From aa576bf5bcc982f3300a56d32e9b14f38d51f0f5 Mon Sep 17 00:00:00 2001 From: Saibotk Date: Mon, 20 Jan 2025 00:26:44 +0100 Subject: [PATCH] remove!(gitlab): unused --- playbooks/gitlab.yml | 25 -- roles/gitlab/README.md | 35 --- roles/gitlab/defaults/main.yml | 167 ----------- roles/gitlab/meta/main.yml | 44 --- roles/gitlab/tasks/main.yml | 101 ------- roles/gitlab/templates/docker-compose.yml | 321 ---------------------- roles/gitlab/templates/telegraf.conf | 26 -- 7 files changed, 719 deletions(-) delete mode 100644 playbooks/gitlab.yml delete mode 100644 roles/gitlab/README.md delete mode 100644 roles/gitlab/defaults/main.yml delete mode 100644 roles/gitlab/meta/main.yml delete mode 100644 roles/gitlab/tasks/main.yml delete mode 100644 roles/gitlab/templates/docker-compose.yml delete mode 100644 roles/gitlab/templates/telegraf.conf diff --git a/playbooks/gitlab.yml b/playbooks/gitlab.yml deleted file mode 100644 index 6eff130..0000000 --- a/playbooks/gitlab.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -- name: Install & configure GitLab - hosts: gitlab - roles: - - docker - - docker_cleanup - - traefik - - gitlab diff --git a/roles/gitlab/README.md b/roles/gitlab/README.md deleted file mode 100644 index d433bab..0000000 --- a/roles/gitlab/README.md +++ /dev/null @@ -1,35 +0,0 @@ -Gitlab -========= - -This will setup a Gitlab instance using their official docker container and traefik as a reverse proxy. - -Requirements ------------- - -You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles. - -**This role assumes that you have setup traefik with an endpoint called `websecure`.** - -Role Variables --------------- - -**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.** - -**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!** - -### Global variables, that are used: - -- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional) -- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional) - -Dependencies ------------- - -- docker -- docker-compose -- traefik - -License -------- - -GPL-3.0-only diff --git a/roles/gitlab/defaults/main.yml b/roles/gitlab/defaults/main.yml deleted file mode 100644 index afb4305..0000000 --- a/roles/gitlab/defaults/main.yml +++ /dev/null @@ -1,167 +0,0 @@ ---- -# Default variables for the gitlab role - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -# Install location settings -gitlab_install_location: /srv/gitlab -gitlab_data_location: "{{ gitlab_install_location }}/data" -gitlab_config_location: "{{ gitlab_install_location }}/config" -gitlab_log_location: "{{ gitlab_install_location }}/log" -gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf" - -# Put GitLab's logs in a tempfs instead to save headache with diskspace -gitlab_log_tmpfs: false - -# Set the certresolver to your desired traefik certresolver. -# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup -gitlab_traefik_certresolver: letsencrypt_http - -# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable -gitlab_domain: gitlab.example.com -gitlab_registry_domain: registry.gitlab.example.com - -# The Gitlab version, usually you don't need to adjust this for a host. -# renovate: depName=gitlab/gitlab-ce -gitlab_version: 17.5.1-ce.0 - -# renovate: depName=docker.io/library/telegraf -gitlab_telegraf_version: "1.26" - -# The port you want Gitlab to listen on for SSH connections -gitlab_ssh_port: 22 - -# The memory limits for the GitLab container -# -# Notice the gitlab_memoryswap_limit must be equal -# or higher than the gitlab_memory_limit -gitlab_memory_limit: "6096mb" -gitlab_memoryswap_limit: "6352mb" - -# Enable or disable selinux handling -gitlab_selinux_enabled: true - -# Email/SMTP settings -gitlab_smtp_address: smtp.example.com -gitlab_smtp_port: 465 -gitlab_smtp_user_name: "gitlab@example.com" -gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}" -gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly -gitlab_email_from: "{{ gitlab_smtp_user_name }}" -gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}" -gitlab_smtp_starttls_auto: false -gitlab_smtp_openssl_verify_mode: "peer" - -# Libravatar / Gravatar URLs -gitlab_libravatar_plain: "cdn.libravatar.org" -gitlab_libravatar_ssl: "seccdn.libravatar.org" - -# CSP settings -gitlab_csp: - enabled: true - img_src: "https:" - # yamllint disable-line rule:line-length - # frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com" - # script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com" - -# SAML settings -gitlab_saml: - enabled: false - label: "SAML" - groups_attribute: "roles" - external_groups: "{{ gitlab_domain }}:external" - idp_cert_fingerprint: "" - idp_sso_target_url: "https://sso.example.com" - idp_slo_target_url: "https://sso.example.com" - issuer: "{{ gitlab_domain }}" - certificate: "" - private_key: "" - attribute_statements: - first_name: "first_name" - last_name: "last_name" - name: "name" - username: "username" - email: "email" - name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - autologin: false - -# LDAP settings -gitlab_ldap: - enabled: false - label: "LDAP" - host: "ldap.example.com" - port: 389 - bind_dn: "_the_full_dn_of_the_user_you_will_bind_with" - password: "_the_password_of_the_bind_user" - encryption: "simple_tls" - verify_certificates: true - uid: "sAMAccountName" - active_directory: true - user_filter: "" - base: "dc=example,dc=com" - -# IMAP settings (for email replies to comments etc.) -gitlab_imap: - enabled: false - username: "{{ gitlab_smtp_user_name }}" - password: "{{ gitlab_smtp_password }}" - server_address: imap.example.com - email_address: "incoming+%{key}@gitlab.example.com" - -# Gitlab docker registry settings -gitlab_registry: - enabled: false - # Defines the port that is appended to the registry domain used by gitlab. - # This can be omitted, when no port is needed (eg. registry on its own domain) - external_port: 5050 - # Defines the entrypoint that traefik should use for the registry. - # Can be useful to use another port while still using the certificate of the main domain. - # This can be omitted to use "websecure" by default - traefik_entrypoint: "websecure" - -# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab -gitlab_telegraf: - enabled: false - # Your influxDB hosts - influxdb_endpoints: - - "influxdb.example.com" - influxdb_username: telegraf - influxdb_password: "" - influxdb_retention_policy: "gitlab" - influxdb_retention_policy_tag: "" - # Token provided by Gitlab on the admin page - # See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html - metrics_token: "" - -# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html) -gitlab_dependency_proxy: - enabled: false - -# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html) -gitlab_packages: - enabled: false - -# IPv6 ULA config for the bridge network used by docker-ipv6-nat -gitlab_ipv6: - enabled: false - subnet: "fd9e:21a7:a92c:2326::/64" - -# Gitlab bundled Mattermost instance settings -gitlab_mattermost: - enabled: false - domain: chat.gitlab.com diff --git a/roles/gitlab/meta/main.yml b/roles/gitlab/meta/main.yml deleted file mode 100644 index 32229a2..0000000 --- a/roles/gitlab/meta/main.yml +++ /dev/null @@ -1,44 +0,0 @@ -galaxy_info: - author: saibotk - description: "Installs and configures GitLab via Docker." - license: GPL-3.0-only - min_ansible_version: "2.9" - standalone: true - - platforms: - - name: EL - versions: - - all - - name: GenericUNIX - versions: - - all - - name: Fedora - versions: - - all - - name: opensuse - versions: - - all - - name: GenericBSD - versions: - - all - - name: FreeBSD - versions: - - all - - name: Ubuntu - versions: - - all - - name: SLES - versions: - - all - - name: GenericLinux - versions: - - all - - name: Debian - versions: - - all - - galaxy_tags: [] - -dependencies: - - role: docker - - role: traefik diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml deleted file mode 100644 index d0a24a4..0000000 --- a/roles/gitlab/tasks/main.yml +++ /dev/null @@ -1,101 +0,0 @@ ---- -# Tasks file for the gitlab role - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -- name: Update default SELinux contexts - community.general.sefcontext: - target: "{{ item }}(/.*)?" - setype: "container_file_t" - state: present - with_items: - - "{{ gitlab_data_location }}" - - "{{ gitlab_config_location }}" - - "{{ gitlab_log_location }}" - - "{{ gitlab_telegraf_location }}" - tags: - - gitlab - when: - - gitlab_selinux_enabled - become: true - -- name: Create install directory - ansible.builtin.file: - path: "{{ item }}" - state: directory - mode: "0700" - owner: "root" - group: "root" - with_items: - - "{{ gitlab_install_location }}" - tags: - - gitlab - become: true - -- name: Create data directory - ansible.builtin.file: # noqa risky-file-permissions # Container manages permissions on its own - path: "{{ item }}" - state: directory - owner: "root" - group: "root" - setype: "container_file_t" - with_items: - - "{{ gitlab_data_location }}" - - "{{ gitlab_config_location }}" - - "{{ gitlab_log_location }}" - - "{{ gitlab_telegraf_location }}" - tags: - - gitlab - become: true - -- name: Deploy telegraf.conf - ansible.builtin.template: - src: telegraf.conf - dest: "{{ gitlab_telegraf_location }}/telegraf.conf" - mode: "0600" - owner: "root" - group: "root" - tags: - - telegraf - - gitlab - become: true - when: - - gitlab_telegraf.enabled - -- name: Deploy docker-compose.yml - ansible.builtin.template: - src: docker-compose.yml - dest: "{{ gitlab_install_location }}/docker-compose.yml" - mode: "0600" - owner: "root" - group: "root" - validate: docker compose -f %s config -q - tags: - - docker - - gitlab - become: true - -- name: Compose GitLab - community.docker.docker_compose_v2: - state: present - project_src: "{{ gitlab_install_location }}" - pull: always - remove_orphans: true - tags: - - gitlab - become: true diff --git a/roles/gitlab/templates/docker-compose.yml b/roles/gitlab/templates/docker-compose.yml deleted file mode 100644 index 62c02eb..0000000 --- a/roles/gitlab/templates/docker-compose.yml +++ /dev/null @@ -1,321 +0,0 @@ -{{ ansible_managed | comment }} - -# Infrastructure -# Ansible instructions to deploy the infrastructure -# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern -# Copyright (C) 2020 Saibotk -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, version 3 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -version: '2.1' -services: - web: - image: docker.io/gitlab/gitlab-ce:{{ gitlab_version }} - hostname: '{{ gitlab_domain }}' - mem_limit: {{ gitlab_memory_limit }} - memswap_limit: {{ gitlab_memoryswap_limit }} - environment: - GITLAB_OMNIBUS_CONFIG: | - external_url 'https://{{ gitlab_domain }}' - gitlab_rails['gitlab_shell_ssh_port'] = {{ gitlab_ssh_port }} - letsencrypt['enable'] = false - nginx['listen_https'] = false - nginx['listen_port'] = 80 - nginx['real_ip_trusted_addresses'] = [ '172.16.0.0/12' ] - nginx['gzip_enabled'] = false - - prometheus_monitoring['enable'] = false - - # CSP config - gitlab_rails['content_security_policy'] = { - enabled: {{ gitlab_csp.enabled | default(true) | bool | lower }}, - report_only: false, - directives: { - default_src: "'self' {{ gitlab_csp.default_src | default("") }}", - script_src: "'self' {{ gitlab_csp.script_src | default("") }} 'unsafe-eval'", - frame_ancestor: "'self'", - frame_src: "'self' {{ gitlab_csp.frame_src | default("") }}", - img_src: "'self' https://{{ gitlab_libravatar_ssl }} {{ gitlab_csp.img_src | default("") }} data: blob:", - style_src: "'self' 'unsafe-inline'", - worker_src: "'self' blob:", - object_src: "'none'" - } - } - - # Mail settings - gitlab_rails['smtp_enable'] = true - gitlab_rails['smtp_address'] = "{{ gitlab_smtp_address }}" - gitlab_rails['smtp_port'] = {{ gitlab_smtp_port }} - gitlab_rails['smtp_user_name'] = "{{ gitlab_smtp_user_name }}" - gitlab_rails['smtp_password'] = "{{ gitlab_smtp_password }}" - gitlab_rails['smtp_authentication'] = "login" - gitlab_rails['smtp_domain'] = "{{ gitlab_smtp_address }}" - gitlab_rails['smtp_tls'] = {{ gitlab_smtp_tls | bool | lower }} - gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab_smtp_starttls_auto | bool | lower }} - gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab_smtp_openssl_verify_mode }}' - - gitlab_rails['gitlab_email_from'] = '{{ gitlab_email_from }}' - gitlab_rails['gitlab_email_reply_to'] = '{{ gitlab_email_reply_to }}' - - # Use Libravatar - gitlab_rails['gravatar_enabled'] = true - gitlab_rails['gravatar_plain_url'] = "http://{{ gitlab_libravatar_plain }}/avatar/%{hash}?s=%{size}&d=identicon" - gitlab_rails['gravatar_ssl_url'] = "https://{{ gitlab_libravatar_ssl }}/avatar/%{hash}?s=%{size}&d=identicon" - -{% if gitlab_imap.enabled %} - gitlab_rails['incoming_email_enabled'] = true - - # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to. - # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`). - #gitlab_rails['incoming_email_address'] = "incoming+%{key}@gitlab.example.com" - gitlab_rails['incoming_email_address'] = "{{ gitlab_imap.email_address }}" - - # Email account username - # With third party providers, this is usually the full email address. - # With self-hosted email servers, this is usually the user part of the email address. - gitlab_rails['incoming_email_email'] = "{{ gitlab_imap.username }}" - # Email account password - gitlab_rails['incoming_email_password'] = "{{ gitlab_imap.password }}" - - # IMAP server host - gitlab_rails['incoming_email_host'] = "{{ gitlab_imap.server_address }}" - # IMAP server port - gitlab_rails['incoming_email_port'] = 993 - # Whether the IMAP server uses SSL - gitlab_rails['incoming_email_ssl'] = true - # Whether the IMAP server uses StartTLS - gitlab_rails['incoming_email_start_tls'] = false - - # The mailbox where incoming mail will end up. Usually "inbox". - gitlab_rails['incoming_email_mailbox_name'] = "inbox" - # The IDLE command timeout. - gitlab_rails['incoming_email_idle_timeout'] = 60 -{% endif %} - -{% if gitlab_packages.enabled %} - # Gitlab packages - gitlab_rails['packages_enabled'] = true -{% endif %} - -{% if gitlab_dependency_proxy.enabled %} - # Gitlab dependency proxy - gitlab_rails['dependency_proxy_enabled'] = true -{% endif %} - -{% if gitlab_registry.enabled %} - # Gitlab registry - gitlab_rails['registry_enabled'] = true - gitlab_rails['registry_host'] = "{{ gitlab_registry_domain }}" - registry_external_url "https://{{ gitlab_registry_domain }}{% if gitlab_registry.external_port is defined %}:{{ gitlab_registry.external_port }}{% endif %}" - registry_nginx['listen_port'] = 5040 - registry_nginx['listen_https'] = false -{% endif %} - -{% if gitlab_mattermost.enabled %} - # Mattermost - mattermost_external_url 'https://{{ gitlab_mattermost.domain }}' - mattermost_nginx['listen_port'] = 8050 - mattermost_nginx['listen_https'] = false - mattermost['gitlab_auth_endpoint'] = "http://{{ gitlab_domain }}/oauth/authorize" - mattermost['gitlab_token_endpoint'] = "http://{{ gitlab_domain }}/oauth/token" - mattermost['gitlab_user_api_endpoint'] = "http://{{ gitlab_domain }}/api/v4/user" -{% endif %} - -{% if gitlab_ldap.enabled %} - gitlab_rails['ldap_enabled'] = true - gitlab_rails['prevent_ldap_sign_in'] = false - gitlab_rails['ldap_servers'] = { - 'main' => { - 'label' => '{{ gitlab_ldap.label }}', - 'host' => '{{ gitlab_ldap.host }}', - 'port' => {{ gitlab_ldap.port }}, - 'uid' => '{{ gitlab_ldap.uid }}', - 'encryption' => '{{ gitlab_ldap.encryption }}', - 'verify_certificates' => {{ gitlab_ldap.verify_certificates | bool | lower }}, - 'bind_dn' => '{{ gitlab_ldap.bind_dn }}', - 'password' => '{{ gitlab_ldap.password }}', - 'timeout' => 10, - 'active_directory' => {{ gitlab_ldap.active_directory | bool | lower }}, - 'allow_username_or_email_login' => false, - 'block_auto_created_users' => false, - 'base' => '{{ gitlab_ldap.base }}', - 'attributes' => { - 'username' => ['uid', 'userid', 'sAMAccountName'], - 'email' => ['mail', 'email', 'userPrincipalName'], - 'name' => 'cn', - 'first_name' => 'givenName', - 'last_name' => 'sn' - }, - 'lowercase_usernames' => false - } - } -{% endif %} - -{% if gitlab_saml.enabled %} - # SAML settings - gitlab_rails['omniauth_enabled'] = true - gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] - gitlab_rails['omniauth_block_auto_created_users'] = false - gitlab_rails['omniauth_auto_link_ldap_user'] = false - gitlab_rails['omniauth_auto_link_saml_user'] = false - gitlab_rails['omniauth_external_providers'] = [] - gitlab_rails['omniauth_providers'] = [ - { - name: 'saml', - label: '{{ gitlab_saml.label }}', - groups_attribute: '{{ gitlab_saml.groups_attribute }}', - external_groups: ['{{ gitlab_saml.external_groups }}'], - args: { - assertion_consumer_service_url: 'https://{{ gitlab_domain }}/users/auth/saml/callback', - idp_cert_fingerprint: '{{ gitlab_saml.idp_cert_fingerprint }}', - idp_sso_target_url: '{{ gitlab_saml.idp_sso_target_url }}', - idp_slo_target_url: '{{ gitlab_saml.idp_slo_target_url }}', -{% if gitlab_saml.certificate is defined and gitlab_saml.private_key is defined %} - certificate: '-----BEGIN CERTIFICATE----- - {{ gitlab_saml.certificate }} - -----END CERTIFICATE-----', - private_key: '-----BEGIN RSA PRIVATE KEY----- - {{ gitlab_saml.private_key }} - -----END RSA PRIVATE KEY-----', - security: { - authn_requests_signed: true, - want_assertions_signed: true, - embed_sign: true, - signature_method: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256', - digest_method: 'http://www.w3.org/2001/04/xmlenc#sha256', - }, -{% endif %} - issuer: '{{ gitlab_saml.issuer }}', - attribute_statements: { - first_name: ['{{ gitlab_saml.attribute_statements.first_name }}'], - last_name: ['{{ gitlab_saml.attribute_statements.last_name }}'], - name: ['{{ gitlab_saml.attribute_statements.name }}'], - username: ['{{ gitlab_saml.attribute_statements.username }}'], - email: ['{{ gitlab_saml.attribute_statements.email }}'] }, - name_identifier_format: '{{ gitlab_saml.name_identifier_format }}', - upstream_two_factor_authn_contexts: - %w( - urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport - urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS - urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN - ) - } - } - ] -{% if gitlab_saml.autologin %} - gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' -{% endif %} -{% endif %} - -{% if gitlab_log_tmpfs %} - # Configure logging to only retain 10 log files, of 10MiB each - # This should prevent the tmpfs from overflowing - logging['svlogd_size'] = 10 * 1024 * 1024 - logging['svlogd_num'] = 5 - logging['logrotate_maxsize'] = 10 * 1024 * 1024 - logging['logrotate_rotate'] = 5 -{% endif %} - - labels: - - "traefik.http.routers.gitlab.rule=Host(`{{ gitlab_domain }}`) && PathPrefix(`/`)" - - "traefik.http.routers.gitlab.entrypoints=websecure" - - "traefik.http.routers.gitlab.tls=true" - - "traefik.http.routers.gitlab.tls.certresolver={{ gitlab_traefik_certresolver }}" - - "traefik.http.routers.gitlab.middlewares=gitlab,compress" - - "traefik.http.routers.gitlab.service=gitlab" - - "traefik.http.services.gitlab.loadbalancer.server.port=80" - -{% if gitlab_registry.enabled %} - - "traefik.http.routers.gitlab-registry.rule=Host(`{{ gitlab_registry_domain }}`) && PathPrefix(`/`)" - - "traefik.http.routers.gitlab-registry.entrypoints={{ gitlab_registry.traefik_entrypoint | default('websecure') }}" - - "traefik.http.routers.gitlab-registry.tls=true" - - "traefik.http.routers.gitlab-registry.tls.certresolver={{ gitlab_traefik_certresolver }}" - - "traefik.http.routers.gitlab-registry.middlewares=gitlab,compress" - - "traefik.http.routers.gitlab-registry.service=gitlab-registry" - - "traefik.http.services.gitlab-registry.loadbalancer.server.port=5040" -{% endif %} - -{% if gitlab_mattermost.enabled %} - - "traefik.http.routers.gitlab-mattermost.rule=Host(`{{ gitlab_mattermost.domain }}`) && PathPrefix(`/`)" - - "traefik.http.routers.gitlab-mattermost.entrypoints=websecure" - - "traefik.http.routers.gitlab-mattermost.tls=true" - - "traefik.http.routers.gitlab-mattermost.tls.certresolver={{ gitlab_traefik_certresolver }}" - - "traefik.http.routers.gitlab-mattermost.middlewares=gitlab,compress" - - "traefik.http.routers.gitlab-mattermost.service=gitlab-mattermost" - - "traefik.http.services.gitlab-mattermost.loadbalancer.server.port=8050" -{% endif %} - - - "traefik.http.middlewares.gitlab.headers.sslredirect=true" - - "traefik.http.middlewares.gitlab.headers.stsSeconds=63072000" - - - "traefik.enable=true" -{% if proxy_network is defined %} - - "traefik.docker.network={{ proxy_network }}" -{% endif %} -{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %} - - "traefik.http.middlewares.gitlab.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000" -{% endif %} - volumes: - - "{{ gitlab_data_location }}:/var/opt/gitlab" - - "{{ gitlab_config_location }}:/etc/gitlab" -{% if not gitlab_log_tmpfs %} - - "{{ gitlab_log_location }}:/var/log/gitlab" -{% endif %} - - -{% if gitlab_log_tmpfs %} - tmpfs: - - "/var/log/gitlab:size=256M,noexec,nodev,nosuid,rw" -{% endif %} - - restart: always - ports: - - "{{ gitlab_ssh_port }}:22" -{% if proxy_network is defined or gitlab_ipv6 is defined and gitlab_ipv6.enabled %} - networks: -{% if proxy_network is defined %} - {{ proxy_network }}: -{% endif %} -{% if gitlab_ipv6 is defined and gitlab_ipv6.enabled %} - gitlab-ipv6: -{% endif %} -{% endif %} - - -{% if gitlab_telegraf.enabled %} - telegraf: - image: docker.io/library/telegraf:{{ gitlab_telegraf_version }} - restart: always - mem_limit: 256mb - memswap_limit: 384mb - read_only: false # TODO: Switch to self-made container - volumes: - - {{ gitlab_telegraf_location }}:/etc/telegraf/:ro -{% endif %} - -{% if proxy_network is defined or gitlab_ipv6 is defined and gitlab_ipv6.enabled %} -networks: -{% if proxy_network is defined %} - {{ proxy_network }}: - external: true -{% endif %} -{% if gitlab_ipv6 is defined and gitlab_ipv6.enabled %} - gitlab-ipv6: - driver: bridge - ipam: - driver: default - config: - - subnet: {{ gitlab_ipv6.subnet }} - enable_ipv6: true -{% endif %} -{% endif %} diff --git a/roles/gitlab/templates/telegraf.conf b/roles/gitlab/templates/telegraf.conf deleted file mode 100644 index fb3e480..0000000 --- a/roles/gitlab/templates/telegraf.conf +++ /dev/null @@ -1,26 +0,0 @@ -{{ ansible_managed | comment }} -[global_tags] - -[agent] - interval = "10s" - round_interval = true - metric_batch_size = 1000 - metric_buffer_limit = 1000000 - collection_jitter = "5s" - flush_interval = "10s" - flush_jitter = "5s" - precision = "" - hostname = "{{ ansible_fqdn }}" - omit_hostname = false - -[[outputs.influxdb]] - urls = ["https://{{ gitlab_telegraf.influxdb_endpoints | join('","https://') }}"] - database = "telegraf" - timeout = "5s" - retention_policy = "{{ gitlab_telegraf.influxdb_retention_policy }}" - retention_policy_tag = "{{ gitlab_telegraf.influxdb_retention_policy_tag }}" - username = "{{ gitlab_telegraf.influxdb_username }}" - password = "{{ gitlab_telegraf.influxdb_password }}" - -[[inputs.prometheus]] - urls = ["http://{{ gitlab_domain }}/-/metrics?token={{ gitlab_telegraf.metrics_token }}"]