saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity
infrastructure/roles/gitlab/defaults/main.yml
saibotk 47f4de58d7
gitlab: Add options for port and entrypoint to registry config 
This patch enables users to customize the entrypoint and port that is shown for external access (only supplied so gitlab can still show valid registry links).
2021-08-15 23:57:13 +02:00

133 lines
5.3 KiB
YAML
Raw Blame History

---
# Default variables for the gitlab role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Install location settings
gitlab_install_location: /srv/gitlab
gitlab_data_location: "{{ gitlab_install_location }}/data"
gitlab_config_location: "{{ gitlab_install_location }}/config"
gitlab_log_location: "{{ gitlab_install_location }}/log"
gitlab_telegraf_location: "{{ gitlab_install_location }}/telegraf"
# Put GitLab's logs in a tempfs instead to save headache with diskspace
gitlab_log_tmpfs: false
# Set the certresolver to your desired traefik certresolver.
# Note: This is `letsencrypt_cf` by default for backwards compatibility, you might want to use `letsencrypt_http` instead, depending on your setup
gitlab_traefik_certresolver: letsencrypt_http
# The domain under which traefik should make gitlab (and, if enabled, the registry) reachable
gitlab_domain: gitlab.example.com
gitlab_registry_domain: registry.gitlab.example.com
# The Gitlab version, usually you don't need to adjust this for a host.
# renovate: depName=gitlab/gitlab-ce
gitlab_version: 14.1.2-ce.0
# renovate: depName=docker.io/library/telegraf
gitlab_telegraf_version: "1.19"
# The port you want Gitlab to listen on for SSH connections
gitlab_ssh_port: 22
# The memory limits for the GitLab container
#
# Notice the gitlab_memoryswap_limit must be equal
# or higher than the gitlab_memory_limit
gitlab_memory_limit: "4096mb"
gitlab_memoryswap_limit: "4352mb"
# Email/SMTP settings
gitlab_smtp_address: smtp.example.com
gitlab_smtp_port: 465
gitlab_smtp_user_name: 'gitlab@example.com'
gitlab_smtp_password: "{{ lookup('passwordstore', gitlab_domain + '/' + gitlab_smtp_user_name + ' create=true length=42') }}"
gitlab_smtp_tls: "{{ gitlab_snmp_tls | default('true') }}" # There was a typo in the config option name, this makes sure it's falling back properly
gitlab_email_from: "{{ gitlab_smtp_user_name }}"
gitlab_email_reply_to: "{{ gitlab_smtp_user_name }}"
# Libravatar / Gravatar URLs
gitlab_libravatar_plain: "cdn.libravatar.org"
gitlab_libravatar_ssl: "seccdn.libravatar.org"
# CSP settings
gitlab_csp:
img_src: 'https:'
#frame_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
#script_src: "https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
# SAML settings
# gitlab_saml:
# label: "SAML"
# groups_attribute: "roles"
# external_groups: "{{ gitlab_domain }}:external"
# idp_cert_fingerprint: "<to be set>"
# idp_sso_target_url: "https://sso.example.com"
# idp_slo_target_url: "https://sso.example.com"
# issuer: "{{ gitlab_domain }}"
# certificate: "<cert without '----BEGIN CERTIFICATE----' (can be omited)>"
# private_key: "<private key without '----BEGIN RSA PRIVATE KEY----' (can be omited)>"
# attribute_statements:
# first_name: "first_name"
# last_name: "last_name"
# name: "name"
# username: "username"
# email: "email"
# name_identifier_format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
# autologin: false
# IMAP settings (for email replies to comments etc.)
# gitlab_imap:
# username: "{{ gitlab_smtp_user_name }}"
# password: "{{ gitlab_smtp_password }}"
# server_address: imap.example.com
# email_address: 'incoming+%{key}@gitlab.example.com'
# Gitlab docker registry settings
gitlab_registry:
enabled: false
# external_port: 5050 # Defines the port that is appended to the registry domain used by gitlab.
# traefik_entrypoint: "websecure" # Defines the entrypoint that traefik should use for the registry. Can be useful to use another port while still using the certificate of the domain.
# Gitlab telegraf configuration, allows to configure a monitoring setup for Gitlab
gitlab_telegraf:
enabled: false
# Your influxDB hosts
influxdb_endpoints:
- "influxdb.example.com"
influxdb_username: telegraf
influxdb_password: ""
influxdb_retention_policy: "gitlab"
influxdb_retention_policy_tag: ""
# Token provided by Gitlab on the admin page
# See https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_metrics.html
metrics_token: ""
# Gitlab dependency proxy feature (see https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html)
gitlab_dependency_proxy:
enabled: false
# Enable the packages feature (see https://docs.gitlab.com/ee/administration/packages/index.html)
gitlab_packages:
enabled: false
# IPv6 ULA config for the bridge network used by docker-ipv6-nat
gitlab_ipv6:
enabled: false
subnet: "fd9e:21a7:a92c:2326::/64"
Reference in a new issue View git blame Copy permalink