---
# Default variables for the gitlab role

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Install location settings
gitlab_install_location: /srv/gitlab
gitlab_data_location: "{{ gitlab_install_location }}/data"
gitlab_config_location: "{{ gitlab_install_location }}/config"
gitlab_log_location: "{{ gitlab_install_location }}/log"
gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"

# Put GitLab's logs in a tempfs instead to save headache with diskspace
gitlab_log_tmpfs: false

# Set the certresolver to your desired traefik certresolver.
# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
gitlab_traefik_certresolver: letsencrypt_http

# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable
gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.gitlab.example.com

# The Gitlab version, usually you don't need to adjust this for a host.
# renovate: depName=gitlab/gitlab-ce
gitlab_version: 13.11.2-ce.0

# renovate: depName=docker.io/library/telegraf
gitlab_telegraf_version: "1.18"

# The port you want Gitlab to listen on for SSH connections
gitlab_ssh_port: 22

# The memory limits for the GitLab container
#
# Notice the gitlab_memoryswap_limit must be equal
# or higher than the gitlab_memory_limit
gitlab_memory_limit: "4096mb"
gitlab_memoryswap_limit: "4352mb"

# Email/SMTP settings
gitlab_smtp_address: smtp.example.com
gitlab_smtp_port: 465
gitlab_smtp_user_name: 'gitlab@example.com'
gitlab_smtp_password: "{{ lookup('passwordstore',  gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_email_from: "{{ gitlab_smtp_user_name }}"
gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"

# Libravatar / Gravatar URLs
gitlab_libravatar_plain: "cdn.libravatar.org"
gitlab_libravatar_ssl: "seccdn.libravatar.org"

# CSP settings
gitlab_csp:
  img_src: 'https:'
  #frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
  #script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"

# SAML settings
# gitlab_saml:
#   label: "SAML"
#   groups_attribute: "roles"
#   external_groups: "{{ gitlab_domain }}:external"
#   idp_cert_fingerprint: "<to be set>"
#   idp_sso_target_url: "https://sso.example.com"
#   idp_slo_target_url: "https://sso.example.com"
#   issuer: "{{ gitlab_domain }}"
#   certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"
#   private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"
#   attribute_statements:
#     first_name: "first_name"
#     last_name: "last_name"
#     name: "name"
#     username: "username"
#     email: "email"
#   name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
#   autologin: false

# IMAP settings (for email replies to comments etc.)
# gitlab_imap:
#   username: "{{ gitlab_smtp_user_name }}"
#   password: "{{ gitlab_smtp_password }}"
#   server_address: imap.example.com
#   email_address: 'incoming+%{key}@gitlab.example.com'

# Gitlab docker registry settings
gitlab_registry:
  enabled: false

# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
gitlab_telegraf:
  enabled: false
  # Your influxDB hosts
  influxdb_endpoints:
    - "influxdb.example.com"
  influxdb_username: telegraf
  influxdb_password: ""
  influxdb_retention_policy: "gitlab"
  influxdb_retention_policy_tag: ""
  # Token provided by Gitlab on the admin page
  # See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html
  metrics_token: ""

# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)
gitlab_dependency_proxy:
  enabled: false

# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html)
gitlab_packages:
  enabled: false

# IPv6 ULA config for the bridge network used by docker-ipv6-nat
gitlab_ipv6:
  enabled: false
  subnet: "fd9e:21a7:a92c:2326::/64"