saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity

gitlab: add config to control csp

Browse source 
This is mainly to disable CSP as a workaround, until this issue is resolved:
https://gitlab.com/gitlab-org/gitlab/-/issues/422936
This commit is contained in:
saibotk 2023-08-27 16:20:46 +02:00
parent 919b282898
commit a06720b7d7
Signed by: saibotk
GPG key ID: 67585F0065E261D5
2 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
roles/gitlab/defaults/main.yml
View file

@ -59,9 +59,9 @@ gitlab_selinux_enabled: true
# Email/SMTP settings
gitlab_smtp_address: smtp.example.com
gitlab_smtp_port: 465
gitlab_smtp_user_name: 'gitlab@example.com'
gitlab_smtp_user_name: "gitlab@example.com"
gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_email_from: "{{ gitlab_smtp_user_name }}"
gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"
gitlab_smtp_starttls_auto: false
@ -73,7 +73,8 @@ gitlab_libravatar_ssl: "seccdn.libravatar.org"
# CSP settings
gitlab_csp:
img_src: 'https:'
enabled: true
img_src: "https:"
# yamllint disable-line rule:line-length
# frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
# script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
@ -120,7 +121,7 @@ gitlab_imap:
username: "{{ gitlab_smtp_user_name }}"
password: "{{ gitlab_smtp_password }}"
server_address: imap.example.com
email_address: 'incoming+%{key}@gitlab.example.com'
email_address: "incoming+%{key}@gitlab.example.com"
# Gitlab docker registry settings
gitlab_registry:

2
roles/gitlab/templates/docker-compose.yml
View file

@ -38,7 +38,7 @@ services:
# CSP config
gitlab_rails['content_security_policy'] = {
enabled: true,
enabled: {{ gitlab_csp.enabled | default(true) }},
report_only: false,
directives: {
default_src: "'self' {{ gitlab_csp.default_src | default("") }}",