From fab8239d8b799d5cc4c20349ea10d5001646200a Mon Sep 17 00:00:00 2001
From: psy <psy@darmstadt.ccc.de>
Date: Thu, 27 Oct 2022 19:57:59 +0200
Subject: [PATCH] make smtp settings configurable

---
 README.md              | 16 ++++++++++++++++
 defaults/main.yml      | 13 +++++++++++++
 templates/gitlab.rb.j2 | 32 ++++++++++++++++++++------------
 3 files changed, 49 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index ae2d3b6..b4f7634 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,22 @@ ldap:
   enabled: 'false'
   servers: {}
 
+# configure smtp server for outgoing mail
+smtp:
+  enabled: false
+  server: ~
+  port: 465
+  user: ~
+  password: ~
+  domain: ~
+  authentication: 'login' # Can be: 'login', 'plain'
+  starttls: true
+  tls: false
+  verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+  #ca_path: '/etc/ssl/certs'
+  #ca_file: '/etc/ssl/certs/ca-certificates.crt'
+
+
 # array of groups to create
 groups: []
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index dfbbd16..5432eca 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -31,3 +31,16 @@ gitlab:
   mail: {}
     #from: 'git@domain'
     #reply_to: 'git@domain'
+  smtp:
+    enabled: false
+    server: ~
+    port: 465
+    user: ~
+    password: ~
+    domain: ~
+    authentication: 'login' # Can be: 'login', 'plain'
+    starttls: true
+    tls: false
+    verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
+    ca_path: ~ # eg '/etc/ssl/certs'
+    ca_file: ~ # eg '/etc/ssl/certs/ca-certificates.crt'
diff --git a/templates/gitlab.rb.j2 b/templates/gitlab.rb.j2
index 0e8506a..a40dc8b 100644
--- a/templates/gitlab.rb.j2
+++ b/templates/gitlab.rb.j2
@@ -628,22 +628,30 @@ gitlab_rails['initial_root_password'] = "{{ gitlab.initial_root_password }}"
 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
 ###! **Use smtp instead of sendmail/postfix.**
 
-# gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
-# gitlab_rails['smtp_port'] = 465
-# gitlab_rails['smtp_user_name'] = "smtp user"
-# gitlab_rails['smtp_password'] = "smtp password"
-# gitlab_rails['smtp_domain'] = "example.com"
-# gitlab_rails['smtp_authentication'] = "login"
-# gitlab_rails['smtp_enable_starttls_auto'] = true
-# gitlab_rails['smtp_tls'] = false
+{% if gitlab.smtp.enabled %}
+gitlab_rails['smtp_enable'] = {{ gitlab.smtp.enabled|to_json }}
+gitlab_rails['smtp_address'] = "{{ gitlab.smtp.server }}"
+gitlab_rails['smtp_port'] = {{ gitlab.smtp.port }}
+gitlab_rails['smtp_user_name'] = "{{ gitlab.smtp.user }}"
+gitlab_rails['smtp_password'] = "{{ gitlab.smtp.password }}"
+{% if gitlab.smtp.domain %}
+gitlab_rails['smtp_domain'] = "{{ gitlab.smtp.domain }}"
+{% endif %}
+gitlab_rails['smtp_authentication'] = "{{ gitlab.smtp.authentication }}"
+gitlab_rails['smtp_enable_starttls_auto'] = {{ gitlab.smtp.starttls|to_json }}
+gitlab_rails['smtp_tls'] = {{ gitlab.smtp.tls|to_json }}
 
 ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
 ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
-# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+gitlab_rails['smtp_openssl_verify_mode'] = '{{ gitlab.smtp.verify_ssl }}'
 
-# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
-# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
+{% if gitlab.smtp.ca_path %}
+gitlab_rails['smtp_ca_path'] = "{{ gitlab.smtp.ca_path }}"
+{% endif %}
+{% if gitlab.smtp.ca_file %}
+gitlab_rails['smtp_ca_file'] = "{{ gitlab.smtp.ca_file }}"
+{% endif %}
+{% endif %}
 
 ################################################################################
 ## Container Registry settings
-- 
GitLab