diff --git a/README.md b/README.md index c8ad25c4c88032b49d5b481fdc8f0a7663b38388..ae2d3b6914932223b9dc98d9158c35aeb6a730d6 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,9 @@ pages_listen_ssl: [] # listen_proxy only supports a single bind like 'localhost:8080' pages_listen_proxy: '' +# add http headers for all gitlab pages sites +pages_headers: ['Referrer-Policy: same-origin', 'Strict-Transport-Security: max-age=63072000'] + # external url for the container registry, set to Null to disable registry_external_url: ~ diff --git a/defaults/main.yml b/defaults/main.yml index 15f8cd95fffffbbeca368b151073837a7400e82e..538a2057e6544c61ecf7189ecda078aaf08ebd19 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,7 @@ gitlab: pages_listen: [] pages_listen_ssl: [] pages_listen_proxy: 'localhost:11181' + pages_headers: [] registry_path: ~ registry_external_url: ~ artifacts_path: ~ @@ -27,3 +28,5 @@ gitlab: auto_link_ldap_user: 'true' providers: [] upload_size_max: 128M + mail: {} + #from: 'git@domain' diff --git a/templates/gitlab.rb.j2 b/templates/gitlab.rb.j2 index 8a4c51004c1bec81494c82d11511210fffc92606..476f2e0bb1a31add5bde104c5cab0d1d2f4e9af0 100644 --- a/templates/gitlab.rb.j2 +++ b/templates/gitlab.rb.j2 @@ -72,7 +72,9 @@ gitlab_rails['gitlab_ssh_host'] = '{{ gitlab.gitlab_ssh_host }}' ### Email Settings # gitlab_rails['gitlab_email_enabled'] = true -# gitlab_rails['gitlab_email_from'] = 'example@example.com' +{% if gitlab.mail.from %} +gitlab_rails['gitlab_email_from'] = '{{ gitlab.mail.from }}' +{% endif %} # gitlab_rails['gitlab_email_display_name'] = 'Example' # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' # gitlab_rails['gitlab_email_subject_suffix'] = '' @@ -1461,7 +1463,7 @@ gitlab_pages['access_control'] = true # gitlab_pages['gitlab_client_jwt_expiry'] = "30s" ##! Define custom gitlab-pages HTTP headers for the whole instance -# gitlab_pages['headers'] = [] +gitlab_pages['headers'] = {{ gitlab.pages_headers|to_json }} ##! Shared secret used for authentication between Pages and GitLab # gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.