address'] = "mail.lilik.it" | |||||
gitlab_rails['smtp_port'] = 25 | |||||
unicorn['worker_processes'] = 1 # default is 2 | |||||
gitlab_workhorse['listen_network'] = "tcp" | |||||
gitlab_workhorse['listen_addr'] = "localhost:8181" | |||||
gitlab_rails['db_adapter'] = "postgresql" | |||||
gitlab_rails['db_encoding'] = 'utf8' | |||||
gitlab_rails['db_username'] = "gitlab-psql" | |||||
gitlab_rails['db_host'] = nil | |||||
gitlab_rails['db_socket'] = "/var/run/postgresql/" | |||||
gitlab_rails['db_port'] = nil | |||||
postgresql['enable'] = false | |||||
nginx['enable'] = false |
@ -0,0 +1,24 @@ | |||||
gitlab_rails['gitlab_shell_ssh_port'] = 8082 | |||||
gitlab_rails['smtp_enable'] = true | |||||
gitlab_rails['smtp_address'] = "mail.lilik.it" | |||||
gitlab_rails['smtp_port'] = 25 | |||||
ldap: | |||||
enabled: false | |||||
servers: | |||||
main: | |||||
label: 'LDAP' | |||||
host: 'ldap2.lilik.it' | |||||
port: 389 | |||||
uid: 'mail' | |||||
method: 'plain' | |||||
base: 'vd=lilik.it,o=hosting,dc=lilik,dc=it' | |||||
user_filter: '(memberOf=cn=projects,o=Group,dc=lilik,dc=it)' | |||||
attributes: | |||||
username: ['uid', 'userid', 'sAMAccountName'] | |||||
email: ['mail', 'email', 'userPrincipalName'] | |||||
name: 'cn' | |||||
first_name: 'givenName' | |||||
last_name: 'sn' | |||||
group_base: 'cn=projects,o=Group,dc=lilik,dc=it' | |||||
admin_group: 'admin' |
@ -1,2 +0,0 @@ | |||||
config_names: | |||||
- gitlab |