Skip to content
Snippets Groups Projects
Select Git revision
  • 6f56921fe972dae09d97a5d47cfacb22290272e9
  • master default protected
  • release/mail/5.1.9 protected
  • release/calendar/5.3.6 protected
  • release/mail/5.1.8 protected
  • release/polls/8.1.4 protected
  • release/polls/8.1.1 protected
  • release/polls/8.1.2 protected
  • release/richdocuments/8.7.2 protected
  • release/notes/4.12.2 protected
  • release/mail/5.1.7 protected
  • release/calendar/5.3.5 protected
  • release/forms/5.1.2 protected
  • release/polls/8.0.6 protected
  • release/groupfolders/19.1.2 protected
  • release/mail/5.1.6 protected
  • release/calendar/5.3.4 protected
  • release/forms/5.1.1 protected
  • release/mail/5.1.5 protected
  • release/groupfolders/19.1.1 protected
  • release/polls/8.0.1 protected
  • release/polls/8.0.4 protected
22 results

data

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    ..
    defaults
    files
    handlers
    meta
    tasks
    templates
    vars
    README.md
    README.md

    Gitlab

    Assumptions

    • There is a reverse proxy in front of this gitlab.
    • There is a firewall active wich blocks all ports except those needed by the reverse proxy and SSH.

    Ports

    If enabled, different parts of gitlab are exposed at different ports.

    • gitlab web ui: 443
    • gitlab pages: 1443
    • gitlab container registry: 2443

    If you use the nginx role on the same host, you can instead access the internal upstreams via

    • internal-gitlab
    • internal-gitlab-pages
    • internal-gitlab-registry

    Configuration

    All configuration is to be placed in a dict called gitlab.

    # configures a backup using gitlab-rake
backup:
  enable: True
  disable_repositories: False
  keep_days: 9

# external url for the webfronted, musst be set
external_url: 'https://localhost'

# external url for gitlab pages, set to Null to disable
pages_external_url: ~

# listen settings for gitlab pages
pages_listen: ['[::1]:11181', '127.0.0.1:11181']
pages_listen_ssl: []
# listen_proxy only supports a single bind like 'localhost:8080'
pages_listen_proxy: ''

# add http headers for all gitlab pages sites
pages_headers: ['Referrer-Policy: same-origin', 'Strict-Transport-Security: max-age=63072000']

# external url for the container registry, set to Null to disable
registry_external_url: ~

# alternative storage path for registry, only considere when registry_external_url is set. Set to Null to use defaults
registry_path: ~

# alternative storage path for artifacts. Set to Null to use defaults
artifacts_path: ~

# external ssh host, can be different from external_url
gitlab_ssh_host: 'localhost'

# set if you use a non default port
gitlab_shell_ssh_port: 22

# set the initial root password, only used on creation and not updated
initial_root_password: "{{ lookup('password', '/dev/null length=64') }}"

# setup ldap auth, see https://docs.gitlab.com/omnibus/settings/ldap.html
ldap:
  enabled: 'false'
  servers: {}

# configure smtp server for outgoing mail
smtp:
  enabled: false
  server: ~
  port: 465
  user: ~
  password: ~
  domain: ~
  authentication: 'login' # Can be: 'login', 'plain'
  starttls: true
  tls: false
  verify_ssl: 'peer' # Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
  #ca_path: '/etc/ssl/certs'
  #ca_file: '/etc/ssl/certs/ca-certificates.crt'


# array of groups to create
groups: []

    Impressum - Datenschutzerklärung