---
# Default variables for the gitlab role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
# Install location settings
gitlab_install_location: /srv/gitlab
gitlab_data_location: "{{ gitlab_install_location }}/data"
gitlab_config_location: "{{ gitlab_install_location }}/config"
gitlab_log_location: "{{ gitlab_install_location }}/log"
gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"
# Put GitLab's logs in a tempfs instead to save headache with diskspace
gitlab_log_tmpfs: false
# Set the certresolver to your desired traefik certresolver.
# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
gitlab_traefik_certresolver: letsencrypt_http
# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable
gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.gitlab.example.com
# The Gitlab version, usually you don't need to adjust this for a host.
# renovate: depName=gitlab/gitlab-ce
gitlab_version: 16.8.1-ce.0
# renovate: depName=docker.io/library/telegraf
gitlab_telegraf_version: "1.26"
# The port you want Gitlab to listen on for SSH connections
gitlab_ssh_port: 22
# The memory limits for the GitLab container
#
# Notice the gitlab_memoryswap_limit must be equal
# or higher than the gitlab_memory_limit
gitlab_memory_limit: "4096mb"
gitlab_memoryswap_limit: "4352mb"
# Enable or disable selinux handling
gitlab_selinux_enabled: true
# Email/SMTP settings
gitlab_smtp_address: smtp.example.com
gitlab_smtp_port: 465
gitlab_smtp_user_name: "gitlab@example.com"
gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_email_from: "{{ gitlab_smtp_user_name }}"
gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"
gitlab_smtp_starttls_auto: false
gitlab_smtp_openssl_verify_mode: "peer"
# Libravatar / Gravatar URLs
gitlab_libravatar_plain: "cdn.libravatar.org"
gitlab_libravatar_ssl: "seccdn.libravatar.org"
# CSP settings
gitlab_csp:
enabled: true
img_src: "https:"
# yamllint disable-line rule:line-length
# frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
# script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
# SAML settings
gitlab_saml:
enabled: false
label: "SAML"
groups_attribute: "roles"
external_groups: "{{ gitlab_domain }}:external"
idp_cert_fingerprint: ""
idp_sso_target_url: "https://sso.example.com"
idp_slo_target_url: "https://sso.example.com"
issuer: "{{ gitlab_domain }}"
certificate: ""
private_key: ""
attribute_statements:
first_name: "first_name"
last_name: "last_name"
name: "name"
username: "username"
email: "email"
name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
autologin: false
# LDAP settings
gitlab_ldap:
enabled: false
label: "LDAP"
host: "ldap.example.com"
port: 389
bind_dn: "_the_full_dn_of_the_user_you_will_bind_with"
password: "_the_password_of_the_bind_user"
encryption: "simple_tls"
verify_certificates: true
uid: "sAMAccountName"
active_directory: true
user_filter: ""
base: "dc=example,dc=com"
# IMAP settings (for email replies to comments etc.)
gitlab_imap:
enabled: false
username: "{{ gitlab_smtp_user_name }}"
password: "{{ gitlab_smtp_password }}"
server_address: imap.example.com
email_address: "incoming+%{key}@gitlab.example.com"
# Gitlab docker registry settings
gitlab_registry:
enabled: false
# Defines the port that is appended to the registry domain used by gitlab.
# This can be omitted, when no port is needed (eg. registry on its own domain)
external_port: 5050
# Defines the entrypoint that traefik should use for the registry.
# Can be useful to use another port while still using the certificate of the main domain.
# This can be omitted to use "websecure" by default
traefik_entrypoint: "websecure"
# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
gitlab_telegraf:
enabled: false
# Your influxDB hosts
influxdb_endpoints:
- "influxdb.example.com"
influxdb_username: telegraf
influxdb_password: ""
influxdb_retention_policy: "gitlab"
influxdb_retention_policy_tag: ""
# Token provided by Gitlab on the admin page
# See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html
metrics_token: ""
# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)
gitlab_dependency_proxy:
enabled: false
# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html)
gitlab_packages:
enabled: false
# IPv6 ULA config for the bridge network used by docker-ipv6-nat
gitlab_ipv6:
enabled: false
subnet: "fd9e:21a7:a92c:2326::/64"
# Gitlab bundled Mattermost instance settings
gitlab_mattermost:
enabled: false
domain: chat.gitlab.com