# HG changeset patch # User Richard Westhaver # Date 1714960170 14400 # Node ID dae557236fffc7356f275f73eb790f1b703145ba # Parent 2039e29599cd3ae62efe06f6f6a8cb17f892c203 rm etc, add etc/home as subrepos diff -r 2039e29599cd -r dae557236fff .hgsub --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.hgsub Sun May 05 21:49:30 2024 -0400 @@ -0,0 +1,2 @@ +etc=https://vc.compiler.company/comp/etc +home=https://vc.compiler.company/comp/home \ No newline at end of file diff -r 2039e29599cd -r dae557236fff .hgsubstate --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/.hgsubstate Sun May 05 21:49:30 2024 -0400 @@ -0,0 +1,2 @@ +0000000000000000000000000000000000000000 etc +0000000000000000000000000000000000000000 home diff -r 2039e29599cd -r dae557236fff etc/alacritty.toml --- a/etc/alacritty.toml Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,37 +0,0 @@ -[shell] -program = "/usr/bin/bash" -[window] -padding = { x = 2, y = 2 } -dynamic_padding = true -decorations_theme_variant = "Dark" -[scrolling] -multiplier = 1 -[cursor] -style.blinking = "Always" -[mouse] -hide_when_typing = true -# Colors (Tomorrow Night Bright) -[colors.primary] -background = '#000000' -foreground = '#eaeaea' -# Normal colors -[colors.normal] -black = '#000000' -red = '#d54e53' -green = '#b9ca4a' -yellow = '#e6c547' -blue = '#7aa6da' -magenta = '#c397d8' -cyan = '#70c0ba' -white = '#424242' - -# Bright colors -[colors.bright] -black = '#666666' -red = '#ff3334' -green = '#9ec400' -yellow = '#e7c547' -blue = '#7aa6da' -magenta = '#b77ee0' -cyan = '#54ced6' -white = '#2a2a2a' \ No newline at end of file diff -r 2039e29599cd -r dae557236fff etc/containers/registries.conf --- a/etc/containers/registries.conf Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -unqualified-search-registries = ["docker.io","quay.io","registry.compiler.company"] diff -r 2039e29599cd -r dae557236fff etc/containers/storage.conf diff -r 2039e29599cd -r dae557236fff etc/gitlab/config.yml diff -r 2039e29599cd -r dae557236fff etc/gitlab/gitlab.rb --- a/etc/gitlab/gitlab.rb Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3093 +0,0 @@ -## GitLab configuration settings -##! This file is generated during initial installation and **is not** modified -##! during upgrades. -##! Check out the latest version of this file to know about the different -##! settings that can be configured, when they were introduced and why: -##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template - -##! Locally, the complete template corresponding to the installed version can be found at: -##! /opt/gitlab/etc/gitlab.rb.template - -##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with -##! the gitlab.rb.template from the currently running version. - -##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by -##! running `gitlab-ctl reconfigure` - -##! In general, the values specified here should reflect what the default value of the attribute will be. -##! There are instances where this behavior is not possible or desired. For example, when providing passwords, -##! or connecting to third party services. -##! In those instances, we endeavour to provide an example configuration. - -## GitLab URL -##! URL on which GitLab will be reachable. -##! For more details on configuring external_url see: -##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab -##! -##! Note: During installation/upgrades, the value of the environment variable -##! EXTERNAL_URL will be used to populate/replace this value. -##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP -##! address from AWS. For more details, see: -##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html -external_url 'http://vc.compiler.company' - -## Roles for multi-instance GitLab -##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance. -##! Options: -##! redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role -##! postgres_role consul_role application_role monitoring_role -##! For more details on each role, see: -##! https://docs.gitlab.com/omnibus/roles/README.html#roles -##! -# roles ['redis_sentinel_role', 'redis_master_role'] - -## Legend -##! The following notations at the beginning of each line may be used to -##! differentiate between components of this file and to easily select them using -##! a regex. -##! ## Titles, subtitles etc -##! ##! More information - Description, Docs, Links, Issues etc. -##! Configuration settings have a single # followed by a single space at the -##! beginning; Remove them to enable the setting. - -##! **Configuration settings below are optional.** - - -################################################################################ -################################################################################ -## Configuration Settings for GitLab CE and EE ## -################################################################################ -################################################################################ - -################################################################################ -## gitlab.yml configuration -##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md -################################################################################ -# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com' -# gitlab_rails['gitlab_ssh_user'] = '' -# gitlab_rails['time_zone'] = 'UTC' - -### Request duration -###! Tells the rails application how long it has to complete a request -###! This value needs to be lower than the worker timeout set in puma. -###! By default, we'll allow 95% of the the worker timeout -# gitlab_rails['max_request_duration_seconds'] = 57 - -### GitLab email server settings -###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html -###! **Use smtp instead of sendmail/postfix.** - -# gitlab_rails['smtp_enable'] = true -# gitlab_rails['smtp_address'] = "smtp.server" -# gitlab_rails['smtp_port'] = 465 -# gitlab_rails['smtp_user_name'] = "smtp user" -# gitlab_rails['smtp_password'] = "smtp password" -# gitlab_rails['smtp_domain'] = "example.com" -# gitlab_rails['smtp_authentication'] = "login" -# gitlab_rails['smtp_enable_starttls_auto'] = true -# gitlab_rails['smtp_tls'] = false -# gitlab_rails['smtp_pool'] = false - -###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'** -###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html -# gitlab_rails['smtp_openssl_verify_mode'] = 'none' - -# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs" -# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt" - -### Email Settings - -# gitlab_rails['gitlab_email_enabled'] = true - -##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com' -##! can change the 'From' with this setting. -# gitlab_rails['gitlab_email_from'] = 'example@example.com' -# gitlab_rails['gitlab_email_display_name'] = 'Example' -# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' -# gitlab_rails['gitlab_email_subject_suffix'] = '' -# gitlab_rails['gitlab_email_smime_enabled'] = false -# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key' -# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt' -# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt' - -### GitLab user privileges -# gitlab_rails['gitlab_default_can_create_group'] = true -# gitlab_rails['gitlab_username_changing_enabled'] = true - -### Default Theme -### Available values: -##! `1` for Indigo -##! `2` for Dark -##! `3` for Light -##! `4` for Blue -##! `5` for Green -##! `6` for Light Indigo -##! `7` for Light Blue -##! `8` for Light Green -##! `9` for Red -##! `10` for Light Red -gitlab_rails['gitlab_default_theme'] = 2 - -### Default project feature settings -gitlab_rails['gitlab_default_projects_features_issues'] = true -gitlab_rails['gitlab_default_projects_features_merge_requests'] = true -# gitlab_rails['gitlab_default_projects_features_wiki'] = true -gitlab_rails['gitlab_default_projects_features_snippets'] = true -# gitlab_rails['gitlab_default_projects_features_builds'] = true -# gitlab_rails['gitlab_default_projects_features_container_registry'] = true - -### Automatic issue closing -###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more -###! information about this pattern. -# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)" - -### Download location -###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file -###! is created in the following directory. -###! Should not be the same path, or a sub directory of any of the `git_data_dirs` -# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories' - -### Gravatar Settings -# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' -# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon' - -### Auxiliary jobs -###! Periodically executed jobs, to self-heal Gitlab, do external -###! synchronizations, etc. -###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job -###! https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in -# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *" -# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *" -# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *" -# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *" -# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *" -# gitlab_rails['repository_check_worker_cron'] = "20 * * * *" -# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0" -# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *" -# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *" -# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *" -# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *" -# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *" -# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *" -# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *" -# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *" -# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *' -# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *" -# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *" -# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *" -# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *" -# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *" -# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *" -# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *" - -### Webhook Settings -###! Number of seconds to wait for HTTP response after sending webhook HTTP POST -###! request (default: 10) -# gitlab_rails['webhook_timeout'] = 10 - -### GraphQL Settings -###! Tells the rails application how long it has to complete a GraphQL request. -###! We suggest this value to be higher than the database timeout value -###! and lower than the worker timeout set in puma. (default: 30) -# gitlab_rails['graphql_timeout'] = 30 - -### Trusted proxies -###! Customize if you have GitLab behind a reverse proxy which is running on a -###! different machine. -###! **Add the IP address for your reverse proxy to the list, otherwise users -###! will appear signed in from that address.** -# gitlab_rails['trusted_proxies'] = [172.17.0.1] - -### Content Security Policy -####! Customize if you want to enable the Content-Security-Policy header, which -####! can help thwart JavaScript cross-site scripting (XSS) attacks. -####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -# gitlab_rails['content_security_policy'] = { -# 'enabled' => false, -# 'report_only' => false, -# # Each directive is a String (e.g. "'self'"). -# 'directives' => { -# 'base_uri' => nil, -# 'child_src' => nil, -# 'connect_src' => nil, -# 'default_src' => nil, -# 'font_src' => nil, -# 'form_action' => nil, -# 'frame_ancestors' => nil, -# 'frame_src' => nil, -# 'img_src' => nil, -# 'manifest_src' => nil, -# 'media_src' => nil, -# 'object_src' => nil, -# 'script_src' => nil, -# 'style_src' => nil, -# 'worker_src' => nil, -# 'report_uri' => nil, -# } -# } - -### Allowed hosts -###! Customize the `host` headers that should be catered by the Rails -###! application. By default, everything is allowed. -# gitlab_rails['allowed_hosts'] = [] - -### Monitoring settings -###! IP whitelist controlling access to monitoring endpoints -# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128'] - -### Shutdown settings -###! Defines an interval to block healthcheck, -###! but continue accepting application requests. -# gitlab_rails['shutdown_blackout_seconds'] = 10 - -### Reply by email -###! Allow users to comment on issues and merge requests by replying to -###! notification emails. -###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html -# gitlab_rails['incoming_email_enabled'] = true - -#### Incoming Email Address -####! The email address including the `%{key}` placeholder that will be replaced -####! to reference the item being replied to. -####! **The placeholder can be omitted but if present, it must appear in the -####! "user" part of the address (before the `@`).** -# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com" - -#### Email account username -####! **With third party providers, this is usually the full email address.** -####! **With self-hosted email servers, this is usually the user part of the -####! email address.** -# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com" - -#### Email account password -# gitlab_rails['incoming_email_password'] = "[REDACTED]" - -#### IMAP Settings -# gitlab_rails['incoming_email_host'] = "imap.gmail.com" -# gitlab_rails['incoming_email_port'] = 993 -# gitlab_rails['incoming_email_ssl'] = true -# gitlab_rails['incoming_email_start_tls'] = false - -#### Incoming Mailbox Settings (via `mail_room`) -####! The mailbox where incoming mail will end up. Usually "inbox". -# gitlab_rails['incoming_email_mailbox_name'] = "inbox" -####! The IDLE command timeout. -# gitlab_rails['incoming_email_idle_timeout'] = 60 -####! The file name for internal `mail_room` JSON logfile -# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log" -####! Permanently remove messages from the mailbox when they are deleted after delivery -# gitlab_rails['incoming_email_expunge_deleted'] = false - -#### Inbox options (for Microsoft Graph) -# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph' -# gitlab_rails['incoming_email_inbox_options'] = { -# 'tenant_id': 'YOUR-TENANT-ID', -# 'client_id': 'YOUR-CLIENT-ID', -# 'client_secret': 'YOUR-CLIENT-SECRET', -# 'poll_interval': 60 # Optional -# } - -#### How incoming emails are delivered to Rails process. Accept either sidekiq -#### or webhook. The default config is sidekiq. -# gitlab_rails['incoming_email_delivery_method'] = "sidekiq" - -#### Token to authenticate webhook requests. The token must be exactly 32 bytes, -#### encoded with base64 -# gitlab_rails['incoming_email_auth_token'] = nil - -####! The format of mail_room crash logs -# mailroom['exit_log_format'] = "plain" - -### Consolidated (simplified) object storage configuration -###! This uses a single credential for object storage with multiple buckets. -###! It also enables Workhorse to upload files directly with its own S3 client -###! instead of using pre-signed URLs. -###! -###! This configuration will only take effect if the object_store -###! sections are not defined within the types. For example, enabling -###! gitlab_rails['artifacts_object_store_enabled'] or -###! gitlab_rails['lfs_object_store_enabled'] will prevent the -###! consolidated settings from being used. -###! -###! Be sure to use different buckets for each type of object. -###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html -# gitlab_rails['object_store']['enabled'] = false -# gitlab_rails['object_store']['connection'] = {} -# gitlab_rails['object_store']['storage_options'] = {} -# gitlab_rails['object_store']['proxy_download'] = false -# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil -# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil -# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil -# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil -# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil -# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil -# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil -# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil - -### Job Artifacts -# gitlab_rails['artifacts_enabled'] = true -# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts" -####! Job artifacts Object Store -####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage -# gitlab_rails['artifacts_object_store_enabled'] = false -# gitlab_rails['artifacts_object_store_direct_upload'] = false -# gitlab_rails['artifacts_object_store_background_upload'] = true -# gitlab_rails['artifacts_object_store_proxy_download'] = false -# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts" -# gitlab_rails['artifacts_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'host' => 's3.amazonaws.com', -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -### External merge request diffs -# gitlab_rails['external_diffs_enabled'] = false -# gitlab_rails['external_diffs_when'] = nil -# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs" -# gitlab_rails['external_diffs_object_store_enabled'] = false -# gitlab_rails['external_diffs_object_store_direct_upload'] = false -# gitlab_rails['external_diffs_object_store_background_upload'] = false -# gitlab_rails['external_diffs_object_store_proxy_download'] = false -# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs" -# gitlab_rails['external_diffs_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'host' => 's3.amazonaws.com', -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -### Git LFS -# gitlab_rails['lfs_enabled'] = true -# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects" -# gitlab_rails['lfs_object_store_enabled'] = false -# gitlab_rails['lfs_object_store_direct_upload'] = false -# gitlab_rails['lfs_object_store_background_upload'] = true -# gitlab_rails['lfs_object_store_proxy_download'] = false -# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects" -# gitlab_rails['lfs_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'host' => 's3.amazonaws.com', -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -### GitLab uploads -###! Docs: https://docs.gitlab.com/ee/administration/uploads.html -# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads" -# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public" -# gitlab_rails['uploads_base_dir'] = "uploads/-/system" -# gitlab_rails['uploads_object_store_enabled'] = false -# gitlab_rails['uploads_object_store_direct_upload'] = false -# gitlab_rails['uploads_object_store_background_upload'] = true -# gitlab_rails['uploads_object_store_proxy_download'] = false -# gitlab_rails['uploads_object_store_remote_directory'] = "uploads" -# gitlab_rails['uploads_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'host' => 's3.amazonaws.com', -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -### Terraform state -###! Docs: https://docs.gitlab.com/ee/administration/terraform_state -# gitlab_rails['terraform_state_enabled'] = true -# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state" -# gitlab_rails['terraform_state_object_store_enabled'] = false -# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform" -# gitlab_rails['terraform_state_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'host' => 's3.amazonaws.com', -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -### CI Secure Files -# gitlab_rails['ci_secure_files_enabled'] = true -# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files" -# gitlab_rails['ci_secure_files_object_store_enabled'] = false -# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files" -# gitlab_rails['ci_secure_files_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'host' => 's3.amazonaws.com', -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -### GitLab Pages -# gitlab_rails['pages_object_store_enabled'] = false -# gitlab_rails['pages_object_store_remote_directory'] = "pages" -# gitlab_rails['pages_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'host' => 's3.amazonaws.com', -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } -# gitlab_rails['pages_local_store_enabled'] = true -# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages" - -### Impersonation settings -# gitlab_rails['impersonation_enabled'] = true - -### Application settings cache expiry in seconds. (default: 60) -# gitlab_rails['application_settings_cache_seconds'] = 60 - -### Usage Statistics -# gitlab_rails['usage_ping_enabled'] = true - -### GitLab Mattermost -###! These settings are void if Mattermost is installed on the same omnibus -###! install -# gitlab_rails['mattermost_host'] = "https://mattermost.example.com" - -### LDAP Settings -###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html -###! **Be careful not to break the indentation in the ldap_servers block. It is -###! in yaml format and the spaces must be retained. Using tabs will not work.** - -# gitlab_rails['ldap_enabled'] = false -# gitlab_rails['prevent_ldap_sign_in'] = false - -###! **remember to close this block with 'EOS' below** -# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' -# main: # 'main' is the GitLab 'provider ID' of this LDAP server -# label: 'LDAP' -# host: '_your_ldap_server' -# port: 389 -# uid: 'sAMAccountName' -# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' -# password: '_the_password_of_the_bind_user' -# encryption: 'plain' # "start_tls" or "simple_tls" or "plain" -# verify_certificates: true -# smartcard_auth: false -# active_directory: true -# allow_username_or_email_login: false -# lowercase_usernames: false -# block_auto_created_users: false -# base: '' -# user_filter: '' -# ## EE only -# group_base: '' -# admin_group: '' -# sync_ssh_keys: false -# -# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server -# label: 'LDAP' -# host: '_your_ldap_server' -# port: 389 -# uid: 'sAMAccountName' -# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' -# password: '_the_password_of_the_bind_user' -# encryption: 'plain' # "start_tls" or "simple_tls" or "plain" -# verify_certificates: true -# smartcard_auth: false -# active_directory: true -# allow_username_or_email_login: false -# lowercase_usernames: false -# block_auto_created_users: false -# base: '' -# user_filter: '' -# ## EE only -# group_base: '' -# admin_group: '' -# sync_ssh_keys: false -# EOS - -### Smartcard authentication settings -###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html -# gitlab_rails['smartcard_enabled'] = false -# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem" -# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com' -# gitlab_rails['smartcard_client_certificate_required_port'] = 3444 -# gitlab_rails['smartcard_required_for_git_access'] = false -# gitlab_rails['smartcard_san_extensions'] = false - -### OmniAuth Settings -###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html -# gitlab_rails['omniauth_enabled'] = nil -# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml'] -# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml' -# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml'] -# gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] -# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml' -# gitlab_rails['omniauth_block_auto_created_users'] = true -# gitlab_rails['omniauth_auto_link_ldap_user'] = false -# gitlab_rails['omniauth_auto_link_saml_user'] = false -# gitlab_rails['omniauth_auto_link_user'] = ['saml'] -# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2'] -# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2'] -# gitlab_rails['omniauth_providers'] = [ -# { -# "name" => "google_oauth2", -# "app_id" => "YOUR APP ID", -# "app_secret" => "YOUR APP SECRET", -# "args" => { "access_type" => "offline", "approval_prompt" => "" } -# } -# ] -# gitlab_rails['omniauth_cas3_session_duration'] = 28800 -# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000 - -### FortiAuthenticator authentication settings -# gitlab_rails['forti_authenticator_enabled'] = false -# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com' -# gitlab_rails['forti_authenticator_port'] = 443 -# gitlab_rails['forti_authenticator_username'] = 'admin' -# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t' - -### FortiToken Cloud authentication settings -# gitlab_rails['forti_token_cloud_enabled'] = false -# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id' -# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t' - -### Backup Settings -###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html - -# gitlab_rails['manage_backup_path'] = true -# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups" -# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup" - -###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions -# gitlab_rails['backup_archive_permissions'] = 0644 - -# gitlab_rails['backup_pg_schema'] = 'public' - -###! The duration in seconds to keep backups before they are allowed to be deleted -# gitlab_rails['backup_keep_time'] = 604800 - -# gitlab_rails['backup_upload_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AKIAKIAKI', -# 'aws_secret_access_key' => 'secret123', -# # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key -# 'use_iam_profile' => false -# } -# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket' -# gitlab_rails['backup_multipart_chunk_size'] = 104857600 - -###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for -###! backups** -# gitlab_rails['backup_encryption'] = 'AES256' -###! The encryption key to use with AWS Server-Side Encryption. -###! Setting this value will enable Server-Side Encryption with customer provided keys; -###! otherwise S3-managed keys are used. -# gitlab_rails['backup_encryption_key'] = '' - -###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key) -# gitlab_rails['backup_upload_storage_options'] = { -# 'server_side_encryption' => 'aws:kms', -# 'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE' -# } - -###! **Specifies Amazon S3 storage class to use for backups. Valid values -###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'** -# gitlab_rails['backup_storage_class'] = 'STANDARD' - -###! Skip parts of the backup. Comma separated. -###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup -#gitlab_rails['env'] = { -# "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages" -#} - -### Pseudonymizer Settings -# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml' -# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt' -# gitlab_rails['pseudonymizer_upload_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AKIAKIAKI', -# 'aws_secret_access_key' => 'secret123' -# } - - -### For setting up different data storing directory -###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory -###! **If you want to use a single non-default directory to store git data use a -###! path that doesn't contain symlinks.** -# git_data_dirs({ -# "default" => { -# "path" => "/mnt/nfs-01/git-data" -# } -# }) - -### Gitaly settings -# gitlab_rails['gitaly_token'] = 'secret token' - -### For storing GitLab application uploads, eg. LFS objects, build artifacts -###! Docs: https://docs.gitlab.com/ee/development/shared_files.html -# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared' - -### For storing encrypted configuration files -###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html -# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings' - -### Wait for file system to be mounted -###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted -# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"] - -### GitLab Shell settings for GitLab -# gitlab_rails['gitlab_shell_ssh_port'] = 22 -# gitlab_rails['gitlab_shell_git_timeout'] = 800 - -### Extra customization -# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id' -# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id' -# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id' -# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id' -# gitlab_rails['extra_bizible'] = false -# gitlab_rails['extra_matomo_url'] = '_your_matomo_url' -# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id' -# gitlab_rails['extra_matomo_disable_cookies'] = false - -##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html -# gitlab_rails['env'] = { -# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile", -# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin" -# } - -# gitlab_rails['rack_attack_git_basic_auth'] = { -# 'enabled' => false, -# 'ip_whitelist' => ["127.0.0.1"], -# 'maxretry' => 10, -# 'findtime' => 60, -# 'bantime' => 3600 -# } - -# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails" -# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails" - -#### Change the initial default admin password and shared runner registration tokens. -####! **Only applicable on initial setup, changing these settings after database -####! is created and seeded won't yield any change.** -# gitlab_rails['initial_root_password'] = "password" -# gitlab_rails['initial_shared_runners_registration_token'] = "token" - -#### Toggle if root password should be printed to STDOUT during initialization -# gitlab_rails['display_initial_root_password'] = false - -#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password -# gitlab_rails['store_initial_root_password'] = true - -#### Set path to an initial license to be used while bootstrapping GitLab. -####! **Only applicable on initial setup, future license updations need to be done via UI. -####! Updating the file specified in this path won't yield any change after the first reconfigure run. -# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license' - -#### Enable or disable automatic database migrations -# gitlab_rails['auto_migrate'] = true - -#### This is advanced feature used by large gitlab deployments where loading -#### whole RAILS env takes a lot of time. -# gitlab_rails['rake_cache_clear'] = true - -### GitLab database settings -###! Docs: https://docs.gitlab.com/omnibus/settings/database.html -###! **Only needed if you use an external database.** -# gitlab_rails['db_adapter'] = "postgresql" -# gitlab_rails['db_encoding'] = "unicode" -# gitlab_rails['db_collation'] = nil -# gitlab_rails['db_database'] = "gitlabhq_production" -# gitlab_rails['db_username'] = "gitlab" -# gitlab_rails['db_password'] = nil -# gitlab_rails['db_host'] = nil -# gitlab_rails['db_port'] = 5432 -# gitlab_rails['db_socket'] = nil -# gitlab_rails['db_sslmode'] = nil -# gitlab_rails['db_sslcompression'] = 0 -# gitlab_rails['db_sslrootcert'] = nil -# gitlab_rails['db_sslcert'] = nil -# gitlab_rails['db_sslkey'] = nil -# gitlab_rails['db_prepared_statements'] = false -# gitlab_rails['db_statements_limit'] = 1000 -# gitlab_rails['db_connect_timeout'] = nil -# gitlab_rails['db_keepalives'] = nil -# gitlab_rails['db_keepalives_idle'] = nil -# gitlab_rails['db_keepalives_interval'] = nil -# gitlab_rails['db_keepalives_count'] = nil -# gitlab_rails['db_tcp_user_timeout'] = nil -# gitlab_rails['db_application_name'] = nil -# gitlab_rails['db_database_tasks'] = true - - -### GitLab Redis settings -###! Connect to your own Redis instance -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html - -#### Redis TCP connection -# gitlab_rails['redis_host'] = "127.0.0.1" -# gitlab_rails['redis_port'] = 6379 -# gitlab_rails['redis_ssl'] = false -# gitlab_rails['redis_password'] = nil -# gitlab_rails['redis_database'] = 0 -# gitlab_rails['redis_enable_client'] = true - -#### Redis local UNIX socket (will be disabled if TCP method is used) -# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket" - -#### Sentinel support -####! To have Sentinel working, you must enable Redis TCP connection support -####! above and define a few Sentinel hosts below (to get a reliable setup -####! at least 3 hosts). -####! **You don't need to list every sentinel host, but the ones not listed will -####! not be used in a fail-over situation to query for the new master.** -# gitlab_rails['redis_sentinels'] = [ -# {'host' => '127.0.0.1', 'port' => 26379}, -# ] - -#### Separate instances support -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances -# gitlab_rails['redis_cache_instance'] = nil -# gitlab_rails['redis_cache_sentinels'] = nil -# gitlab_rails['redis_queues_instance'] = nil -# gitlab_rails['redis_queues_sentinels'] = nil -# gitlab_rails['redis_shared_state_instance'] = nil -# gitlab_rails['redis_shared_state_sentinels'] = nil -# gitlab_rails['redis_trace_chunks_instance'] = nil -# gitlab_rails['redis_trace_chunks_sentinels'] = nil -# gitlab_rails['redis_actioncable_instance'] = nil -# gitlab_rails['redis_actioncable_sentinels'] = nil -# gitlab_rails['redis_rate_limiting_instance'] = nil -# gitlab_rails['redis_rate_limiting_sentinels'] = nil -# gitlab_rails['redis_sessions_instance'] = nil -# gitlab_rails['redis_sessions_sentinels'] = nil - -################################################################################ -## Container Registry settings -##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html -################################################################################ - -# registry_external_url 'https://registry.example.com' - -### Settings used by GitLab application -# gitlab_rails['registry_enabled'] = true -# gitlab_rails['registry_host'] = "registry.gitlab.example.com" -# gitlab_rails['registry_port'] = "5005" -# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry" - -# Notification secret, it's used to authenticate notification requests to GitLab application -# You only need to change this when you use external Registry service, otherwise -# it will be taken directly from notification settings of your Registry -# gitlab_rails['registry_notification_secret'] = nil - -###! **Do not change the following 3 settings unless you know what you are -###! doing** -# gitlab_rails['registry_api_url'] = "http://localhost:5000" -# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key" -# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer" - -### Settings used by Registry application -# registry['enable'] = true -# registry['username'] = "registry" -# registry['group'] = "registry" -# registry['uid'] = nil -# registry['gid'] = nil -# registry['dir'] = "/var/opt/gitlab/registry" -# registry['registry_http_addr'] = "localhost:5000" -# registry['debug_addr'] = "localhost:5001" -# registry['log_directory'] = "/var/log/gitlab/registry" -# registry['env_directory'] = "/opt/gitlab/etc/registry/env" -# registry['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } -# registry['log_level'] = "info" -# registry['log_formatter'] = "text" -# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt" -# registry['health_storagedriver_enabled'] = true -# registry['middleware'] = nil -# registry['storage_delete_enabled'] = true -# registry['validation_enabled'] = false -# registry['autoredirect'] = false -# registry['compatibility_schema1_enabled'] = false - -### Registry backend storage -###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry -# registry['storage'] = { -# 's3' => { -# 'accesskey' => 's3-access-key', -# 'secretkey' => 's3-secret-key-for-access-key', -# 'bucket' => 'your-s3-bucket', -# 'region' => 'your-s3-region', -# 'regionendpoint' => 'your-s3-regionendpoint' -# }, -# 'redirect' => { -# 'disable' => false -# } -# } - -### Registry notifications endpoints -# registry['notifications'] = [ -# { -# 'name' => 'test_endpoint', -# 'url' => 'https://gitlab.example.com/notify2', -# 'timeout' => '500ms', -# 'threshold' => 5, -# 'backoff' => '1s', -# 'headers' => { -# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"] -# } -# } -# ] -### Default registry notifications -# registry['default_notifications_timeout'] = "500ms" -# registry['default_notifications_threshold'] = 5 -# registry['default_notifications_backoff'] = "1s" -# registry['default_notifications_headers'] = {} - -################################################################################ -## Error Reporting and Logging with Sentry -################################################################################ -# gitlab_rails['sentry_enabled'] = false -# gitlab_rails['sentry_dsn'] = 'https://@sentry.io/' -# gitlab_rails['sentry_clientside_dsn'] = 'https://@sentry.io/' -# gitlab_rails['sentry_environment'] = 'production' - -################################################################################ -## CI_JOB_JWT -################################################################################ -##! RSA private key used to sign CI_JOB_JWT -# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set. - -################################################################################ -## GitLab Workhorse -##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md -################################################################################ - -# gitlab_workhorse['enable'] = true -# gitlab_workhorse['ha'] = false -# gitlab_workhorse['alt_document_root'] = nil - -##! Duration to wait for all requests to finish (e.g. "10s" for 10 -##! seconds). By default this is disabled to preserve the existing -##! behavior of fast shutdown. This should not be set higher than 30 -##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by -##! the SVWAIT variable) and report a timeout error if the process has -##! not shut down. -# gitlab_workhorse['shutdown_timeout'] = nil -# gitlab_workhorse['listen_network'] = "unix" -# gitlab_workhorse['listen_umask'] = 000 -# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket" -# gitlab_workhorse['auth_backend'] = "http://localhost:8080" - -##! Enable Redis keywatcher, if this setting is not present it defaults to true -# gitlab_workhorse['workhorse_keywatcher'] = true - -##! the empty string is the default in gitlab-workhorse option parser -# gitlab_workhorse['auth_socket'] = "''" - -##! put an empty string on the command line -# gitlab_workhorse['pprof_listen_addr'] = "''" - -# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229" - -# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse" -# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse" -# gitlab_workhorse['proxy_headers_timeout'] = "1m0s" - -##! limit number of concurrent API requests, defaults to 0 which is unlimited -# gitlab_workhorse['api_limit'] = 0 - -##! limit number of API requests allowed to be queued, defaults to 0 which -##! disables queuing -# gitlab_workhorse['api_queue_limit'] = 0 - -##! duration after which we timeout requests if they sit too long in the queue -# gitlab_workhorse['api_queue_duration'] = "30s" - -##! Long polling duration for job requesting for runners -# gitlab_workhorse['api_ci_long_polling_duration'] = "60s" - -##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise. -# gitlab_workhorse['propagate_correlation_id'] = false - -##! A list of CIDR blocks to allow for propagation of correlation ID. -##! propagate_correlation_id should also be set to true. -##! For example: %w(127.0.0.1/32 192.168.0.1/32) -# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil - -##! A list of CIDR blocks that must match remote IP addresses to use -##! X-Forwarded-For HTTP header for the actual client IP. Used in -##! conjuction with propagate_correlation_id and -##! trusted_cidrs_for_propagation. -##! For example: %w(127.0.0.1/32 192.168.0.1/32) -# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil - -##! Log format: default is json, can also be text or none. -# gitlab_workhorse['log_format'] = "json" - -# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env" -# gitlab_workhorse['env'] = { -# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin", -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } - -##! Resource limitations for the dynamic image scaler. -##! Exceeding these thresholds will cause Workhorse to serve images in their original size. -##! -##! Maximum number of scaler processes that are allowed to execute concurrently. -##! It is recommended for this not to exceed the number of CPUs available. -# gitlab_workhorse['image_scaler_max_procs'] = 4 -##! -##! Maximum file size in bytes for an image to be considered eligible for rescaling -# gitlab_workhorse['image_scaler_max_filesize'] = 250000 - -##! Service name used to register GitLab Workhorse as a Consul service -# gitlab_workhorse['consul_service_name'] = 'workhorse' -##! Semantic metadata used when registering GitLab Workhorse as a Consul service -# gitlab_workhorse['consul_service_meta'] = {} - -################################################################################ -## GitLab User Settings -##! Modify default git user. -##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group -################################################################################ - -# user['username'] = "git" -# user['group'] = "git" -# user['uid'] = nil -# user['gid'] = nil - -##! The shell for the git user -# user['shell'] = "/bin/sh" - -##! The home directory for the git user -# user['home'] = "/var/opt/gitlab" - -# user['git_user_name'] = "GitLab" -# user['git_user_email'] = "gitlab@#{node['fqdn']}" - -################################################################################ -## GitLab Puma -##! Tweak puma settings. -##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html -################################################################################ - -# puma['enable'] = true -# puma['ha'] = false -# puma['worker_timeout'] = 60 -# puma['worker_processes'] = 2 -# puma['min_threads'] = 4 -# puma['max_threads'] = 4 - -### Advanced settings -# puma['listen'] = '127.0.0.1' -# puma['port'] = 8080 -# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' -# puma['somaxconn'] = 1024 - -# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid' -# puma['state_path'] = '/opt/gitlab/var/puma/puma.state' - -###! **We do not recommend changing this setting** -# puma['log_directory'] = "/var/log/gitlab/puma" - -### **Only change these settings if you understand well what they mean** -###! Docs: https://github.com/schneems/puma_worker_killer -# puma['per_worker_max_memory_mb'] = 1024 - -# puma['exporter_enabled'] = false -# puma['exporter_address'] = "127.0.0.1" -# puma['exporter_port'] = 8083 - -##! Service name used to register Puma as a Consul service -# puma['consul_service_name'] = 'rails' -##! Semantic metadata used when registering Puma as a Consul service -# puma['consul_service_meta'] = {} - -################################################################################ -## GitLab Sidekiq -################################################################################ - -##! GitLab allows one to start multiple sidekiq processes. These -##! processes can be used to consume a dedicated set of queues. This -##! can be used to ensure certain queues are able to handle additional workload. -##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html - -# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq" -# sidekiq['log_format'] = "json" -# sidekiq['shutdown_timeout'] = 4 -# sidekiq['queue_selector'] = false -# sidekiq['interval'] = nil -# sidekiq['max_concurrency'] = 50 -# sidekiq['min_concurrency'] = nil - -##! GitLab allows route a job to a particular queue determined by an array of ##! routing rules. -##! Each routing rule is a tuple of queue selector query and corresponding queue. By default, -##! the routing rules are not configured (empty array) - -# sidekiq['routing_rules'] = [] - -##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a -##! Sidekiq process. Multiple queues can be processed by the same process by -##! separating them with a comma within the group entry, a `*` will process all queues - -# sidekiq['queue_groups'] = ['*'] - -##! If negate is enabled then Sidekiq will process all the queues that -##! don't match those in queue_groups. - -# sidekiq['negate'] = false - -##! Specifies where Prometheus metrics endpoints should be made available for Sidekiq processes. -# sidekiq['metrics_enabled'] = true -# sidekiq['exporter_log_enabled'] = false -# sidekiq['listen_address'] = "localhost" -# sidekiq['listen_port'] = 8082 - -##! Specifies where health-check endpoints should be made available for Sidekiq processes. -##! Defaults to the same settings as for Prometheus metrics (see above). -# sidekiq['health_checks_enabled'] = true -# sidekiq['health_checks_log_enabled'] = false -# sidekiq['health_checks_listen_address'] = "localhost" -# sidekiq['health_checks_listen_port'] = 8082 - -##! Service name used to register Sidekiq as a Consul service -# sidekiq['consul_service_name'] = 'sidekiq' -##! Semantic metadata used when registering Sidekiq as a Consul service -# sidekiq['consul_service_meta'] = {} - -################################################################################ -## gitlab-shell -################################################################################ - -# gitlab_shell['audit_usernames'] = false -# gitlab_shell['log_level'] = 'INFO' -# gitlab_shell['log_format'] = 'json' -# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false} -# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/" - -# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys" - -### Migration to Go feature flags -###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags -# gitlab_shell['migration'] = { enabled: true, features: [] } - -### Git trace log file. -###! If set, git commands receive GIT_TRACE* environment variables -###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging -###! An absolute path starting with / – the trace output will be appended to -###! that file. It needs to exist so we can check permissions and avoid -###! throwing warnings to the users. -# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log" - -##! **We do not recommend changing this directory.** -# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell" - -################################################################ -## GitLab PostgreSQL -################################################################ - -###! Changing any of these settings requires a restart of postgresql. -###! By default, reconfigure reloads postgresql if it is running. If you -###! change any of these settings, be sure to run `gitlab-ctl restart postgresql` -###! after reconfigure in order for the changes to take effect. -# postgresql['enable'] = true -# postgresql['listen_address'] = nil -# postgresql['port'] = 5432 - -## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other -## cluster members. This port is used by Patroni to advertize the PostgreSQL connection -## endpoint to the cluster. By default it is the same as postgresql['port']. -# postgresql['connect_port'] = 5432 - -##! **recommend value is 1/4 of total RAM, up to 14GB.** -# postgresql['shared_buffers'] = "256MB" - -### Advanced settings -# postgresql['ha'] = false -# postgresql['dir'] = "/var/opt/gitlab/postgresql" -# postgresql['log_directory'] = "/var/log/gitlab/postgresql" -# postgresql['log_destination'] = nil -# postgresql['logging_collector'] = nil -# postgresql['log_truncate_on_rotation'] = nil -# postgresql['log_rotation_age'] = nil -# postgresql['log_rotation_size'] = nil -##! 'username' affects the system and PostgreSQL user accounts created during installation and cannot be changed -##! on an existing installation. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606 for more details. -# postgresql['username'] = "gitlab-psql" -# postgresql['group'] = "gitlab-psql" -##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab` -# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH' -# postgresql['uid'] = nil -# postgresql['gid'] = nil -# postgresql['shell'] = "/bin/sh" -# postgresql['home'] = "/var/opt/gitlab/postgresql" -# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH" -# postgresql['sql_user'] = "gitlab" -# postgresql['max_connections'] = 200 -# postgresql['md5_auth_cidr_addresses'] = [] -# postgresql['trust_auth_cidr_addresses'] = [] -# postgresql['wal_buffers'] = "-1" -# postgresql['autovacuum_max_workers'] = "3" -# postgresql['autovacuum_freeze_max_age'] = "200000000" -# postgresql['log_statement'] = nil -# postgresql['track_activity_query_size'] = "1024" -# postgresql['shared_preload_libraries'] = nil -# postgresql['dynamic_shared_memory_type'] = nil -# postgresql['hot_standby'] = "off" - -### SSL settings -# See https://www.postgresql.org/docs/12/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details -# postgresql['ssl'] = 'on' -# postgresql['hostssl'] = false -# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1' -# postgresql['ssl_cert_file'] = 'server.crt' -# postgresql['ssl_key_file'] = 'server.key' -# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem' -# postgresql['ssl_crl_file'] = nil -# postgresql['cert_auth_addresses'] = { -# 'ADDRESS' => { -# database: 'gitlabhq_production', -# user: 'gitlab' -# } -# } - -### Replication settings -###! Note, some replication settings do not require a full restart. They are documented below. -# postgresql['wal_level'] = "hot_standby" -# postgresql['wal_log_hints'] = 'off' -# postgresql['max_wal_senders'] = 5 -# postgresql['max_replication_slots'] = 0 -# postgresql['max_locks_per_transaction'] = 128 - -# Backup/Archive settings -# postgresql['archive_mode'] = "off" - -###! Changing any of these settings only requires a reload of postgresql. You do not need to -###! restart postgresql if you change any of these and run reconfigure. -# postgresql['work_mem'] = "16MB" -# postgresql['maintenance_work_mem'] = "16MB" -# postgresql['checkpoint_timeout'] = "5min" -# postgresql['checkpoint_completion_target'] = 0.9 -# postgresql['effective_io_concurrency'] = 1 -# postgresql['checkpoint_warning'] = "30s" -# postgresql['effective_cache_size'] = "1MB" -# postgresql['shmmax'] = 17179869184 # or 4294967295 -# postgresql['shmall'] = 4194304 # or 1048575 -# postgresql['autovacuum'] = "on" -# postgresql['log_autovacuum_min_duration'] = "-1" -# postgresql['autovacuum_naptime'] = "1min" -# postgresql['autovacuum_vacuum_threshold'] = "50" -# postgresql['autovacuum_analyze_threshold'] = "50" -# postgresql['autovacuum_vacuum_scale_factor'] = "0.02" -# postgresql['autovacuum_analyze_scale_factor'] = "0.01" -# postgresql['autovacuum_vacuum_cost_delay'] = "20ms" -# postgresql['autovacuum_vacuum_cost_limit'] = "-1" -# postgresql['statement_timeout'] = "60000" -# postgresql['idle_in_transaction_session_timeout'] = "60000" -# postgresql['log_line_prefix'] = "%a" -# postgresql['max_worker_processes'] = 8 -# postgresql['max_parallel_workers_per_gather'] = 0 -# postgresql['log_lock_waits'] = 1 -# postgresql['deadlock_timeout'] = '5s' -# postgresql['track_io_timing'] = 0 -# postgresql['default_statistics_target'] = 1000 - -### Available in PostgreSQL 9.6 and later -# postgresql['min_wal_size'] = "80MB" -# postgresql['max_wal_size'] = "1GB" - -# Backup/Archive settings -# postgresql['archive_command'] = nil -# postgresql['archive_timeout'] = "0" - -### Replication settings -# postgresql['sql_replication_user'] = "gitlab_replicator" -# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 ` -# postgresql['wal_keep_segments'] = 10 -# postgresql['max_standby_archive_delay'] = "30s" -# postgresql['max_standby_streaming_delay'] = "30s" -# postgresql['synchronous_commit'] = on -# postgresql['synchronous_standby_names'] = '' -# postgresql['hot_standby_feedback'] = 'off' -# postgresql['random_page_cost'] = 2.0 -# postgresql['log_temp_files'] = -1 -# postgresql['log_checkpoints'] = 'off' -# To add custom entries to pg_hba.conf use the following -# postgresql['custom_pg_hba_entries'] = { -# APPLICATION: [ # APPLICATION should identify what the settings are used for -# { -# type: example, -# database: example, -# user: example, -# cidr: example, -# method: example, -# option: example -# } -# ] -# } -# See https://www.postgresql.org/docs/12/static/auth-pg-hba-conf.html for an explanation -# of the values - -### Version settings -# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks -# postgresql['version'] = 10 - -################################################################################ -## GitLab Redis -##! **Can be disabled if you are using your own Redis instance.** -##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html -################################################################################ - -# redis['enable'] = true -# redis['ha'] = false -# redis['hz'] = 10 -# redis['dir'] = "/var/opt/gitlab/redis" -# redis['log_directory'] = "/var/log/gitlab/redis" -# redis['username'] = "gitlab-redis" -# redis['group'] = "gitlab-redis" -# redis['maxclients'] = "10000" -# redis['maxmemory'] = "0" -# redis['maxmemory_policy'] = "noeviction" -# redis['maxmemory_samples'] = "5" -# redis['stop_writes_on_bgsave_error'] = true -# redis['tcp_backlog'] = 511 -# redis['tcp_timeout'] = "60" -# redis['tcp_keepalive'] = "300" -# redis['uid'] = nil -# redis['gid'] = nil - -### Redis TLS settings -###! To run Redis over TLS, specify values for the following settings -# redis['tls_port'] = nil -# redis['tls_cert_file'] = nil -# redis['tls_key_file'] = nil - -###! Other TLS related optional settings -# redis['tls_dh_params_file'] = nil -# redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/' -# redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem' -# redis['tls_auth_clients'] = 'optional' -# redis['tls_replication'] = nil -# redis['tls_cluster'] = nil -# redis['tls_protocols'] = nil -# redis['tls_ciphers'] = nil -# redis['tls_ciphersuites'] = nil -# redis['tls_prefer_server_ciphers'] = nil -# redis['tls_session_caching'] = nil -# redis['tls_session_cache_size'] = nil -# redis['tls_session_cache_timeout'] = nil - -### Disable or obfuscate unnecessary redis command names -### Uncomment and edit this block to add or remove entries. -### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands -### for detailed usage -### -# redis['rename_commands'] = { -# 'KEYS': '' -#} -# - -###! **To enable only Redis service in this machine, uncomment -###! one of the lines below (choose master or replica instance types).** -###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html -###! https://docs.gitlab.com/ee/administration/high_availability/redis.html -# redis_master_role['enable'] = true -# redis_replica_role['enable'] = true - -### Redis TCP support (will disable UNIX socket transport) -# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one -# redis['port'] = 6379 -# redis['password'] = 'redis-password-goes-here' - -### Redis Sentinel support -###! **You need a master replica Redis replication to be able to do failover** -###! **Please read the documentation before enabling it to understand the -###! caveats:** -###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html - -### Replication support -#### Replica Redis instance -# redis['master'] = false # by default this is true - -#### Replica and Sentinel shared configuration -####! **Both need to point to the master Redis instance to get replication and -####! heartbeat monitoring** -# redis['master_name'] = 'gitlab-redis' -# redis['master_ip'] = nil -# redis['master_port'] = 6379 - -#### Support to run redis replicas in a Docker or NAT environment -####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat -# redis['announce_ip'] = nil -# redis['announce_port'] = nil - -####! **Master password should have the same value defined in -####! redis['password'] to enable the instance to transition to/from -####! master/replica in a failover event.** -# redis['master_password'] = 'redis-password-goes-here' - -####! Increase these values when your replicas can't catch up with master -# redis['client_output_buffer_limit_normal'] = '0 0 0' -# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60' -# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60' - -#####! Redis snapshotting frequency -#####! Set to [] to disable -#####! Set to [''] to clear previously set values -# redis['save'] = [ '900 1', '300 10', '60 10000' ] - -#####! Redis lazy freeing -#####! Defaults to false -# redis['lazyfree_lazy_eviction'] = true -# redis['lazyfree_lazy_expire'] = true -# redis['lazyfree_lazy_server_del'] = true -# redis['replica_lazy_flush'] = true - -#####! Redis threaded I/O -#####! Defaults to disabled -# redis['io_threads'] = 4 -# redis['io_threads_do_reads'] = true - -################################################################################ -## GitLab Web server -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server -################################################################################ - -##! When bundled nginx is disabled we need to add the external webserver user to -##! the GitLab webserver group. -# web_server['external_users'] = [] -# web_server['username'] = 'gitlab-www' -# web_server['group'] = 'gitlab-www' -# web_server['uid'] = nil -# web_server['gid'] = nil -# web_server['shell'] = '/bin/false' -# web_server['home'] = '/var/opt/gitlab/nginx' - -################################################################################ -## GitLab NGINX -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html -################################################################################ - -# nginx['enable'] = true -# nginx['client_max_body_size'] = '250m' -# nginx['redirect_http_to_https'] = false -# nginx['redirect_http_to_https_port'] = 80 - -##! Most root CA's are included by default -# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt" - -##! enable/disable 2-way SSL client authentication -# nginx['ssl_verify_client'] = "off" - -##! if ssl_verify_client on, verification depth in the client certificates chain -# nginx['ssl_verify_depth'] = "1" - -# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt" -# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key" -# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" -# nginx['ssl_prefer_server_ciphers'] = "off" - -##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html -##! https://cipherli.st/** -# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3" - -##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html** -# nginx['ssl_session_cache'] = "shared:SSL:10m" - -##! **Recommended in: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6** -# nginx['ssl_session_tickets'] = "off" - -##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html** -# nginx['ssl_session_timeout'] = "1d" - -# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem -# nginx['listen_addresses'] = ['*', '[::]'] - -##! **Defaults to forcing web browsers to always communicate using only HTTPS** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security -# nginx['hsts_max_age'] = 63072000 -# nginx['hsts_include_subdomains'] = false - -##! Defaults to stripping path information when making cross-origin requests -# nginx['referrer_policy'] = 'strict-origin-when-cross-origin' - -##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html** -# nginx['gzip_enabled'] = true - -##! **Override only if you use a reverse proxy** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port -# nginx['listen_port'] = nil - -##! **Override only if your reverse proxy internally communicates over HTTP** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl -# nginx['listen_https'] = nil - -##! **Override only if you use a reverse proxy with proxy protocol enabled** -##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-proxy-protocol -# nginx['proxy_protocol'] = false - -# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" -# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;" -# nginx['proxy_read_timeout'] = 3600 -# nginx['proxy_connect_timeout'] = 300 -# nginx['proxy_set_headers'] = { -# "Host" => "$http_host_with_default", -# "X-Real-IP" => "$remote_addr", -# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", -# "X-Forwarded-Proto" => "https", -# "X-Forwarded-Ssl" => "on", -# "Upgrade" => "$http_upgrade", -# "Connection" => "$connection_upgrade" -# } -# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2' -# nginx['proxy_cache'] = 'gitlab' -# nginx['proxy_custom_buffer_size'] = '4k' -# nginx['http2_enabled'] = true -# nginx['real_ip_trusted_addresses'] = [] -# nginx['real_ip_header'] = nil -# nginx['real_ip_recursive'] = nil -# nginx['custom_error_pages'] = { -# '404' => { -# 'title' => 'Example title', -# 'header' => 'Example header', -# 'message' => 'Example message' -# } -# } - -### Advanced settings -# nginx['dir'] = "/var/opt/gitlab/nginx" -# nginx['log_directory'] = "/var/log/gitlab/nginx" -# nginx['error_log_level'] = "error" -# nginx['worker_processes'] = 4 -# nginx['worker_connections'] = 10240 -# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio' -# nginx['sendfile'] = 'on' -# nginx['tcp_nopush'] = 'on' -# nginx['tcp_nodelay'] = 'on' -# nginx['hide_server_tokens'] = 'off' -# nginx['gzip_http_version'] = "1.0" -# nginx['gzip_comp_level'] = "2" -# nginx['gzip_proxied'] = "any" -# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ] -# nginx['keepalive_timeout'] = 65 -# nginx['keepalive_time'] = '1h' -# nginx['cache_max_size'] = '5000m' -# nginx['server_names_hash_bucket_size'] = 64 -##! These paths have proxy_request_buffering disabled -# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$" - -### Nginx status -# nginx['status'] = { -# "enable" => true, -# "listen_addresses" => ["127.0.0.1"], -# "fqdn" => "dev.example.com", -# "port" => 9999, -# "vts_enable" => true, -# "options" => { -# "server_tokens" => "off", # Don't show the version of NGINX -# "access_log" => "off", # Disable logs for stats -# "allow" => "127.0.0.1", # Only allow access from localhost -# "deny" => "all" # Deny access to anyone else -# } -# } - -##! Service name used to register Nginx as a Consul service -# nginx['consul_service_name'] = 'nginx' -##! Semantic metadata used when registering NGINX as a Consul service -# nginx['consul_service_meta'] = {} - -################################################################################ -## GitLab Logging -##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html -################################################################################ - -# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data -# logging['svlogd_num'] = 30 # keep 30 rotated log files -# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours -# logging['svlogd_filter'] = "gzip" # compress logs with gzip -# logging['svlogd_udp'] = nil # transmit log messages via UDP -# logging['svlogd_prefix'] = nil # custom prefix for log messages -# logging['logrotate_frequency'] = "daily" # rotate logs daily -# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly) -# logging['logrotate_size'] = nil # do not rotate by size by default -# logging['logrotate_rotate'] = 30 # keep 30 rotated logs -# logging['logrotate_compress'] = "compress" # see 'man logrotate' -# logging['logrotate_method'] = "copytruncate" # see 'man logrotate' -# logging['logrotate_postrotate'] = nil # no postrotate command by default -# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz - -### UDP log forwarding -##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding - -##! remote host to ship log messages to via UDP -# logging['udp_log_shipping_host'] = nil - -##! override the hostname used when logs are shipped via UDP, -## by default the system hostname will be used. -# logging['udp_log_shipping_hostname'] = nil - -##! remote port to ship log messages to via UDP -# logging['udp_log_shipping_port'] = 514 - -################################################################################ -## Logrotate -##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate -##! You can disable built in logrotate feature. -################################################################################ -# logrotate['enable'] = true -# logrotate['log_directory'] = "/var/log/gitlab/logrotate" - -################################################################################ -## Users and groups accounts -##! Disable management of users and groups accounts. -##! **Set only if creating accounts manually** -##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management -################################################################################ - -# manage_accounts['enable'] = true - -################################################################################ -## Storage directories -##! Disable managing storage directories -##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management -################################################################################ - -##! **Set only if the select directories are created manually** -# manage_storage_directories['enable'] = false -# manage_storage_directories['manage_etc'] = false - -################################################################################ -## Runtime directory -##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory -################################################################################ - -# runtime_dir '/run' - -################################################################################ -## Git -##! Advanced setting for configuring git system settings for omnibus-gitlab -##! internal git -################################################################################ - -##! For multiple options under one header use array of comma separated values, -##! eg.: -##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] } - -# omnibus_gitconfig['system'] = { -# "pack" => ["threads = 1"], -# "receive" => ["fsckObjects = true", "advertisePushOptions = true"], -# "repack" => ["writeBitmaps = true"], -# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"], -# "core" => [ -# 'alternateRefsCommand="exit 0 #"', -# "fsyncObjectFiles = true" -# ], -# "fetch" => ["writeCommitGraph = true"] -# } - -################################################################################ -## GitLab Pages -##! Docs: https://docs.gitlab.com/ee/pages/administration.html -################################################################################ - -##! Define to enable GitLab Pages -# pages_external_url "http://pages.example.com/" -# gitlab_pages['enable'] = false - -##! Configure to expose GitLab Pages on external IP address, serving the HTTP -# gitlab_pages['external_http'] = [] - -##! Configure to expose GitLab Pages on external IP address, serving the HTTPS -# gitlab_pages['external_https'] = [] - -##! Configure to expose GitLab Pages on external IP address, serving the HTTPS over PROXYv2 -# gitlab_pages['external_https_proxyv2'] = [] - -##! Configure cert when using external IP address -# gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt" -# gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key" - -##! Configure to use the default list of cipher suites -# gitlab_pages['insecure_ciphers'] = false - -##! Configure to enable health check endpoint on GitLab Pages -# gitlab_pages['status_uri'] = "/@status" - -##! Tune the maximum number of concurrent connections GitLab Pages will handle. -##! Default to 0 for unlimited connections. -# gitlab_pages['max_connections'] = 0 - -##! Configure the maximum length of URIs accepted by GitLab Pages -##! By default is limited for security reasons. Set 0 for unlimited -# gitlab_pages['max_uri_length'] = 1024 - -##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy -##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy -##! sets the header value X-Request-ID, the value will be propagated in the request chain. -# gitlab_pages['propagate_correlation_id'] = false - -##! Configure to use JSON structured logging in GitLab Pages -# gitlab_pages['log_format'] = "json" - -##! Configure verbose logging for GitLab Pages -# gitlab_pages['log_verbose'] = false - -##! Error Reporting and Logging with Sentry -# gitlab_pages['sentry_enabled'] = false -# gitlab_pages['sentry_dsn'] = 'https://@sentry.io/' -# gitlab_pages['sentry_environment'] = 'production' - -##! Listen for requests forwarded by reverse proxy -# gitlab_pages['listen_proxy'] = "localhost:8090" - -# gitlab_pages['redirect_http'] = true -# gitlab_pages['use_http2'] = true -# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages" -# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages" - -# gitlab_pages['artifacts_server'] = true -# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4' -# gitlab_pages['artifacts_server_timeout'] = 10 - -##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics -# gitlab_pages['metrics_address'] = ":9235" - -##! Specifies the minimum TLS version ("tls1.2" or "tls1.3") -# gitlab_pages['tls_min_version'] = "tls1.2" - -##! Specifies the maximum TLS version ("tls1.2" or "tls1.3") -# gitlab_pages['tls_max_version'] = "tls1.3" - -##! Pages access control -# gitlab_pages['access_control'] = false -# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present -# gitlab_pages['gitlab_secret'] = nil # Generated if not present -# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth' -# gitlab_pages['gitlab_server'] = nil # Defaults to external_url -# gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer -# gitlab_pages['auth_secret'] = nil # Generated if not present -# gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security - -##! GitLab Pages Server Shutdown Timeout -##! Duration ("30s" for 30 seconds) -# gitlab_pages['server_shutdown_timeout'] = "30s" - -##! GitLab API HTTP client connection timeout -# gitlab_pages['gitlab_client_http_timeout'] = "10s" - -##! GitLab API JWT Token expiry time -# gitlab_pages['gitlab_client_jwt_expiry'] = "30s" - -##! Advanced settings for API-based configuration for GitLab Pages. -##! The recommended default values are set inside GitLab Pages. -##! Should be changed only if absolutely needed. - -##! The maximum time a domain's configuration is stored in the cache. -# gitlab_pages['gitlab_cache_expiry'] = "600s" -##! The interval at which a domain's configuration is set to be due to refresh (default: 60s). -# gitlab_pages['gitlab_cache_refresh'] = "60s" -##! The interval at which expired items are removed from the cache (default: 60s). -# gitlab_pages['gitlab_cache_cleanup'] = "60s" -##! The maximum time to wait for a response from the GitLab API per request. -# gitlab_pages['gitlab_retrieval_timeout'] = "30s" -##! The interval to wait before retrying to resolve a domain's configuration via the GitLab API. -# gitlab_pages['gitlab_retrieval_interval'] = "1s" -##! The maximum number of times to retry to resolve a domain's configuration via the API -# gitlab_pages['gitlab_retrieval_retries'] = 3 - -##! Define custom gitlab-pages HTTP headers for the whole instance -# gitlab_pages['headers'] = [] - -##! Shared secret used for authentication between Pages and GitLab -# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long. - -##! Advanced settings for serving GitLab Pages from zip archives. -##! The recommended default values are set inside GitLab Pages. -##! Should be changed only if absolutely needed. - -##! The maximum time an archive will be cached in memory. -# gitlab_pages['zip_cache_expiration'] = "60s" -##! Zip archive cache cleaning interval. -# gitlab_pages['zip_cache_cleanup'] = "30s" -##! The interval to refresh a cache archive if accessed before expiring. -# gitlab_pages['zip_cache_refresh'] = "30s" -##! The maximum amount of time it takes to open a zip archive from the file system or object storage. -# gitlab_pages['zip_open_timeout'] = "30s" -##! Zip HTTP Client timeout -# gitlab_pages['zip_http_client_timeout'] = "30m" - -##! ReadTimeout is the maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout. -# gitlab_pages['server_read_timeout'] = "5s" -##! ReadHeaderTimeout is the amount of time allowed to read request headers. A zero or negative value means there will be no timeout. -# gitlab_pages['server_read_header_timeout'] = "1s" -##! WriteTimeout is the maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout. -# gitlab_pages['server_write_timeout'] = "5m" -##! KeepAlive specifies the keep-alive period for network connections accepted by this listener. If zero, keep-alives are enabled if supported by the protocol and operating system. If negative, keep-alives are disabled. -# gitlab_pages['server_keep_alive'] = "15s" - -##! Enable serving content from disk instead of Object Storage -# gitlab_pages['enable_disk'] = nil - -##! Rate-limiting options below work in report-only mode: -##! they only count rejected requests, but don't reject them -##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to -##! reject requests. - -##! Rate limits as described in https://docs.gitlab.com/ee/administration/pages/#rate-limits - -##! Rate limit HTTP requests per second from a single IP, 0 means is disabled -# gitlab_pages['rate_limit_source_ip'] = 50.0 -##! Rate limit HTTP requests from a single IP, maximum burst allowed per second -# gitlab_pages['rate_limit_source_ip_burst'] = 600 -##! Rate limit HTTP requests per second to a single domain, 0 means is disabled -# gitlab_pages['rate_limit_domain'] = 0 -##! Rate limit HTTP requests to a single domain, maximum burst allowed per second -# gitlab_pages['rate_limit_domain_burst'] = 10000 - -##! Rate limit new TLS connections per second from a single IP, 0 means is disabled -# gitlab_pages['rate_limit_tls_source_ip'] = 50.0 -##! Rate limit new TLS connections from a single IP, maximum burst allowed per second -# gitlab_pages['rate_limit_tls_source_ip_burst'] = 600 -##!Rate limit new TLS connections per second from to a single domain, 0 means is disabled -# gitlab_pages['rate_limit_tls_domain'] = 0 -##! Rate limit new TLS connections to a single domain, maximum burst allowed per second -# gitlab_pages['rate_limit_tls_domain_burst'] = 10000 - -# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env" -# gitlab_pages['env'] = { -# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/" -# } - -################################################################################ -## GitLab Pages NGINX -################################################################################ - -# All the settings defined in the "GitLab Nginx" section are also available in -# this "GitLab Pages NGINX" section, using the key `pages_nginx`. However, -# those settings should be explicitly set. That is, settings given as -# `nginx['some_setting']` WILL NOT be automatically replicated as -# `pages_nginx['some_setting']` and should be set separately. - -# Below you can find settings that are exclusive to "GitLab Pages NGINX" -# pages_nginx['enable'] = true - -# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages" - -################################################################################ -## GitLab CI -##! Docs: https://docs.gitlab.com/ee/ci/quick_start/README.html -################################################################################ - -# gitlab_ci['gitlab_ci_all_broken_builds'] = true -# gitlab_ci['gitlab_ci_add_pusher'] = true -# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds' - -################################################################################ -## GitLab Kubernetes Agent Server -##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md -################################################################################ - -##! Settings used by the GitLab application -# gitlab_rails['gitlab_kas_enabled'] = true -# gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.example.com/-/kubernetes-agent/' -# gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153' -# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.example.com/-/kubernetes-agent/' - -##! Enable GitLab KAS -# gitlab_kas['enable'] = true - -##! Agent configuration for GitLab KAS -# gitlab_kas['agent_configuration_poll_period'] = 20 -# gitlab_kas['agent_gitops_poll_period'] = 20 -# gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300 -# gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60 -# gitlab_kas['agent_info_cache_ttl'] = 300 -# gitlab_kas['agent_info_cache_error_ttl'] = 60 - -##! Shared secret used for authentication between KAS and GitLab -# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long. - -##! Shared secret used for authentication between different KAS instances in a multi-node setup -# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long. - -##! Listen configuration for GitLab KAS -# gitlab_kas['listen_address'] = 'localhost:8150' -# gitlab_kas['listen_network'] = 'tcp' -# gitlab_kas['listen_websocket'] = true -# gitlab_kas['certificate_file'] = "/path/to/certificate.pem" -# gitlab_kas['key_file'] = "/path/to/key.pem" -# gitlab_kas['internal_api_listen_network'] = 'tcp' -# gitlab_kas['internal_api_listen_address'] = 'localhost:8153' -# gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem" -# gitlab_kas['internal_api_key_file'] = "/path/to/key.pem" -# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154' -# gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem" -# gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem" -# gitlab_kas['private_api_listen_network'] = 'tcp' -# gitlab_kas['private_api_listen_address'] = 'localhost:8155' -# gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem" -# gitlab_kas['private_api_key_file'] = "/path/to/key.pem" - -##! Metrics configuration for GitLab KAS -# gitlab_kas['metrics_usage_reporting_period'] = 60 - -##! Log configuration for GitLab KAS -# gitlab_kas['log_level'] = 'info' - -##! Environment variables for GitLab KAS -# gitlab_kas['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/", -# # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity -# 'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155' -# } - -##! Error Reporting and Logging with Sentry -# gitlab_kas['sentry_dsn'] = 'https://@sentry.io/' -# gitlab_kas['sentry_environment'] = 'production' - -##! Directories for GitLab KAS -# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas' -# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas' -# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env' - -################################################################################ -## GitLab Mattermost -##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost -################################################################################ - -# mattermost_external_url 'http://mattermost.example.com' - -# mattermost['enable'] = false -# mattermost['username'] = 'mattermost' -# mattermost['group'] = 'mattermost' -# mattermost['uid'] = nil -# mattermost['gid'] = nil -# mattermost['home'] = '/var/opt/gitlab/mattermost' -# mattermost['database_name'] = 'mattermost_production' -# mattermost['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } -# mattermost['service_address'] = "127.0.0.1" -# mattermost['service_port'] = "8065" -# mattermost['service_site_url'] = nil -# mattermost['service_allowed_untrusted_internal_connections'] = "" -# mattermost['service_enable_api_team_deletion'] = true -# mattermost['team_site_name'] = "GitLab Mattermost" -# mattermost['sql_driver_name'] = 'mysql' -# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8" -# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/' -# mattermost['gitlab_enable'] = false -# mattermost['gitlab_id'] = "12345656" -# mattermost['gitlab_secret'] = "123456789" -# mattermost['gitlab_scope'] = "" -# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize" -# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token" -# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user" -# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data" -# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins" -# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins" - -################################################################################ -## Mattermost NGINX -################################################################################ - -# All the settings defined in the "GitLab Nginx" section are also available in -# this "Mattermost NGINX" section, using the key `mattermost_nginx`. However, -# those settings should be explicitly set. That is, settings given as -# `nginx['some_setting']` WILL NOT be automatically replicated as -# `mattermost_nginx['some_setting']` and should be set separately. - -# Below you can find settings that are exclusive to "Mattermost NGINX" -# mattermost_nginx['enable'] = false - -# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n" -# mattermost_nginx['proxy_set_headers'] = { -# "Host" => "$http_host", -# "X-Real-IP" => "$remote_addr", -# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", -# "X-Frame-Options" => "SAMEORIGIN", -# "X-Forwarded-Proto" => "https", -# "X-Forwarded-Ssl" => "on", -# "Upgrade" => "$http_upgrade", -# "Connection" => "$connection_upgrade" -# } - - -################################################################################ -## Registry NGINX -################################################################################ - -# All the settings defined in the "GitLab Nginx" section are also available in -# this "Registry NGINX" section, using the key `registry_nginx`. However, those -# settings should be explicitly set. That is, settings given as -# `nginx['some_setting']` WILL NOT be automatically replicated as -# `registry_nginx['some_setting']` and should be set separately. - -# Below you can find settings that are exclusive to "Registry NGINX" -# registry_nginx['enable'] = false - -# registry_nginx['proxy_set_headers'] = { -# "Host" => "$http_host", -# "X-Real-IP" => "$remote_addr", -# "X-Forwarded-For" => "$proxy_add_x_forwarded_for", -# "X-Forwarded-Proto" => "https", -# "X-Forwarded-Ssl" => "on" -# } - -# When the registry is automatically enabled using the same domain as `external_url`, -# it listens on this port -# registry_nginx['listen_port'] = 5050 - -################################################################################ -## Prometheus -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/ -################################################################################ - -###! **To enable only Monitoring service in this machine, uncomment -###! the line below.** -###! Docs: https://docs.gitlab.com/ee/administration/high_availability -# monitoring_role['enable'] = true - -# prometheus['enable'] = true -# prometheus['monitor_kubernetes'] = true -# prometheus['username'] = 'gitlab-prometheus' -# prometheus['group'] = 'gitlab-prometheus' -# prometheus['uid'] = nil -# prometheus['gid'] = nil -# prometheus['shell'] = '/bin/sh' -# prometheus['home'] = '/var/opt/gitlab/prometheus' -# prometheus['log_directory'] = '/var/log/gitlab/prometheus' -# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules'] -# prometheus['scrape_interval'] = 15 -# prometheus['scrape_timeout'] = 15 -# prometheus['external_labels'] = { } -# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env' -# prometheus['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } -# -### Custom scrape configs -# -# Prometheus can scrape additional jobs via scrape_configs. The default automatically -# includes all of the exporters supported by the omnibus config. -# -# See: https://prometheus.io/docs/operating/configuration/# -# -# Example: -# -# prometheus['scrape_configs'] = [ -# { -# 'job_name': 'example', -# 'static_configs' => [ -# 'targets' => ['hostname:port'], -# ], -# }, -# ] -# -### Custom alertmanager config -# -# To configure external alertmanagers, create an alertmanager config. -# -# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config -# -# prometheus['alertmanagers'] = [ -# { -# 'static_configs' => [ -# { -# 'targets' => [ -# 'hostname:port' -# ] -# } -# ] -# } -# ] -# -### Custom Prometheus flags -# -# prometheus['flags'] = { -# 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data", -# 'storage.tsdb.retention.time' => "15d", -# 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml" -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# prometheus['listen_address'] = 'localhost:9090' -# - -##! Service name used to register Prometheus as a Consul service -# prometheus['consul_service_name'] = 'prometheus' -##! Semantic metadata used when registering Prometheus as a Consul service -# prometheus['consul_service_meta'] = {} - -################################################################################ -###! **Only needed if Prometheus and Rails are not on the same server.** -### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node. -### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server -### This value should be the address at which Prometheus is available to a GitLab Rails(Puma, Sidekiq) node. -################################################################################ -# gitlab_rails['prometheus_address'] = 'your.prom:9090' - -################################################################################ -## Prometheus Alertmanager -################################################################################ - -# alertmanager['enable'] = true -# alertmanager['home'] = '/var/opt/gitlab/alertmanager' -# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager' -# alertmanager['admin_email'] = 'admin@example.com' -# alertmanager['flags'] = { -# 'web.listen-address' => "localhost:9093", -# 'storage.path' => "/var/opt/gitlab/alertmanager/data", -# 'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml" -# } -# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env' -# alertmanager['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# alertmanager['listen_address'] = 'localhost:9093' -# alertmanager['global'] = {} - -################################################################################ -## Prometheus Node Exporter -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html -################################################################################ - -# node_exporter['enable'] = true -# node_exporter['home'] = '/var/opt/gitlab/node-exporter' -# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter' -# node_exporter['flags'] = { -# 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector" -# } -# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env' -# node_exporter['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# node_exporter['listen_address'] = 'localhost:9100' - -##! Service name used to register Node Exporter as a Consul service -# node_exporter['consul_service_name'] = 'node-exporter' -##! Semantic metadata used when registering Node Exporter as a Consul service -# node_exporter['consul_service_meta'] = {} - -################################################################################ -## Prometheus Redis exporter -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html -################################################################################ - -# redis_exporter['enable'] = true -# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter' -# redis_exporter['flags'] = { -# 'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket", -# } -# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env' -# redis_exporter['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } - -##! Advanced settings. Should be changed only if absolutely needed. -# redis_exporter['listen_address'] = 'localhost:9121' - -##! Service name used to register Redis Exporter as a Consul service -# redis_exporter['consul_service_name'] = 'redis-exporter' -##! Semantic metadata used when registering Redis Exporter as a Consul service -# redis_exporter['consul_service_meta'] = {} - -################################################################################ -## Prometheus Postgres exporter -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html -################################################################################ - -# postgres_exporter['enable'] = true -# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter' -# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter' -# postgres_exporter['flags'] = {} -# postgres_exporter['listen_address'] = 'localhost:9187' -# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env' -# postgres_exporter['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } -# postgres_exporter['sslmode'] = nil -# postgres_exporter['per_table_stats'] = false - -##! Service name used to register Postgres Exporter as a Consul service -# postgres_exporter['consul_service_name'] = 'postgres-exporter' -##! Semantic metadata used when registering Postgres Exporter as a Consul service -# postgres_exporter['consul_service_meta'] = {} - -################################################################################ -## Prometheus PgBouncer exporter (EE only) -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html -################################################################################ - -# pgbouncer_exporter['enable'] = false -# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter" -# pgbouncer_exporter['listen_address'] = 'localhost:9188' -# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env' -# pgbouncer_exporter['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } - -################################################################################ -## Prometheus Gitlab exporter -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html -################################################################################ - - -# gitlab_exporter['enable'] = true -# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter" -# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter" - -##! Advanced settings. Should be changed only if absolutely needed. -# gitlab_exporter['server_name'] = 'webrick' -# gitlab_exporter['listen_address'] = 'localhost' -# gitlab_exporter['listen_port'] = '9168' - -##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are -##! found. -# gitlab_exporter['probe_sidekiq'] = true -##! Service name used to register GitLab Exporter as a Consul service -# gitlab_exporter['consul_service_name'] = 'gitlab-exporter' -##! Semantic metadata used when registering GitLab Exporter as a Consul service -# gitlab_exporter['consul_service_meta'] = {} - -# To completely disable prometheus, and all of it's exporters, set to false -# prometheus_monitoring['enable'] = true - -################################################################################ -## Grafana Dashboards -##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source -################################################################################ - -# grafana['enable'] = true -# grafana['log_directory'] = '/var/log/gitlab/grafana' -# grafana['home'] = '/var/opt/gitlab/grafana' -# grafana['admin_password'] = 'admin' -# grafana['allow_user_sign_up'] = false -# grafana['basic_auth_enabled'] = false -# grafana['disable_login_form'] = true -# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID' -# grafana['gitlab_secret'] = 'GITLAB_SECRET' -# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env' -# grafana['allowed_groups'] = [] -# grafana['gitlab_auth_sign_up'] = true -# grafana['env'] = { -# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/" -# } -# grafana['metrics_enabled'] = false -# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil -# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil -# grafana['alerting_enabled'] = false - -### SMTP Configuration -# -# See: http://docs.grafana.org/administration/configuration/#smtp -# -# grafana['smtp'] = { -# 'enabled' => true, -# 'host' => 'localhost:25', -# 'user' => nil, -# 'password' => nil, -# 'cert_file' => nil, -# 'key_file' => nil, -# 'skip_verify' => false, -# 'from_address' => 'admin@grafana.localhost', -# 'from_name' => 'Grafana', -# 'ehlo_identity' => 'dashboard.example.com', -# 'startTLS_policy' => nil -# } - -# Grafana usage reporting defaults to gitlab_rails['usage_ping_enabled'] -# grafana['reporting_enabled'] = true - -### Dashboards -# -# See: http://docs.grafana.org/administration/provisioning/#dashboards -# -# NOTE: Setting this will override the default. -# -# grafana['dashboards'] = [ -# { -# 'name' => 'GitLab Omnibus', -# 'orgId' => 1, -# 'folder' => 'GitLab Omnibus', -# 'type' => 'file', -# 'disableDeletion' => true, -# 'updateIntervalSeconds' => 600, -# 'options' => { -# 'path' => '/opt/gitlab/embedded/service/grafana-dashboards', -# } -# } -# ] - -### Datasources -# -# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file -# -# NOTE: Setting this will override the default. -# -# grafana['datasources'] = [ -# { -# 'name' => 'GitLab Omnibus', -# 'type' => 'prometheus', -# 'access' => 'proxy', -# 'url' => 'http://localhost:9090' -# } -# ] - -##! Advanced settings. Should be changed only if absolutely needed. -# grafana['http_addr'] = 'localhost' -# grafana['http_port'] = 3000 - -################################################################################ -## Gitaly -##! Docs: -################################################################################ - -# The gitaly['enable'] option exists for the purpose of cluster -# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html . -# gitaly['enable'] = true -# gitaly['dir'] = "/var/opt/gitlab/gitaly" -# gitaly['log_directory'] = "/var/log/gitlab/gitaly" -# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly" -# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env" -# gitaly['env'] = { -# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin", -# 'HOME' => '/var/opt/gitlab', -# 'TZ' => ':/etc/localtime', -# 'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages", -# 'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current", -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/", -# 'WRAPPER_JSON_LOGGING' => true -# } - -# gitaly['runtime_dir'] = "/var/opt/gitlab/gitaly/run" -# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket" -# gitaly['listen_addr'] = "localhost:8075" -# gitaly['tls_listen_addr'] = "localhost:9075" -# gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem" -# gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem" -# gitaly['prometheus_listen_addr'] = "localhost:9236" -# gitaly['logging_level'] = "warn" -# gitaly['logging_format'] = "json" -# gitaly['logging_sentry_dsn'] = "https://:@sentry.io/" -# gitaly['logging_ruby_sentry_dsn'] = "https://:@sentry.io/" -# gitaly['logging_sentry_environment'] = "production" -# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]" -# gitaly['auth_token'] = '' -# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced -# gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests -# gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use -# gitaly['git_bin_path'] = "/opt/gitlab/embedded/bin/git" # A custom path for the 'git' executable -# gitaly['use_bundled_git'] = true # Whether to use bundled Git. -# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process -# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart -# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests -# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby -# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file -# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2. -# gitaly['concurrency'] = [ -# { -# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack", -# 'max_per_repo' => 20 -# }, { -# 'rpc' => "/gitaly.SSHService/SSHUploadPack", -# 'max_per_repo' => 5 -# } -# ] -# gitaly['rate_limiting'] = [ -# { -# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack", -# 'interval' => '1m', -# 'burst' => 10 -# }, { -# 'rpc' => "/gitaly.SSHService/SSHUploadPack", -# 'interval' => '1m', -# 'burst' => 5 -# } -# ] -# -# gitaly['daily_maintenance_start_hour'] = 22 -# gitaly['daily_maintenance_start_minute'] = 30 -# gitaly['daily_maintenance_duration'] = '30m' -# gitaly['daily_maintenance_storages'] = ["default"] -# gitaly['daily_maintenance_disabled'] = false -# gitaly['cgroups_count'] = 10 -# gitaly['cgroups_mountpoint'] = '/sys/fs/cgroup' -# gitaly['cgroups_hierarchy_root'] = 'gitaly' -# gitaly['cgroups_memory_enabled'] = true -# gitaly['cgroups_memory_limit'] = 1048576 -# gitaly['cgroups_cpu_enabled'] = true -# gitaly['cgroups_cpu_shares'] = 512 -# gitaly['pack_objects_cache_enabled'] = true -# gitaly['pack_objects_cache_dir'] = '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache' -# gitaly['pack_objects_cache_max_age'] = '5m' -# gitaly['custom_hooks_dir'] = "/var/opt/gitlab/gitaly/custom_hooks" - -##! Service name used to register Gitaly as a Consul service -# gitaly['consul_service_name'] = 'gitaly' -##! Semantic metadata used when registering Gitaly as a Consul service -# gitaly['consul_service_meta'] = {} - -################################################################################ -## Praefect -##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md -################################################################################ - -# praefect['enable'] = false -# praefect['dir'] = "/var/opt/gitlab/praefect" -# praefect['log_directory'] = "/var/log/gitlab/praefect" -# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env" -# praefect['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/", -# 'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid", -# 'WRAPPER_JSON_LOGGING' => true -# } -# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper" -# praefect['failover_enabled'] = true -# praefect['auth_token'] = "" -# praefect['auth_transitioning'] = false -# praefect['listen_addr'] = "localhost:2305" -# praefect['tls_listen_addr'] = "localhost:3305" -# praefect['certificate_path'] = "/var/opt/gitlab/prafect/certificate.pem" -# praefect['key_path'] = "/var/opt/gitlab/prafect/key.pem" -# praefect['prometheus_listen_addr'] = "localhost:9652" -# praefect['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]" -# praefect['separate_database_metrics'] = true -# praefect['logging_level'] = "warn" -# praefect['logging_format'] = "json" -# praefect['virtual_storages'] = { -# 'default' => { -# 'default_replication_factor' => 3, -# 'nodes' => { -# 'praefect-internal-0' => { -# 'address' => 'tcp://10.23.56.78:8075', -# 'token' => 'abc123' -# }, -# 'praefect-internal-1' => { -# 'address' => 'tcp://10.76.23.31:8075', -# 'token' => 'xyz456' -# } -# } -# }, -# 'alternative' => { -# 'nodes' => { -# 'praefect-internal-2' => { -# 'address' => 'tcp://10.34.1.16:8075', -# 'token' => 'abc321' -# }, -# 'praefect-internal-3' => { -# 'address' => 'tcp://10.23.18.6:8075', -# 'token' => 'xyz890' -# } -# } -# } -# } -# praefect['sentry_dsn'] = "https://:@sentry.io/" -# praefect['sentry_environment'] = "production" -# praefect['auto_migrate'] = true -# praefect['database_host'] = 'postgres.external' -# praefect['database_port'] = 6432 -# praefect['database_user'] = 'praefect' -# praefect['database_password'] = 'secret' -# praefect['database_dbname'] = 'praefect_production' -# praefect['database_sslmode'] = 'disable' -# praefect['database_sslcert'] = '/path/to/client-cert' -# praefect['database_sslkey'] = '/path/to/client-key' -# praefect['database_sslrootcert'] = '/path/to/rootcert' -# praefect['reconciliation_scheduling_interval'] = '5m' -# praefect['reconciliation_histogram_buckets'] = '[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0]' -# praefect['database_direct_host'] = 'postgres.internal' -# praefect['database_direct_port'] = 5432 -# praefect['database_direct_user'] = 'praefect' -# praefect['database_direct_password'] = 'secret' -# praefect['database_direct_dbname'] = 'praefect_production_direct' -# praefect['database_direct_sslmode'] = 'disable' -# praefect['database_direct_sslcert'] = '/path/to/client-cert' -# praefect['database_direct_sslkey'] = '/path/to/client-key' -# praefect['database_direct_sslrootcert'] = '/path/to/rootcert' - -##! Service name used to register Praefect as a Consul service -# praefect['consul_service_name'] = 'praefect' -##! Semantic metadata used when registering Praefect as a Consul service -# praefect['consul_service_meta'] = {} - -################################################################################ -# Storage check -################################################################################ -# storage_check['enable'] = false -# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket' -# storage_check['log_directory'] = '/var/log/gitlab/storage-check' - -################################################################################ -# Let's Encrypt integration -################################################################################ -# letsencrypt['enable'] = nil -# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts -# letsencrypt['group'] = 'root' -# letsencrypt['key_size'] = 2048 -# letsencrypt['owner'] = 'root' -# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www' -# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings -# letsencrypt['auto_renew'] = true -# letsencrypt['auto_renew_hour'] = 0 -# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified. -# letsencrypt['auto_renew_day_of_month'] = "*/4" -# letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt' - -##! Turn off automatic init system detection. To skip init detection in -##! non-docker containers. Recommended not to change. -# package['detect_init'] = true - -##! Attempt to modify kernel paramaters. To skip this in containers where the -##! relevant file system is read-only, set the value to false. -# package['modify_kernel_parameters'] = true - -##! Specify maximum number of tasks that can be created by the systemd unit -##! Will be populated as TasksMax value to the unit file if user is on a systemd -##! version that supports it (>= 227). Will be a no-op if user is not on systemd. -# package['systemd_tasks_max'] = 4915 - -##! Settings to configure order of GitLab's systemd unit. -##! Note: We do not recommend changing these values unless absolutely necessary -# package['systemd_after'] = 'multi-user.target' -# package['systemd_wanted_by'] = 'multi-user.target' -################################################################################ -################################################################################ -## Configuration Settings for GitLab EE only ## -################################################################################ -################################################################################ - - -################################################################################ -## Auxiliary cron jobs applicable to GitLab EE only -################################################################################ -# -# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *" -# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *" -# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *" -# gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0" -# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *" -# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *" -# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *" -# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *" -# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *" -# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *" -# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *" -# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *" -# gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0" - -################################################################################ -## Kerberos (EE Only) -##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access -################################################################################ - -# gitlab_rails['kerberos_enabled'] = true -# gitlab_rails['kerberos_keytab'] = /etc/http.keytab -# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM -# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com'] -# gitlab_rails['kerberos_use_dedicated_port'] = true -# gitlab_rails['kerberos_port'] = 8443 -# gitlab_rails['kerberos_https'] = true - -################################################################################ -## Package repository -##! Docs: https://docs.gitlab.com/ee/administration/packages/ -################################################################################ - -# gitlab_rails['packages_enabled'] = true -# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages" -# gitlab_rails['packages_object_store_enabled'] = false -# gitlab_rails['packages_object_store_direct_upload'] = false -# gitlab_rails['packages_object_store_background_upload'] = true -# gitlab_rails['packages_object_store_proxy_download'] = false -# gitlab_rails['packages_object_store_remote_directory'] = "packages" -# gitlab_rails['packages_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'host' => 's3.amazonaws.com', -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -################################################################################ -## Dependency proxy -##! Docs: https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html -################################################################################ - -# gitlab_rails['dependency_proxy_enabled'] = true -# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy" -# gitlab_rails['dependency_proxy_object_store_enabled'] = false -# gitlab_rails['dependency_proxy_object_store_direct_upload'] = false -# gitlab_rails['dependency_proxy_object_store_background_upload'] = true -# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false -# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy" -# gitlab_rails['dependency_proxy_object_store_connection'] = { -# 'provider' => 'AWS', -# 'region' => 'eu-west-1', -# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID', -# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY', -# # # The below options configure an S3 compatible host instead of AWS -# # 'host' => 's3.amazonaws.com', -# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4. -# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces -# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' -# } - -################################################################################ -## GitLab Sentinel (EE Only) -##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel -################################################################################ - -##! **Make sure you configured all redis['master_*'] keys above before -##! continuing.** - -##! To enable Sentinel and disable all other services in this machine, -##! uncomment the line below (if you've enabled Redis role, it will keep it). -##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html -# redis_sentinel_role['enable'] = true - -# sentinel['enable'] = true - -##! Bind to all interfaces, uncomment to specify an IP and bind to a single one -# sentinel['bind'] = '0.0.0.0' - -##! Uncomment to change default port -# sentinel['port'] = 26379 - -#### Support to run sentinels in a Docker or NAT environment -#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues -# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel -# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis -# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present -# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present - -##! Quorum must reflect the amount of voting sentinels it take to start a -##! failover. -##! **Value must NOT be greater then the amount of sentinels.** -##! The quorum can be used to tune Sentinel in two ways: -##! 1. If a the quorum is set to a value smaller than the majority of Sentinels -##! we deploy, we are basically making Sentinel more sensible to master -##! failures, triggering a failover as soon as even just a minority of -##! Sentinels is no longer able to talk with the master. -##! 2. If a quorum is set to a value greater than the majority of Sentinels, we -##! are making Sentinel able to failover only when there are a very large -##! number (larger than majority) of well connected Sentinels which agree -##! about the master being down. -# sentinel['quorum'] = 1 - -### Consider unresponsive server down after x amount of ms. -# sentinel['down_after_milliseconds'] = 10000 - -### Specifies the failover timeout in milliseconds. -##! It is used in many ways: -##! -##! - The time needed to re-start a failover after a previous failover was -##! already tried against the same master by a given Sentinel, is two -##! times the failover timeout. -##! -##! - The time needed for a replica replicating to a wrong master according -##! to a Sentinel current configuration, to be forced to replicate -##! with the right master, is exactly the failover timeout (counting since -##! the moment a Sentinel detected the misconfiguration). -##! -##! - The time needed to cancel a failover that is already in progress but -##! did not produced any configuration change (REPLICAOF NO ONE yet not -##! acknowledged by the promoted replica). -##! -##! - The maximum time a failover in progress waits for all the replicas to be -##! reconfigured as replicas of the new master. However even after this time -##! the replicas will be reconfigured by the Sentinels anyway, but not with -##! the exact parallel-syncs progression as specified. -# sentinel['failover_timeout'] = 60000 - -### Sentinel TLS settings -###! To run Sentinel over TLS, specify values for the following settings -# sentinel['tls_port'] = nil -# sentinel['tls_cert_file'] = nil -# sentinel['tls_key_file'] = nil - -###! Other TLS related optional settings -# sentinel['tls_dh_params_file'] = nil -# sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/' -# sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem' -# sentinel['tls_auth_clients'] = 'optional' -# sentinel['tls_replication'] = nil -# sentinel['tls_cluster'] = nil -# sentinel['tls_protocols'] = nil -# sentinel['tls_ciphers'] = nil -# sentinel['tls_ciphersuites'] = nil -# sentinel['tls_prefer_server_ciphers'] = nil -# sentinel['tls_session_caching'] = nil -# sentinel['tls_session_cache_size'] = nil -# sentinel['tls_session_cache_timeout'] = nil - -### Sentinel hostname support -###! When enabled, Redis will leverage hostname support -###! Generally this does not need to be changed as we determine this based on -###! the provided input from `redis['announce_ip']` -###! * This is configured to `true` when a fully qualified hostname is provided -###! * This is configured to `false` when an IP address is provided -# sentinel['use_hostnames'] = - -################################################################################ -## Additional Database Settings (EE only) -##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html -################################################################################ -# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] } - -################################################################################ -## GitLab Geo -##! Docs: https://docs.gitlab.com/ee/gitlab-geo -################################################################################ -##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with -##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/README.html#roles. - -# This is an optional identifier which Geo nodes can use to identify themselves. -# For example, if external_url is the same for two secondaries, you must specify -# a unique Geo node name for those secondaries. -# -# If it is blank, it defaults to external_url. -# gitlab_rails['geo_node_name'] = nil - -# gitlab_rails['geo_registry_replication_enabled'] = true -# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050' - - -################################################################################ -## GitLab Geo Secondary (EE only) -################################################################################ -# geo_secondary['auto_migrate'] = true -# geo_secondary['db_adapter'] = "postgresql" -# geo_secondary['db_encoding'] = "unicode" -# geo_secondary['db_collation'] = nil -# geo_secondary['db_database'] = "gitlabhq_geo_production" -# geo_secondary['db_username'] = "gitlab_geo" -# geo_secondary['db_password'] = nil -# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql" -# geo_secondary['db_port'] = 5431 -# geo_secondary['db_socket'] = nil -# geo_secondary['db_sslmode'] = nil -# geo_secondary['db_sslcompression'] = 0 -# geo_secondary['db_sslrootcert'] = nil -# geo_secondary['db_sslca'] = nil -# geo_secondary['db_prepared_statements'] = false -# geo_secondary['db_database_tasks'] = true - -################################################################################ -## GitLab Geo Secondary Tracking Database (EE only) -################################################################################ - -# geo_postgresql['enable'] = false -# geo_postgresql['ha'] = false -# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql' -# geo_postgresql['pgbouncer_user'] = nil -# geo_postgresql['pgbouncer_user_password'] = nil -##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab` -# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH' -# geo_postgresql['log_directory'] = '/var/log/gitlab/geo-postgresql' - -################################################################################ -## GitLab Geo Log Cursor Daemon (EE only) -################################################################################ - -# geo_logcursor['log_directory'] = '/var/log/gitlab/geo-logcursor' - -################################################################################ -## Unleash -##! These settings are for GitLab internal use. -##! They are used to control feature flags during GitLab development. -##! Docs: https://docs.gitlab.com/ee/development/feature_flags -################################################################################ -# gitlab_rails['feature_flags_unleash_enabled'] = false -# gitlab_rails['feature_flags_unleash_url'] = nil -# gitlab_rails['feature_flags_unleash_app_name'] = nil -# gitlab_rails['feature_flags_unleash_instance_id'] = nil - -################################################################################ -# Pgbouncer (EE only) -# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only) -# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details -################################################################################ -# pgbouncer['enable'] = false -# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer' -# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer' -# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env' -# pgbouncer['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } -# pgbouncer['listen_addr'] = '0.0.0.0' -# pgbouncer['listen_port'] = '6432' -# pgbouncer['pool_mode'] = 'transaction' -# pgbouncer['server_reset_query'] = 'DISCARD ALL' -# pgbouncer['application_name_add_host'] = '1' -# pgbouncer['max_client_conn'] = '2048' -# pgbouncer['default_pool_size'] = '100' -# pgbouncer['min_pool_size'] = '0' -# pgbouncer['reserve_pool_size'] = '5' -# pgbouncer['reserve_pool_timeout'] = '5.0' -# pgbouncer['server_round_robin'] = '0' -# pgbouncer['log_connections'] = '0' -# pgbouncer['server_idle_timeout'] = '30' -# pgbouncer['dns_max_ttl'] = '15.0' -# pgbouncer['dns_zone_check_period'] = '0' -# pgbouncer['dns_nxdomain_ttl'] = '15.0' -# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer) -# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer) -# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits' -# pgbouncer['databases'] = { -# DATABASE_NAME: { -# host: HOSTNAME, -# port: PORT -# user: USERNAME, -# password: PASSWORD -###! generate this with `echo -n '$password + $username' | md5sum` -# } -# ... -# } -# pgbouncer['logfile'] = nil -# pgbouncer['unix_socket_dir'] = nil -# pgbouncer['unix_socket_mode'] = '0777' -# pgbouncer['unix_socket_group'] = nil -# pgbouncer['auth_type'] = 'md5' -# pgbouncer['auth_hba_file'] = nil -# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)' -# pgbouncer['users'] = { -# { -# name: USERNAME, -# password: MD5_PASSWORD_HASH -# } -# } -# postgresql['pgbouncer_user'] = nil -# postgresql['pgbouncer_user_password'] = nil -# pgbouncer['server_reset_query_always'] = 0 -# pgbouncer['server_check_query'] = 'select 1' -# pgbouncer['server_check_delay'] = 30 -# pgbouncer['max_db_connections'] = nil -# pgbouncer['max_user_connections'] = nil -# pgbouncer['syslog'] = 0 -# pgbouncer['syslog_facility'] = 'daemon' -# pgbouncer['syslog_ident'] = 'pgbouncer' -# pgbouncer['log_disconnections'] = 1 -# pgbouncer['log_pooler_errors'] = 1 -# pgbouncer['stats_period'] = 60 -# pgbouncer['verbose'] = 0 -# pgbouncer['server_lifetime'] = 3600 -# pgbouncer['server_connect_timeout'] = 15 -# pgbouncer['server_login_retry'] = 15 -# pgbouncer['query_timeout'] = 0 -# pgbouncer['query_wait_timeout'] = 120 -# pgbouncer['client_idle_timeout'] = 0 -# pgbouncer['client_login_timeout'] = 60 -# pgbouncer['autodb_idle_timeout'] = 3600 -# pgbouncer['suspend_timeout'] = 10 -# pgbouncer['idle_transaction_timeout'] = 0 -# pgbouncer['pkt_buf'] = 4096 -# pgbouncer['listen_backlog'] = 128 -# pgbouncer['sbuf_loopcnt'] = 5 -# pgbouncer['max_packet_size'] = 2147483647 -# pgbouncer['tcp_defer_accept'] = 0 -# pgbouncer['tcp_socket_buffer'] = 0 -# pgbouncer['tcp_keepalive'] = 1 -# pgbouncer['tcp_keepcnt'] = 0 -# pgbouncer['tcp_keepidle'] = 0 -# pgbouncer['tcp_keepintvl'] = 0 -# pgbouncer['disable_pqexec'] = 0 - -## Pgbouncer client TLS options -# pgbouncer['client_tls_sslmode'] = 'disable' -# pgbouncer['client_tls_ca_file'] = nil -# pgbouncer['client_tls_key_file'] = nil -# pgbouncer['client_tls_cert_file'] = nil -# pgbouncer['client_tls_protocols'] = 'all' -# pgbouncer['client_tls_dheparams'] = 'auto' -# pgbouncer['client_tls_ecdhcurve'] = 'auto' -# -## Pgbouncer server TLS options -# pgbouncer['server_tls_sslmode'] = 'disable' -# pgbouncer['server_tls_ca_file'] = nil -# pgbouncer['server_tls_key_file'] = nil -# pgbouncer['server_tls_cert_file'] = nil -# pgbouncer['server_tls_protocols'] = 'all' -# pgbouncer['server_tls_ciphers'] = 'fast' - -################################################################################ -# Patroni (EE only) -################################################################################ -# patroni['enable'] = false - -# patroni['dir'] = '/var/opt/gitlab/patroni' -# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl' - -## Patroni dynamic configuration settings -# patroni['loop_wait'] = 10 -# patroni['ttl'] = 30 -# patroni['retry_timeout'] = 10 -# patroni['maximum_lag_on_failover'] = 1_048_576 -# patroni['max_timelines_history'] = 0 -# patroni['master_start_timeout'] = 300 -# patroni['use_pg_rewind'] = true -# patroni['remove_data_directory_on_rewind_failure'] = false -# patroni['remove_data_directory_on_diverged_timelines'] = false -# patroni['use_slots'] = true -# patroni['replication_password'] = nil -# patroni['replication_slots'] = {} -# patroni['callbacks'] = {} -# patroni['recovery_conf'] = {} -# patroni['tags'] = {} - -## Standby cluster replication settings -# patroni['standby_cluster']['enable'] = false -# patroni['standby_cluster']['host'] = nil -# patroni['standby_cluster']['port'] = 5432 -# patroni['standby_cluster']['primary_slot_name'] = nil - -## Global/Universal settings -# patroni['scope'] = 'gitlab-postgresql-ha' -# patroni['name'] = nil - -## Log settings -# patroni['log_directory'] = '/var/log/gitlab/patroni' -# patroni['log_level'] = 'INFO' - -## Consul specific settings -# patroni['consul']['url'] = 'http://127.0.0.1:8500' -# patroni['consul']['service_check_interval'] = '10s' -# patroni['consul']['register_service'] = true -# patroni['consul']['checks'] = [] - -## PostgreSQL configuration override -# patroni['postgresql']['hot_standby'] = 'on' - -## The following must hold the same values on all nodes. -## Leave unassined to use PostgreSQL's default values. -# patroni['postgresql']['wal_level'] = 'replica' -# patroni['postgresql']['wal_log_hints'] = 'on' -# patroni['postgresql']['max_worker_processes'] = 8 -# patroni['postgresql']['max_locks_per_transaction'] = 64 -# patroni['postgresql']['max_connections'] = 200 -# patroni['postgresql']['checkpoint_timeout'] = 30 - -## The following can hold different values on all nodes. -## Leave unassined to use PostgreSQL's default values. -# patroni['postgresql']['wal_keep_segments'] = 8 -# patroni['postgresql']['max_wal_senders'] = 5 -# patroni['postgresql']['max_replication_slots'] = 5 - -## Permanent replication slots for Streaming Replication -# patroni['replication_slots'] = { -# 'geo_secondary' => { 'type' => 'physical' } -# } - -## The address and port that Patroni API binds to and listens on. -# patroni['listen_address'] = nil -# patroni['port'] = '8008' - -## The address of the Patroni node that is advertized to other cluster -## members to communicate with its API and PostgreSQL. If it is not specified, -## it tries to use the first available private IP and falls back to the default -## network interface. -# patroni['connect_address'] = nil - -## The port that Patroni API responds to other cluster members. This port is -## advertized and by default is the same as patroni['port']. -# patroni['connect_port'] = '8008' - -## Specifies the set of hosts that are allowed to call unsafe REST API endpoints. -## Each item can be an hostname, IP address, or CIDR address. -## All hosts are allowed if this is unset. -# patroni['allowlist'] = [] -# patroni['allowlist_include_members'] = false - -## The username and password to use for basic auth on write commands to the -## Patroni API. If not specified then the API does not use basic auth. -# patroni['username'] = nil -# patroni['password'] = nil - -## TLS configuration for Patroni API. Both certificate and key files are -## required to enable TLS. If not specified then the API uses plain HTTP. -# patroni['tls_certificate_file'] = nil -# patroni['tls_key_file'] = nil -# patroni['tls_key_password'] = nil -# patroni['tls_ca_file'] = nil -# patroni['tls_ciphers'] = nil -# patroni['tls_client_mode'] = nil -# patroni['tls_client_certificate_file'] = nil -# patroni['tls_client_key_file'] = nil -# patroni['tls_verify'] = true - -################################################################################ -# Consul (EEP only) -################################################################################ -# consul['enable'] = false -# consul['dir'] = '/var/opt/gitlab/consul' -# consul['username'] = 'gitlab-consul' -# consul['group'] = 'gitlab-consul' -# consul['config_file'] = '/var/opt/gitlab/consul/config.json' -# consul['config_dir'] = '/var/opt/gitlab/consul/config.d' -# consul['data_dir'] = '/var/opt/gitlab/consul/data' -# consul['log_directory'] = '/var/log/gitlab/consul' -# consul['env_directory'] = '/opt/gitlab/etc/consul/env' -# consul['env'] = { -# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/" -# } -# consul['monitoring_service_discovery'] = false -# consul['node_name'] = nil -# consul['script_directory'] = '/var/opt/gitlab/consul/scripts' -# consul['configuration'] = { -# 'client_addr' => nil, -# 'datacenter' => 'gitlab_consul', -# 'enable_script_checks' => true, -# 'server' => false -# } -# consul['services'] = [] -# consul['service_config'] = { -# 'postgresql' => { -# 'service' => { -# 'name' => "postgresql", -# 'address' => '', -# 'port' => 5432, -# 'checks' => [ -# { -# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql", -# 'interval' => "10s" -# } -# ] -# } -# } -# } -# consul['watchers'] = { -# 'postgresql' => { -# enable: false, -# handler: 'failover_pgbouncer' -# } -# } -# -# consul['custom_config_dir'] = '/path/to/service/configs/directory' -# - -#### HTTP API ports -# consul['http_port'] = nil -# consul['https_port'] = nil - -#### Gossip encryption -# consul['encryption_key'] = nil -# consul['encryption_verify_incoming'] = nil -# consul['encryption_verify_outgoing'] = nil - -#### TLS settings -# consul['use_tls'] = false -# consul['tls_ca_file'] = nil -# consul['tls_certificate_file'] = nil -# consul['tls_key_file'] = nil -# consul['tls_verify_client'] = nil - -################################################################################ -# Service desk email settings -################################################################################ -### Service desk email -###! Allow users to create new service desk issues by sending an email to -###! service desk address. -###! Docs: https://docs.gitlab.com/ee/user/project/service_desk.html -# gitlab_rails['service_desk_email_enabled'] = false - -#### Service Desk Mailbox Settings (via `mail_room`) -#### Service Desk Email Address -####! The email address including the `%{key}` placeholder that will be replaced -####! to reference the item being replied to. -####! **The placeholder can be omitted but if present, it must appear in the -####! "user" part of the address (before the `@`).** -# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com" - -#### Service Desk Email account username -####! **With third party providers, this is usually the full email address.** -####! **With self-hosted email servers, this is usually the user part of the -####! email address.** -# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com" - -#### Service Desk Email account password -# gitlab_rails['service_desk_email_password'] = "[REDACTED]" - -####! The mailbox where service desk mail will end up. Usually "inbox". -# gitlab_rails['service_desk_email_mailbox_name'] = "inbox" -####! The IDLE command timeout. -# gitlab_rails['service_desk_email_idle_timeout'] = 60 -####! The file name for internal `mail_room` JSON logfile -# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log" - -#### Service Desk IMAP Settings -# gitlab_rails['service_desk_email_host'] = "imap.gmail.com" -# gitlab_rails['service_desk_email_port'] = 993 -# gitlab_rails['service_desk_email_ssl'] = true -# gitlab_rails['service_desk_email_start_tls'] = false - -#### Inbox options (for Microsoft Graph) -# gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph' -# gitlab_rails['service_desk_email_inbox_options'] = { -# 'tenant_id': 'YOUR-TENANT-ID', -# 'client_id': 'YOUR-CLIENT-ID', -# 'client_secret': 'YOUR-CLIENT-SECRET', -# 'poll_interval': 60 # Optional -# } - -#### How service desk emails are delivered to Rails process. Accept either -#### sidekiq or webhook. The default config is sidekiq. -# gitlab_rails['service_desk_email_delivery_method'] = "sidekiq" - -#### Token to authenticate webhook requests. The token must be exactly 32 bytes, -#### encoded with base64 -# gitlab_rails['service_desk_email_auth_token'] = nil - -################################################################################ -## Spamcheck (EE only) -################################################################################# - -# spamcheck['enable'] = false -# spamcheck['dir'] = '/var/opt/gitlab/spamcheck' -# spamcheck['port'] = 8001 -# spamcheck['external_port'] = nil -# spamcheck['monitoring_address'] = ':8003' -# spamcheck['log_level'] = 'info' -# spamcheck['log_format'] = 'json' -# spamcheck['log_output'] = 'stdout' -# spamcheck['monitor_mode'] = false -# spamcheck['allowlist'] = {} -# spamcheck['denylist'] = {} -# spamcheck['log_directory'] = "/var/log/gitlab/spamcheck" -# spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env" -# spamcheck['env'] = { -# 'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/cers' -# } -# spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier" diff -r 2039e29599cd -r dae557236fff etc/gitlab/gitlab.yml --- a/etc/gitlab/gitlab.yml Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1692 +0,0 @@ -# # # # # # # # # # # # # # # # # # -# GitLab application config file # -# # # # # # # # # # # # # # # # # # -# -########################### NOTE ##################################### -# This file should not receive new settings. All configuration options # -# * are being moved to ApplicationSetting model! # -# If a setting requires an application restart say so in that screen. # -# If you change this file in a merge request, please also create # -# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests. # -# For more details see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md # -# Be sure to create a MR against the GDK configuration # -# file (https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/support/templates/gitlab/config/gitlab.yml.erb) too. # -######################################################################## -# -# -# How to use: -# 1. Copy file as gitlab.yml -# 2. Update gitlab -> host with your fully qualified domain name -# 3. Update gitlab -> email_from -# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git -# IMPORTANT: If Git was installed in a different location use that instead. -# You can check with `which git`. If a wrong path of Git is specified, it will -# result in various issues such as failures of GitLab CI builds. -# 5. Review this configuration file for other settings you may want to adjust - -production: &base - # - # 1. GitLab app settings - # ========================== - - ## GitLab settings - gitlab: - ## Web server settings (note: host is the FQDN, do not include http://) - host: localhost - port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details - https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details - - # Uncomment this line if you want to configure the Rails asset host for a CDN. - # cdn_host: localhost - - # The maximum time Puma can spend on the request. This needs to be smaller than the worker timeout. - # Default is 95% of the worker timeout - max_request_duration_seconds: 57 - - # Uncomment this line below if your ssh host is different from HTTP/HTTPS one - # (you'd obviously need to replace ssh.host_example.com with your own host). - # Otherwise, ssh host will be set to the `host:` value above - # ssh_host: ssh.host_example.com - - # Relative URL support - # WARNING: We recommend using an FQDN to host GitLab in a root path instead - # of using a relative URL. - # Documentation: http://doc.gitlab.com/ce/install/relative_url.html - # Uncomment and customize the following line to run in a non-root path - # - # relative_url_root: /gitlab - - # Content Security Policy - # See https://guides.rubyonrails.org/security.html#content-security-policy - content_security_policy: - enabled: true - report_only: false - directives: - base_uri: - child_src: - connect_src: "'self' http://localhost:* ws://localhost:* wss://localhost:*" - default_src: "'self'" - font_src: - form_action: - frame_ancestors: "'self'" - frame_src: "'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com" - img_src: "* data: blob:" - manifest_src: - media_src: - object_src: "'none'" - script_src: "'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com" - style_src: "'self' 'unsafe-inline'" - worker_src: "'self' blob:" - report_uri: - - allowed_hosts: [] - - # Trusted Proxies - # Customize if you have GitLab behind a reverse proxy which is running on a different machine. - # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address. - trusted_proxies: - # Examples: - #- 192.168.1.0/24 - #- 192.168.2.1 - #- 2001:0db8::/32 - - # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') - # user: git - - ## Date & Time settings - # Uncomment and customize if you want to change the default time zone of GitLab application. - # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production` - # time_zone: 'UTC' - - ## Email settings - # Uncomment and set to false if you need to disable email sending from GitLab (default: true) - # email_enabled: true - # Email address used in the "From" field in mails sent by GitLab - email_from: example@example.com - email_display_name: GitLab - email_reply_to: noreply@example.com - email_subject_suffix: '' - email_smime: - # Uncomment and set to true if you need to enable email S/MIME signing (default: false) - # enabled: false - # S/MIME private key file in PEM format, unencrypted - # Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app). - # key_file: /home/git/gitlab/.gitlab_smime_key - # S/MIME public certificate key in PEM format, will be attached to signed messages - # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app). - # cert_file: /home/git/gitlab/.gitlab_smime_cert - # S/MIME extra CA public certificates in PEM format, will be attached to signed messages - # Optional - # ca_certs_file: /home/git/gitlab/.gitlab_smime_ca_certs - - # Email server smtp settings are in config/initializers/smtp_settings.rb.sample - # File location to read encrypted SMTP secrets from - # email_smtp_secret_file: /mnt/gitlab/smtp.yaml.enc # Default: shared/encrypted_settings/smtp.yaml.enc - - # default_can_create_group: false # default: true - # username_changing_enabled: false # default: true - User can change their username/namespace - ## Default theme ID - ## 1 - Indigo - ## 2 - Gray - ## 3 - Light Gray - ## 4 - Blue - ## 5 - Green - ## 6 - Light Indigo - ## 7 - Light Blue - ## 8 - Light Green - ## 9 - Red - ## 10 - Light Red - ## 11 - Dark Mode (alpha) - # default_theme: 1 # default: 1 - - ## Automatic issue closing - # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. - # This happens when the commit is pushed or merged into the default branch of a project. - # When not specified the default issue_closing_pattern as specified below will be used. - # Tip: you can test your closing pattern at http://rubular.com. - # issue_closing_pattern: '\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' - - ## Default project features settings - default_projects_features: - issues: true - merge_requests: true - wiki: true - snippets: true - builds: true - container_registry: true - - ## Webhook settings - # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) - # webhook_timeout: 10 - - ### GraphQL Settings - # Tells the rails application how long it has to complete a GraphQL request. - # We suggest this value to be higher than the database timeout value - # and lower than the worker timeout set in Puma. (default: 30) - # graphql_timeout: 30 - - ## Repository downloads directory - # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. - # The default is 'shared/cache/archive/' relative to the root of the Rails app. - # repository_downloads_path: shared/cache/archive/ - - ## Impersonation settings - impersonation_enabled: true - - ## Disable jQuery and CSS animations - # disable_animations: true - - ## Application settings cache expiry in seconds (default: 60) - # application_settings_cache_seconds: 60 - - ## Print initial root password to stdout during initialization (default: false) - # WARNING: setting this to true means that the root password will be printed in - # plaintext. This can be a security risk. - # display_initial_root_password: false - - # Allows delivery of emails using Microsoft Graph API with OAuth 2.0 client credentials flow. - microsoft_graph_mailer: - enabled: false - # The unique identifier for the user. To use Microsoft Graph on behalf of the user. - # user_id: "YOUR-USER-ID" - # The directory tenant the application plans to operate against, in GUID or domain-name format. - # tenant: "YOUR-TENANT-ID" - # The application ID that's assigned to your app. You can find this information in the portal where you registered your app. - # client_id: "YOUR-CLIENT-ID" - # The client secret that you generated for your app in the app registration portal. - # client_secret: "YOUR-CLIENT-SECRET-ID" - # Defaults to "https://login.microsoftonline.com". - # azure_ad_endpoint: - # Defaults to "https://graph.microsoft.com". - # graph_endpoint: - - ## Reply by email - # Allow users to comment on issues and merge requests by replying to notification emails. - # For documentation on how to set this up, see https://docs.gitlab.com/ee/administration/reply_by_email.html - incoming_email: - enabled: false - - # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to. - # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`). - # Please be aware that a placeholder is required for the Service Desk feature to work. - address: "gitlab-incoming+%{key}@gmail.com" - - # Email account username - # With third party providers, this is usually the full email address. - # With self-hosted email servers, this is usually the user part of the email address. - user: "gitlab-incoming@gmail.com" - # Email account password - password: "[REDACTED]" - - # IMAP server host - host: "imap.gmail.com" - # IMAP server port - port: 993 - # Whether the IMAP server uses SSL - ssl: true - # Whether the IMAP server uses StartTLS - start_tls: false - - # The mailbox where incoming mail will end up. Usually "inbox". - mailbox: "inbox" - # The IDLE command timeout. - idle_timeout: 60 - # The log file path for the structured log file. - # Since `mail_room` is run independently of Rails, an absolute path is preferred. - # The default is 'log/mail_room_json.log' relative to the root of the Rails app. - # - # log_path: log/mail_room_json.log - - # If you are using Microsoft Graph instead of IMAP, set this to false to retain - # messages in the inbox since deleted messages are auto-expunged after some time. - delete_after_delivery: true - - # Whether to expunge (permanently remove) messages from the mailbox when they are marked as deleted after delivery - # Only applies to IMAP. Microsoft Graph will auto-expunge any deleted messages. - expunge_deleted: false - - # For Microsoft Graph support - # inbox_method: microsoft_graph - # inbox_options: - # tenant_id: "YOUR-TENANT-ID" - # client_id: "YOUR-CLIENT-ID" - # client_secret: "YOUR-CLIENT-SECRET" - - # How mailroom delivers email content to Rails. There are two methods at the moment: - # - sidekiq: mailroom pushes the email content to Sidekiq directly. This job - # is then picked up by Sidekiq. - # - webhook: mailroom triggers a HTTP POST request to Rails web server. The - # content is embedded into the request body. - # Default is sidekiq. - # delivery_method: sidekiq - - # When the delivery method is webhook, those configs tell the url that - # mailroom can contact to. Note that the combined url must not end with "/". - # At the moment, the webhook delivery method doesn't support HTTP/HTTPs via - # UNIX socket. - # gitlab_url: "http://gitlab.example" - - # When the delivery method is webhook, this config is the file that - # contains the shared secret key for verifying access for mailroom's - # incoming_email. - # Default is '.gitlab_mailroom_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /home/git/gitlab/.gitlab_mailroom_secret - - # File location to read encrypted incoming email secrets from - # encrypted_secret_file: /mnt/gitlab/smtp.yaml.enc - # Default: shared/encrypted_settings/incoming_email.yaml.enc - - ## Consolidated object store config - ## This will only take effect if the object_store sections are not defined - ## within the types (e.g. artifacts, lfs, etc.). - # object_store: - # enabled: false - # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - # connection: - # provider: AWS # Only AWS supported at the moment - # aws_access_key_id: AWS_ACCESS_KEY_ID - # aws_secret_access_key: AWS_SECRET_ACCESS_KEY - # region: us-east-1 - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces - # storage_options: - # server_side_encryption: AES256 # AES256, aws:kms - # server_side_encryption_kms_key_id: # Amazon Resource Name. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html - # objects: - # artifacts: - # bucket: artifacts - # external_diffs: - # bucket: external-diffs - # lfs: - # bucket: lfs-objects - # uploads: - # bucket: uploads - # packages: - # bucket: packages - # dependency_proxy: - # bucket: dependency_proxy - - ## Build Artifacts - artifacts: - enabled: true - # The location where build artifacts are stored (default: shared/artifacts). - # path: shared/artifacts - # object_store: - # enabled: false - # remote_directory: artifacts # The bucket name - # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - # connection: - # provider: AWS # Only AWS supported at the moment - # aws_access_key_id: AWS_ACCESS_KEY_ID - # aws_secret_access_key: AWS_SECRET_ACCESS_KEY - # region: us-east-1 - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces - - ## Merge request external diff storage - external_diffs: - # If disabled (the default), the diffs are in-database. Otherwise, they can - # be stored on disk, or in object storage - enabled: false - # The location where external diffs are stored (default: shared/lfs-external-diffs). - # storage_path: shared/external-diffs - # object_store: - # enabled: false - # remote_directory: external-diffs - # proxy_download: false - # connection: - # provider: AWS - # aws_access_key_id: AWS_ACCESS_KEY_ID - # aws_secret_access_key: AWS_SECRET_ACCESS_KEY - # region: us-east-1 - - ## Git LFS - lfs: - enabled: true - # The location where LFS objects are stored (default: shared/lfs-objects). - # storage_path: shared/lfs-objects - object_store: - enabled: false - remote_directory: lfs-objects # Bucket name - # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - # Use the following options to configure an AWS compatible host - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' - - ## Uploads (attachments, avatars, etc...) - uploads: - # The location where uploads objects are stored (default: public/). - # storage_path: public/ - # base_dir: uploads/-/system - object_store: - enabled: false - remote_directory: uploads # Bucket name - # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - region: us-east-1 - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' - - ## Packages (maven repository, npm registry, etc...) - packages: - enabled: true - dpkg_deb_path: /usr/bin/dpkg-deb - # The location where build packages are stored (default: shared/packages). - # storage_path: shared/packages - object_store: - enabled: false - remote_directory: packages # The bucket name - # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' - - ## Dependency Proxy - dependency_proxy: - enabled: true - # The location where build packages are stored (default: shared/dependency_proxy). - # storage_path: shared/dependency_proxy - object_store: - enabled: false - remote_directory: dependency_proxy # The bucket name - # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' - - ## Terraform state - terraform_state: - enabled: true - # The location where Terraform state files are stored (default: shared/terraform_state). - # storage_path: shared/terraform_state - object_store: - enabled: false - remote_directory: terraform # The bucket name - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' - - ## CI Secure Files - ci_secure_files: - enabled: true - # storage_path: shared/ci_secure_files - object_store: - enabled: false - remote_directory: ci-secure-files # The bucket name - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - # host: 'localhost' # default: s3.amazonaws.com - # endpoint: 'http://127.0.0.1:9000' # default: nil - # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4. - # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object' - - ## GitLab Pages - pages: - enabled: false - access_control: false - # The location where pages are stored (default: shared/pages). - # path: shared/pages - - # The domain under which the pages are served: - # http://group.example.com/project - # or project path can be a group page: group.example.com - host: example.com - port: 80 # Set to 443 if you serve the pages with HTTPS - https: false # Set to true if you serve the pages with HTTPS - artifacts_server: true # Set to false if you want to disable online view of HTML artifacts - # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages - # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages - - # File that contains the shared secret key for verifying access for gitlab-pages. - # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /home/git/gitlab/.gitlab_pages_secret - object_store: - enabled: false - remote_directory: pages # The bucket name - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - local_store: - enabled: true - # The location where pages are stored (default: shared/pages). - # path: shared/pages - - ## Mattermost - ## For enabling Add to Mattermost button - mattermost: - enabled: false - host: 'https://mattermost.example.com' - - ## Jira connect - ## To switch to a Jira connect development environment - jira_connect: - # atlassian_js_url: 'http://localhost:9292/atlassian.js' - # enforce_jira_base_url_https: false - # additional_iframe_ancestors: ['localhost:*'] - - ## Gravatar - ## If using gravatar.com, there's nothing to change here. For Libravatar - ## you'll need to provide the custom URLs. For more information, - ## see: https://docs.gitlab.com/ee/administration/libravatar.html - gravatar: - # Gravatar/Libravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username} - # plain_url: "http://..." # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon - # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon - - ## Sidekiq - sidekiq: - log_format: json # (text is the original format) - # An array of tuples indicating the rules for re-routing a worker to a - # desirable queue before scheduling. For example: - # routing_rules: - # - ["resource_boundary=cpu", "cpu_boundary"] - # - ["feature_category=pages", null] - # - ["*", "default"] - - ## Auxiliary jobs - # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc. - # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job - cron_jobs: - # Interval, in seconds, for each Sidekiq process to check for scheduled cron jobs that need to be enqueued. If not - # set, the interval scales dynamically with the number of Sidekiq processes. If set to 0, disable polling for cron - # jobs entirely. - # poll_interval: 30 - - # Flag stuck CI jobs as failed - stuck_ci_jobs_worker: - cron: "0 * * * *" - # Execute scheduled triggers - pipeline_schedule_worker: - cron: "3-59/10 * * * *" - # Remove expired build artifacts - expire_build_artifacts_worker: - cron: "*/7 * * * *" - # Remove expired pipeline artifacts - ci_pipelines_expire_artifacts_worker: - cron: "*/23 * * * *" - # Remove files from object storage - ci_schedule_delete_objects_worker: - cron: "*/16 * * * *" - # Stop expired environments - environments_auto_stop_cron_worker: - cron: "24 * * * *" - # Delete stopped environments - environments_auto_delete_cron_worker: - cron: "34 * * * *" - # Periodically run 'git fsck' on all repositories. If started more than - # once per hour you will have concurrent 'git fsck' jobs. - repository_check_worker: - cron: "20 * * * *" - # Archive live traces which have not been archived yet - ci_archive_traces_cron_worker: - cron: "17 * * * *" - # Send admin emails once a week - admin_email_worker: - cron: "0 0 * * 0" - # Send emails for personal tokens which are about to expire - personal_access_tokens_expiring_worker: - cron: "0 1 * * *" - - # Remove outdated repository archives - repository_archive_cache_worker: - cron: "0 * * * *" - - # Verify custom GitLab Pages domains - pages_domain_verification_cron_worker: - cron: "*/15 * * * *" - - # Periodically migrate diffs from the database to external storage - schedule_migrate_external_diffs_worker: - cron: "15 * * * *" - - # Update CI Platform Metrics daily - ci_platform_metrics_update_cron_worker: - cron: "47 9 * * *" - - # Periodically update ci_runner_versions table with up-to-date versions and status. - ci_runner_versions_reconciliation_worker: - cron: "@daily" - - # Periodically clean up stale runner machines. - ci_runners_stale_machines_cleanup_worker: - cron: "36 * * * *" - - # GitLab EE only jobs. These jobs are automatically enabled for an EE - # installation, and ignored for a CE installation. - ee_cron_jobs: - # Schedule snapshots for all devops adoption segments - analytics_devops_adoption_create_all_snapshots_worker: - cron: 0 0 1 * * - - # Snapshot active users statistics - historical_data_worker: - cron: "0 12 * * *" - - # In addition to refreshing users when they log in, - # periodically refresh LDAP users membership. - # NOTE: This will only take effect if LDAP is enabled - ldap_sync_worker: - cron: "30 1 * * *" - - # Periodically refresh LDAP groups membership. - # NOTE: This will only take effect if LDAP is enabled - ldap_group_sync_worker: - cron: "0 * * * *" - - # GitLab Geo metrics update worker - # NOTE: This will only take effect if Geo is enabled - geo_metrics_update_worker: - cron: "*/1 * * * *" - - # GitLab Geo prune event log worker - # NOTE: This will only take effect if Geo is enabled (primary node only) - geo_prune_event_log_worker: - cron: "*/5 * * * *" - - # GitLab Geo repository sync worker - # NOTE: This will only take effect if Geo is enabled (secondary nodes only) - geo_repository_sync_worker: - cron: "*/1 * * * *" - - # GitLab Geo registry backfill worker - # NOTE: This will only take effect if Geo is enabled (secondary nodes only) - geo_secondary_registry_consistency_worker: - cron: "* * * * *" - - # GitLab Geo blob registry sync worker (for backfilling) - # NOTE: This will only take effect if Geo is enabled (secondary nodes only) - geo_registry_sync_worker: - cron: "*/1 * * * *" - - # GitLab Geo repository registry sync worker (for backfilling) - # NOTE: This will only take effect if Geo is enabled (secondary nodes only) - geo_repository_registry_sync_worker: - cron: "*/1 * * * *" - - # Elasticsearch bulk updater for incremental updates. - # NOTE: This will only take effect if elasticsearch is enabled. - elastic_index_bulk_cron_worker: - cron: "*/1 * * * *" - - # Elasticsearch bulk updater for initial updates. - # NOTE: This will only take effect if elasticsearch is enabled. - elastic_index_initial_bulk_cron_worker: - cron: "*/1 * * * *" - - # Elasticsearch reindexing worker - # NOTE: This will only take effect if elasticsearch is enabled. - elastic_index_initial_bulk_cron_worker: - cron: "*/10 * * * *" - - # Periodically prune stale runners from namespaces having opted-in. - ci_runners_stale_group_runners_prune_worker_cron: - cron: "30 * * * *" - - # Periodically queue syncing of finished builds from p_ci_finished_build_ch_sync_events to ClickHouse - click_house_ci_finished_builds_sync_worker: - cron: "*/3 * * * *" - - registry: - # enabled: true - # host: registry.example.com - # port: 5005 - # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API - # key: config/registry.key - # path: shared/registry - # issuer: gitlab-issuer - # notification_secret: '' # only set it when you use Geo replication feature without built-in Registry - - # Add notification settings if you plan to use Geo Replication for the registry - # notifications: - # - name: geo_event - # url: https://example.com/api/v4/container_registry_event/events - # timeout: 2s - # threshold: 5 - # backoff: 1s - # headers: - # Authorization: secret_phrase - - ## Error Reporting and Logging with Sentry - sentry: - # enabled: false - # dsn: https://@sentry.io/ - # clientside_dsn: https://@sentry.io/ - # environment: 'production' # e.g. development, staging, production - - ## Geo - # NOTE: These settings will only take effect if Geo is enabled - geo: - # This is an optional identifier which Geo nodes can use to identify themselves. - # For example, if external_url is the same for two secondaries, you must specify - # a unique Geo node name for those secondaries. - # - # If it is blank, it defaults to external_url. - node_name: '' - - registry_replication: - # enabled: true - # primary_api_url: http://localhost:5000/ # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API - - ## Feature Flag https://docs.gitlab.com/ee/operations/feature_flags.html - feature_flags: - unleash: - # enabled: false - # url: https://gitlab.com/api/v4/feature_flags/unleash/ - # app_name: gitlab.com # Environment name of your GitLab instance - # instance_id: INSTANCE_ID - - # - # 2. GitLab CI settings - # ========================== - - gitlab_ci: - # Default project notifications settings: - - # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root - # builds_path: builds/ - - # - # 3. Auth settings - # ========================== - - ## LDAP settings - # You can test connections and inspect a sample of the LDAP users with login - # access by running: - # bundle exec rake gitlab:ldap:check RAILS_ENV=production - ldap: - enabled: false - prevent_ldap_sign_in: false - - # File location to read encrypted secrets from - # secret_file: /mnt/gitlab/ldap.yaml.enc # Default: shared/encrypted_settings/ldap.yaml.enc - - # This setting controls the number of seconds between LDAP permission checks - # for each user. After this time has expired for a given user, their next - # interaction with GitLab (a click in the web UI, a git pull, etc.) will be - # slower because the LDAP permission check is being performed. How much - # slower depends on your LDAP setup, but it is not uncommon for this check - # to add seconds of waiting time. The default value is to have a "slow - # click" once every 3600 seconds (i.e., once per hour). - # - # Warning: if you set this value too low, every click in GitLab will be a - # "slow click" for all of your LDAP users. - # sync_time: 3600 - - servers: - ########################################################################## - # - # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab - # Enterprise Edition now supports connecting to multiple LDAP servers. - # - # If you are updating from the old (pre-7.4) syntax, you MUST give your - # old server the ID 'main'. - # - ########################################################################## - main: # 'main' is the GitLab 'provider ID' of this LDAP server - ## label - # - # A human-friendly name for your LDAP server. It is OK to change the label later, - # for instance if you find out it is too large to fit on the web page. - # - # Example: 'Paris' or 'Acme, Ltd.' - label: 'LDAP' - - # Example: 'ldap.mydomain.com' - host: '_your_ldap_server' - # This port is an example, it is sometimes different but it is always an integer and not a string - port: 389 # usually 636 for SSL - uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid. - - # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com' - bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' - password: '_the_password_of_the_bind_user' - - # Encryption method. The "method" key is deprecated in favor of - # "encryption". - # - # Examples: "start_tls" or "simple_tls" or "plain" - # - # Deprecated values: "tls" was replaced with "start_tls" and "ssl" was - # replaced with "simple_tls". - # - encryption: 'plain' - - # Enables SSL certificate verification if encryption method is - # "start_tls" or "simple_tls". Defaults to true. - verify_certificates: true - - # OpenSSL::SSL::SSLContext options. - tls_options: - # Specifies the path to a file containing a PEM-format CA certificate, - # e.g. if you need to use an internal CA. - # - # Example: '/etc/ca.pem' - # - ca_file: '' - - # Specifies the SSL version for OpenSSL to use, if the OpenSSL default - # is not appropriate. - # - # Example: 'TLSv1_1' - # - ssl_version: '' - - # Specific SSL ciphers to use in communication with LDAP servers. - # - # Example: 'ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2' - ciphers: '' - - # Client certificate - # - # Example: - # cert: | - # -----BEGIN CERTIFICATE----- - # MIIDbDCCAlSgAwIBAgIGAWkJxLmKMA0GCSqGSIb3DQEBCwUAMHcxFDASBgNVBAoTC0dvb2dsZSBJ - # bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQDEwtMREFQIENsaWVudDEPMA0GA1UE - # CxMGR1N1aXRlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xOTAyMjAwNzE4 - # rntnF4d+0dd7zP3jrWkbdtoqjLDT/5D7NYRmVCD5vizV98FJ5//PIHbD1gL3a9b2MPAc6k7NV8tl - # ... - # 4SbuJPAiJxC1LQ0t39dR6oMCAMab3hXQqhL56LrR6cRBp6Mtlphv7alu9xb/x51y2x+g2zWtsf80 - # Jrv/vKMsIh/sAyuogb7hqMtp55ecnKxceg== - # -----END CERTIFICATE ----- - cert: '' - - # Client private key - # key: | - # -----BEGIN PRIVATE KEY----- - # MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3DmJtLRmJGY4xU1QtI3yjvxO6 - # bNuyE4z1NF6Xn7VSbcAaQtavWQ6GZi5uukMo+W5DHVtEkgDwh92ySZMuJdJogFbNvJvHAayheCdN - # 7mCQ2UUT9jGXIbmksUn9QMeJVXTZjgJWJzPXToeUdinx9G7+lpVa62UATEd1gaI3oyL72WmpDy/C - # rntnF4d+0dd7zP3jrWkbdtoqjLDT/5D7NYRmVCD5vizV98FJ5//PIHbD1gL3a9b2MPAc6k7NV8tl - # ... - # +9IhSYX+XIg7BZOVDeYqlPfxRvQh8vy3qjt/KUihmEPioAjLaGiihs1Fk5ctLk9A2hIUyP+sEQv9 - # l6RG+a/mW+0rCWn8JAd464Ps9hE= - # -----END PRIVATE KEY----- - key: '' - - # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking - # a request if the LDAP server becomes unresponsive. - # A value of 0 means there is no timeout. - timeout: 10 - - # Enable smartcard authentication against the LDAP server. Valid values - # are "false", "optional", and "required". - smartcard_auth: false - - # This setting specifies if LDAP server is Active Directory LDAP server. - # For non AD servers it skips the AD specific queries. - # If your LDAP server is not AD, set this to false. - active_directory: true - - # If allow_username_or_email_login is enabled, GitLab will ignore everything - # after the first '@' in the LDAP username submitted by the user on login. - # - # Example: - # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials; - # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'. - # - # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to - # disable this setting, because the userPrincipalName contains an '@'. - allow_username_or_email_login: false - - # To maintain tight control over the number of active users on your GitLab installation, - # enable this setting to keep new users blocked until they have been cleared by the admin - # (default: false). - block_auto_created_users: false - - # Base where we can search for users - # - # Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com' - # - base: '' - - # Filter LDAP users - # - # Format: RFC 4515 https://www.rfc-editor.org/rfc/rfc4515 - # Ex. (employeeType=developer) - # - # Note: GitLab does not support omniauth-ldap's custom filter syntax. - # - # Example for getting only specific users: - # '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))' - # - user_filter: '' - - # Base where we can search for groups - # - # Ex. ou=Groups,dc=gitlab,dc=example - # - group_base: '' - - # LDAP group of users who should be admins in GitLab - # - # Ex. GLAdmins - # - admin_group: '' - - # LDAP group of users who should be marked as external users in GitLab - # - # Ex. ['Contractors', 'Interns'] - # - external_groups: [] - - # Name of attribute which holds a ssh public key of the user object. - # If false or nil, SSH key syncronisation will be disabled. - # - # Ex. sshpublickey - # - sync_ssh_keys: false - - # Retry ldap search connection if got empty results with specified response code(s) - # - # Ex. [80] - # retry_empty_result_with_codes: [] - - # LDAP attributes that GitLab will use to create an account for the LDAP user. - # The specified attribute can either be the attribute name as a string (e.g. 'mail'), - # or an array of attribute names to try in order (e.g. ['mail', 'email']). - # Note that the user's LDAP login will always be the attribute specified as `uid` above. - attributes: - # The username will be used in paths for the user's own projects - # (like `gitlab.example.com/username/project`) and when mentioning - # them in issues, merge request and comments (like `@username`). - # If the attribute specified for `username` contains an email address, - # the GitLab username will be the part of the email address before the '@'. - username: ['uid', 'userid', 'sAMAccountName'] - email: ['mail', 'email', 'userPrincipalName'] - - # If no full name could be found at the attribute specified for `name`, - # the full name is determined using the attributes specified for - # `first_name` and `last_name`. - name: 'cn' - first_name: 'givenName' - last_name: 'sn' - - # If lowercase_usernames is enabled, GitLab will lower case the username. - lowercase_usernames: false - - # GitLab EE only: add more LDAP servers - # Choose an ID made of a-z and 0-9 . This ID will be stored in the database - # so that GitLab can remember which LDAP server a user belongs to. - # uswest2: - # label: - # host: - # .... - - ## Smartcard authentication settings - smartcard: - # Allow smartcard authentication - enabled: false - - # Path to a file containing a CA certificate bundle - ca_file: '/etc/ssl/certs/CA.pem' - - # Host and port where the client side certificate is requested by the - # webserver (NGINX/Apache) - # client_certificate_required_host: smartcard.gitlab.example.com - # client_certificate_required_port: 3444 - - # Browser session with smartcard sign-in is required for Git access - # required_for_git_access: false - - # Use X.509 SAN extensions certificates to identify GitLab users - # Add a subjectAltName to your certificates like: email:user - # san_extensions: true - - ## Kerberos settings - kerberos: - # Allow the HTTP Negotiate authentication method for Git clients - enabled: false - - # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user, - # and should be different from other keytabs in the system. - # (default: use default keytab from Krb5 config) - # keytab: /etc/http.keytab - - # The Kerberos service name to be used by GitLab. - # (default: accept any service name in keytab file) - # service_principal_name: HTTP/gitlab.example.com@EXAMPLE.COM - - # Kerberos realms/domains that are allowed to automatically link LDAP identities. - # By default, GitLab accepts a realm that matches the domain derived from the - # LDAP `base` DN. For example, `ou=users,dc=example,dc=com` would allow users - # with a realm matching `example.com`. - # simple_ldap_linking_allowed_realms: ['example.com','kerberos.example.com'] - - # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails. - # To support both Basic and Negotiate methods with older versions of Git, configure - # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines - # to dedicate this port to Kerberos authentication. (default: false) - # use_dedicated_port: true - # port: 8443 - # https: true - - ## OmniAuth settings - omniauth: - # Allow login via Twitter, Google, etc. using OmniAuth providers - # enabled: true - - # Uncomment this to automatically sign in with a specific omniauth provider's without - # showing GitLab's sign-in page (default: show the GitLab sign-in page) - # auto_sign_in_with_provider: saml - - # Sync user's profile from the specified Omniauth providers every time the user logs in (default: empty). - # Define the allowed providers using an array, e.g. ["saml", "twitter"], - # or as true/false to allow all providers or none. - # When authenticating using LDAP, the user's email is always synced. - # sync_profile_from_provider: [] - - # Select which info to sync from the providers above. (default: email). - # Define the synced profile info using an array. Available options are "name", "email" and "location" - # e.g. ["name", "email", "location"] or as true to sync all available. - # This consequently will make the selected attributes read-only. - # sync_profile_attributes: true - - # CAUTION! - # This allows users to login without having a user account first. Define the allowed providers - # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none. - # User accounts will be created automatically when authentication was successful. - allow_single_sign_on: ["saml"] - - # Locks down those users until they have been cleared by the admin (default: true). - block_auto_created_users: true - # Look up new users in LDAP servers. If a match is found (same uid), automatically - # link the omniauth identity with the LDAP account. (default: false) - auto_link_ldap_user: false - - # Allow users with existing accounts to login and auto link their account via SAML - # login, without having to do a manual login first and manually add SAML - # (default: false) - auto_link_saml_user: false - - # CAUTION! - # Allows larger SAML messages to be received. Numeric value in bytes (default: 250000) - # Too high limits exposes instance to decompression DDoS attack type. - saml_message_max_byte_size: 250000 - - # Allow users with existing accounts to sign in and auto link their account via OmniAuth - # login, without having to do a manual login first and manually add OmniAuth. Links on email. - # Define the allowed providers using an array, e.g. ["saml", "twitter"], or as true/false to - # allow all providers or none. - # (default: false) - auto_link_user: ["saml", "twitter"] - - # Set different Omniauth providers as external so that all users creating accounts - # via these providers will not be able to have access to internal projects. You - # will need to use the full name of the provider, like `google_oauth2` for Google. - # Refer to the examples below for the full names of the supported providers. - # (default: []) - external_providers: [] - - # CAUTION! - # This allows users to login with the specified providers without two factor. Define the allowed providers - # using an array, e.g. ["twitter", 'google_oauth2'], or as true/false to allow all providers or none. - # This option should only be configured for providers which already have two factor. - # This configration dose not apply to SAML. - # (default: false) - allow_bypass_two_factor: ["twitter", 'google_oauth2'] - - ## Auth providers - # Uncomment the following lines and fill in the data of the auth provider you want to use - # If your favorite auth provider is not listed you can use others: - # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations - # The 'app_id' and 'app_secret' parameters are always passed as the first two - # arguments, followed by optional 'args' which can be either a hash or an array. - # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html - providers: - # - { name: 'alicloud', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET' } - # - { name: 'github', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET', - # url: "https://github.com/", - # verify_ssl: true, - # args: { scope: 'user:email' } } - # - { name: 'bitbucket', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET' } - # - { name: 'dingtalk', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET' } - # - { name: 'gitlab', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET', - # args: { scope: 'api' } } - # - { name: 'google_oauth2', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET', - # args: { access_type: 'offline', approval_prompt: '' } } - # - { name: 'facebook', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET' } - # - { name: 'twitter', - # app_id: 'YOUR_APP_ID', - # app_secret: 'YOUR_APP_SECRET' } - # - { name: 'jwt', - # args: { - # secret: 'YOUR_APP_SECRET', - # algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512' - # uid_claim: 'email', - # required_claims: ['name', 'email'], - # info_map: { name: 'name', email: 'email' }, - # auth_url: 'https://example.com/', - # valid_within: 3600 # 1 hour - # } - # } - # - { name: 'saml', - # label: 'Our SAML Provider', - # groups_attribute: 'Groups', - # external_groups: ['Contractors', 'Freelancers'], - # args: { - # assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', - # idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', - # idp_sso_target_url: 'https://login.example.com/idp', - # issuer: 'https://gitlab.example.com', - # name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' - # } } - # - # - { name: 'group_saml' } - # - # - { name: 'crowd', - # args: { - # crowd_server_url: 'CROWD SERVER URL', - # application_name: 'YOUR_APP_NAME', - # application_password: 'YOUR_APP_PASSWORD' } } - # - # - { name: 'auth0', - # args: { - # client_id: 'YOUR_AUTH0_CLIENT_ID', - # client_secret: 'YOUR_AUTH0_CLIENT_SECRET', - # namespace: 'YOUR_AUTH0_DOMAIN' } } - - # FortiAuthenticator settings - forti_authenticator: - # Allow using FortiAuthenticator as OTP provider - enabled: false - - # Host and port of FortiAuthenticator instance - # host: forti_authenticator.example.com - # port: 443 - - # Username for accessing FortiAuthenticator API - # username: john - - # Access token for FortiAuthenticator API - # access_token: 123s3cr3t456 - - # FortiToken Cloud settings - forti_token_cloud: - # Allow using FortiToken Cloud as OTP provider - enabled: false - - # Client ID and Secret to access FortiToken Cloud API - # client_id: 'YOUR_FORTI_TOKEN_CLOUD_CLIENT_ID' - # client_secret: 'YOUR_FORTI_TOKEN_CLOUD_CLIENT_SECRET' - - # Duo Auth settings - duo_auth: - # Allow using Duo as an OTP provider - enabled: false - - # Client ID and Secret to access Duo's API - # integration_key: 'YOUR_DUO_INTEGRATION_KEY' - # secret_key: 'YOUR_DUO_SECRET_KEY' - # hostname: 'YOUR_DUO_API_FQDN' - - # Shared file storage settings - shared: - # path: /mnt/gitlab # Default: shared - - # Encrypted Settings configuration - encrypted_settings: - # path: /mnt/gitlab/encrypted_settings # Default: shared/encrypted_settings - - # Gitaly settings - gitaly: - # Default Gitaly authentication token. Can be overridden per storage. Can - # be left blank when Gitaly is running locally on a Unix socket, which - # is the normal way to deploy Gitaly. - token: - - # - # 4. Advanced settings - # ========================== - - ## Repositories settings - repositories: - # Paths where repositories can be stored. Give the canonicalized absolute pathname. - # IMPORTANT: None of the path components may be symlink, because - # gitlab-shell invokes Dir.pwd inside the repository path and that results - # real path not the symlink. - storages: # You must have at least a `default` storage path. - default: - path: /home/git/repositories/ - gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). - # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage. - hgitaly_address: unix:/home/git/gitlab/tmp/sockets/private/hgitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are *not* at this point (tracking issue is hgitaly#3) - - ## Backup settings - backup: - path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) - # gitaly_backup_path: /home/git/gitaly/_build/bin/gitaly-backup # Path of the gitaly-backup binary (default: searches $PATH) - # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600) - # keep_time: 604800 # default: 0 (forever) (in seconds) - # pg_schema: public # default: nil, it means that all schemas will be backed up - # upload: - # # Fog storage connection settings, see https://fog.io/storage/ . - # connection: - # provider: AWS - # region: eu-west-1 - # aws_access_key_id: AKIAKIAKI - # aws_secret_access_key: 'secret123' - # # The remote 'directory' to store your backups. For S3, this would be the bucket name. - # remote_directory: 'my.s3.bucket' - # # Use multipart uploads when file size reaches 100MB, see - # # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html - # multipart_chunk_size: 104857600 - # # Specifies Amazon S3 storage class to use for backups (optional) - # # storage_class: 'STANDARD' - # # Turns on AWS Server-Side Encryption with Amazon Customer-Provided Encryption Keys for backups, this is optional - # # 'encryption' must be set in order for this to have any effect. - # # 'encryption_key' should be set to the 256-bit encryption key for Amazon S3 to use to encrypt or decrypt your data. - # # encryption: 'AES256' - # # encryption_key: '' - # # - # # Turns on AWS Server-Side Encryption with Amazon S3-Managed keys (optional) - # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html - # # For SSE-S3, set 'server_side_encryption' to 'AES256'. - # # For SS3-KMS, set 'server_side_encryption' to 'aws:kms'. Set - # # 'server_side_encryption_kms_key_id' to the ARN of customer master key. - # # storage_options: - # # server_side_encryption: 'aws:kms' - # # server_side_encryption_kms_key_id: 'arn:aws:kms:YOUR-KEY-ID-HERE' - - ## GitLab Shell settings - gitlab_shell: - path: /home/git/gitlab-shell/ - authorized_keys_file: /home/git/.ssh/authorized_keys - - # File that contains the secret key for verifying access for gitlab-shell. - # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /home/git/gitlab/.gitlab_shell_secret - - # Git over HTTP - upload_pack: true - receive_pack: true - - # Git import/fetch timeout, in seconds. Defaults to 3 hours. - # git_timeout: 10800 - - # If you use non-standard ssh port you need to specify it - # ssh_port: 22 - - workhorse: - # File that contains the secret key for verifying access for gitlab-workhorse. - # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /home/git/gitlab/.gitlab_workhorse_secret - - gitlab_kas: - # enabled: true - # File that contains the secret key for verifying access for gitlab-kas. - # Default is '.gitlab_kas_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /home/git/gitlab/.gitlab_kas_secret - - # The URL to the external KAS API (used by the Kubernetes agents) - # external_url: wss://kas.example.com - - # The URL to the internal KAS API (used by the GitLab backend) - # internal_url: grpc://localhost:8153 - - # The URL to the Kubernetes API proxy (used by GitLab users) - # external_k8s_proxy_url: https://localhost:8154 # default: nil - - suggested_reviewers: - # File that contains the secret key for verifying access to GitLab internal API for Suggested Reviewers. - # Default is '.gitlab_suggested_reviewers_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /home/git/gitlab/.gitlab_suggested_reviewers_secret - - zoekt: - # Files that contain username and password for basic auth for Zoekt - # Default is '.gitlab_zoekt_username' and '.gitlab_zoekt_password' in Rails.root - # username_file: /home/git/gitlab/.gitlab_zoekt_username - # password_file: /home/git/gitlab/.gitlab_zoekt_password - - ## GitLab Elasticsearch settings - elasticsearch: - indexer_path: /home/git/gitlab-elasticsearch-indexer/ - - ## Git settings - # CAUTION! - # Use the default values unless you really know what you are doing - git: - bin_path: /usr/bin/git - - ## Mercurial settings - mercurial: - # application-wide Mercurial settings. - # - # These *must* include the structural and default settings, - # which is typically achieved by listing the `heptapod/required.hgrc` - # file from the `heptapod` Python distribution or include it in one of - # the files listed here. - # - # The settings listed here are themselves overridable by Group and Project - # level HGRC files. - # - # Files that don't exist are safely ignored. - # The default value is tailored for Heptapod Docker installations - # made before version 0.9 without changing their `gitlab.yml` files. - # - # hgrc: - # - /opt/gitlab/etc/docker.hgrc - # - /etc/gitlab/heptapod.hgrc - - # The mercurial command. It MUST be able to import the `heptapod` - # extension and its dependencies. - # bin_path: hg - - # URL of the `hgserve` service. It MUST be a loopback URL - # (Unix domain socket are not implemented yet) - # hgserve_url: http://127.0.0.1:8000 - - # Mercurial internal code selection - # Possible values are "c", "rust+c", "pure", "c-allow" and "rust+c-allow" - # The "-allow" variants don't require the corresponding binary to be - # available. The strict ones do. - # - # If not set, the compile-time default is used (usually strict) - # module_policy: - - ## Webpack settings - # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running - # on a given port instead of serving directly from /assets/webpack. This is only indended for use - # in development. - webpack: - # dev_server: - # enabled: true - # host: localhost - # port: 3808 - - ## Monitoring - # Built in monitoring settings - monitoring: - # IP whitelist to access monitoring endpoints - ip_whitelist: - - 127.0.0.0/8 - - # Sidekiq exporter is a dedicated Prometheus metrics server optionally running alongside Sidekiq. - sidekiq_exporter: - # enabled: true - # log_enabled: false - # address: localhost - # port: 8082 - # tls_enabled: false - # tls_cert_path: /path/to/cert.pem - # tls_key_path: /path/to/key.pem - - sidekiq_health_checks: - # enabled: true - # address: localhost - # port: 8092 - - # Web exporter is a dedicated Prometheus metrics server optionally running alongside Puma. - web_exporter: - # enabled: true - # address: localhost - # port: 8083 - # tls_enabled: false - # tls_cert_path: /path/to/cert.pem - # tls_key_path: /path/to/key.pem - - ## Prometheus settings - # Do not modify these settings here. They should be modified in /etc/gitlab/gitlab.rb - # if you installed GitLab via Omnibus. - # If you installed from source, you need to install and configure Prometheus - # yourself, and then update the values here. - # https://docs.gitlab.com/ee/administration/monitoring/prometheus/ - prometheus: - # enabled: true - # server_address: 'localhost:9090' - snowplow_micro: - enabled: true - address: '127.0.0.1:9091' - - ## Consul settings - consul: - # api_url: 'http://localhost:8500' - - shutdown: - # # blackout_seconds: - # # defines an interval to block healthcheck, - # # but continue accepting application requests - # # this allows Load Balancer to notice service - # # being shutdown and not interrupt any of the clients - # blackout_seconds: 10 - - # - # 5. Extra customization - # ========================== - - extra: - ## Google analytics. Uncomment if you want it - # google_analytics_id: '_your_tracking_id' - - ## Google tag manager - # google_tag_manager_id: '_your_tracking_id' - - ## OneTrust - # one_trust_id: '_your_one_trust_id' - - ## Bizible. - # bizible: true - - ## Matomo analytics. - # matomo_url: '_your_matomo_url' - # matomo_site_id: '_your_matomo_site_id' - # matomo_disable_cookies: false - - ## Maximum file size for syntax highlighting - ## https://docs.gitlab.com/ee/user/project/highlighting.html - # maximum_text_highlight_size_kilobytes: 512 - - rack_attack: - git_basic_auth: - # Rack Attack IP banning enabled - # enabled: true - # - # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers - # ip_whitelist: ["127.0.0.1"] - # - # Limit the number of Git HTTP authentication attempts per IP - # maxretry: 10 - # - # Reset the auth attempt counter per IP after 60 seconds - # findtime: 60 - # - # Ban an IP for one hour (3600s) after too many auth attempts - # bantime: 3600 - -development: - <<: *base - - # We want to run web/sidekiq exporters for devs - # to catch errors from using them. - # - # We use random port to not block ability to run - # multiple instances of the service - monitoring: - sidekiq_exporter: - enabled: true - address: 127.0.0.1 - port: 0 - web_exporter: - enabled: true - address: 127.0.0.1 - port: 0 - -test: - <<: *base - gravatar: - enabled: true - external_diffs: - enabled: false - # Diffs may be `always` external (the default), or they can be made external - # after they have become `outdated` (i.e., the MR is closed or a new version - # has been pushed). - # when: always - # The location where external diffs are stored (default: shared/external-diffs). - storage_path: tmp/tests/external-diffs - object_store: - enabled: false - remote_directory: external-diffs # The bucket name - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - lfs: - enabled: false - # The location where LFS objects are stored (default: shared/lfs-objects). - # storage_path: shared/lfs-objects - object_store: - enabled: false - remote_directory: lfs-objects # The bucket name - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - artifacts: - path: tmp/tests/artifacts - enabled: true - # The location where build artifacts are stored (default: shared/artifacts). - # path: shared/artifacts - object_store: - enabled: false - remote_directory: artifacts # The bucket name - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - uploads: - storage_path: tmp/tests/public - object_store: - enabled: false - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - - terraform_state: - enabled: true - storage_path: tmp/tests/terraform_state - object_store: - enabled: false - remote_directory: terraform - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - - ci_secure_files: - enabled: true - storage_path: tmp/tests/ci_secure_files - object_store: - enabled: false - remote_directory: ci-secure-files - connection: - provider: AWS # Only AWS supported at the moment - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - - gitlab: - host: localhost - port: 80 - - content_security_policy: - enabled: true - report_only: false - directives: - base_uri: - child_src: - connect_src: - default_src: "'self'" - font_src: - form_action: - frame_ancestors: "'self'" - frame_src: "'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com" - img_src: "* data: blob:" - manifest_src: - media_src: - object_src: "'none'" - script_src: "'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com" - style_src: "'self' 'unsafe-inline'" - worker_src: "'self' blob:" - report_uri: - - # When you run tests we clone and set up gitlab-shell - # In order to set it up correctly you need to specify - # your system username you use to run GitLab - # user: YOUR_USERNAME - pages: - path: tmp/tests/pages - object_store: - enabled: false - remote_directory: pages # The bucket name - connection: - provider: AWS - aws_access_key_id: AWS_ACCESS_KEY_ID - aws_secret_access_key: AWS_SECRET_ACCESS_KEY - region: us-east-1 - local_store: - enabled: true - path: tmp/tests/pages - repositories: - storages: - default: - path: tmp/tests/repositories/ - gitaly_address: unix:tmp/tests/gitaly/praefect.socket - hgitaly_address: unix:tmp/tests/hgitaly/hgitaly.socket - rhgitaly_address: unix:tmp/tests/hgitaly/rhgitaly.socket - - gitaly: - client_path: tmp/tests/gitaly/_build/bin - token: secret - workhorse: - secret_file: tmp/gitlab_workhorse_test_secret - backup: - path: tmp/tests/backups - gitaly_backup_path: tmp/tests/gitaly/_build/bin/gitaly-backup - gitlab_shell: - path: tmp/tests/gitlab-shell/ - authorized_keys_file: tmp/tests/authorized_keys - issues_tracker: - redmine: - title: "Redmine" - project_url: "http://redmine/projects/:issues_tracker_id" - issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" - new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" - jira: - title: "Jira" - url: https://sample_company.atlassian.net - project_key: PROJECT - - omniauth: - # enabled: true - allow_single_sign_on: true - external_providers: [] - - providers: - - { name: 'alicloud', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET' } - - { name: 'github', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET', - url: "https://github.com/", - verify_ssl: false, - args: { scope: 'user:email' } } - - { name: 'bitbucket', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET' } - - { name: 'dingtalk', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET' } - - { name: 'gitlab', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET', - args: { scope: 'api' } } - - { name: 'google_oauth2', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET', - args: { access_type: 'offline', approval_prompt: '' } } - - { name: 'facebook', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET' } - - { name: 'twitter', - app_id: 'YOUR_APP_ID', - app_secret: 'YOUR_APP_SECRET' } - - { name: 'jwt', - app_secret: 'YOUR_APP_SECRET', - args: { - algorithm: 'HS256', - uid_claim: 'email', - required_claims: ["name", "email"], - info_map: { name: "name", email: "email" }, - auth_url: 'https://example.com/', - valid_within: null, - } - } - - { name: 'auth0', - args: { - client_id: 'YOUR_AUTH0_CLIENT_ID', - client_secret: 'YOUR_AUTH0_CLIENT_SECRET', - namespace: 'YOUR_AUTH0_DOMAIN' } } - - { name: 'salesforce', - app_id: 'YOUR_CLIENT_ID', - app_secret: 'YOUR_CLIENT_SECRET' - } - - { name: 'atlassian_oauth2', - app_id: 'YOUR_CLIENT_ID', - app_secret: 'YOUR_CLIENT_SECRET', - args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' } - } - ldap: - enabled: false - servers: - main: - label: ldap - host: 127.0.0.1 - port: 3890 - uid: 'uid' - encryption: 'plain' # "start_tls" or "simple_tls" or "plain" - base: 'dc=example,dc=com' - user_filter: '' - group_base: 'ou=groups,dc=example,dc=com' - admin_group: '' - prometheus: - enabled: true - server_address: 'localhost:9090' - -staging: - <<: *base diff -r 2039e29599cd -r dae557236fff etc/heptapod.hgrc diff -r 2039e29599cd -r dae557236fff etc/mercurial/hgrc --- a/etc/mercurial/hgrc Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,20 +0,0 @@ -[paths] -core = https://vc.compiler.company/comp/core -core:pushurl = ssh://git@vc.compiler.company/comp/core -infra = https://vc.compiler.company/comp/infra -infra:pushurl = ssh://git@vc.compiler.company/comp/infra -demo = https://vc.compiler.company/comp/demo -demo:pushurl = ssh://git@vc.compiler.company/comp/demo -[extensions] -clonebundles = -git = -share = -[subrepos] -allowed = true -hg:allowed = true -git:allowed = true -svn:allowed = true -[rhg] -on-unsupported = fallback -fallback-executable = /bin/hg -allowed-extensions = clonebundles,git \ No newline at end of file diff -r 2039e29599cd -r dae557236fff etc/pacman.conf --- a/etc/pacman.conf Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ -[options] -#RootDir = / -#DBPath = /var/lib/pacman/ -#CacheDir = /var/cache/pacman/pkg/ -#LogFile = /var/log/pacman.log -#GPGDir = /etc/pacman.d/gnupg/ -#HookDir = /etc/pacman.d/hooks/ -HoldPkg = pacman glibc -#XferCommand = /usr/bin/curl -L -C - -f -o %o %u -#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u -#CleanMethod = KeepInstalled -Architecture = auto -#IgnorePkg = -#IgnoreGroup = -#NoUpgrade = -#NoExtract = -#UseSyslog -#Color -#NoProgressBar -CheckSpace -#VerbosePkgLists -#ParallelDownloads = 5 -SigLevel = Required DatabaseOptional -LocalFileSigLevel = Optional diff -r 2039e29599cd -r dae557236fff etc/sbclrc --- a/etc/sbclrc Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,20 +0,0 @@ -;;; /etc/sbclrc --- sbcl system init file -*- mode: common-lisp; -*- - -;; this is the system-wide startup script. It's always ran on startup -;; unless --sysinit flags are used - -;;; Code: -(in-package :cl-user) - -#-asdf (require :asdf) -(setq *debug-beginner-help-p* nil - *print-case* :downcase - *print-level* 50 - *print-length* 200) - -(pushnew #P"/usr/local/share/lisp/" asdf:*central-registry*) -#-quicklisp -(let ((quicklisp-init #P"/usr/local/share/quicklisp/setup.lisp")) - (when (probe-file quicklisp-init) - (load quicklisp-init))) -(pushnew #P"/usr/local/share/lisp/" ql:*local-project-directories*) diff -r 2039e29599cd -r dae557236fff etc/shells --- a/etc/shells Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,10 +0,0 @@ -# Pathnames of valid login shells. -# See shells(5) for details. - -/bin/sh -/bin/bash -/bin/rbash -/usr/bin/sh -/usr/bin/bash -/usr/bin/rbash -/usr/local/bin/nu \ No newline at end of file diff -r 2039e29599cd -r dae557236fff etc/skel/.bash_profile --- a/etc/skel/.bash_profile Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ -# -# ~/.bash_profile -# - -[[ -f ~/.bashrc ]] && . ~/.bashrc diff -r 2039e29599cd -r dae557236fff etc/skel/.bashrc --- a/etc/skel/.bashrc Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,21 +0,0 @@ -# ~/.bashrc --- interactive Bash session config - -# If not running interactively, don't do anything -[[ $- != *i* ]] && return - -alias ls='ls --color=auto' -alias ec='emacsclient -c' -alias et='emacsclient -t' - -PS1="\u [\!]:\t:\w\n >> \[\e[0m\]" - -export LANG=en_US.UTF-8 - -export LISP='sbcl' -export lr='rlwrap sbcl' # lisp repl -export ESHELL='/usr/bin/bash' -export ORGANIZATION='The Compiler Company' -export LANG=en_US.UTF-8 -export ALTERNATE_EDITOR='' -export EDITOR='emacsclient -t' -export VISUAL='emacsclient -c' diff -r 2039e29599cd -r dae557236fff etc/skel/.config/nushell/config.nu --- a/etc/skel/.config/nushell/config.nu Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,601 +0,0 @@ -# nushell/config.nu --- Nushell Config File - -# For more information on defining custom themes, see -# https://www.nushell.sh/book/coloring_and_theming.html -# And here is the theme collection -# https://github.com/nushell/nu_scripts/tree/main/themes - -# summon Emacs via `emacsclient` -def ec [input?: string] { - if $input != null {emacsclient -c $input -a=''} else {emacsclient -c . -a=''} -} - -# open Emacs IRC client -def erc [] { - emacsclient -c -e '(erc)' -} - -def create_left_prompt [] { - mut home = "" - try { - if $nu.os-info.name == "windows" { - $home = $env.USERPROFILE - } else { - $home = $env.HOME - } - } - - let dir = ([ - ($env.PWD | str substring 0..($home | str length) | str replace $home "~"), - ($env.PWD | str substring ($home | str length)..) - ] | str join) - - let path_color = (if (is-admin) { ansi red_bold } else { ansi green_bold }) - let separator_color = (if (is-admin) { ansi light_red_bold } else { ansi light_green_bold }) - let path_segment = $"($path_color)($dir)" - - $path_segment | str replace --all (char path_sep) $"($separator_color)/($path_color)" -} - -def create_right_prompt [] { - let time_segment_color = (ansi magenta) - - let time_segment = ([ - (ansi reset) - $time_segment_color - (date now | format date '%m/%d/%Y %r') - ] | str join | str replace --all "([/:])" $"(ansi light_magenta_bold)${1}($time_segment_color)" | - str replace --all "([AP]M)" $"(ansi light_magenta_underline)${1}") - - let last_exit_code = if ($env.LAST_EXIT_CODE != 0) {([ - (ansi rb) - ($env.LAST_EXIT_CODE) - ] | str join) - } else { "" } - - ([$last_exit_code, (char space), $time_segment] | str join) -} - -# Use nushell functions to define your right and left prompt -$env.PROMPT_COMMAND = {|| create_left_prompt } -$env.PROMPT_COMMAND_RIGHT = {|| create_right_prompt } - -# The prompt indicators are environmental variables that represent -# the state of the prompt -$env.PROMPT_INDICATOR = {|| "> " } -$env.PROMPT_INDICATOR_VI_INSERT = {|| ": " } -$env.PROMPT_INDICATOR_VI_NORMAL = {|| "> " } -$env.PROMPT_MULTILINE_INDICATOR = {|| "::: " } - -let dark_theme = { - # color for nushell primitives - separator: white - leading_trailing_space_bg: { attr: n } # no fg, no bg, attr none effectively turns this off - header: green_bold - empty: blue - # Closures can be used to choose colors for specific values. - # The value (in this case, a bool) is piped into the closure. - bool: {|| if $in { 'light_cyan' } else { 'light_gray' } } - int: white - filesize: {|e| - if $e == 0b { - 'white' - } else if $e < 1mb { - 'cyan' - } else { 'blue' } - } - duration: white - date: {|| (date now) - $in | - if $in < 1hr { - 'purple' - } else if $in < 6hr { - 'red' - } else if $in < 1day { - 'yellow' - } else if $in < 3day { - 'green' - } else if $in < 1wk { - 'light_green' - } else if $in < 6wk { - 'cyan' - } else if $in < 52wk { - 'blue' - } else { 'dark_gray' } - } - range: white - float: white - string: white - nothing: white - binary: white - cellpath: white - row_index: green_bold - record: white - list: white - block: white - hints: dark_gray - search_result: {bg: red fg: white} - - shape_and: purple_bold - shape_binary: purple_bold - shape_block: blue_bold - shape_bool: light_cyan - shape_closure: green_bold - shape_custom: green - shape_datetime: cyan_bold - shape_directory: cyan - shape_external: cyan - shape_externalarg: green_bold - shape_filepath: cyan - shape_flag: blue_bold - shape_float: purple_bold - # shapes are used to change the cli syntax highlighting - shape_garbage: { fg: white bg: red attr: b} - shape_globpattern: cyan_bold - shape_int: purple_bold - shape_internalcall: cyan_bold - shape_list: cyan_bold - shape_literal: blue - shape_match_pattern: green - shape_matching_brackets: { attr: u } - shape_nothing: light_cyan - shape_operator: yellow - shape_or: purple_bold - shape_pipe: purple_bold - shape_range: yellow_bold - shape_record: cyan_bold - shape_redirection: purple_bold - shape_signature: green_bold - shape_string: green - shape_string_interpolation: cyan_bold - shape_table: blue_bold - shape_variable: purple - shape_vardecl: purple -} - -let light_theme = { - # color for nushell primitives - separator: dark_gray - leading_trailing_space_bg: { attr: n } # no fg, no bg, attr none effectively turns this off - header: green_bold - empty: blue - # Closures can be used to choose colors for specific values. - # The value (in this case, a bool) is piped into the closure. - bool: {|| if $in { 'dark_cyan' } else { 'dark_gray' } } - int: dark_gray - filesize: {|e| - if $e == 0b { - 'dark_gray' - } else if $e < 1mb { - 'cyan_bold' - } else { 'blue_bold' } - } - duration: dark_gray - date: {|| (date now) - $in | - if $in < 1hr { - 'purple' - } else if $in < 6hr { - 'red' - } else if $in < 1day { - 'yellow' - } else if $in < 3day { - 'green' - } else if $in < 1wk { - 'light_green' - } else if $in < 6wk { - 'cyan' - } else if $in < 52wk { - 'blue' - } else { 'dark_gray' } - } - range: dark_gray - float: dark_gray - string: dark_gray - nothing: dark_gray - binary: dark_gray - cellpath: dark_gray - row_index: green_bold - record: white - list: white - block: white - hints: dark_gray - search_result: {fg: white bg: red} - - shape_and: purple_bold - shape_binary: purple_bold - shape_block: blue_bold - shape_bool: light_cyan - shape_closure: green_bold - shape_custom: green - shape_datetime: cyan_bold - shape_directory: cyan - shape_external: cyan - shape_externalarg: green_bold - shape_filepath: cyan - shape_flag: blue_bold - shape_float: purple_bold - # shapes are used to change the cli syntax highlighting - shape_garbage: { fg: white bg: red attr: b} - shape_globpattern: cyan_bold - shape_int: purple_bold - shape_internalcall: cyan_bold - shape_list: cyan_bold - shape_literal: blue - shape_match_pattern: green - shape_matching_brackets: { attr: u } - shape_nothing: light_cyan - shape_operator: yellow - shape_or: purple_bold - shape_pipe: purple_bold - shape_range: yellow_bold - shape_record: cyan_bold - shape_redirection: purple_bold - shape_signature: green_bold - shape_string: green - shape_string_interpolation: cyan_bold - shape_table: blue_bold - shape_variable: purple - shape_vardecl: purple -} - -# External completer example -# let carapace_completer = {|spans| -# carapace $spans.0 nushell $spans | from json -# } - - -# The default config record. This is where much of your global configuration is setup. -$env.config = { - # true or false to enable or disable the welcome banner at startup - show_banner: false - ls: { - use_ls_colors: true # use the LS_COLORS environment variable to colorize output - clickable_links: true # enable or disable clickable links. Your terminal has to support links. - } - rm: { - always_trash: false # always act as if -t was given. Can be overridden with -p - } - table: { - mode: rounded # basic, compact, compact_double, light, thin, with_love, rounded, reinforced, heavy, none, other - index_mode: always # "always" show indexes, "never" show indexes, "auto" = show indexes when a table has "index" column - show_empty: true # show 'empty list' and 'empty record' placeholders for command output - trim: { - methodology: wrapping # wrapping or truncating - wrapping_try_keep_words: true # A strategy used by the 'wrapping' methodology - truncating_suffix: "..." # A suffix used by the 'truncating' methodology - } - } - - explore: { - help_banner: true - exit_esc: true - - command_bar_text: '#C4C9C6' - # command_bar: {fg: '#C4C9C6' bg: '#223311' } - - status_bar_background: {fg: '#1D1F21' bg: '#C4C9C6' } - # status_bar_text: {fg: '#C4C9C6' bg: '#223311' } - - highlight: {bg: 'yellow' fg: 'black' } - - status: { - # warn: {bg: 'yellow', fg: 'blue'} - # error: {bg: 'yellow', fg: 'blue'} - # info: {bg: 'yellow', fg: 'blue'} - } - - try: { - # border_color: 'red' - # highlighted_color: 'blue' - - # reactive: false - } - - table: { - split_line: '#404040' - - cursor: true - - line_index: true - line_shift: true - line_head_top: true - line_head_bottom: true - - show_head: true - show_index: true - - # selected_cell: {fg: 'white', bg: '#777777'} - # selected_row: {fg: 'yellow', bg: '#C1C2A3'} - # selected_column: blue - - # padding_column_right: 2 - # padding_column_left: 2 - - # padding_index_left: 2 - # padding_index_right: 1 - } - - config: { - cursor_color: {bg: 'yellow' fg: 'black' } - - # border_color: white - # list_color: green - } - } - - history: { - max_size: 10000 # Session has to be reloaded for this to take effect - sync_on_enter: true # Enable to share history between multiple sessions, else you have to close the session to write history to file - file_format: "plaintext" # "sqlite" or "plaintext" - } - completions: { - case_sensitive: false # set to true to enable case-sensitive completions - quick: true # set this to false to prevent auto-selecting completions when only one remains - partial: true # set this to false to prevent partial filling of the prompt - algorithm: "prefix" # prefix or fuzzy - external: { - enable: true # set to false to prevent nushell looking into $env.PATH to find more suggestions, `false` recommended for WSL users as this look up may be very slow - max_results: 100 # setting it lower can improve completion performance at the cost of omitting some options - completer: null # check 'carapace_completer' above as an example - } - } - filesize: { - metric: true # true => KB, MB, GB (ISO standard), false => KiB, MiB, GiB (Windows standard) - format: "auto" # b, kb, kib, mb, mib, gb, gib, tb, tib, pb, pib, eb, eib, auto - } - cursor_shape: { - emacs: line # block, underscore, line, blink_block, blink_underscore, blink_line (line is the default) - vi_insert: block # block, underscore, line , blink_block, blink_underscore, blink_line (block is the default) - vi_normal: underscore # block, underscore, line, blink_block, blink_underscore, blink_line (underscore is the default) - } - color_config: $dark_theme # if you want a light theme, replace `$dark_theme` to `$light_theme` - use_grid_icons: true - footer_mode: "25" # always, never, number_of_rows, auto - float_precision: 2 # the precision for displaying floats in tables - # buffer_editor: "emacs" # command that will be used to edit the current line buffer with ctrl+o, if unset fallback to $env.EDITOR and $env.VISUAL - use_ansi_coloring: true - bracketed_paste: true # enable bracketed paste, currently useless on windows - edit_mode: emacs # emacs, vi - shell_integration: true # enables terminal markers and a workaround to arrow keys stop working issue - render_right_prompt_on_last_line: false # true or false to enable or disable right prompt to be rendered on last line of the prompt. - - hooks: { - pre_prompt: [{|| - null # replace with source code to run before the prompt is shown - }] - pre_execution: [{|| - null # replace with source code to run before the repl input is run - }] - env_change: { - PWD: [{|before, after| - null # replace with source code to run if the PWD environment is different since the last repl input - }] - } - display_output: {|| - if (term size).columns >= 100 { table -e } else { table } - } - command_not_found: {|| - null # replace with source code to return an error message when a command is not found - } - } - menus: [ - # Configuration for default nushell menus - # Note the lack of source parameter - { - name: completion_menu - only_buffer_difference: false - marker: "| " - type: { - layout: columnar - columns: 4 - col_width: 20 # Optional value. If missing all the screen width is used to calculate column width - col_padding: 2 - } - style: { - text: green - selected_text: green_reverse - description_text: yellow - } - } - { - name: history_menu - only_buffer_difference: true - marker: "? " - type: { - layout: list - page_size: 10 - } - style: { - text: green - selected_text: green_reverse - description_text: yellow - } - } - { - name: help_menu - only_buffer_difference: true - marker: "? " - type: { - layout: description - columns: 4 - col_width: 20 # Optional value. If missing all the screen width is used to calculate column width - col_padding: 2 - selection_rows: 4 - description_rows: 10 - } - style: { - text: green - selected_text: green_reverse - description_text: yellow - } - } - # Example of extra menus created using a nushell source - # Use the source field to create a list of records that populates - # the menu - { - name: commands_menu - only_buffer_difference: false - marker: "# " - type: { - layout: columnar - columns: 4 - col_width: 20 - col_padding: 2 - } - style: { - text: green - selected_text: green_reverse - description_text: yellow - } - source: { |buffer, position| - $nu.scope.commands - | where name =~ $buffer - | each { |it| {value: $it.name description: $it.usage} } - } - } - { - name: vars_menu - only_buffer_difference: true - marker: "# " - type: { - layout: list - page_size: 10 - } - style: { - text: green - selected_text: green_reverse - description_text: yellow - } - source: { |buffer, position| - $nu.scope.vars - | where name =~ $buffer - | sort-by name - | each { |it| {value: $it.name description: $it.type} } - } - } - { - name: commands_with_description - only_buffer_difference: true - marker: "# " - type: { - layout: description - columns: 4 - col_width: 20 - col_padding: 2 - selection_rows: 4 - description_rows: 10 - } - style: { - text: green - selected_text: green_reverse - description_text: yellow - } - source: { |buffer, position| - $nu.scope.commands - | where name =~ $buffer - | each { |it| {value: $it.name description: $it.usage} } - } - } - ] - keybindings: [ - { - name: completion_menu - modifier: none - keycode: tab - mode: [emacs vi_normal vi_insert] - event: { - until: [ - { send: menu name: completion_menu } - { send: menunext } - ] - } - } - { - name: completion_previous - modifier: shift - keycode: backtab - mode: [emacs, vi_normal, vi_insert] # Note: You can add the same keybinding to all modes by using a list - event: { send: menuprevious } - } - { - name: history_menu - modifier: control - keycode: char_r - mode: emacs - event: { send: menu name: history_menu } - } - { - name: next_page - modifier: control - keycode: char_x - mode: emacs - event: { send: menupagenext } - } - { - name: undo_or_previous_page - modifier: control - keycode: char_z - mode: emacs - event: { - until: [ - { send: menupageprevious } - { edit: undo } - ] - } - } - { - name: yank - modifier: control - keycode: char_y - mode: emacs - event: { - until: [ - {edit: pastecutbufferafter} - ] - } - } - { - name: unix-line-discard - modifier: control - keycode: char_u - mode: [emacs, vi_normal, vi_insert] - event: { - until: [ - {edit: cutfromlinestart} - ] - } - } - { - name: kill-line - modifier: control - keycode: char_k - mode: [emacs, vi_normal, vi_insert] - event: { - until: [ - {edit: cuttolineend} - ] - } - } - # Keybindings used to trigger the user defined menus - { - name: commands_menu - modifier: control - keycode: char_t - mode: [emacs, vi_normal, vi_insert] - event: { send: menu name: commands_menu } - } - { - name: vars_menu - modifier: alt - keycode: char_o - mode: [emacs, vi_normal, vi_insert] - event: { send: menu name: vars_menu } - } - { - name: commands_with_description - modifier: control - keycode: char_s - mode: [emacs, vi_normal, vi_insert] - event: { send: menu name: commands_with_description } - } - ] -} diff -r 2039e29599cd -r dae557236fff etc/skel/.config/nushell/env.nu --- a/etc/skel/.config/nushell/env.nu Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,15 +0,0 @@ -# nushell/env.nu - -$env.NU_LIB_DIRS = [ - ($nu.default-config-dir | path join 'scripts') -] - -$env.NU_PLUGIN_DIRS = [ - ($nu.default-config-dir | path join 'plugins') -] - -$env.ESHELL = '/bin/bash' -$env.ORGANIZATION = 'The Compiler Company' -$env.EDITOR = "emacsclient -c -a=''" -$env.LISP = "sbcl" -$env.ALTERNATE_EDITOR = '' diff -r 2039e29599cd -r dae557236fff etc/skel/.config/zellij/config.kdl --- a/etc/skel/.config/zellij/config.kdl Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,266 +0,0 @@ -keybinds clear-defaults=true { - normal { - // uncomment this and adjust key if using copy_on_select=false - // bind "Alt c" { Copy; } - } - locked { - bind "Esc" { SwitchToMode "Normal"; } - } - resize { - bind "Ctrl n" { SwitchToMode "Normal"; } - bind "h" "Left" { Resize "Increase Left"; } - bind "j" "Down" { Resize "Increase Down"; } - bind "k" "Up" { Resize "Increase Up"; } - bind "l" "Right" { Resize "Increase Right"; } - bind "H" { Resize "Decrease Left"; } - bind "J" { Resize "Decrease Down"; } - bind "K" { Resize "Decrease Up"; } - bind "L" { Resize "Decrease Right"; } - bind "=" "+" { Resize "Increase"; } - bind "-" { Resize "Decrease"; } - } - pane { - bind "Ctrl p" { SwitchToMode "Normal"; } - bind "h" "Left" { MoveFocus "Left"; } - bind "l" "Right" { MoveFocus "Right"; } - bind "j" "Down" { MoveFocus "Down"; } - bind "k" "Up" { MoveFocus "Up"; } - bind "p" { SwitchFocus; } - bind "n" { NewPane; SwitchToMode "Normal"; } - bind "d" { NewPane "Down"; SwitchToMode "Normal"; } - bind "r" { NewPane "Right"; SwitchToMode "Normal"; } - bind "x" { CloseFocus; SwitchToMode "Normal"; } - bind "f" { ToggleFocusFullscreen; SwitchToMode "Normal"; } - bind "z" { TogglePaneFrames; SwitchToMode "Normal"; } - bind "w" { ToggleFloatingPanes; SwitchToMode "Normal"; } - bind "e" { TogglePaneEmbedOrFloating; SwitchToMode "Normal"; } - bind "c" { SwitchToMode "RenamePane"; PaneNameInput 0;} - } - move { - bind "Ctrl h" { SwitchToMode "Normal"; } - bind "n" "Tab" { MovePane; } - bind "p" { MovePaneBackwards; } - bind "h" "Left" { MovePane "Left"; } - bind "j" "Down" { MovePane "Down"; } - bind "k" "Up" { MovePane "Up"; } - bind "l" "Right" { MovePane "Right"; } - } - tab { - bind "Ctrl t" { SwitchToMode "Normal"; } - bind "r" { SwitchToMode "RenameTab"; TabNameInput 0; } - bind "h" "Left" "Up" "k" { GoToPreviousTab; } - bind "l" "Right" "Down" "j" { GoToNextTab; } - bind "n" { NewTab; SwitchToMode "Normal"; } - bind "x" { CloseTab; SwitchToMode "Normal"; } - bind "s" { ToggleActiveSyncTab; SwitchToMode "Normal"; } - bind "b" { BreakPane; SwitchToMode "Normal"; } - bind "]" { BreakPaneRight; SwitchToMode "Normal"; } - bind "[" { BreakPaneLeft; SwitchToMode "Normal"; } - bind "1" { GoToTab 1; SwitchToMode "Normal"; } - bind "2" { GoToTab 2; SwitchToMode "Normal"; } - bind "3" { GoToTab 3; SwitchToMode "Normal"; } - bind "4" { GoToTab 4; SwitchToMode "Normal"; } - bind "5" { GoToTab 5; SwitchToMode "Normal"; } - bind "6" { GoToTab 6; SwitchToMode "Normal"; } - bind "7" { GoToTab 7; SwitchToMode "Normal"; } - bind "8" { GoToTab 8; SwitchToMode "Normal"; } - bind "9" { GoToTab 9; SwitchToMode "Normal"; } - bind "Tab" { ToggleTab; } - } - scroll { - bind "Ctrl s" { SwitchToMode "Normal"; } - bind "e" { EditScrollback; SwitchToMode "Normal"; } - bind "s" { SwitchToMode "EnterSearch"; SearchInput 0; } - bind "Ctrl c" { ScrollToBottom; SwitchToMode "Normal"; } - bind "j" "Down" { ScrollDown; } - bind "k" "Up" { ScrollUp; } - bind "Ctrl f" "PageDown" "Right" "l" { PageScrollDown; } - bind "Ctrl b" "PageUp" "Left" "h" { PageScrollUp; } - bind "d" { HalfPageScrollDown; } - bind "u" { HalfPageScrollUp; } - // uncomment this and adjust key if using copy_on_select=false - // bind "Alt c" { Copy; } - } - search { - bind "Ctrl s" { SwitchToMode "Normal"; } - bind "Ctrl c" { ScrollToBottom; SwitchToMode "Normal"; } - bind "j" "Down" { ScrollDown; } - bind "k" "Up" { ScrollUp; } - bind "Ctrl f" "PageDown" "Right" "l" { PageScrollDown; } - bind "Ctrl b" "PageUp" "Left" "h" { PageScrollUp; } - bind "d" { HalfPageScrollDown; } - bind "u" { HalfPageScrollUp; } - bind "n" { Search "down"; } - bind "p" { Search "up"; } - bind "c" { SearchToggleOption "CaseSensitivity"; } - bind "w" { SearchToggleOption "Wrap"; } - bind "o" { SearchToggleOption "WholeWord"; } - } - entersearch { - bind "Ctrl c" "Esc" { SwitchToMode "Scroll"; } - bind "Enter" { SwitchToMode "Search"; } - } - renametab { - bind "Ctrl c" { SwitchToMode "Normal"; } - bind "Esc" { UndoRenameTab; SwitchToMode "Tab"; } - } - renamepane { - bind "Ctrl c" { SwitchToMode "Normal"; } - bind "Esc" { UndoRenamePane; SwitchToMode "Pane"; } - } - session { - bind "Ctrl o" { SwitchToMode "Normal"; } - bind "Ctrl s" { SwitchToMode "Scroll"; } - bind "d" { Detach; } - bind "w" { - LaunchOrFocusPlugin "zellij:session-manager" { - floating true - move_to_focused_tab true - }; - SwitchToMode "Normal" - } - } - tmux { - bind "[" { SwitchToMode "Scroll"; } - bind "Ctrl b" { Write 2; SwitchToMode "Normal"; } - bind "\"" { NewPane "Down"; SwitchToMode "Normal"; } - bind "%" { NewPane "Right"; SwitchToMode "Normal"; } - bind "z" { ToggleFocusFullscreen; SwitchToMode "Normal"; } - bind "c" { NewTab; SwitchToMode "Normal"; } - bind "," { SwitchToMode "RenameTab"; } - bind "p" { GoToPreviousTab; SwitchToMode "Normal"; } - bind "n" { GoToNextTab; SwitchToMode "Normal"; } - bind "Left" { MoveFocus "Left"; SwitchToMode "Normal"; } - bind "Right" { MoveFocus "Right"; SwitchToMode "Normal"; } - bind "Down" { MoveFocus "Down"; SwitchToMode "Normal"; } - bind "Up" { MoveFocus "Up"; SwitchToMode "Normal"; } - bind "h" { MoveFocus "Left"; SwitchToMode "Normal"; } - bind "l" { MoveFocus "Right"; SwitchToMode "Normal"; } - bind "j" { MoveFocus "Down"; SwitchToMode "Normal"; } - bind "k" { MoveFocus "Up"; SwitchToMode "Normal"; } - bind "o" { FocusNextPane; } - bind "d" { Detach; } - bind "Space" { NextSwapLayout; } - bind "x" { CloseFocus; SwitchToMode "Normal"; } - } - shared_except "locked" { - bind "Esc" { SwitchToMode "Locked"; } - bind "Ctrl q" { Quit; } - bind "Alt n" { NewPane; } - bind "Alt h" "Alt Left" { MoveFocusOrTab "Left"; } - bind "Alt l" "Alt Right" { MoveFocusOrTab "Right"; } - bind "Alt j" "Alt Down" { MoveFocus "Down"; } - bind "Alt k" "Alt Up" { MoveFocus "Up"; } - bind "Alt =" "Alt +" { Resize "Increase"; } - bind "Alt -" { Resize "Decrease"; } - bind "Alt [" { PreviousSwapLayout; } - bind "Alt ]" { NextSwapLayout; } - } - shared_except "normal" "locked" { - bind "Enter" "Esc" { SwitchToMode "Normal"; } - } - shared_except "pane" "locked" { - bind "Ctrl p" { SwitchToMode "Pane"; } - } - shared_except "resize" "locked" { - bind "Ctrl n" { SwitchToMode "Resize"; } - } - shared_except "scroll" "locked" { - bind "Ctrl s" { SwitchToMode "Scroll"; } - } - shared_except "session" "locked" { - bind "Ctrl o" { SwitchToMode "Session"; } - } - shared_except "tab" "locked" { - bind "Ctrl t" { SwitchToMode "Tab"; } - } - shared_except "move" "locked" { - bind "Ctrl h" { SwitchToMode "Move"; } - } - shared_except "tmux" "locked" { - } -} - -plugins { - tab-bar { path "tab-bar"; } - status-bar { path "status-bar"; } - strider { path "strider"; } - compact-bar { path "compact-bar"; } - session-manager { path "session-manager"; } -} - -// - detach (Default) -// - quit -// -// on_force_close "quit" - -// - true -// - false (Default) -// -// simplified_ui true - -// Default: $SHELL -// -default_shell "nu" - -// default_cwd "/stash" - -// pane_frames true - -// auto_layout true - -// session_serialization false - -// serialize_pane_viewport true - -// scrollback_lines_to_serialize 10000 - -themes { - dracula { - fg 248 248 242 - bg 40 42 54 - red 255 85 85 - green 80 250 123 - yellow 241 250 140 - blue 98 114 164 - magenta 255 121 198 - orange 255 184 108 - cyan 139 233 253 - black 0 0 0 - white 255 255 255 - } -} - -theme "dracula" - -// The name of the default layout to load on startup -// Default: "default" -// -default_layout "compact" - -// default_mode "locked" - -// mouse_mode false - -// scroll_buffer_size 10000 - -// copy_command "wl-copy" // wayland - -// - system (default) -// - primary -// -// copy_clipboard "primary" - -// copy_on_select false - -// Default: $EDITOR or $VISUAL -// -// scrollback_editor "/usr/local/bin/emacs" - -// mirror_session true - -// layout_dir "/path/to/my/layout_dir" - -// theme_dir "/path/to/my/theme_dir" - -// styled_underlines false \ No newline at end of file diff -r 2039e29599cd -r dae557236fff etc/skel/.inputrc --- a/etc/skel/.inputrc Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1 +0,0 @@ -TAB: complete \ No newline at end of file diff -r 2039e29599cd -r dae557236fff etc/skel/.sbclrc --- a/etc/skel/.sbclrc Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -;;; ~/.sbclrc --- sbcl user init file -*- mode: common-lisp; -*- - -#+aclrepl (require :sb-aclrepl) diff -r 2039e29599cd -r dae557236fff etc/skel/.skelrc --- a/etc/skel/.skelrc Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ -;;; .skelrc @ 2024-01-28.00:39:30 -*- mode:skel; -*- -:vc :hg -:fmt :collapsed -:tags ("auto") -:auto-insert t -:log-level nil \ No newline at end of file diff -r 2039e29599cd -r dae557236fff etc/systemd/hgitaly.service --- a/etc/systemd/hgitaly.service Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,13 +0,0 @@ -[Unit] -Description=HGitaly, internal Heptapod service for Mercurial handling -After=network.target - -[Install] -WantedBy=multi-user.target - -[Service] -User=heptapod -Group=heptapod -Environment=HGRCPATH=/etc/heptapod.hgrc -ExecStart=/usr/local/bin/hg --config extensions.hgitaly= hgitaly-serve --listen unix:///run/user/1001/hgitaly.socket -Restart=on-failure diff -r 2039e29599cd -r dae557236fff etc/systemd/rhgitaly.service --- a/etc/systemd/rhgitaly.service Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,14 +0,0 @@ -[Unit] -Description=Heptapod RHGitaly Server -After=network.target - -[Service] -User=heptapod -Group=heptapod -# HGRCPATH not needed yet but probably will be at some point -Environment=HGRCPATH=/etc/heptapod.hgrc -Environment=RHGITALY_LISTEN_URL=unix:///run/user/1001/rhgitaly.socket -Environment=RHGITALY_REPOSITORIES_ROOT=/home/hg/repositories -ExecStartPre=/usr/bin/rm -f /run/user/1001/rhgitaly.socket -ExecStart=/usr/local/bin/rhgitaly -Restart=on-failure diff -r 2039e29599cd -r dae557236fff etc/zellij/box-layout.kdl --- a/etc/zellij/box-layout.kdl Fri May 03 00:36:49 2024 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,17 +0,0 @@ -layout { - pane size=1 borderless=true { - plugin location="zellij:tab-bar" - } - pane split_direction="vertical" { - pane command="nu" { - args "-e" "(sys).host" - } - pane split_direction="horizontal" stacked=true { - pane command="emacsclient" { - args "-a=''" "-nw" "." - } - pane command="sbcl" - pane command="btm" - } - } -} \ No newline at end of file