gitlab: Use explicit enabled flag for SAML & IMAP settings

BREAKING!

This patch consistently defines both variables and adds an explicit enabled flag to the structures.

roles/gitlab/defaults/main.yml

@@ -73,37 +73,44 @@ gitlab_csp:
   #script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
 
 # SAML settings
-# gitlab_saml:
-#   label: "SAML"
-#   groups_attribute: "roles"
-#   external_groups: "{{ gitlab_domain }}:external"
-#   idp_cert_fingerprint: "<to be set>"
-#   idp_sso_target_url: "https://sso.example.com"
-#   idp_slo_target_url: "https://sso.example.com"
-#   issuer: "{{ gitlab_domain }}"
-#   certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"
-#   private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"
-#   attribute_statements:
-#     first_name: "first_name"
-#     last_name: "last_name"
-#     name: "name"
-#     username: "username"
-#     email: "email"
-#   name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
-#   autologin: false
+gitlab_saml:
+  enabled: false
+  label: "SAML"
+  groups_attribute: "roles"
+  external_groups: "{{ gitlab_domain }}:external"
+  idp_cert_fingerprint: "<to be set>"
+  idp_sso_target_url: "https://sso.example.com"
+  idp_slo_target_url: "https://sso.example.com"
+  issuer: "{{ gitlab_domain }}"
+  certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"
+  private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"
+  attribute_statements:
+    first_name: "first_name"
+    last_name: "last_name"
+    name: "name"
+    username: "username"
+    email: "email"
+  name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+  autologin: false
 
 # IMAP settings (for email replies to comments etc.)
-# gitlab_imap:
-#   username: "{{ gitlab_smtp_user_name }}"
-#   password: "{{ gitlab_smtp_password }}"
-#   server_address: imap.example.com
-#   email_address: 'incoming+%{key}@gitlab.example.com'
+gitlab_imap:
+  enabled: false
+  username: "{{ gitlab_smtp_user_name }}"
+  password: "{{ gitlab_smtp_password }}"
+  server_address: imap.example.com
+  email_address: 'incoming+%{key}@gitlab.example.com'
 
 # Gitlab docker registry settings
 gitlab_registry:
   enabled: false
-  # external_port: 5050 # Defines the port that is appended to the registry domain used by gitlab.
-  # traefik_entrypoint: "websecure" # Defines the entrypoint that traefik should use for the registry. Can be useful to use another port while still using the certificate of the domain.
+  # Defines the port that is appended to the registry domain used by gitlab.
+  # This can be omitted, when no port is needed (eg. registry on its own domain)
+  external_port: 5050
+  # Defines the entrypoint that traefik should use for the registry.
+  # Can be useful to use another port while still using the certificate of the main domain.
+  # This can be omitted to use "websecure" by default
+  traefik_entrypoint: "websecure"
 
 # Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
 gitlab_telegraf:

roles/gitlab/templates/docker-compose.yml

@@ -71,7 +71,7 @@ services:
         gitlab_rails['gravatar_plain_url'] = "http://{{ gitlab_libravatar_plain }}/avatar/%{hash}?s=%{size}&d=identicon"
         gitlab_rails['gravatar_ssl_url'] = "https://{{ gitlab_libravatar_ssl }}/avatar/%{hash}?s=%{size}&d=identicon"
 
-{% if gitlab_imap is defined %}
+{% if gitlab_imap.enabled %}
         gitlab_rails['incoming_email_enabled'] = true
 
         # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
@@ -120,7 +120,7 @@ services:
         registry_nginx['listen_https'] = false
 {% endif %}
 
-{% if gitlab_saml is defined %}
+{% if gitlab_saml.enabled %}
         # SAML settings
         gitlab_rails['omniauth_enabled'] = true
         gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']