infrastructure/roles/gitlab/defaults/main.yml

---
# Default variables for the gitlab role

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Install location settings
gitlab_install_location: /srv/gitlab
gitlab_data_location: "{{ gitlab_install_location }}/data"
gitlab_config_location: "{{ gitlab_install_location }}/config"
gitlab_log_location: "{{ gitlab_install_location }}/log"
gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"

# Put GitLab's logs in a tempfs instead to save headache with diskspace
gitlab_log_tmpfs: false

# Set the certresolver to your desired traefik certresolver.
# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
gitlab_traefik_certresolver: letsencrypt_http

# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable
gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.gitlab.example.com

# The Gitlab version, usually you don't need to adjust this for a host.
# renovate: depName=gitlab/gitlab-ce
gitlab_version: 14.1.3-ce.0

# renovate: depName=docker.io/library/telegraf
gitlab_telegraf_version: "1.19"

# The port you want Gitlab to listen on for SSH connections
gitlab_ssh_port: 22

# The memory limits for the GitLab container
#
# Notice the gitlab_memoryswap_limit must be equal
# or higher than the gitlab_memory_limit
gitlab_memory_limit: "4096mb"
gitlab_memoryswap_limit: "4352mb"

# Email/SMTP settings
gitlab_smtp_address: smtp.example.com
gitlab_smtp_port: 465
gitlab_smtp_user_name: 'gitlab@example.com'
gitlab_smtp_password: "{{ lookup('passwordstore',  gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_email_from: "{{ gitlab_smtp_user_name }}"
gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"

# Libravatar / Gravatar URLs
gitlab_libravatar_plain: "cdn.libravatar.org"
gitlab_libravatar_ssl: "seccdn.libravatar.org"

# CSP settings
gitlab_csp:
  img_src: 'https:'
  #frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
  #script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"

# SAML settings
# gitlab_saml:
#   label: "SAML"
#   groups_attribute: "roles"
#   external_groups: "{{ gitlab_domain }}:external"
#   idp_cert_fingerprint: "<to be set>"
#   idp_sso_target_url: "https://sso.example.com"
#   idp_slo_target_url: "https://sso.example.com"
#   issuer: "{{ gitlab_domain }}"
#   certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"
#   private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"
#   attribute_statements:
#     first_name: "first_name"
#     last_name: "last_name"
#     name: "name"
#     username: "username"
#     email: "email"
#   name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
#   autologin: false

# IMAP settings (for email replies to comments etc.)
# gitlab_imap:
#   username: "{{ gitlab_smtp_user_name }}"
#   password: "{{ gitlab_smtp_password }}"
#   server_address: imap.example.com
#   email_address: 'incoming+%{key}@gitlab.example.com'

# Gitlab docker registry settings
gitlab_registry:
  enabled: false
  # external_port: 5050 # Defines the port that is appended to the registry domain used by gitlab.
  # traefik_entrypoint: "websecure" # Defines the entrypoint that traefik should use for the registry. Can be useful to use another port while still using the certificate of the domain.

# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
gitlab_telegraf:
  enabled: false
  # Your influxDB hosts
  influxdb_endpoints:
    - "influxdb.example.com"
  influxdb_username: telegraf
  influxdb_password: ""
  influxdb_retention_policy: "gitlab"
  influxdb_retention_policy_tag: ""
  # Token provided by Gitlab on the admin page
  # See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html
  metrics_token: ""

# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)
gitlab_dependency_proxy:
  enabled: false

# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html)
gitlab_packages:
  enabled: false

# IPv6 ULA config for the bridge network used by docker-ipv6-nat
gitlab_ipv6:
  enabled: false
  subnet: "fd9e:21a7:a92c:2326::/64"
Initial commit 2020-08-10 01:37:13 +02:00			`---`
			`# Default variables for the gitlab role`

			`# Infrastructure`
			`# Ansible instructions to deploy the infrastructure`
			`# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern`
			`# Copyright (C) 2020 Saibotk`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, version 3 of the License.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`# Install location settings`
			`gitlab_install_location: /srv/gitlab`
			`gitlab_data_location: "{{ gitlab_install_location }}/data"`
			`gitlab_config_location: "{{ gitlab_install_location }}/config"`
			`gitlab_log_location: "{{ gitlab_install_location }}/log"`
gitlab: Add telegraf integration This patch adds a telegraf client to the gitlab role, that can be activated by defining `gitlab_telegraf`. It allows to collect all prometheus metric with telegraf and store them in influxDB. This is an experimental feature. Authored by: Sheogorath Co-authored-by: Sheogorath <sheogorath@shivering-isles.com> 2021-03-28 02:41:26 +01:00			`gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"`
Initial commit 2020-08-10 01:37:13 +02:00
gitlab: Add option to use a tmpfs instead of log bindmount This patch will provide a new config option `gitlab_log_tmpfs` to configure the docker container to setup a tmpfs instead of the bindmount for the log directory of GitLab. This should solve all headache around logs clogging up the disk but might just trades it against memory problems. So far the test-run looks good, but time will tell if it is a sufficent solution. 2021-01-30 20:16:49 +01:00			`# Put GitLab's logs in a tempfs instead to save headache with diskspace`
			`gitlab_log_tmpfs: false`

Initial commit 2020-08-10 01:37:13 +02:00			`# Set the certresolver to your desired traefik certresolver.`
			# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
			`gitlab_traefik_certresolver: letsencrypt_http`

			`# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable`
			`gitlab_domain: gitlab.example.com`
			`gitlab_registry_domain: registry.gitlab.example.com`

			`# The Gitlab version, usually you don't need to adjust this for a host.`
gitlab: Add automated upgrades via renovate 2020-10-12 21:10:12 +02:00			`# renovate: depName=gitlab/gitlab-ce`
automation: Update gitlab Docker tag to v14.1.3 2021-08-17 20:11:12 +00:00			`gitlab_version: 14.1.3-ce.0`
Initial commit 2020-08-10 01:37:13 +02:00
gitlab: Add telegraf integration This patch adds a telegraf client to the gitlab role, that can be activated by defining `gitlab_telegraf`. It allows to collect all prometheus metric with telegraf and store them in influxDB. This is an experimental feature. Authored by: Sheogorath Co-authored-by: Sheogorath <sheogorath@shivering-isles.com> 2021-03-28 02:41:26 +01:00			`# renovate: depName=docker.io/library/telegraf`
automation: Update gitlab-telegraf Docker tag to v1.19 2021-06-25 00:07:59 +00:00			`gitlab_telegraf_version: "1.19"`
gitlab: Add telegraf integration This patch adds a telegraf client to the gitlab role, that can be activated by defining `gitlab_telegraf`. It allows to collect all prometheus metric with telegraf and store them in influxDB. This is an experimental feature. Authored by: Sheogorath Co-authored-by: Sheogorath <sheogorath@shivering-isles.com> 2021-03-28 02:41:26 +01:00
Initial commit 2020-08-10 01:37:13 +02:00			`# The port you want Gitlab to listen on for SSH connections`
			`gitlab_ssh_port: 22`

gitlab: Make memory limits configurable This patch adds two new variables to the gitlab playbook, making the memory limits of the container configurable and this way easier to adjust to one's needs. 2021-02-13 16:47:30 +01:00			`# The memory limits for the GitLab container`
			`#`
			`# Notice the gitlab_memoryswap_limit must be equal`
			`# or higher than the gitlab_memory_limit`
			`gitlab_memory_limit: "4096mb"`
			`gitlab_memoryswap_limit: "4352mb"`

Initial commit 2020-08-10 01:37:13 +02:00			`# Email/SMTP settings`
			`gitlab_smtp_address: smtp.example.com`
			`gitlab_smtp_port: 465`
			`gitlab_smtp_user_name: 'gitlab@example.com'`
			`gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"`
			`gitlab_smtp_tls: "{{ gitlab_snmp_tls \| default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly`
			`gitlab_email_from: "{{ gitlab_smtp_user_name }}"`
			`gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"`

			`# Libravatar / Gravatar URLs`
			`gitlab_libravatar_plain: "cdn.libravatar.org"`
			`gitlab_libravatar_ssl: "seccdn.libravatar.org"`

			`# CSP settings`
			`gitlab_csp:`
			`img_src: 'https:'`
			`#frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"`
			`#script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"`

			`# SAML settings`
			`# gitlab_saml:`
			`# label: "SAML"`
			`# groups_attribute: "roles"`
			`# external_groups: "{{ gitlab_domain }}:external"`
			`# idp_cert_fingerprint: "<to be set>"`
			`# idp_sso_target_url: "https://sso.example.com"`
			`# idp_slo_target_url: "https://sso.example.com"`
			`# issuer: "{{ gitlab_domain }}"`
			`# certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"`
			`# private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"`
			`# attribute_statements:`
			`# first_name: "first_name"`
			`# last_name: "last_name"`
			`# name: "name"`
			`# username: "username"`
			`# email: "email"`
			`# name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`
			`# autologin: false`

			`# IMAP settings (for email replies to comments etc.)`
			`# gitlab_imap:`
			`# username: "{{ gitlab_smtp_user_name }}"`
			`# password: "{{ gitlab_smtp_password }}"`
			`# server_address: imap.example.com`
			`# email_address: 'incoming+%{key}@gitlab.example.com'`

			`# Gitlab docker registry settings`
			`gitlab_registry:`
			`enabled: false`
gitlab: Add options for port and entrypoint to registry config This patch enables users to customize the entrypoint and port that is shown for external access (only supplied so gitlab can still show valid registry links). 2021-08-15 23:57:13 +02:00			`# external_port: 5050 # Defines the port that is appended to the registry domain used by gitlab.`
			`# traefik_entrypoint: "websecure" # Defines the entrypoint that traefik should use for the registry. Can be useful to use another port while still using the certificate of the domain.`
Initial commit 2020-08-10 01:37:13 +02:00
gitlab: Add telegraf integration This patch adds a telegraf client to the gitlab role, that can be activated by defining `gitlab_telegraf`. It allows to collect all prometheus metric with telegraf and store them in influxDB. This is an experimental feature. Authored by: Sheogorath Co-authored-by: Sheogorath <sheogorath@shivering-isles.com> 2021-03-28 02:41:26 +01:00			`# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab`
			`gitlab_telegraf:`
			`enabled: false`
			`# Your influxDB hosts`
			`influxdb_endpoints:`
			`- "influxdb.example.com"`
			`influxdb_username: telegraf`
			`influxdb_password: ""`
			`influxdb_retention_policy: "gitlab"`
			`influxdb_retention_policy_tag: ""`
			`# Token provided by Gitlab on the admin page`
			`# See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html`
			`metrics_token: ""`

gitlab: Add dependency proxy feature config 2021-03-17 03:09:11 +01:00			`# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)`
			`gitlab_dependency_proxy:`
			`enabled: false`

gitlab: Add setting to enable packages feature 2020-08-23 12:01:00 +02:00			`# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html)`
			`gitlab_packages:`
			`enabled: false`

Initial commit 2020-08-10 01:37:13 +02:00			`# IPv6 ULA config for the bridge network used by docker-ipv6-nat`
			`gitlab_ipv6:`
			`enabled: false`
			`subnet: "fd9e:21a7:a92c:2326::/64"`