mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-17 19:11:22 +00:00
87 lines
3.0 KiB
YAML
87 lines
3.0 KiB
YAML
---
|
|
gitlab_config_template: "etc/gitlab/rocky_gitlab.rb"
|
|
gitlab_domain: git.rockylinux.org
|
|
gitlab_external_url: "https://{{ gitlab_domain }}/"
|
|
|
|
# Location where all the git repositories will be stored.
|
|
gitlab_git_data_dir: "/var/opt/gitlab/git-data"
|
|
|
|
gitlab_backup_path: "/var/opt/gitlab/backups"
|
|
gitlab_edition: "gitlab-ee"
|
|
gitlab_redirect_http_to_https: "true"
|
|
|
|
# SSL Self-signed Certificate Configuration.
|
|
# Eventually we will have legitimate certificates to use, such as LetsEncrypt
|
|
gitlab_create_self_signed_cert: "true"
|
|
gitlab_self_signed_cert_subj: "/C=US/ST=Missouri/L=Saint Louis/O=IT/CN={{ gitlab_domain }}"
|
|
gitlab_ssl_certificate: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
|
|
gitlab_ssl_certificate_key: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
|
|
gitlab_ssl_cert: "/etc/pki/tls/certs/{{ gitlab_domain }}.crt"
|
|
gitlab_ssl_key: "/etc/pki/tls/private/{{ gitlab_domain }}.key"
|
|
gitlab_ipa_cert: "true"
|
|
gitlab_certbot: "false"
|
|
|
|
# LDAP Configuration
|
|
gitlab_ldap_enabled: "true"
|
|
gitlab_ldap_host: "{{ rocky_ipaserver_lb }}"
|
|
gitlab_ldap_port: "389"
|
|
gitlab_ldap_uid: "uid"
|
|
gitlab_ldap_method: "start_tls"
|
|
gitlab_ldap_bind_dn: "{{ rocky_ldap_bind_dn }}"
|
|
gitlab_ldap_password: "{{ rocky_ldap_bind_pw }}"
|
|
gitlab_ldap_base: "{{ rocky_ldap_user_basedn }}"
|
|
gitlab_ldap_group_dn: "{{ rocky_ldap_group_basedn }}"
|
|
gitlab_ldap_admin_group: "gitadm"
|
|
gitlab_ldap_user_filter: "(&(objectClass=posixAccount)(memberOf=cn=gitusers,cn=groups,cn=accounts,dc=rockylinux,dc=org))"
|
|
|
|
gitlab_time_zone: "UTC"
|
|
|
|
# Validates Certifications when downloading Gitlab Installation repo
|
|
gitlab_download_validate_certs: true
|
|
|
|
# Email and SMTP configuration (For the future)
|
|
# Email configuration.
|
|
gitlab_email_enabled: "true"
|
|
gitlab_email_from: "git@rockylinux.org"
|
|
gitlab_email_display_name: "Gitlab"
|
|
gitlab_email_reply_to: "noreply@rockylinux.org"
|
|
# SMTP configuration
|
|
gitlab_smtp_enable: "false"
|
|
gitlab_smtp_address: "smtp.gmail.com"
|
|
gitlab_smtp_port: "587"
|
|
gitlab_smtp_user_name: "username@gmail.com"
|
|
gitlab_smtp_password: "whateverThisIs"
|
|
gitlab_smtp_domain: "gmail.com"
|
|
gitlab_smtp_authentication: "login"
|
|
gitlab_smtp_enable_starttls_auto: "true"
|
|
gitlab_smtp_tls: "true"
|
|
gitlab_smtp_openssl_verify_mode: "none"
|
|
gitlab_smtp_ca_path: "/etc/pki/tls/certs"
|
|
gitlab_smtp_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
|
|
|
|
# In case of reverse proxy
|
|
gitlab_nginx_listen_https: "true"
|
|
|
|
gitlab_default_theme: 2
|
|
|
|
gitlab_external_db: true
|
|
gitlab_external_db_host: db.rockylinux.org
|
|
gitlab_external_db_user: gitlab
|
|
gitlab_external_db_password: "{{ gitlab_db_pass }}"
|
|
|
|
gitlab_registry_enable: "true"
|
|
gitlab_registry_external_url: "https://git.rockylinux.org:5050"
|
|
gitlab_registry_nginx_ssl_certificate: "{{ gitlab_ssl_certificate }}"
|
|
gitlab_registry_nginx_ssl_certificate_key: "{{ gitlab_ssl_certificate_key }}"
|
|
gitlab_trusted_proxies:
|
|
- 10.100.20.20/32
|
|
|
|
ipa_getcert_requested_hostnames:
|
|
- name: "{{ ansible_fqdn }}"
|
|
owner: nginx
|
|
key_location: "{{ gitlab_ssl_key }}"
|
|
cert_location: "{{ gitlab_ssl_cert }}"
|
|
postcmd: "/usr/local/bin/fix_gitlab_certs.sh"
|
|
cnames:
|
|
- "git.rockylinux.org"
|