diff --git a/playbooks/gitlab.yml b/playbooks/gitlab.yml
deleted file mode 100644
index 6eff130..0000000
--- a/playbooks/gitlab.yml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-# Infrastructure
-# Ansible instructions to deploy the infrastructure
-# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
-# Copyright (C) 2020 Saibotk
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-- name: Install & configure GitLab
- hosts: gitlab
- roles:
- - docker
- - docker_cleanup
- - traefik
- - gitlab
diff --git a/roles/gitlab/README.md b/roles/gitlab/README.md
deleted file mode 100644
index d433bab..0000000
--- a/roles/gitlab/README.md
+++ /dev/null
@@ -1,35 +0,0 @@
-Gitlab
-=========
-
-This will setup a Gitlab instance using their official docker container and traefik as a reverse proxy.
-
-Requirements
-------------
-
-You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
-
-**This role assumes that you have setup traefik with an endpoint called `websecure`.**
-
-Role Variables
---------------
-
-**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
-
-**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
-
-### Global variables, that are used:
-
-- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
-- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
-
-Dependencies
-------------
-
-- docker
-- docker-compose
-- traefik
-
-License
--------
-
-GPL-3.0-only
diff --git a/roles/gitlab/defaults/main.yml b/roles/gitlab/defaults/main.yml
deleted file mode 100644
index afb4305..0000000
--- a/roles/gitlab/defaults/main.yml
+++ /dev/null
@@ -1,167 +0,0 @@
----
-# Default variables for the gitlab role
-
-# Infrastructure
-# Ansible instructions to deploy the infrastructure
-# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
-# Copyright (C) 2020 Saibotk
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-# Install location settings
-gitlab_install_location: /srv/gitlab
-gitlab_data_location: "{{ gitlab_install_location }}/data"
-gitlab_config_location: "{{ gitlab_install_location }}/config"
-gitlab_log_location: "{{ gitlab_install_location }}/log"
-gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"
-
-# Put GitLab's logs in a tempfs instead to save headache with diskspace
-gitlab_log_tmpfs: false
-
-# Set the certresolver to your desired traefik certresolver.
-# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
-gitlab_traefik_certresolver: letsencrypt_http
-
-# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable
-gitlab_domain: gitlab.example.com
-gitlab_registry_domain: registry.gitlab.example.com
-
-# The Gitlab version, usually you don't need to adjust this for a host.
-# renovate: depName=gitlab/gitlab-ce
-gitlab_version: 17.5.1-ce.0
-
-# renovate: depName=docker.io/library/telegraf
-gitlab_telegraf_version: "1.26"
-
-# The port you want Gitlab to listen on for SSH connections
-gitlab_ssh_port: 22
-
-# The memory limits for the GitLab container
-#
-# Notice the gitlab_memoryswap_limit must be equal
-# or higher than the gitlab_memory_limit
-gitlab_memory_limit: "6096mb"
-gitlab_memoryswap_limit: "6352mb"
-
-# Enable or disable selinux handling
-gitlab_selinux_enabled: true
-
-# Email/SMTP settings
-gitlab_smtp_address: smtp.example.com
-gitlab_smtp_port: 465
-gitlab_smtp_user_name: "gitlab@example.com"
-gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
-gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
-gitlab_email_from: "{{ gitlab_smtp_user_name }}"
-gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"
-gitlab_smtp_starttls_auto: false
-gitlab_smtp_openssl_verify_mode: "peer"
-
-# Libravatar / Gravatar URLs
-gitlab_libravatar_plain: "cdn.libravatar.org"
-gitlab_libravatar_ssl: "seccdn.libravatar.org"
-
-# CSP settings
-gitlab_csp:
- enabled: true
- img_src: "https:"
- # yamllint disable-line rule:line-length
- # frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
- # script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
-
-# SAML settings
-gitlab_saml:
- enabled: false
- label: "SAML"
- groups_attribute: "roles"
- external_groups: "{{ gitlab_domain }}:external"
- idp_cert_fingerprint: ""
- idp_sso_target_url: "https://sso.example.com"
- idp_slo_target_url: "https://sso.example.com"
- issuer: "{{ gitlab_domain }}"
- certificate: ""
- private_key: ""
- attribute_statements:
- first_name: "first_name"
- last_name: "last_name"
- name: "name"
- username: "username"
- email: "email"
- name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- autologin: false
-
-# LDAP settings
-gitlab_ldap:
- enabled: false
- label: "LDAP"
- host: "ldap.example.com"
- port: 389
- bind_dn: "_the_full_dn_of_the_user_you_will_bind_with"
- password: "_the_password_of_the_bind_user"
- encryption: "simple_tls"
- verify_certificates: true
- uid: "sAMAccountName"
- active_directory: true
- user_filter: ""
- base: "dc=example,dc=com"
-
-# IMAP settings (for email replies to comments etc.)
-gitlab_imap:
- enabled: false
- username: "{{ gitlab_smtp_user_name }}"
- password: "{{ gitlab_smtp_password }}"
- server_address: imap.example.com
- email_address: "incoming+%{key}@gitlab.example.com"
-
-# Gitlab docker registry settings
-gitlab_registry:
- enabled: false
- # Defines the port that is appended to the registry domain used by gitlab.
- # This can be omitted, when no port is needed (eg. registry on its own domain)
- external_port: 5050
- # Defines the entrypoint that traefik should use for the registry.
- # Can be useful to use another port while still using the certificate of the main domain.
- # This can be omitted to use "websecure" by default
- traefik_entrypoint: "websecure"
-
-# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
-gitlab_telegraf:
- enabled: false
- # Your influxDB hosts
- influxdb_endpoints:
- - "influxdb.example.com"
- influxdb_username: telegraf
- influxdb_password: ""
- influxdb_retention_policy: "gitlab"
- influxdb_retention_policy_tag: ""
- # Token provided by Gitlab on the admin page
- # See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html
- metrics_token: ""
-
-# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)
-gitlab_dependency_proxy:
- enabled: false
-
-# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html)
-gitlab_packages:
- enabled: false
-
-# IPv6 ULA config for the bridge network used by docker-ipv6-nat
-gitlab_ipv6:
- enabled: false
- subnet: "fd9e:21a7:a92c:2326::/64"
-
-# Gitlab bundled Mattermost instance settings
-gitlab_mattermost:
- enabled: false
- domain: chat.gitlab.com
diff --git a/roles/gitlab/meta/main.yml b/roles/gitlab/meta/main.yml
deleted file mode 100644
index 32229a2..0000000
--- a/roles/gitlab/meta/main.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-galaxy_info:
- author: saibotk
- description: "Installs and configures GitLab via Docker."
- license: GPL-3.0-only
- min_ansible_version: "2.9"
- standalone: true
-
- platforms:
- - name: EL
- versions:
- - all
- - name: GenericUNIX
- versions:
- - all
- - name: Fedora
- versions:
- - all
- - name: opensuse
- versions:
- - all
- - name: GenericBSD
- versions:
- - all
- - name: FreeBSD
- versions:
- - all
- - name: Ubuntu
- versions:
- - all
- - name: SLES
- versions:
- - all
- - name: GenericLinux
- versions:
- - all
- - name: Debian
- versions:
- - all
-
- galaxy_tags: []
-
-dependencies:
- - role: docker
- - role: traefik
diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
deleted file mode 100644
index d0a24a4..0000000
--- a/roles/gitlab/tasks/main.yml
+++ /dev/null
@@ -1,101 +0,0 @@
----
-# Tasks file for the gitlab role
-
-# Infrastructure
-# Ansible instructions to deploy the infrastructure
-# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
-# Copyright (C) 2020 Saibotk
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-- name: Update default SELinux contexts
- community.general.sefcontext:
- target: "{{ item }}(/.*)?"
- setype: "container_file_t"
- state: present
- with_items:
- - "{{ gitlab_data_location }}"
- - "{{ gitlab_config_location }}"
- - "{{ gitlab_log_location }}"
- - "{{ gitlab_telegraf_location }}"
- tags:
- - gitlab
- when:
- - gitlab_selinux_enabled
- become: true
-
-- name: Create install directory
- ansible.builtin.file:
- path: "{{ item }}"
- state: directory
- mode: "0700"
- owner: "root"
- group: "root"
- with_items:
- - "{{ gitlab_install_location }}"
- tags:
- - gitlab
- become: true
-
-- name: Create data directory
- ansible.builtin.file: # noqa risky-file-permissions # Container manages permissions on its own
- path: "{{ item }}"
- state: directory
- owner: "root"
- group: "root"
- setype: "container_file_t"
- with_items:
- - "{{ gitlab_data_location }}"
- - "{{ gitlab_config_location }}"
- - "{{ gitlab_log_location }}"
- - "{{ gitlab_telegraf_location }}"
- tags:
- - gitlab
- become: true
-
-- name: Deploy telegraf.conf
- ansible.builtin.template:
- src: telegraf.conf
- dest: "{{ gitlab_telegraf_location }}/telegraf.conf"
- mode: "0600"
- owner: "root"
- group: "root"
- tags:
- - telegraf
- - gitlab
- become: true
- when:
- - gitlab_telegraf.enabled
-
-- name: Deploy docker-compose.yml
- ansible.builtin.template:
- src: docker-compose.yml
- dest: "{{ gitlab_install_location }}/docker-compose.yml"
- mode: "0600"
- owner: "root"
- group: "root"
- validate: docker compose -f %s config -q
- tags:
- - docker
- - gitlab
- become: true
-
-- name: Compose GitLab
- community.docker.docker_compose_v2:
- state: present
- project_src: "{{ gitlab_install_location }}"
- pull: always
- remove_orphans: true
- tags:
- - gitlab
- become: true
diff --git a/roles/gitlab/templates/docker-compose.yml b/roles/gitlab/templates/docker-compose.yml
deleted file mode 100644
index 62c02eb..0000000
--- a/roles/gitlab/templates/docker-compose.yml
+++ /dev/null
@@ -1,321 +0,0 @@
-{{ ansible_managed | comment }}
-
-# Infrastructure
-# Ansible instructions to deploy the infrastructure
-# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
-# Copyright (C) 2020 Saibotk
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, version 3 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-
-version: '2.1'
-services:
- web:
- image: docker.io/gitlab/gitlab-ce:{{ gitlab_version }}
- hostname: '{{ gitlab_domain }}'
- mem_limit: {{ gitlab_memory_limit }}
- memswap_limit: {{ gitlab_memoryswap_limit }}
- environment:
- GITLAB_OMNIBUS_CONFIG: |
- external_url 'https://{{ gitlab_domain }}'
- gitlab_rails['gitlab_shell_ssh_port'] = {{ gitlab_ssh_port }}
- letsencrypt['enable'] = false
- nginx['listen_https'] = false
- nginx['listen_port'] = 80
- nginx['real_ip_trusted_addresses'] = [ '172.16.0.0/12' ]
- nginx['gzip_enabled'] = false
-
- prometheus_monitoring['enable'] = false
-
- # CSP config
- gitlab_rails['content_security_policy'] = {
- enabled: {{ gitlab_csp.enabled | default(true) | bool | lower }},
- report_only: false,
- directives: {
- default_src: "'self' {{ gitlab_csp.default_src | default("") }}",
- script_src: "'self' {{ gitlab_csp.script_src | default("") }} 'unsafe-eval'",
- frame_ancestor: "'self'",
- frame_src: "'self' {{ gitlab_csp.frame_src | default("") }}",
- img_src: "'self' https://{{ gitlab_libravatar_ssl }} {{ gitlab_csp.img_src | default("") }} data: blob:",
- style_src: "'self' 'unsafe-inline'",
- worker_src: "'self' blob:",
- object_src: "'none'"
- }
- }
-
- # Mail settings
- gitlab_rails['smtp_enable'] = true
- gitlab_rails['smtp_address'] = "{{ gitlab_smtp_address }}"
- gitlab_rails['smtp_port'] = {{ gitlab_smtp_port }}
- gitlab_rails['smtp_user_name'] = "{{ gitlab_smtp_user_name }}"
- gitlab_rails['smtp_password'] = "{{ gitlab_smtp_password }}"
- gitlab_rails['smtp_authentication'] = "login"
- gitlab_rails['smtp_domain'] = "{{ gitlab_smtp_address }}"
- gitlab_rails['smtp_tls'] = {{ gitlab_smtp_tls | bool | lower }}
- gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab_smtp_starttls_auto | bool | lower }}
- gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab_smtp_openssl_verify_mode }}'
-
- gitlab_rails['gitlab_email_from'] = '{{ gitlab_email_from }}'
- gitlab_rails['gitlab_email_reply_to'] = '{{ gitlab_email_reply_to }}'
-
- # Use Libravatar
- gitlab_rails['gravatar_enabled'] = true
- gitlab_rails['gravatar_plain_url'] = "http://{{ gitlab_libravatar_plain }}/avatar/%{hash}?s=%{size}&d=identicon"
- gitlab_rails['gravatar_ssl_url'] = "https://{{ gitlab_libravatar_ssl }}/avatar/%{hash}?s=%{size}&d=identicon"
-
-{% if gitlab_imap.enabled %}
- gitlab_rails['incoming_email_enabled'] = true
-
- # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
- # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
- #gitlab_rails['incoming_email_address'] = "incoming+%{key}@gitlab.example.com"
- gitlab_rails['incoming_email_address'] = "{{ gitlab_imap.email_address }}"
-
- # Email account username
- # With third party providers, this is usually the full email address.
- # With self-hosted email servers, this is usually the user part of the email address.
- gitlab_rails['incoming_email_email'] = "{{ gitlab_imap.username }}"
- # Email account password
- gitlab_rails['incoming_email_password'] = "{{ gitlab_imap.password }}"
-
- # IMAP server host
- gitlab_rails['incoming_email_host'] = "{{ gitlab_imap.server_address }}"
- # IMAP server port
- gitlab_rails['incoming_email_port'] = 993
- # Whether the IMAP server uses SSL
- gitlab_rails['incoming_email_ssl'] = true
- # Whether the IMAP server uses StartTLS
- gitlab_rails['incoming_email_start_tls'] = false
-
- # The mailbox where incoming mail will end up. Usually "inbox".
- gitlab_rails['incoming_email_mailbox_name'] = "inbox"
- # The IDLE command timeout.
- gitlab_rails['incoming_email_idle_timeout'] = 60
-{% endif %}
-
-{% if gitlab_packages.enabled %}
- # Gitlab packages
- gitlab_rails['packages_enabled'] = true
-{% endif %}
-
-{% if gitlab_dependency_proxy.enabled %}
- # Gitlab dependency proxy
- gitlab_rails['dependency_proxy_enabled'] = true
-{% endif %}
-
-{% if gitlab_registry.enabled %}
- # Gitlab registry
- gitlab_rails['registry_enabled'] = true
- gitlab_rails['registry_host'] = "{{ gitlab_registry_domain }}"
- registry_external_url "https://{{ gitlab_registry_domain }}{% if gitlab_registry.external_port is defined %}:{{ gitlab_registry.external_port }}{% endif %}"
- registry_nginx['listen_port'] = 5040
- registry_nginx['listen_https'] = false
-{% endif %}
-
-{% if gitlab_mattermost.enabled %}
- # Mattermost
- mattermost_external_url 'https://{{ gitlab_mattermost.domain }}'
- mattermost_nginx['listen_port'] = 8050
- mattermost_nginx['listen_https'] = false
- mattermost['gitlab_auth_endpoint'] = "http://{{ gitlab_domain }}/oauth/authorize"
- mattermost['gitlab_token_endpoint'] = "http://{{ gitlab_domain }}/oauth/token"
- mattermost['gitlab_user_api_endpoint'] = "http://{{ gitlab_domain }}/api/v4/user"
-{% endif %}
-
-{% if gitlab_ldap.enabled %}
- gitlab_rails['ldap_enabled'] = true
- gitlab_rails['prevent_ldap_sign_in'] = false
- gitlab_rails['ldap_servers'] = {
- 'main' => {
- 'label' => '{{ gitlab_ldap.label }}',
- 'host' => '{{ gitlab_ldap.host }}',
- 'port' => {{ gitlab_ldap.port }},
- 'uid' => '{{ gitlab_ldap.uid }}',
- 'encryption' => '{{ gitlab_ldap.encryption }}',
- 'verify_certificates' => {{ gitlab_ldap.verify_certificates | bool | lower }},
- 'bind_dn' => '{{ gitlab_ldap.bind_dn }}',
- 'password' => '{{ gitlab_ldap.password }}',
- 'timeout' => 10,
- 'active_directory' => {{ gitlab_ldap.active_directory | bool | lower }},
- 'allow_username_or_email_login' => false,
- 'block_auto_created_users' => false,
- 'base' => '{{ gitlab_ldap.base }}',
- 'attributes' => {
- 'username' => ['uid', 'userid', 'sAMAccountName'],
- 'email' => ['mail', 'email', 'userPrincipalName'],
- 'name' => 'cn',
- 'first_name' => 'givenName',
- 'last_name' => 'sn'
- },
- 'lowercase_usernames' => false
- }
- }
-{% endif %}
-
-{% if gitlab_saml.enabled %}
- # SAML settings
- gitlab_rails['omniauth_enabled'] = true
- gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
- gitlab_rails['omniauth_block_auto_created_users'] = false
- gitlab_rails['omniauth_auto_link_ldap_user'] = false
- gitlab_rails['omniauth_auto_link_saml_user'] = false
- gitlab_rails['omniauth_external_providers'] = []
- gitlab_rails['omniauth_providers'] = [
- {
- name: 'saml',
- label: '{{ gitlab_saml.label }}',
- groups_attribute: '{{ gitlab_saml.groups_attribute }}',
- external_groups: ['{{ gitlab_saml.external_groups }}'],
- args: {
- assertion_consumer_service_url: 'https://{{ gitlab_domain }}/users/auth/saml/callback',
- idp_cert_fingerprint: '{{ gitlab_saml.idp_cert_fingerprint }}',
- idp_sso_target_url: '{{ gitlab_saml.idp_sso_target_url }}',
- idp_slo_target_url: '{{ gitlab_saml.idp_slo_target_url }}',
-{% if gitlab_saml.certificate is defined and gitlab_saml.private_key is defined %}
- certificate: '-----BEGIN CERTIFICATE-----
- {{ gitlab_saml.certificate }}
- -----END CERTIFICATE-----',
- private_key: '-----BEGIN RSA PRIVATE KEY-----
- {{ gitlab_saml.private_key }}
- -----END RSA PRIVATE KEY-----',
- security: {
- authn_requests_signed: true,
- want_assertions_signed: true,
- embed_sign: true,
- signature_method: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
- digest_method: 'http://www.w3.org/2001/04/xmlenc#sha256',
- },
-{% endif %}
- issuer: '{{ gitlab_saml.issuer }}',
- attribute_statements: {
- first_name: ['{{ gitlab_saml.attribute_statements.first_name }}'],
- last_name: ['{{ gitlab_saml.attribute_statements.last_name }}'],
- name: ['{{ gitlab_saml.attribute_statements.name }}'],
- username: ['{{ gitlab_saml.attribute_statements.username }}'],
- email: ['{{ gitlab_saml.attribute_statements.email }}'] },
- name_identifier_format: '{{ gitlab_saml.name_identifier_format }}',
- upstream_two_factor_authn_contexts:
- %w(
- urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
- urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
- urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN
- )
- }
- }
- ]
-{% if gitlab_saml.autologin %}
- gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
-{% endif %}
-{% endif %}
-
-{% if gitlab_log_tmpfs %}
- # Configure logging to only retain 10 log files, of 10MiB each
- # This should prevent the tmpfs from overflowing
- logging['svlogd_size'] = 10 * 1024 * 1024
- logging['svlogd_num'] = 5
- logging['logrotate_maxsize'] = 10 * 1024 * 1024
- logging['logrotate_rotate'] = 5
-{% endif %}
-
- labels:
- - "traefik.http.routers.gitlab.rule=Host(`{{ gitlab_domain }}`) && PathPrefix(`/`)"
- - "traefik.http.routers.gitlab.entrypoints=websecure"
- - "traefik.http.routers.gitlab.tls=true"
- - "traefik.http.routers.gitlab.tls.certresolver={{ gitlab_traefik_certresolver }}"
- - "traefik.http.routers.gitlab.middlewares=gitlab,compress"
- - "traefik.http.routers.gitlab.service=gitlab"
- - "traefik.http.services.gitlab.loadbalancer.server.port=80"
-
-{% if gitlab_registry.enabled %}
- - "traefik.http.routers.gitlab-registry.rule=Host(`{{ gitlab_registry_domain }}`) && PathPrefix(`/`)"
- - "traefik.http.routers.gitlab-registry.entrypoints={{ gitlab_registry.traefik_entrypoint | default('websecure') }}"
- - "traefik.http.routers.gitlab-registry.tls=true"
- - "traefik.http.routers.gitlab-registry.tls.certresolver={{ gitlab_traefik_certresolver }}"
- - "traefik.http.routers.gitlab-registry.middlewares=gitlab,compress"
- - "traefik.http.routers.gitlab-registry.service=gitlab-registry"
- - "traefik.http.services.gitlab-registry.loadbalancer.server.port=5040"
-{% endif %}
-
-{% if gitlab_mattermost.enabled %}
- - "traefik.http.routers.gitlab-mattermost.rule=Host(`{{ gitlab_mattermost.domain }}`) && PathPrefix(`/`)"
- - "traefik.http.routers.gitlab-mattermost.entrypoints=websecure"
- - "traefik.http.routers.gitlab-mattermost.tls=true"
- - "traefik.http.routers.gitlab-mattermost.tls.certresolver={{ gitlab_traefik_certresolver }}"
- - "traefik.http.routers.gitlab-mattermost.middlewares=gitlab,compress"
- - "traefik.http.routers.gitlab-mattermost.service=gitlab-mattermost"
- - "traefik.http.services.gitlab-mattermost.loadbalancer.server.port=8050"
-{% endif %}
-
- - "traefik.http.middlewares.gitlab.headers.sslredirect=true"
- - "traefik.http.middlewares.gitlab.headers.stsSeconds=63072000"
-
- - "traefik.enable=true"
-{% if proxy_network is defined %}
- - "traefik.docker.network={{ proxy_network }}"
-{% endif %}
-{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
- - "traefik.http.middlewares.gitlab.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
-{% endif %}
- volumes:
- - "{{ gitlab_data_location }}:/var/opt/gitlab"
- - "{{ gitlab_config_location }}:/etc/gitlab"
-{% if not gitlab_log_tmpfs %}
- - "{{ gitlab_log_location }}:/var/log/gitlab"
-{% endif %}
-
-
-{% if gitlab_log_tmpfs %}
- tmpfs:
- - "/var/log/gitlab:size=256M,noexec,nodev,nosuid,rw"
-{% endif %}
-
- restart: always
- ports:
- - "{{ gitlab_ssh_port }}:22"
-{% if proxy_network is defined or gitlab_ipv6 is defined and gitlab_ipv6.enabled %}
- networks:
-{% if proxy_network is defined %}
- {{ proxy_network }}:
-{% endif %}
-{% if gitlab_ipv6 is defined and gitlab_ipv6.enabled %}
- gitlab-ipv6:
-{% endif %}
-{% endif %}
-
-
-{% if gitlab_telegraf.enabled %}
- telegraf:
- image: docker.io/library/telegraf:{{ gitlab_telegraf_version }}
- restart: always
- mem_limit: 256mb
- memswap_limit: 384mb
- read_only: false # TODO: Switch to self-made container
- volumes:
- - {{ gitlab_telegraf_location }}:/etc/telegraf/:ro
-{% endif %}
-
-{% if proxy_network is defined or gitlab_ipv6 is defined and gitlab_ipv6.enabled %}
-networks:
-{% if proxy_network is defined %}
- {{ proxy_network }}:
- external: true
-{% endif %}
-{% if gitlab_ipv6 is defined and gitlab_ipv6.enabled %}
- gitlab-ipv6:
- driver: bridge
- ipam:
- driver: default
- config:
- - subnet: {{ gitlab_ipv6.subnet }}
- enable_ipv6: true
-{% endif %}
-{% endif %}
diff --git a/roles/gitlab/templates/telegraf.conf b/roles/gitlab/templates/telegraf.conf
deleted file mode 100644
index fb3e480..0000000
--- a/roles/gitlab/templates/telegraf.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-{{ ansible_managed | comment }}
-[global_tags]
-
-[agent]
- interval = "10s"
- round_interval = true
- metric_batch_size = 1000
- metric_buffer_limit = 1000000
- collection_jitter = "5s"
- flush_interval = "10s"
- flush_jitter = "5s"
- precision = ""
- hostname = "{{ ansible_fqdn }}"
- omit_hostname = false
-
-[[outputs.influxdb]]
- urls = ["https://{{ gitlab_telegraf.influxdb_endpoints | join('","https://') }}"]
- database = "telegraf"
- timeout = "5s"
- retention_policy = "{{ gitlab_telegraf.influxdb_retention_policy }}"
- retention_policy_tag = "{{ gitlab_telegraf.influxdb_retention_policy_tag }}"
- username = "{{ gitlab_telegraf.influxdb_username }}"
- password = "{{ gitlab_telegraf.influxdb_password }}"
-
-[[inputs.prometheus]]
- urls = ["http://{{ gitlab_domain }}/-/metrics?token={{ gitlab_telegraf.metrics_token }}"]