From a06720b7d705176575add697c25d1743d2a1acb1 Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Sun, 27 Aug 2023 16:20:46 +0200
Subject: [PATCH] gitlab: add config to control csp

This is mainly to disable CSP as a workaround, until this issue is resolved:
https://gitlab.com/gitlab-org/gitlab/-/issues/422936
---
 roles/gitlab/defaults/main.yml            | 9 +++++----
 roles/gitlab/templates/docker-compose.yml | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/roles/gitlab/defaults/main.yml b/roles/gitlab/defaults/main.yml
index 6508a1c..71acd23 100644
--- a/roles/gitlab/defaults/main.yml
+++ b/roles/gitlab/defaults/main.yml
@@ -59,9 +59,9 @@ gitlab_selinux_enabled: true
 # Email/SMTP settings
 gitlab_smtp_address: smtp.example.com
 gitlab_smtp_port: 465
-gitlab_smtp_user_name: 'gitlab@example.com'
+gitlab_smtp_user_name: "gitlab@example.com"
 gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
-gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}"  # There was a typo in the config option name, this makes sure it's falling back properly
+gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
 gitlab_email_from: "{{ gitlab_smtp_user_name }}"
 gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"
 gitlab_smtp_starttls_auto: false
@@ -73,7 +73,8 @@ gitlab_libravatar_ssl: "seccdn.libravatar.org"
 
 # CSP settings
 gitlab_csp:
-  img_src: 'https:'
+  enabled: true
+  img_src: "https:"
   # yamllint disable-line rule:line-length
   # frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
   # script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
@@ -120,7 +121,7 @@ gitlab_imap:
   username: "{{ gitlab_smtp_user_name }}"
   password: "{{ gitlab_smtp_password }}"
   server_address: imap.example.com
-  email_address: 'incoming+%{key}@gitlab.example.com'
+  email_address: "incoming+%{key}@gitlab.example.com"
 
 # Gitlab docker registry settings
 gitlab_registry:
diff --git a/roles/gitlab/templates/docker-compose.yml b/roles/gitlab/templates/docker-compose.yml
index 27bbdc7..022649b 100644
--- a/roles/gitlab/templates/docker-compose.yml
+++ b/roles/gitlab/templates/docker-compose.yml
@@ -38,7 +38,7 @@ services:
 
         # CSP config
         gitlab_rails['content_security_policy'] = {
-            enabled: true,
+            enabled: {{ gitlab_csp.enabled | default(true) }},
             report_only: false,
             directives: {
               default_src: "'self' {{ gitlab_csp.default_src | default("") }}",