infrastructure/roles/gitlab/defaults/main.yml

---
# Default variables for the gitlab role

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
# Copyright (C) 2020       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Install location settings
gitlab_install_location: /srv/gitlab
gitlab_data_location: "{{ gitlab_install_location }}/data"
gitlab_config_location: "{{ gitlab_install_location }}/config"
gitlab_log_location: "{{ gitlab_install_location }}/log"

# Set the certresolver to your desired traefik certresolver.
# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
gitlab_traefik_certresolver: letsencrypt_http

# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable
gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.gitlab.example.com

# The Gitlab version, usually you don't need to adjust this for a host.
gitlab_version: 13.2.3-ce.0

# The port you want Gitlab to listen on for SSH connections
gitlab_ssh_port: 22

# Email/SMTP settings
gitlab_smtp_address: smtp.example.com
gitlab_smtp_port: 465
gitlab_smtp_user_name: 'gitlab@example.com'
gitlab_smtp_password: "{{ lookup('passwordstore',  gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_email_from: "{{ gitlab_smtp_user_name }}"
gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"

# Libravatar / Gravatar URLs
gitlab_libravatar_plain: "cdn.libravatar.org"
gitlab_libravatar_ssl: "seccdn.libravatar.org"

# CSP settings
gitlab_csp:
  img_src: 'https:'
  #frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
  #script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"

# SAML settings
# gitlab_saml:
#   label: "SAML"
#   groups_attribute: "roles"
#   external_groups: "{{ gitlab_domain }}:external"
#   idp_cert_fingerprint: "<to be set>"
#   idp_sso_target_url: "https://sso.example.com"
#   idp_slo_target_url: "https://sso.example.com"
#   issuer: "{{ gitlab_domain }}"
#   certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"
#   private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"
#   attribute_statements:
#     first_name: "first_name"
#     last_name: "last_name"
#     name: "name"
#     username: "username"
#     email: "email"
#   name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
#   autologin: false

# IMAP settings (for email replies to comments etc.)
# gitlab_imap:
#   username: "{{ gitlab_smtp_user_name }}"
#   password: "{{ gitlab_smtp_password }}"
#   server_address: imap.example.com
#   email_address: 'incoming+%{key}@gitlab.example.com'

# Gitlab docker registry settings
gitlab_registry:
  enabled: false

# IPv6 ULA config for the bridge network used by docker-ipv6-nat
gitlab_ipv6:
  enabled: false
  subnet: "fd9e:21a7:a92c:2326::/64"