-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.yml
111 lines (91 loc) · 3.5 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
---
# Gitlab docker image
# https://registry.hub.docker.com/u/gitlab/gitlab-ce/
gitlab_image: "gitlab/gitlab-ce:latest"
# Name of gitlab container
# Option value used as "--name" option when starting container with docker run
gitlab_container_name: gitlab
# If true, always pull the latest version of an image.
# Otherwise, will only pull an image when missing.
gitlab_force_pull: false
# Restart gitlab container even if configuration file wasn't changed
gitlab_force_restart: false
# URL on which GitLab will be reachable
#
# https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
gitlab_url: "https://gitlab.example.com"
# SSL certs folder on local machine
# Example of cert location: /path/to/gitlab/certs/gitlab.example.com.crt
#
# https://docs.gitlab.com/omnibus/settings/nginx.html#enable-https
# http://docs.gitlab.com/ce/administration/container_registry.html#configure-container-registry-under-its-own-domain
gitlab_certs_folder: /path/to/gitlab/certs
gitlab_webserver:
external_users:
- root
gitlab_rails:
trusted_proxies: []
gitlab_workhorse:
listen_network: unix
listen_addr: /var/opt/gitlab/gitlab-workhorse/socket
# https://docs.gitlab.com/omnibus/settings/nginx.html
gitlab_nginx:
enabled: true
ssl_protocols: TLSv1 TLSv1.1 TLSv1.2
ssl_ciphers: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
# Host machine directories for persistent storage
gitlab_dir:
config: /srv/gitlab/config
logs: /srv/gitlab/logs
data: /srv/gitlab/data
# Gitlab network setting
# Port will be availible on host machine
gitlab_ports:
http: 80
https: 443
ssh: 22
registry: 5000
# Gitlab container "--network" param value
# Available values: bridge | container | host | none
gitlab_network_mode: bridge
# https://docs.gitlab.com/omnibus/settings/smtp.html
gitlab_smtp:
enabled: true
host: mailtrap.io
port: 2525
username: username
password: password
tls: true
domain: example.com
# Email Settings
gitlab_email:
enabled: true
from: [email protected]
display: Gitlab
reply: [email protected]
# https://docs.gitlab.com/ce/workflow/lfs/lfs_administration.html
gitlab_lfs: true
# https://gitlab.com/help/security/rack_attack.md
gitlab_rack_attack:
enabled: true # Enable/Disable Rack Attack
maxretry: 10 # Limit the number of Git HTTP authentication attempts per IP
findtime: 60 # Reset the auth attempt counter per IP after 60 seconds
bantime: 3600 # Ban an IP for one hour (3600s) after too many auth attempts
white_ips:
- 127.0.0.1
gitlab_rate_limit:
request_per_period: 10
period: 60
# https://docs.gitlab.com/ce/install/requirements.html#unicorn-workers
gitlab_unicorn:
worker_timeout: 60
worker_processes: '{{ ansible_processor_vcpus }}'
port: 8080
# http://docs.gitlab.com/ce/administration/container_registry.html
registry_url: "https://registry.example.com"
# Options for restoring gitlab from backup.
gitlab_restore:
restoring: false # Enable restoring from backup
backup_file: /path/to/archive/1487067516_2017_02_14_gitlab_backup.tar # Path to backup archive on host machine
backup_id: "1487067516_2017_02_14" # Be carefull about double-quotes (Only string format supported)
secrets_file: /path/to/secrets/gitlab-secrets.json # Path to gitlab-secrets.json file on host machine