1.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2+++ b/.hgsub Sun May 05 21:49:30 2024 -0400
1.3@@ -0,0 +1,2 @@
1.4+etc=https://vc.compiler.company/comp/etc
1.5+home=https://vc.compiler.company/comp/home
1.6\ No newline at end of file
2.1--- /dev/null Thu Jan 01 00:00:00 1970 +0000
2.2+++ b/.hgsubstate Sun May 05 21:49:30 2024 -0400
2.3@@ -0,0 +1,2 @@
2.4+0000000000000000000000000000000000000000 etc
2.5+0000000000000000000000000000000000000000 home
3.1--- a/etc/alacritty.toml Fri May 03 00:36:49 2024 +0000
3.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
3.3@@ -1,37 +0,0 @@
3.4-[shell]
3.5-program = "/usr/bin/bash"
3.6-[window]
3.7-padding = { x = 2, y = 2 }
3.8-dynamic_padding = true
3.9-decorations_theme_variant = "Dark"
3.10-[scrolling]
3.11-multiplier = 1
3.12-[cursor]
3.13-style.blinking = "Always"
3.14-[mouse]
3.15-hide_when_typing = true
3.16-# Colors (Tomorrow Night Bright)
3.17-[colors.primary]
3.18-background = '#000000'
3.19-foreground = '#eaeaea'
3.20-# Normal colors
3.21-[colors.normal]
3.22-black = '#000000'
3.23-red = '#d54e53'
3.24-green = '#b9ca4a'
3.25-yellow = '#e6c547'
3.26-blue = '#7aa6da'
3.27-magenta = '#c397d8'
3.28-cyan = '#70c0ba'
3.29-white = '#424242'
3.30-
3.31-# Bright colors
3.32-[colors.bright]
3.33-black = '#666666'
3.34-red = '#ff3334'
3.35-green = '#9ec400'
3.36-yellow = '#e7c547'
3.37-blue = '#7aa6da'
3.38-magenta = '#b77ee0'
3.39-cyan = '#54ced6'
3.40-white = '#2a2a2a'
3.41\ No newline at end of file
4.1--- a/etc/containers/registries.conf Fri May 03 00:36:49 2024 +0000
4.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
4.3@@ -1,1 +0,0 @@
4.4-unqualified-search-registries = ["docker.io","quay.io","registry.compiler.company"]
7.1--- a/etc/gitlab/gitlab.rb Fri May 03 00:36:49 2024 +0000
7.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
7.3@@ -1,3093 +0,0 @@
7.4-## GitLab configuration settings
7.5-##! This file is generated during initial installation and **is not** modified
7.6-##! during upgrades.
7.7-##! Check out the latest version of this file to know about the different
7.8-##! settings that can be configured, when they were introduced and why:
7.9-##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template
7.10-
7.11-##! Locally, the complete template corresponding to the installed version can be found at:
7.12-##! /opt/gitlab/etc/gitlab.rb.template
7.13-
7.14-##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
7.15-##! the gitlab.rb.template from the currently running version.
7.16-
7.17-##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
7.18-##! running `gitlab-ctl reconfigure`
7.19-
7.20-##! In general, the values specified here should reflect what the default value of the attribute will be.
7.21-##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
7.22-##! or connecting to third party services.
7.23-##! In those instances, we endeavour to provide an example configuration.
7.24-
7.25-## GitLab URL
7.26-##! URL on which GitLab will be reachable.
7.27-##! For more details on configuring external_url see:
7.28-##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
7.29-##!
7.30-##! Note: During installation/upgrades, the value of the environment variable
7.31-##! EXTERNAL_URL will be used to populate/replace this value.
7.32-##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
7.33-##! address from AWS. For more details, see:
7.34-##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
7.35-external_url 'http://vc.compiler.company'
7.36-
7.37-## Roles for multi-instance GitLab
7.38-##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
7.39-##! Options:
7.40-##! redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
7.41-##! postgres_role consul_role application_role monitoring_role
7.42-##! For more details on each role, see:
7.43-##! https://docs.gitlab.com/omnibus/roles/README.html#roles
7.44-##!
7.45-# roles ['redis_sentinel_role', 'redis_master_role']
7.46-
7.47-## Legend
7.48-##! The following notations at the beginning of each line may be used to
7.49-##! differentiate between components of this file and to easily select them using
7.50-##! a regex.
7.51-##! ## Titles, subtitles etc
7.52-##! ##! More information - Description, Docs, Links, Issues etc.
7.53-##! Configuration settings have a single # followed by a single space at the
7.54-##! beginning; Remove them to enable the setting.
7.55-
7.56-##! **Configuration settings below are optional.**
7.57-
7.58-
7.59-################################################################################
7.60-################################################################################
7.61-## Configuration Settings for GitLab CE and EE ##
7.62-################################################################################
7.63-################################################################################
7.64-
7.65-################################################################################
7.66-## gitlab.yml configuration
7.67-##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
7.68-################################################################################
7.69-# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
7.70-# gitlab_rails['gitlab_ssh_user'] = ''
7.71-# gitlab_rails['time_zone'] = 'UTC'
7.72-
7.73-### Request duration
7.74-###! Tells the rails application how long it has to complete a request
7.75-###! This value needs to be lower than the worker timeout set in puma.
7.76-###! By default, we'll allow 95% of the the worker timeout
7.77-# gitlab_rails['max_request_duration_seconds'] = 57
7.78-
7.79-### GitLab email server settings
7.80-###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
7.81-###! **Use smtp instead of sendmail/postfix.**
7.82-
7.83-# gitlab_rails['smtp_enable'] = true
7.84-# gitlab_rails['smtp_address'] = "smtp.server"
7.85-# gitlab_rails['smtp_port'] = 465
7.86-# gitlab_rails['smtp_user_name'] = "smtp user"
7.87-# gitlab_rails['smtp_password'] = "smtp password"
7.88-# gitlab_rails['smtp_domain'] = "example.com"
7.89-# gitlab_rails['smtp_authentication'] = "login"
7.90-# gitlab_rails['smtp_enable_starttls_auto'] = true
7.91-# gitlab_rails['smtp_tls'] = false
7.92-# gitlab_rails['smtp_pool'] = false
7.93-
7.94-###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
7.95-###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
7.96-# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
7.97-
7.98-# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
7.99-# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
7.100-
7.101-### Email Settings
7.102-
7.103-# gitlab_rails['gitlab_email_enabled'] = true
7.104-
7.105-##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
7.106-##! can change the 'From' with this setting.
7.107-# gitlab_rails['gitlab_email_from'] = 'example@example.com'
7.108-# gitlab_rails['gitlab_email_display_name'] = 'Example'
7.109-# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
7.110-# gitlab_rails['gitlab_email_subject_suffix'] = ''
7.111-# gitlab_rails['gitlab_email_smime_enabled'] = false
7.112-# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
7.113-# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
7.114-# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
7.115-
7.116-### GitLab user privileges
7.117-# gitlab_rails['gitlab_default_can_create_group'] = true
7.118-# gitlab_rails['gitlab_username_changing_enabled'] = true
7.119-
7.120-### Default Theme
7.121-### Available values:
7.122-##! `1` for Indigo
7.123-##! `2` for Dark
7.124-##! `3` for Light
7.125-##! `4` for Blue
7.126-##! `5` for Green
7.127-##! `6` for Light Indigo
7.128-##! `7` for Light Blue
7.129-##! `8` for Light Green
7.130-##! `9` for Red
7.131-##! `10` for Light Red
7.132-gitlab_rails['gitlab_default_theme'] = 2
7.133-
7.134-### Default project feature settings
7.135-gitlab_rails['gitlab_default_projects_features_issues'] = true
7.136-gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
7.137-# gitlab_rails['gitlab_default_projects_features_wiki'] = true
7.138-gitlab_rails['gitlab_default_projects_features_snippets'] = true
7.139-# gitlab_rails['gitlab_default_projects_features_builds'] = true
7.140-# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
7.141-
7.142-### Automatic issue closing
7.143-###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
7.144-###! information about this pattern.
7.145-# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
7.146-
7.147-### Download location
7.148-###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
7.149-###! is created in the following directory.
7.150-###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
7.151-# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
7.152-
7.153-### Gravatar Settings
7.154-# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
7.155-# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
7.156-
7.157-### Auxiliary jobs
7.158-###! Periodically executed jobs, to self-heal Gitlab, do external
7.159-###! synchronizations, etc.
7.160-###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
7.161-###! https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
7.162-# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
7.163-# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
7.164-# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
7.165-# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
7.166-# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
7.167-# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
7.168-# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
7.169-# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
7.170-# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
7.171-# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
7.172-# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
7.173-# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
7.174-# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
7.175-# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
7.176-# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
7.177-# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
7.178-# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
7.179-# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
7.180-# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
7.181-# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
7.182-# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
7.183-# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
7.184-# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
7.185-
7.186-### Webhook Settings
7.187-###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
7.188-###! request (default: 10)
7.189-# gitlab_rails['webhook_timeout'] = 10
7.190-
7.191-### GraphQL Settings
7.192-###! Tells the rails application how long it has to complete a GraphQL request.
7.193-###! We suggest this value to be higher than the database timeout value
7.194-###! and lower than the worker timeout set in puma. (default: 30)
7.195-# gitlab_rails['graphql_timeout'] = 30
7.196-
7.197-### Trusted proxies
7.198-###! Customize if you have GitLab behind a reverse proxy which is running on a
7.199-###! different machine.
7.200-###! **Add the IP address for your reverse proxy to the list, otherwise users
7.201-###! will appear signed in from that address.**
7.202-# gitlab_rails['trusted_proxies'] = [172.17.0.1]
7.203-
7.204-### Content Security Policy
7.205-####! Customize if you want to enable the Content-Security-Policy header, which
7.206-####! can help thwart JavaScript cross-site scripting (XSS) attacks.
7.207-####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
7.208-# gitlab_rails['content_security_policy'] = {
7.209-# 'enabled' => false,
7.210-# 'report_only' => false,
7.211-# # Each directive is a String (e.g. "'self'").
7.212-# 'directives' => {
7.213-# 'base_uri' => nil,
7.214-# 'child_src' => nil,
7.215-# 'connect_src' => nil,
7.216-# 'default_src' => nil,
7.217-# 'font_src' => nil,
7.218-# 'form_action' => nil,
7.219-# 'frame_ancestors' => nil,
7.220-# 'frame_src' => nil,
7.221-# 'img_src' => nil,
7.222-# 'manifest_src' => nil,
7.223-# 'media_src' => nil,
7.224-# 'object_src' => nil,
7.225-# 'script_src' => nil,
7.226-# 'style_src' => nil,
7.227-# 'worker_src' => nil,
7.228-# 'report_uri' => nil,
7.229-# }
7.230-# }
7.231-
7.232-### Allowed hosts
7.233-###! Customize the `host` headers that should be catered by the Rails
7.234-###! application. By default, everything is allowed.
7.235-# gitlab_rails['allowed_hosts'] = []
7.236-
7.237-### Monitoring settings
7.238-###! IP whitelist controlling access to monitoring endpoints
7.239-# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
7.240-
7.241-### Shutdown settings
7.242-###! Defines an interval to block healthcheck,
7.243-###! but continue accepting application requests.
7.244-# gitlab_rails['shutdown_blackout_seconds'] = 10
7.245-
7.246-### Reply by email
7.247-###! Allow users to comment on issues and merge requests by replying to
7.248-###! notification emails.
7.249-###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
7.250-# gitlab_rails['incoming_email_enabled'] = true
7.251-
7.252-#### Incoming Email Address
7.253-####! The email address including the `%{key}` placeholder that will be replaced
7.254-####! to reference the item being replied to.
7.255-####! **The placeholder can be omitted but if present, it must appear in the
7.256-####! "user" part of the address (before the `@`).**
7.257-# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
7.258-
7.259-#### Email account username
7.260-####! **With third party providers, this is usually the full email address.**
7.261-####! **With self-hosted email servers, this is usually the user part of the
7.262-####! email address.**
7.263-# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
7.264-
7.265-#### Email account password
7.266-# gitlab_rails['incoming_email_password'] = "[REDACTED]"
7.267-
7.268-#### IMAP Settings
7.269-# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
7.270-# gitlab_rails['incoming_email_port'] = 993
7.271-# gitlab_rails['incoming_email_ssl'] = true
7.272-# gitlab_rails['incoming_email_start_tls'] = false
7.273-
7.274-#### Incoming Mailbox Settings (via `mail_room`)
7.275-####! The mailbox where incoming mail will end up. Usually "inbox".
7.276-# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
7.277-####! The IDLE command timeout.
7.278-# gitlab_rails['incoming_email_idle_timeout'] = 60
7.279-####! The file name for internal `mail_room` JSON logfile
7.280-# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
7.281-####! Permanently remove messages from the mailbox when they are deleted after delivery
7.282-# gitlab_rails['incoming_email_expunge_deleted'] = false
7.283-
7.284-#### Inbox options (for Microsoft Graph)
7.285-# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
7.286-# gitlab_rails['incoming_email_inbox_options'] = {
7.287-# 'tenant_id': 'YOUR-TENANT-ID',
7.288-# 'client_id': 'YOUR-CLIENT-ID',
7.289-# 'client_secret': 'YOUR-CLIENT-SECRET',
7.290-# 'poll_interval': 60 # Optional
7.291-# }
7.292-
7.293-#### How incoming emails are delivered to Rails process. Accept either sidekiq
7.294-#### or webhook. The default config is sidekiq.
7.295-# gitlab_rails['incoming_email_delivery_method'] = "sidekiq"
7.296-
7.297-#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
7.298-#### encoded with base64
7.299-# gitlab_rails['incoming_email_auth_token'] = nil
7.300-
7.301-####! The format of mail_room crash logs
7.302-# mailroom['exit_log_format'] = "plain"
7.303-
7.304-### Consolidated (simplified) object storage configuration
7.305-###! This uses a single credential for object storage with multiple buckets.
7.306-###! It also enables Workhorse to upload files directly with its own S3 client
7.307-###! instead of using pre-signed URLs.
7.308-###!
7.309-###! This configuration will only take effect if the object_store
7.310-###! sections are not defined within the types. For example, enabling
7.311-###! gitlab_rails['artifacts_object_store_enabled'] or
7.312-###! gitlab_rails['lfs_object_store_enabled'] will prevent the
7.313-###! consolidated settings from being used.
7.314-###!
7.315-###! Be sure to use different buckets for each type of object.
7.316-###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
7.317-# gitlab_rails['object_store']['enabled'] = false
7.318-# gitlab_rails['object_store']['connection'] = {}
7.319-# gitlab_rails['object_store']['storage_options'] = {}
7.320-# gitlab_rails['object_store']['proxy_download'] = false
7.321-# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
7.322-# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
7.323-# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
7.324-# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
7.325-# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
7.326-# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
7.327-# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
7.328-# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
7.329-
7.330-### Job Artifacts
7.331-# gitlab_rails['artifacts_enabled'] = true
7.332-# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
7.333-####! Job artifacts Object Store
7.334-####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
7.335-# gitlab_rails['artifacts_object_store_enabled'] = false
7.336-# gitlab_rails['artifacts_object_store_direct_upload'] = false
7.337-# gitlab_rails['artifacts_object_store_background_upload'] = true
7.338-# gitlab_rails['artifacts_object_store_proxy_download'] = false
7.339-# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
7.340-# gitlab_rails['artifacts_object_store_connection'] = {
7.341-# 'provider' => 'AWS',
7.342-# 'region' => 'eu-west-1',
7.343-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.344-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.345-# # # The below options configure an S3 compatible host instead of AWS
7.346-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.347-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.348-# # 'host' => 's3.amazonaws.com',
7.349-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.350-# }
7.351-
7.352-### External merge request diffs
7.353-# gitlab_rails['external_diffs_enabled'] = false
7.354-# gitlab_rails['external_diffs_when'] = nil
7.355-# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
7.356-# gitlab_rails['external_diffs_object_store_enabled'] = false
7.357-# gitlab_rails['external_diffs_object_store_direct_upload'] = false
7.358-# gitlab_rails['external_diffs_object_store_background_upload'] = false
7.359-# gitlab_rails['external_diffs_object_store_proxy_download'] = false
7.360-# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
7.361-# gitlab_rails['external_diffs_object_store_connection'] = {
7.362-# 'provider' => 'AWS',
7.363-# 'region' => 'eu-west-1',
7.364-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.365-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.366-# # # The below options configure an S3 compatible host instead of AWS
7.367-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.368-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.369-# # 'host' => 's3.amazonaws.com',
7.370-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.371-# }
7.372-
7.373-### Git LFS
7.374-# gitlab_rails['lfs_enabled'] = true
7.375-# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
7.376-# gitlab_rails['lfs_object_store_enabled'] = false
7.377-# gitlab_rails['lfs_object_store_direct_upload'] = false
7.378-# gitlab_rails['lfs_object_store_background_upload'] = true
7.379-# gitlab_rails['lfs_object_store_proxy_download'] = false
7.380-# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
7.381-# gitlab_rails['lfs_object_store_connection'] = {
7.382-# 'provider' => 'AWS',
7.383-# 'region' => 'eu-west-1',
7.384-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.385-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.386-# # # The below options configure an S3 compatible host instead of AWS
7.387-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.388-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.389-# # 'host' => 's3.amazonaws.com',
7.390-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.391-# }
7.392-
7.393-### GitLab uploads
7.394-###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
7.395-# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
7.396-# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
7.397-# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
7.398-# gitlab_rails['uploads_object_store_enabled'] = false
7.399-# gitlab_rails['uploads_object_store_direct_upload'] = false
7.400-# gitlab_rails['uploads_object_store_background_upload'] = true
7.401-# gitlab_rails['uploads_object_store_proxy_download'] = false
7.402-# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
7.403-# gitlab_rails['uploads_object_store_connection'] = {
7.404-# 'provider' => 'AWS',
7.405-# 'region' => 'eu-west-1',
7.406-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.407-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.408-# # # The below options configure an S3 compatible host instead of AWS
7.409-# # 'host' => 's3.amazonaws.com',
7.410-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.411-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.412-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.413-# }
7.414-
7.415-### Terraform state
7.416-###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
7.417-# gitlab_rails['terraform_state_enabled'] = true
7.418-# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
7.419-# gitlab_rails['terraform_state_object_store_enabled'] = false
7.420-# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
7.421-# gitlab_rails['terraform_state_object_store_connection'] = {
7.422-# 'provider' => 'AWS',
7.423-# 'region' => 'eu-west-1',
7.424-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.425-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.426-# # # The below options configure an S3 compatible host instead of AWS
7.427-# # 'host' => 's3.amazonaws.com',
7.428-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.429-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.430-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.431-# }
7.432-
7.433-### CI Secure Files
7.434-# gitlab_rails['ci_secure_files_enabled'] = true
7.435-# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
7.436-# gitlab_rails['ci_secure_files_object_store_enabled'] = false
7.437-# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
7.438-# gitlab_rails['ci_secure_files_object_store_connection'] = {
7.439-# 'provider' => 'AWS',
7.440-# 'region' => 'eu-west-1',
7.441-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.442-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.443-# # # The below options configure an S3 compatible host instead of AWS
7.444-# # 'host' => 's3.amazonaws.com',
7.445-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.446-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.447-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.448-# }
7.449-
7.450-### GitLab Pages
7.451-# gitlab_rails['pages_object_store_enabled'] = false
7.452-# gitlab_rails['pages_object_store_remote_directory'] = "pages"
7.453-# gitlab_rails['pages_object_store_connection'] = {
7.454-# 'provider' => 'AWS',
7.455-# 'region' => 'eu-west-1',
7.456-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.457-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.458-# # # The below options configure an S3 compatible host instead of AWS
7.459-# # 'host' => 's3.amazonaws.com',
7.460-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.461-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.462-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.463-# }
7.464-# gitlab_rails['pages_local_store_enabled'] = true
7.465-# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
7.466-
7.467-### Impersonation settings
7.468-# gitlab_rails['impersonation_enabled'] = true
7.469-
7.470-### Application settings cache expiry in seconds. (default: 60)
7.471-# gitlab_rails['application_settings_cache_seconds'] = 60
7.472-
7.473-### Usage Statistics
7.474-# gitlab_rails['usage_ping_enabled'] = true
7.475-
7.476-### GitLab Mattermost
7.477-###! These settings are void if Mattermost is installed on the same omnibus
7.478-###! install
7.479-# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
7.480-
7.481-### LDAP Settings
7.482-###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
7.483-###! **Be careful not to break the indentation in the ldap_servers block. It is
7.484-###! in yaml format and the spaces must be retained. Using tabs will not work.**
7.485-
7.486-# gitlab_rails['ldap_enabled'] = false
7.487-# gitlab_rails['prevent_ldap_sign_in'] = false
7.488-
7.489-###! **remember to close this block with 'EOS' below**
7.490-# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
7.491-# main: # 'main' is the GitLab 'provider ID' of this LDAP server
7.492-# label: 'LDAP'
7.493-# host: '_your_ldap_server'
7.494-# port: 389
7.495-# uid: 'sAMAccountName'
7.496-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
7.497-# password: '_the_password_of_the_bind_user'
7.498-# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
7.499-# verify_certificates: true
7.500-# smartcard_auth: false
7.501-# active_directory: true
7.502-# allow_username_or_email_login: false
7.503-# lowercase_usernames: false
7.504-# block_auto_created_users: false
7.505-# base: ''
7.506-# user_filter: ''
7.507-# ## EE only
7.508-# group_base: ''
7.509-# admin_group: ''
7.510-# sync_ssh_keys: false
7.511-#
7.512-# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
7.513-# label: 'LDAP'
7.514-# host: '_your_ldap_server'
7.515-# port: 389
7.516-# uid: 'sAMAccountName'
7.517-# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
7.518-# password: '_the_password_of_the_bind_user'
7.519-# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
7.520-# verify_certificates: true
7.521-# smartcard_auth: false
7.522-# active_directory: true
7.523-# allow_username_or_email_login: false
7.524-# lowercase_usernames: false
7.525-# block_auto_created_users: false
7.526-# base: ''
7.527-# user_filter: ''
7.528-# ## EE only
7.529-# group_base: ''
7.530-# admin_group: ''
7.531-# sync_ssh_keys: false
7.532-# EOS
7.533-
7.534-### Smartcard authentication settings
7.535-###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
7.536-# gitlab_rails['smartcard_enabled'] = false
7.537-# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
7.538-# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
7.539-# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
7.540-# gitlab_rails['smartcard_required_for_git_access'] = false
7.541-# gitlab_rails['smartcard_san_extensions'] = false
7.542-
7.543-### OmniAuth Settings
7.544-###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
7.545-# gitlab_rails['omniauth_enabled'] = nil
7.546-# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
7.547-# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
7.548-# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
7.549-# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
7.550-# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
7.551-# gitlab_rails['omniauth_block_auto_created_users'] = true
7.552-# gitlab_rails['omniauth_auto_link_ldap_user'] = false
7.553-# gitlab_rails['omniauth_auto_link_saml_user'] = false
7.554-# gitlab_rails['omniauth_auto_link_user'] = ['saml']
7.555-# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
7.556-# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
7.557-# gitlab_rails['omniauth_providers'] = [
7.558-# {
7.559-# "name" => "google_oauth2",
7.560-# "app_id" => "YOUR APP ID",
7.561-# "app_secret" => "YOUR APP SECRET",
7.562-# "args" => { "access_type" => "offline", "approval_prompt" => "" }
7.563-# }
7.564-# ]
7.565-# gitlab_rails['omniauth_cas3_session_duration'] = 28800
7.566-# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000
7.567-
7.568-### FortiAuthenticator authentication settings
7.569-# gitlab_rails['forti_authenticator_enabled'] = false
7.570-# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
7.571-# gitlab_rails['forti_authenticator_port'] = 443
7.572-# gitlab_rails['forti_authenticator_username'] = 'admin'
7.573-# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'
7.574-
7.575-### FortiToken Cloud authentication settings
7.576-# gitlab_rails['forti_token_cloud_enabled'] = false
7.577-# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
7.578-# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'
7.579-
7.580-### Backup Settings
7.581-###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
7.582-
7.583-# gitlab_rails['manage_backup_path'] = true
7.584-# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
7.585-# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
7.586-
7.587-###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
7.588-# gitlab_rails['backup_archive_permissions'] = 0644
7.589-
7.590-# gitlab_rails['backup_pg_schema'] = 'public'
7.591-
7.592-###! The duration in seconds to keep backups before they are allowed to be deleted
7.593-# gitlab_rails['backup_keep_time'] = 604800
7.594-
7.595-# gitlab_rails['backup_upload_connection'] = {
7.596-# 'provider' => 'AWS',
7.597-# 'region' => 'eu-west-1',
7.598-# 'aws_access_key_id' => 'AKIAKIAKI',
7.599-# 'aws_secret_access_key' => 'secret123',
7.600-# # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
7.601-# 'use_iam_profile' => false
7.602-# }
7.603-# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
7.604-# gitlab_rails['backup_multipart_chunk_size'] = 104857600
7.605-
7.606-###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
7.607-###! backups**
7.608-# gitlab_rails['backup_encryption'] = 'AES256'
7.609-###! The encryption key to use with AWS Server-Side Encryption.
7.610-###! Setting this value will enable Server-Side Encryption with customer provided keys;
7.611-###! otherwise S3-managed keys are used.
7.612-# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
7.613-
7.614-###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key)
7.615-# gitlab_rails['backup_upload_storage_options'] = {
7.616-# 'server_side_encryption' => 'aws:kms',
7.617-# 'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
7.618-# }
7.619-
7.620-###! **Specifies Amazon S3 storage class to use for backups. Valid values
7.621-###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
7.622-# gitlab_rails['backup_storage_class'] = 'STANDARD'
7.623-
7.624-###! Skip parts of the backup. Comma separated.
7.625-###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
7.626-#gitlab_rails['env'] = {
7.627-# "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
7.628-#}
7.629-
7.630-### Pseudonymizer Settings
7.631-# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
7.632-# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
7.633-# gitlab_rails['pseudonymizer_upload_connection'] = {
7.634-# 'provider' => 'AWS',
7.635-# 'region' => 'eu-west-1',
7.636-# 'aws_access_key_id' => 'AKIAKIAKI',
7.637-# 'aws_secret_access_key' => 'secret123'
7.638-# }
7.639-
7.640-
7.641-### For setting up different data storing directory
7.642-###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory
7.643-###! **If you want to use a single non-default directory to store git data use a
7.644-###! path that doesn't contain symlinks.**
7.645-# git_data_dirs({
7.646-# "default" => {
7.647-# "path" => "/mnt/nfs-01/git-data"
7.648-# }
7.649-# })
7.650-
7.651-### Gitaly settings
7.652-# gitlab_rails['gitaly_token'] = 'secret token'
7.653-
7.654-### For storing GitLab application uploads, eg. LFS objects, build artifacts
7.655-###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
7.656-# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
7.657-
7.658-### For storing encrypted configuration files
7.659-###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
7.660-# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'
7.661-
7.662-### Wait for file system to be mounted
7.663-###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
7.664-# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
7.665-
7.666-### GitLab Shell settings for GitLab
7.667-# gitlab_rails['gitlab_shell_ssh_port'] = 22
7.668-# gitlab_rails['gitlab_shell_git_timeout'] = 800
7.669-
7.670-### Extra customization
7.671-# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
7.672-# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
7.673-# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
7.674-# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
7.675-# gitlab_rails['extra_bizible'] = false
7.676-# gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
7.677-# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
7.678-# gitlab_rails['extra_matomo_disable_cookies'] = false
7.679-
7.680-##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
7.681-# gitlab_rails['env'] = {
7.682-# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
7.683-# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
7.684-# }
7.685-
7.686-# gitlab_rails['rack_attack_git_basic_auth'] = {
7.687-# 'enabled' => false,
7.688-# 'ip_whitelist' => ["127.0.0.1"],
7.689-# 'maxretry' => 10,
7.690-# 'findtime' => 60,
7.691-# 'bantime' => 3600
7.692-# }
7.693-
7.694-# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
7.695-# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
7.696-
7.697-#### Change the initial default admin password and shared runner registration tokens.
7.698-####! **Only applicable on initial setup, changing these settings after database
7.699-####! is created and seeded won't yield any change.**
7.700-# gitlab_rails['initial_root_password'] = "password"
7.701-# gitlab_rails['initial_shared_runners_registration_token'] = "token"
7.702-
7.703-#### Toggle if root password should be printed to STDOUT during initialization
7.704-# gitlab_rails['display_initial_root_password'] = false
7.705-
7.706-#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
7.707-# gitlab_rails['store_initial_root_password'] = true
7.708-
7.709-#### Set path to an initial license to be used while bootstrapping GitLab.
7.710-####! **Only applicable on initial setup, future license updations need to be done via UI.
7.711-####! Updating the file specified in this path won't yield any change after the first reconfigure run.
7.712-# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
7.713-
7.714-#### Enable or disable automatic database migrations
7.715-# gitlab_rails['auto_migrate'] = true
7.716-
7.717-#### This is advanced feature used by large gitlab deployments where loading
7.718-#### whole RAILS env takes a lot of time.
7.719-# gitlab_rails['rake_cache_clear'] = true
7.720-
7.721-### GitLab database settings
7.722-###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
7.723-###! **Only needed if you use an external database.**
7.724-# gitlab_rails['db_adapter'] = "postgresql"
7.725-# gitlab_rails['db_encoding'] = "unicode"
7.726-# gitlab_rails['db_collation'] = nil
7.727-# gitlab_rails['db_database'] = "gitlabhq_production"
7.728-# gitlab_rails['db_username'] = "gitlab"
7.729-# gitlab_rails['db_password'] = nil
7.730-# gitlab_rails['db_host'] = nil
7.731-# gitlab_rails['db_port'] = 5432
7.732-# gitlab_rails['db_socket'] = nil
7.733-# gitlab_rails['db_sslmode'] = nil
7.734-# gitlab_rails['db_sslcompression'] = 0
7.735-# gitlab_rails['db_sslrootcert'] = nil
7.736-# gitlab_rails['db_sslcert'] = nil
7.737-# gitlab_rails['db_sslkey'] = nil
7.738-# gitlab_rails['db_prepared_statements'] = false
7.739-# gitlab_rails['db_statements_limit'] = 1000
7.740-# gitlab_rails['db_connect_timeout'] = nil
7.741-# gitlab_rails['db_keepalives'] = nil
7.742-# gitlab_rails['db_keepalives_idle'] = nil
7.743-# gitlab_rails['db_keepalives_interval'] = nil
7.744-# gitlab_rails['db_keepalives_count'] = nil
7.745-# gitlab_rails['db_tcp_user_timeout'] = nil
7.746-# gitlab_rails['db_application_name'] = nil
7.747-# gitlab_rails['db_database_tasks'] = true
7.748-
7.749-
7.750-### GitLab Redis settings
7.751-###! Connect to your own Redis instance
7.752-###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
7.753-
7.754-#### Redis TCP connection
7.755-# gitlab_rails['redis_host'] = "127.0.0.1"
7.756-# gitlab_rails['redis_port'] = 6379
7.757-# gitlab_rails['redis_ssl'] = false
7.758-# gitlab_rails['redis_password'] = nil
7.759-# gitlab_rails['redis_database'] = 0
7.760-# gitlab_rails['redis_enable_client'] = true
7.761-
7.762-#### Redis local UNIX socket (will be disabled if TCP method is used)
7.763-# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
7.764-
7.765-#### Sentinel support
7.766-####! To have Sentinel working, you must enable Redis TCP connection support
7.767-####! above and define a few Sentinel hosts below (to get a reliable setup
7.768-####! at least 3 hosts).
7.769-####! **You don't need to list every sentinel host, but the ones not listed will
7.770-####! not be used in a fail-over situation to query for the new master.**
7.771-# gitlab_rails['redis_sentinels'] = [
7.772-# {'host' => '127.0.0.1', 'port' => 26379},
7.773-# ]
7.774-
7.775-#### Separate instances support
7.776-###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
7.777-# gitlab_rails['redis_cache_instance'] = nil
7.778-# gitlab_rails['redis_cache_sentinels'] = nil
7.779-# gitlab_rails['redis_queues_instance'] = nil
7.780-# gitlab_rails['redis_queues_sentinels'] = nil
7.781-# gitlab_rails['redis_shared_state_instance'] = nil
7.782-# gitlab_rails['redis_shared_state_sentinels'] = nil
7.783-# gitlab_rails['redis_trace_chunks_instance'] = nil
7.784-# gitlab_rails['redis_trace_chunks_sentinels'] = nil
7.785-# gitlab_rails['redis_actioncable_instance'] = nil
7.786-# gitlab_rails['redis_actioncable_sentinels'] = nil
7.787-# gitlab_rails['redis_rate_limiting_instance'] = nil
7.788-# gitlab_rails['redis_rate_limiting_sentinels'] = nil
7.789-# gitlab_rails['redis_sessions_instance'] = nil
7.790-# gitlab_rails['redis_sessions_sentinels'] = nil
7.791-
7.792-################################################################################
7.793-## Container Registry settings
7.794-##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html
7.795-################################################################################
7.796-
7.797-# registry_external_url 'https://registry.example.com'
7.798-
7.799-### Settings used by GitLab application
7.800-# gitlab_rails['registry_enabled'] = true
7.801-# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
7.802-# gitlab_rails['registry_port'] = "5005"
7.803-# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
7.804-
7.805-# Notification secret, it's used to authenticate notification requests to GitLab application
7.806-# You only need to change this when you use external Registry service, otherwise
7.807-# it will be taken directly from notification settings of your Registry
7.808-# gitlab_rails['registry_notification_secret'] = nil
7.809-
7.810-###! **Do not change the following 3 settings unless you know what you are
7.811-###! doing**
7.812-# gitlab_rails['registry_api_url'] = "http://localhost:5000"
7.813-# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
7.814-# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
7.815-
7.816-### Settings used by Registry application
7.817-# registry['enable'] = true
7.818-# registry['username'] = "registry"
7.819-# registry['group'] = "registry"
7.820-# registry['uid'] = nil
7.821-# registry['gid'] = nil
7.822-# registry['dir'] = "/var/opt/gitlab/registry"
7.823-# registry['registry_http_addr'] = "localhost:5000"
7.824-# registry['debug_addr'] = "localhost:5001"
7.825-# registry['log_directory'] = "/var/log/gitlab/registry"
7.826-# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
7.827-# registry['env'] = {
7.828-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.829-# }
7.830-# registry['log_level'] = "info"
7.831-# registry['log_formatter'] = "text"
7.832-# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
7.833-# registry['health_storagedriver_enabled'] = true
7.834-# registry['middleware'] = nil
7.835-# registry['storage_delete_enabled'] = true
7.836-# registry['validation_enabled'] = false
7.837-# registry['autoredirect'] = false
7.838-# registry['compatibility_schema1_enabled'] = false
7.839-
7.840-### Registry backend storage
7.841-###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
7.842-# registry['storage'] = {
7.843-# 's3' => {
7.844-# 'accesskey' => 's3-access-key',
7.845-# 'secretkey' => 's3-secret-key-for-access-key',
7.846-# 'bucket' => 'your-s3-bucket',
7.847-# 'region' => 'your-s3-region',
7.848-# 'regionendpoint' => 'your-s3-regionendpoint'
7.849-# },
7.850-# 'redirect' => {
7.851-# 'disable' => false
7.852-# }
7.853-# }
7.854-
7.855-### Registry notifications endpoints
7.856-# registry['notifications'] = [
7.857-# {
7.858-# 'name' => 'test_endpoint',
7.859-# 'url' => 'https://gitlab.example.com/notify2',
7.860-# 'timeout' => '500ms',
7.861-# 'threshold' => 5,
7.862-# 'backoff' => '1s',
7.863-# 'headers' => {
7.864-# "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
7.865-# }
7.866-# }
7.867-# ]
7.868-### Default registry notifications
7.869-# registry['default_notifications_timeout'] = "500ms"
7.870-# registry['default_notifications_threshold'] = 5
7.871-# registry['default_notifications_backoff'] = "1s"
7.872-# registry['default_notifications_headers'] = {}
7.873-
7.874-################################################################################
7.875-## Error Reporting and Logging with Sentry
7.876-################################################################################
7.877-# gitlab_rails['sentry_enabled'] = false
7.878-# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
7.879-# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
7.880-# gitlab_rails['sentry_environment'] = 'production'
7.881-
7.882-################################################################################
7.883-## CI_JOB_JWT
7.884-################################################################################
7.885-##! RSA private key used to sign CI_JOB_JWT
7.886-# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.
7.887-
7.888-################################################################################
7.889-## GitLab Workhorse
7.890-##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
7.891-################################################################################
7.892-
7.893-# gitlab_workhorse['enable'] = true
7.894-# gitlab_workhorse['ha'] = false
7.895-# gitlab_workhorse['alt_document_root'] = nil
7.896-
7.897-##! Duration to wait for all requests to finish (e.g. "10s" for 10
7.898-##! seconds). By default this is disabled to preserve the existing
7.899-##! behavior of fast shutdown. This should not be set higher than 30
7.900-##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
7.901-##! the SVWAIT variable) and report a timeout error if the process has
7.902-##! not shut down.
7.903-# gitlab_workhorse['shutdown_timeout'] = nil
7.904-# gitlab_workhorse['listen_network'] = "unix"
7.905-# gitlab_workhorse['listen_umask'] = 000
7.906-# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
7.907-# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
7.908-
7.909-##! Enable Redis keywatcher, if this setting is not present it defaults to true
7.910-# gitlab_workhorse['workhorse_keywatcher'] = true
7.911-
7.912-##! the empty string is the default in gitlab-workhorse option parser
7.913-# gitlab_workhorse['auth_socket'] = "''"
7.914-
7.915-##! put an empty string on the command line
7.916-# gitlab_workhorse['pprof_listen_addr'] = "''"
7.917-
7.918-# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
7.919-
7.920-# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
7.921-# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
7.922-# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
7.923-
7.924-##! limit number of concurrent API requests, defaults to 0 which is unlimited
7.925-# gitlab_workhorse['api_limit'] = 0
7.926-
7.927-##! limit number of API requests allowed to be queued, defaults to 0 which
7.928-##! disables queuing
7.929-# gitlab_workhorse['api_queue_limit'] = 0
7.930-
7.931-##! duration after which we timeout requests if they sit too long in the queue
7.932-# gitlab_workhorse['api_queue_duration'] = "30s"
7.933-
7.934-##! Long polling duration for job requesting for runners
7.935-# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
7.936-
7.937-##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise.
7.938-# gitlab_workhorse['propagate_correlation_id'] = false
7.939-
7.940-##! A list of CIDR blocks to allow for propagation of correlation ID.
7.941-##! propagate_correlation_id should also be set to true.
7.942-##! For example: %w(127.0.0.1/32 192.168.0.1/32)
7.943-# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil
7.944-
7.945-##! A list of CIDR blocks that must match remote IP addresses to use
7.946-##! X-Forwarded-For HTTP header for the actual client IP. Used in
7.947-##! conjuction with propagate_correlation_id and
7.948-##! trusted_cidrs_for_propagation.
7.949-##! For example: %w(127.0.0.1/32 192.168.0.1/32)
7.950-# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil
7.951-
7.952-##! Log format: default is json, can also be text or none.
7.953-# gitlab_workhorse['log_format'] = "json"
7.954-
7.955-# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
7.956-# gitlab_workhorse['env'] = {
7.957-# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
7.958-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.959-# }
7.960-
7.961-##! Resource limitations for the dynamic image scaler.
7.962-##! Exceeding these thresholds will cause Workhorse to serve images in their original size.
7.963-##!
7.964-##! Maximum number of scaler processes that are allowed to execute concurrently.
7.965-##! It is recommended for this not to exceed the number of CPUs available.
7.966-# gitlab_workhorse['image_scaler_max_procs'] = 4
7.967-##!
7.968-##! Maximum file size in bytes for an image to be considered eligible for rescaling
7.969-# gitlab_workhorse['image_scaler_max_filesize'] = 250000
7.970-
7.971-##! Service name used to register GitLab Workhorse as a Consul service
7.972-# gitlab_workhorse['consul_service_name'] = 'workhorse'
7.973-##! Semantic metadata used when registering GitLab Workhorse as a Consul service
7.974-# gitlab_workhorse['consul_service_meta'] = {}
7.975-
7.976-################################################################################
7.977-## GitLab User Settings
7.978-##! Modify default git user.
7.979-##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
7.980-################################################################################
7.981-
7.982-# user['username'] = "git"
7.983-# user['group'] = "git"
7.984-# user['uid'] = nil
7.985-# user['gid'] = nil
7.986-
7.987-##! The shell for the git user
7.988-# user['shell'] = "/bin/sh"
7.989-
7.990-##! The home directory for the git user
7.991-# user['home'] = "/var/opt/gitlab"
7.992-
7.993-# user['git_user_name'] = "GitLab"
7.994-# user['git_user_email'] = "gitlab@#{node['fqdn']}"
7.995-
7.996-################################################################################
7.997-## GitLab Puma
7.998-##! Tweak puma settings.
7.999-##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html
7.1000-################################################################################
7.1001-
7.1002-# puma['enable'] = true
7.1003-# puma['ha'] = false
7.1004-# puma['worker_timeout'] = 60
7.1005-# puma['worker_processes'] = 2
7.1006-# puma['min_threads'] = 4
7.1007-# puma['max_threads'] = 4
7.1008-
7.1009-### Advanced settings
7.1010-# puma['listen'] = '127.0.0.1'
7.1011-# puma['port'] = 8080
7.1012-# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
7.1013-# puma['somaxconn'] = 1024
7.1014-
7.1015-# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
7.1016-# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
7.1017-
7.1018-###! **We do not recommend changing this setting**
7.1019-# puma['log_directory'] = "/var/log/gitlab/puma"
7.1020-
7.1021-### **Only change these settings if you understand well what they mean**
7.1022-###! Docs: https://github.com/schneems/puma_worker_killer
7.1023-# puma['per_worker_max_memory_mb'] = 1024
7.1024-
7.1025-# puma['exporter_enabled'] = false
7.1026-# puma['exporter_address'] = "127.0.0.1"
7.1027-# puma['exporter_port'] = 8083
7.1028-
7.1029-##! Service name used to register Puma as a Consul service
7.1030-# puma['consul_service_name'] = 'rails'
7.1031-##! Semantic metadata used when registering Puma as a Consul service
7.1032-# puma['consul_service_meta'] = {}
7.1033-
7.1034-################################################################################
7.1035-## GitLab Sidekiq
7.1036-################################################################################
7.1037-
7.1038-##! GitLab allows one to start multiple sidekiq processes. These
7.1039-##! processes can be used to consume a dedicated set of queues. This
7.1040-##! can be used to ensure certain queues are able to handle additional workload.
7.1041-##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html
7.1042-
7.1043-# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
7.1044-# sidekiq['log_format'] = "json"
7.1045-# sidekiq['shutdown_timeout'] = 4
7.1046-# sidekiq['queue_selector'] = false
7.1047-# sidekiq['interval'] = nil
7.1048-# sidekiq['max_concurrency'] = 50
7.1049-# sidekiq['min_concurrency'] = nil
7.1050-
7.1051-##! GitLab allows route a job to a particular queue determined by an array of ##! routing rules.
7.1052-##! Each routing rule is a tuple of queue selector query and corresponding queue. By default,
7.1053-##! the routing rules are not configured (empty array)
7.1054-
7.1055-# sidekiq['routing_rules'] = []
7.1056-
7.1057-##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
7.1058-##! Sidekiq process. Multiple queues can be processed by the same process by
7.1059-##! separating them with a comma within the group entry, a `*` will process all queues
7.1060-
7.1061-# sidekiq['queue_groups'] = ['*']
7.1062-
7.1063-##! If negate is enabled then Sidekiq will process all the queues that
7.1064-##! don't match those in queue_groups.
7.1065-
7.1066-# sidekiq['negate'] = false
7.1067-
7.1068-##! Specifies where Prometheus metrics endpoints should be made available for Sidekiq processes.
7.1069-# sidekiq['metrics_enabled'] = true
7.1070-# sidekiq['exporter_log_enabled'] = false
7.1071-# sidekiq['listen_address'] = "localhost"
7.1072-# sidekiq['listen_port'] = 8082
7.1073-
7.1074-##! Specifies where health-check endpoints should be made available for Sidekiq processes.
7.1075-##! Defaults to the same settings as for Prometheus metrics (see above).
7.1076-# sidekiq['health_checks_enabled'] = true
7.1077-# sidekiq['health_checks_log_enabled'] = false
7.1078-# sidekiq['health_checks_listen_address'] = "localhost"
7.1079-# sidekiq['health_checks_listen_port'] = 8082
7.1080-
7.1081-##! Service name used to register Sidekiq as a Consul service
7.1082-# sidekiq['consul_service_name'] = 'sidekiq'
7.1083-##! Semantic metadata used when registering Sidekiq as a Consul service
7.1084-# sidekiq['consul_service_meta'] = {}
7.1085-
7.1086-################################################################################
7.1087-## gitlab-shell
7.1088-################################################################################
7.1089-
7.1090-# gitlab_shell['audit_usernames'] = false
7.1091-# gitlab_shell['log_level'] = 'INFO'
7.1092-# gitlab_shell['log_format'] = 'json'
7.1093-# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
7.1094-# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
7.1095-
7.1096-# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
7.1097-
7.1098-### Migration to Go feature flags
7.1099-###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
7.1100-# gitlab_shell['migration'] = { enabled: true, features: [] }
7.1101-
7.1102-### Git trace log file.
7.1103-###! If set, git commands receive GIT_TRACE* environment variables
7.1104-###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
7.1105-###! An absolute path starting with / – the trace output will be appended to
7.1106-###! that file. It needs to exist so we can check permissions and avoid
7.1107-###! throwing warnings to the users.
7.1108-# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
7.1109-
7.1110-##! **We do not recommend changing this directory.**
7.1111-# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
7.1112-
7.1113-################################################################
7.1114-## GitLab PostgreSQL
7.1115-################################################################
7.1116-
7.1117-###! Changing any of these settings requires a restart of postgresql.
7.1118-###! By default, reconfigure reloads postgresql if it is running. If you
7.1119-###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
7.1120-###! after reconfigure in order for the changes to take effect.
7.1121-# postgresql['enable'] = true
7.1122-# postgresql['listen_address'] = nil
7.1123-# postgresql['port'] = 5432
7.1124-
7.1125-## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other
7.1126-## cluster members. This port is used by Patroni to advertize the PostgreSQL connection
7.1127-## endpoint to the cluster. By default it is the same as postgresql['port'].
7.1128-# postgresql['connect_port'] = 5432
7.1129-
7.1130-##! **recommend value is 1/4 of total RAM, up to 14GB.**
7.1131-# postgresql['shared_buffers'] = "256MB"
7.1132-
7.1133-### Advanced settings
7.1134-# postgresql['ha'] = false
7.1135-# postgresql['dir'] = "/var/opt/gitlab/postgresql"
7.1136-# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
7.1137-# postgresql['log_destination'] = nil
7.1138-# postgresql['logging_collector'] = nil
7.1139-# postgresql['log_truncate_on_rotation'] = nil
7.1140-# postgresql['log_rotation_age'] = nil
7.1141-# postgresql['log_rotation_size'] = nil
7.1142-##! 'username' affects the system and PostgreSQL user accounts created during installation and cannot be changed
7.1143-##! on an existing installation. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606 for more details.
7.1144-# postgresql['username'] = "gitlab-psql"
7.1145-# postgresql['group'] = "gitlab-psql"
7.1146-##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
7.1147-# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
7.1148-# postgresql['uid'] = nil
7.1149-# postgresql['gid'] = nil
7.1150-# postgresql['shell'] = "/bin/sh"
7.1151-# postgresql['home'] = "/var/opt/gitlab/postgresql"
7.1152-# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
7.1153-# postgresql['sql_user'] = "gitlab"
7.1154-# postgresql['max_connections'] = 200
7.1155-# postgresql['md5_auth_cidr_addresses'] = []
7.1156-# postgresql['trust_auth_cidr_addresses'] = []
7.1157-# postgresql['wal_buffers'] = "-1"
7.1158-# postgresql['autovacuum_max_workers'] = "3"
7.1159-# postgresql['autovacuum_freeze_max_age'] = "200000000"
7.1160-# postgresql['log_statement'] = nil
7.1161-# postgresql['track_activity_query_size'] = "1024"
7.1162-# postgresql['shared_preload_libraries'] = nil
7.1163-# postgresql['dynamic_shared_memory_type'] = nil
7.1164-# postgresql['hot_standby'] = "off"
7.1165-
7.1166-### SSL settings
7.1167-# See https://www.postgresql.org/docs/12/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
7.1168-# postgresql['ssl'] = 'on'
7.1169-# postgresql['hostssl'] = false
7.1170-# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
7.1171-# postgresql['ssl_cert_file'] = 'server.crt'
7.1172-# postgresql['ssl_key_file'] = 'server.key'
7.1173-# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
7.1174-# postgresql['ssl_crl_file'] = nil
7.1175-# postgresql['cert_auth_addresses'] = {
7.1176-# 'ADDRESS' => {
7.1177-# database: 'gitlabhq_production',
7.1178-# user: 'gitlab'
7.1179-# }
7.1180-# }
7.1181-
7.1182-### Replication settings
7.1183-###! Note, some replication settings do not require a full restart. They are documented below.
7.1184-# postgresql['wal_level'] = "hot_standby"
7.1185-# postgresql['wal_log_hints'] = 'off'
7.1186-# postgresql['max_wal_senders'] = 5
7.1187-# postgresql['max_replication_slots'] = 0
7.1188-# postgresql['max_locks_per_transaction'] = 128
7.1189-
7.1190-# Backup/Archive settings
7.1191-# postgresql['archive_mode'] = "off"
7.1192-
7.1193-###! Changing any of these settings only requires a reload of postgresql. You do not need to
7.1194-###! restart postgresql if you change any of these and run reconfigure.
7.1195-# postgresql['work_mem'] = "16MB"
7.1196-# postgresql['maintenance_work_mem'] = "16MB"
7.1197-# postgresql['checkpoint_timeout'] = "5min"
7.1198-# postgresql['checkpoint_completion_target'] = 0.9
7.1199-# postgresql['effective_io_concurrency'] = 1
7.1200-# postgresql['checkpoint_warning'] = "30s"
7.1201-# postgresql['effective_cache_size'] = "1MB"
7.1202-# postgresql['shmmax'] = 17179869184 # or 4294967295
7.1203-# postgresql['shmall'] = 4194304 # or 1048575
7.1204-# postgresql['autovacuum'] = "on"
7.1205-# postgresql['log_autovacuum_min_duration'] = "-1"
7.1206-# postgresql['autovacuum_naptime'] = "1min"
7.1207-# postgresql['autovacuum_vacuum_threshold'] = "50"
7.1208-# postgresql['autovacuum_analyze_threshold'] = "50"
7.1209-# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
7.1210-# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
7.1211-# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
7.1212-# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
7.1213-# postgresql['statement_timeout'] = "60000"
7.1214-# postgresql['idle_in_transaction_session_timeout'] = "60000"
7.1215-# postgresql['log_line_prefix'] = "%a"
7.1216-# postgresql['max_worker_processes'] = 8
7.1217-# postgresql['max_parallel_workers_per_gather'] = 0
7.1218-# postgresql['log_lock_waits'] = 1
7.1219-# postgresql['deadlock_timeout'] = '5s'
7.1220-# postgresql['track_io_timing'] = 0
7.1221-# postgresql['default_statistics_target'] = 1000
7.1222-
7.1223-### Available in PostgreSQL 9.6 and later
7.1224-# postgresql['min_wal_size'] = "80MB"
7.1225-# postgresql['max_wal_size'] = "1GB"
7.1226-
7.1227-# Backup/Archive settings
7.1228-# postgresql['archive_command'] = nil
7.1229-# postgresql['archive_timeout'] = "0"
7.1230-
7.1231-### Replication settings
7.1232-# postgresql['sql_replication_user'] = "gitlab_replicator"
7.1233-# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
7.1234-# postgresql['wal_keep_segments'] = 10
7.1235-# postgresql['max_standby_archive_delay'] = "30s"
7.1236-# postgresql['max_standby_streaming_delay'] = "30s"
7.1237-# postgresql['synchronous_commit'] = on
7.1238-# postgresql['synchronous_standby_names'] = ''
7.1239-# postgresql['hot_standby_feedback'] = 'off'
7.1240-# postgresql['random_page_cost'] = 2.0
7.1241-# postgresql['log_temp_files'] = -1
7.1242-# postgresql['log_checkpoints'] = 'off'
7.1243-# To add custom entries to pg_hba.conf use the following
7.1244-# postgresql['custom_pg_hba_entries'] = {
7.1245-# APPLICATION: [ # APPLICATION should identify what the settings are used for
7.1246-# {
7.1247-# type: example,
7.1248-# database: example,
7.1249-# user: example,
7.1250-# cidr: example,
7.1251-# method: example,
7.1252-# option: example
7.1253-# }
7.1254-# ]
7.1255-# }
7.1256-# See https://www.postgresql.org/docs/12/static/auth-pg-hba-conf.html for an explanation
7.1257-# of the values
7.1258-
7.1259-### Version settings
7.1260-# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
7.1261-# postgresql['version'] = 10
7.1262-
7.1263-################################################################################
7.1264-## GitLab Redis
7.1265-##! **Can be disabled if you are using your own Redis instance.**
7.1266-##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
7.1267-################################################################################
7.1268-
7.1269-# redis['enable'] = true
7.1270-# redis['ha'] = false
7.1271-# redis['hz'] = 10
7.1272-# redis['dir'] = "/var/opt/gitlab/redis"
7.1273-# redis['log_directory'] = "/var/log/gitlab/redis"
7.1274-# redis['username'] = "gitlab-redis"
7.1275-# redis['group'] = "gitlab-redis"
7.1276-# redis['maxclients'] = "10000"
7.1277-# redis['maxmemory'] = "0"
7.1278-# redis['maxmemory_policy'] = "noeviction"
7.1279-# redis['maxmemory_samples'] = "5"
7.1280-# redis['stop_writes_on_bgsave_error'] = true
7.1281-# redis['tcp_backlog'] = 511
7.1282-# redis['tcp_timeout'] = "60"
7.1283-# redis['tcp_keepalive'] = "300"
7.1284-# redis['uid'] = nil
7.1285-# redis['gid'] = nil
7.1286-
7.1287-### Redis TLS settings
7.1288-###! To run Redis over TLS, specify values for the following settings
7.1289-# redis['tls_port'] = nil
7.1290-# redis['tls_cert_file'] = nil
7.1291-# redis['tls_key_file'] = nil
7.1292-
7.1293-###! Other TLS related optional settings
7.1294-# redis['tls_dh_params_file'] = nil
7.1295-# redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
7.1296-# redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
7.1297-# redis['tls_auth_clients'] = 'optional'
7.1298-# redis['tls_replication'] = nil
7.1299-# redis['tls_cluster'] = nil
7.1300-# redis['tls_protocols'] = nil
7.1301-# redis['tls_ciphers'] = nil
7.1302-# redis['tls_ciphersuites'] = nil
7.1303-# redis['tls_prefer_server_ciphers'] = nil
7.1304-# redis['tls_session_caching'] = nil
7.1305-# redis['tls_session_cache_size'] = nil
7.1306-# redis['tls_session_cache_timeout'] = nil
7.1307-
7.1308-### Disable or obfuscate unnecessary redis command names
7.1309-### Uncomment and edit this block to add or remove entries.
7.1310-### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
7.1311-### for detailed usage
7.1312-###
7.1313-# redis['rename_commands'] = {
7.1314-# 'KEYS': ''
7.1315-#}
7.1316-#
7.1317-
7.1318-###! **To enable only Redis service in this machine, uncomment
7.1319-###! one of the lines below (choose master or replica instance types).**
7.1320-###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
7.1321-###! https://docs.gitlab.com/ee/administration/high_availability/redis.html
7.1322-# redis_master_role['enable'] = true
7.1323-# redis_replica_role['enable'] = true
7.1324-
7.1325-### Redis TCP support (will disable UNIX socket transport)
7.1326-# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
7.1327-# redis['port'] = 6379
7.1328-# redis['password'] = 'redis-password-goes-here'
7.1329-
7.1330-### Redis Sentinel support
7.1331-###! **You need a master replica Redis replication to be able to do failover**
7.1332-###! **Please read the documentation before enabling it to understand the
7.1333-###! caveats:**
7.1334-###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
7.1335-
7.1336-### Replication support
7.1337-#### Replica Redis instance
7.1338-# redis['master'] = false # by default this is true
7.1339-
7.1340-#### Replica and Sentinel shared configuration
7.1341-####! **Both need to point to the master Redis instance to get replication and
7.1342-####! heartbeat monitoring**
7.1343-# redis['master_name'] = 'gitlab-redis'
7.1344-# redis['master_ip'] = nil
7.1345-# redis['master_port'] = 6379
7.1346-
7.1347-#### Support to run redis replicas in a Docker or NAT environment
7.1348-####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
7.1349-# redis['announce_ip'] = nil
7.1350-# redis['announce_port'] = nil
7.1351-
7.1352-####! **Master password should have the same value defined in
7.1353-####! redis['password'] to enable the instance to transition to/from
7.1354-####! master/replica in a failover event.**
7.1355-# redis['master_password'] = 'redis-password-goes-here'
7.1356-
7.1357-####! Increase these values when your replicas can't catch up with master
7.1358-# redis['client_output_buffer_limit_normal'] = '0 0 0'
7.1359-# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
7.1360-# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
7.1361-
7.1362-#####! Redis snapshotting frequency
7.1363-#####! Set to [] to disable
7.1364-#####! Set to [''] to clear previously set values
7.1365-# redis['save'] = [ '900 1', '300 10', '60 10000' ]
7.1366-
7.1367-#####! Redis lazy freeing
7.1368-#####! Defaults to false
7.1369-# redis['lazyfree_lazy_eviction'] = true
7.1370-# redis['lazyfree_lazy_expire'] = true
7.1371-# redis['lazyfree_lazy_server_del'] = true
7.1372-# redis['replica_lazy_flush'] = true
7.1373-
7.1374-#####! Redis threaded I/O
7.1375-#####! Defaults to disabled
7.1376-# redis['io_threads'] = 4
7.1377-# redis['io_threads_do_reads'] = true
7.1378-
7.1379-################################################################################
7.1380-## GitLab Web server
7.1381-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
7.1382-################################################################################
7.1383-
7.1384-##! When bundled nginx is disabled we need to add the external webserver user to
7.1385-##! the GitLab webserver group.
7.1386-# web_server['external_users'] = []
7.1387-# web_server['username'] = 'gitlab-www'
7.1388-# web_server['group'] = 'gitlab-www'
7.1389-# web_server['uid'] = nil
7.1390-# web_server['gid'] = nil
7.1391-# web_server['shell'] = '/bin/false'
7.1392-# web_server['home'] = '/var/opt/gitlab/nginx'
7.1393-
7.1394-################################################################################
7.1395-## GitLab NGINX
7.1396-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
7.1397-################################################################################
7.1398-
7.1399-# nginx['enable'] = true
7.1400-# nginx['client_max_body_size'] = '250m'
7.1401-# nginx['redirect_http_to_https'] = false
7.1402-# nginx['redirect_http_to_https_port'] = 80
7.1403-
7.1404-##! Most root CA's are included by default
7.1405-# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
7.1406-
7.1407-##! enable/disable 2-way SSL client authentication
7.1408-# nginx['ssl_verify_client'] = "off"
7.1409-
7.1410-##! if ssl_verify_client on, verification depth in the client certificates chain
7.1411-# nginx['ssl_verify_depth'] = "1"
7.1412-
7.1413-# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
7.1414-# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
7.1415-# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
7.1416-# nginx['ssl_prefer_server_ciphers'] = "off"
7.1417-
7.1418-##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
7.1419-##! https://cipherli.st/**
7.1420-# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
7.1421-
7.1422-##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
7.1423-# nginx['ssl_session_cache'] = "shared:SSL:10m"
7.1424-
7.1425-##! **Recommended in: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6**
7.1426-# nginx['ssl_session_tickets'] = "off"
7.1427-
7.1428-##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
7.1429-# nginx['ssl_session_timeout'] = "1d"
7.1430-
7.1431-# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
7.1432-# nginx['listen_addresses'] = ['*', '[::]']
7.1433-
7.1434-##! **Defaults to forcing web browsers to always communicate using only HTTPS**
7.1435-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
7.1436-# nginx['hsts_max_age'] = 63072000
7.1437-# nginx['hsts_include_subdomains'] = false
7.1438-
7.1439-##! Defaults to stripping path information when making cross-origin requests
7.1440-# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
7.1441-
7.1442-##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
7.1443-# nginx['gzip_enabled'] = true
7.1444-
7.1445-##! **Override only if you use a reverse proxy**
7.1446-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
7.1447-# nginx['listen_port'] = nil
7.1448-
7.1449-##! **Override only if your reverse proxy internally communicates over HTTP**
7.1450-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
7.1451-# nginx['listen_https'] = nil
7.1452-
7.1453-##! **Override only if you use a reverse proxy with proxy protocol enabled**
7.1454-##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-proxy-protocol
7.1455-# nginx['proxy_protocol'] = false
7.1456-
7.1457-# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
7.1458-# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
7.1459-# nginx['proxy_read_timeout'] = 3600
7.1460-# nginx['proxy_connect_timeout'] = 300
7.1461-# nginx['proxy_set_headers'] = {
7.1462-# "Host" => "$http_host_with_default",
7.1463-# "X-Real-IP" => "$remote_addr",
7.1464-# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
7.1465-# "X-Forwarded-Proto" => "https",
7.1466-# "X-Forwarded-Ssl" => "on",
7.1467-# "Upgrade" => "$http_upgrade",
7.1468-# "Connection" => "$connection_upgrade"
7.1469-# }
7.1470-# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
7.1471-# nginx['proxy_cache'] = 'gitlab'
7.1472-# nginx['proxy_custom_buffer_size'] = '4k'
7.1473-# nginx['http2_enabled'] = true
7.1474-# nginx['real_ip_trusted_addresses'] = []
7.1475-# nginx['real_ip_header'] = nil
7.1476-# nginx['real_ip_recursive'] = nil
7.1477-# nginx['custom_error_pages'] = {
7.1478-# '404' => {
7.1479-# 'title' => 'Example title',
7.1480-# 'header' => 'Example header',
7.1481-# 'message' => 'Example message'
7.1482-# }
7.1483-# }
7.1484-
7.1485-### Advanced settings
7.1486-# nginx['dir'] = "/var/opt/gitlab/nginx"
7.1487-# nginx['log_directory'] = "/var/log/gitlab/nginx"
7.1488-# nginx['error_log_level'] = "error"
7.1489-# nginx['worker_processes'] = 4
7.1490-# nginx['worker_connections'] = 10240
7.1491-# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
7.1492-# nginx['sendfile'] = 'on'
7.1493-# nginx['tcp_nopush'] = 'on'
7.1494-# nginx['tcp_nodelay'] = 'on'
7.1495-# nginx['hide_server_tokens'] = 'off'
7.1496-# nginx['gzip_http_version'] = "1.0"
7.1497-# nginx['gzip_comp_level'] = "2"
7.1498-# nginx['gzip_proxied'] = "any"
7.1499-# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
7.1500-# nginx['keepalive_timeout'] = 65
7.1501-# nginx['keepalive_time'] = '1h'
7.1502-# nginx['cache_max_size'] = '5000m'
7.1503-# nginx['server_names_hash_bucket_size'] = 64
7.1504-##! These paths have proxy_request_buffering disabled
7.1505-# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"
7.1506-
7.1507-### Nginx status
7.1508-# nginx['status'] = {
7.1509-# "enable" => true,
7.1510-# "listen_addresses" => ["127.0.0.1"],
7.1511-# "fqdn" => "dev.example.com",
7.1512-# "port" => 9999,
7.1513-# "vts_enable" => true,
7.1514-# "options" => {
7.1515-# "server_tokens" => "off", # Don't show the version of NGINX
7.1516-# "access_log" => "off", # Disable logs for stats
7.1517-# "allow" => "127.0.0.1", # Only allow access from localhost
7.1518-# "deny" => "all" # Deny access to anyone else
7.1519-# }
7.1520-# }
7.1521-
7.1522-##! Service name used to register Nginx as a Consul service
7.1523-# nginx['consul_service_name'] = 'nginx'
7.1524-##! Semantic metadata used when registering NGINX as a Consul service
7.1525-# nginx['consul_service_meta'] = {}
7.1526-
7.1527-################################################################################
7.1528-## GitLab Logging
7.1529-##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
7.1530-################################################################################
7.1531-
7.1532-# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
7.1533-# logging['svlogd_num'] = 30 # keep 30 rotated log files
7.1534-# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
7.1535-# logging['svlogd_filter'] = "gzip" # compress logs with gzip
7.1536-# logging['svlogd_udp'] = nil # transmit log messages via UDP
7.1537-# logging['svlogd_prefix'] = nil # custom prefix for log messages
7.1538-# logging['logrotate_frequency'] = "daily" # rotate logs daily
7.1539-# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
7.1540-# logging['logrotate_size'] = nil # do not rotate by size by default
7.1541-# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
7.1542-# logging['logrotate_compress'] = "compress" # see 'man logrotate'
7.1543-# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
7.1544-# logging['logrotate_postrotate'] = nil # no postrotate command by default
7.1545-# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
7.1546-
7.1547-### UDP log forwarding
7.1548-##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
7.1549-
7.1550-##! remote host to ship log messages to via UDP
7.1551-# logging['udp_log_shipping_host'] = nil
7.1552-
7.1553-##! override the hostname used when logs are shipped via UDP,
7.1554-## by default the system hostname will be used.
7.1555-# logging['udp_log_shipping_hostname'] = nil
7.1556-
7.1557-##! remote port to ship log messages to via UDP
7.1558-# logging['udp_log_shipping_port'] = 514
7.1559-
7.1560-################################################################################
7.1561-## Logrotate
7.1562-##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
7.1563-##! You can disable built in logrotate feature.
7.1564-################################################################################
7.1565-# logrotate['enable'] = true
7.1566-# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
7.1567-
7.1568-################################################################################
7.1569-## Users and groups accounts
7.1570-##! Disable management of users and groups accounts.
7.1571-##! **Set only if creating accounts manually**
7.1572-##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
7.1573-################################################################################
7.1574-
7.1575-# manage_accounts['enable'] = true
7.1576-
7.1577-################################################################################
7.1578-## Storage directories
7.1579-##! Disable managing storage directories
7.1580-##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
7.1581-################################################################################
7.1582-
7.1583-##! **Set only if the select directories are created manually**
7.1584-# manage_storage_directories['enable'] = false
7.1585-# manage_storage_directories['manage_etc'] = false
7.1586-
7.1587-################################################################################
7.1588-## Runtime directory
7.1589-##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
7.1590-################################################################################
7.1591-
7.1592-# runtime_dir '/run'
7.1593-
7.1594-################################################################################
7.1595-## Git
7.1596-##! Advanced setting for configuring git system settings for omnibus-gitlab
7.1597-##! internal git
7.1598-################################################################################
7.1599-
7.1600-##! For multiple options under one header use array of comma separated values,
7.1601-##! eg.:
7.1602-##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
7.1603-
7.1604-# omnibus_gitconfig['system'] = {
7.1605-# "pack" => ["threads = 1"],
7.1606-# "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
7.1607-# "repack" => ["writeBitmaps = true"],
7.1608-# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],
7.1609-# "core" => [
7.1610-# 'alternateRefsCommand="exit 0 #"',
7.1611-# "fsyncObjectFiles = true"
7.1612-# ],
7.1613-# "fetch" => ["writeCommitGraph = true"]
7.1614-# }
7.1615-
7.1616-################################################################################
7.1617-## GitLab Pages
7.1618-##! Docs: https://docs.gitlab.com/ee/pages/administration.html
7.1619-################################################################################
7.1620-
7.1621-##! Define to enable GitLab Pages
7.1622-# pages_external_url "http://pages.example.com/"
7.1623-# gitlab_pages['enable'] = false
7.1624-
7.1625-##! Configure to expose GitLab Pages on external IP address, serving the HTTP
7.1626-# gitlab_pages['external_http'] = []
7.1627-
7.1628-##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
7.1629-# gitlab_pages['external_https'] = []
7.1630-
7.1631-##! Configure to expose GitLab Pages on external IP address, serving the HTTPS over PROXYv2
7.1632-# gitlab_pages['external_https_proxyv2'] = []
7.1633-
7.1634-##! Configure cert when using external IP address
7.1635-# gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt"
7.1636-# gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key"
7.1637-
7.1638-##! Configure to use the default list of cipher suites
7.1639-# gitlab_pages['insecure_ciphers'] = false
7.1640-
7.1641-##! Configure to enable health check endpoint on GitLab Pages
7.1642-# gitlab_pages['status_uri'] = "/@status"
7.1643-
7.1644-##! Tune the maximum number of concurrent connections GitLab Pages will handle.
7.1645-##! Default to 0 for unlimited connections.
7.1646-# gitlab_pages['max_connections'] = 0
7.1647-
7.1648-##! Configure the maximum length of URIs accepted by GitLab Pages
7.1649-##! By default is limited for security reasons. Set 0 for unlimited
7.1650-# gitlab_pages['max_uri_length'] = 1024
7.1651-
7.1652-##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy
7.1653-##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy
7.1654-##! sets the header value X-Request-ID, the value will be propagated in the request chain.
7.1655-# gitlab_pages['propagate_correlation_id'] = false
7.1656-
7.1657-##! Configure to use JSON structured logging in GitLab Pages
7.1658-# gitlab_pages['log_format'] = "json"
7.1659-
7.1660-##! Configure verbose logging for GitLab Pages
7.1661-# gitlab_pages['log_verbose'] = false
7.1662-
7.1663-##! Error Reporting and Logging with Sentry
7.1664-# gitlab_pages['sentry_enabled'] = false
7.1665-# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
7.1666-# gitlab_pages['sentry_environment'] = 'production'
7.1667-
7.1668-##! Listen for requests forwarded by reverse proxy
7.1669-# gitlab_pages['listen_proxy'] = "localhost:8090"
7.1670-
7.1671-# gitlab_pages['redirect_http'] = true
7.1672-# gitlab_pages['use_http2'] = true
7.1673-# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
7.1674-# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
7.1675-
7.1676-# gitlab_pages['artifacts_server'] = true
7.1677-# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
7.1678-# gitlab_pages['artifacts_server_timeout'] = 10
7.1679-
7.1680-##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
7.1681-# gitlab_pages['metrics_address'] = ":9235"
7.1682-
7.1683-##! Specifies the minimum TLS version ("tls1.2" or "tls1.3")
7.1684-# gitlab_pages['tls_min_version'] = "tls1.2"
7.1685-
7.1686-##! Specifies the maximum TLS version ("tls1.2" or "tls1.3")
7.1687-# gitlab_pages['tls_max_version'] = "tls1.3"
7.1688-
7.1689-##! Pages access control
7.1690-# gitlab_pages['access_control'] = false
7.1691-# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
7.1692-# gitlab_pages['gitlab_secret'] = nil # Generated if not present
7.1693-# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
7.1694-# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
7.1695-# gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer
7.1696-# gitlab_pages['auth_secret'] = nil # Generated if not present
7.1697-# gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security
7.1698-
7.1699-##! GitLab Pages Server Shutdown Timeout
7.1700-##! Duration ("30s" for 30 seconds)
7.1701-# gitlab_pages['server_shutdown_timeout'] = "30s"
7.1702-
7.1703-##! GitLab API HTTP client connection timeout
7.1704-# gitlab_pages['gitlab_client_http_timeout'] = "10s"
7.1705-
7.1706-##! GitLab API JWT Token expiry time
7.1707-# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
7.1708-
7.1709-##! Advanced settings for API-based configuration for GitLab Pages.
7.1710-##! The recommended default values are set inside GitLab Pages.
7.1711-##! Should be changed only if absolutely needed.
7.1712-
7.1713-##! The maximum time a domain's configuration is stored in the cache.
7.1714-# gitlab_pages['gitlab_cache_expiry'] = "600s"
7.1715-##! The interval at which a domain's configuration is set to be due to refresh (default: 60s).
7.1716-# gitlab_pages['gitlab_cache_refresh'] = "60s"
7.1717-##! The interval at which expired items are removed from the cache (default: 60s).
7.1718-# gitlab_pages['gitlab_cache_cleanup'] = "60s"
7.1719-##! The maximum time to wait for a response from the GitLab API per request.
7.1720-# gitlab_pages['gitlab_retrieval_timeout'] = "30s"
7.1721-##! The interval to wait before retrying to resolve a domain's configuration via the GitLab API.
7.1722-# gitlab_pages['gitlab_retrieval_interval'] = "1s"
7.1723-##! The maximum number of times to retry to resolve a domain's configuration via the API
7.1724-# gitlab_pages['gitlab_retrieval_retries'] = 3
7.1725-
7.1726-##! Define custom gitlab-pages HTTP headers for the whole instance
7.1727-# gitlab_pages['headers'] = []
7.1728-
7.1729-##! Shared secret used for authentication between Pages and GitLab
7.1730-# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
7.1731-
7.1732-##! Advanced settings for serving GitLab Pages from zip archives.
7.1733-##! The recommended default values are set inside GitLab Pages.
7.1734-##! Should be changed only if absolutely needed.
7.1735-
7.1736-##! The maximum time an archive will be cached in memory.
7.1737-# gitlab_pages['zip_cache_expiration'] = "60s"
7.1738-##! Zip archive cache cleaning interval.
7.1739-# gitlab_pages['zip_cache_cleanup'] = "30s"
7.1740-##! The interval to refresh a cache archive if accessed before expiring.
7.1741-# gitlab_pages['zip_cache_refresh'] = "30s"
7.1742-##! The maximum amount of time it takes to open a zip archive from the file system or object storage.
7.1743-# gitlab_pages['zip_open_timeout'] = "30s"
7.1744-##! Zip HTTP Client timeout
7.1745-# gitlab_pages['zip_http_client_timeout'] = "30m"
7.1746-
7.1747-##! ReadTimeout is the maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout.
7.1748-# gitlab_pages['server_read_timeout'] = "5s"
7.1749-##! ReadHeaderTimeout is the amount of time allowed to read request headers. A zero or negative value means there will be no timeout.
7.1750-# gitlab_pages['server_read_header_timeout'] = "1s"
7.1751-##! WriteTimeout is the maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout.
7.1752-# gitlab_pages['server_write_timeout'] = "5m"
7.1753-##! KeepAlive specifies the keep-alive period for network connections accepted by this listener. If zero, keep-alives are enabled if supported by the protocol and operating system. If negative, keep-alives are disabled.
7.1754-# gitlab_pages['server_keep_alive'] = "15s"
7.1755-
7.1756-##! Enable serving content from disk instead of Object Storage
7.1757-# gitlab_pages['enable_disk'] = nil
7.1758-
7.1759-##! Rate-limiting options below work in report-only mode:
7.1760-##! they only count rejected requests, but don't reject them
7.1761-##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to
7.1762-##! reject requests.
7.1763-
7.1764-##! Rate limits as described in https://docs.gitlab.com/ee/administration/pages/#rate-limits
7.1765-
7.1766-##! Rate limit HTTP requests per second from a single IP, 0 means is disabled
7.1767-# gitlab_pages['rate_limit_source_ip'] = 50.0
7.1768-##! Rate limit HTTP requests from a single IP, maximum burst allowed per second
7.1769-# gitlab_pages['rate_limit_source_ip_burst'] = 600
7.1770-##! Rate limit HTTP requests per second to a single domain, 0 means is disabled
7.1771-# gitlab_pages['rate_limit_domain'] = 0
7.1772-##! Rate limit HTTP requests to a single domain, maximum burst allowed per second
7.1773-# gitlab_pages['rate_limit_domain_burst'] = 10000
7.1774-
7.1775-##! Rate limit new TLS connections per second from a single IP, 0 means is disabled
7.1776-# gitlab_pages['rate_limit_tls_source_ip'] = 50.0
7.1777-##! Rate limit new TLS connections from a single IP, maximum burst allowed per second
7.1778-# gitlab_pages['rate_limit_tls_source_ip_burst'] = 600
7.1779-##!Rate limit new TLS connections per second from to a single domain, 0 means is disabled
7.1780-# gitlab_pages['rate_limit_tls_domain'] = 0
7.1781-##! Rate limit new TLS connections to a single domain, maximum burst allowed per second
7.1782-# gitlab_pages['rate_limit_tls_domain_burst'] = 10000
7.1783-
7.1784-# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
7.1785-# gitlab_pages['env'] = {
7.1786-# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
7.1787-# }
7.1788-
7.1789-################################################################################
7.1790-## GitLab Pages NGINX
7.1791-################################################################################
7.1792-
7.1793-# All the settings defined in the "GitLab Nginx" section are also available in
7.1794-# this "GitLab Pages NGINX" section, using the key `pages_nginx`. However,
7.1795-# those settings should be explicitly set. That is, settings given as
7.1796-# `nginx['some_setting']` WILL NOT be automatically replicated as
7.1797-# `pages_nginx['some_setting']` and should be set separately.
7.1798-
7.1799-# Below you can find settings that are exclusive to "GitLab Pages NGINX"
7.1800-# pages_nginx['enable'] = true
7.1801-
7.1802-# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
7.1803-
7.1804-################################################################################
7.1805-## GitLab CI
7.1806-##! Docs: https://docs.gitlab.com/ee/ci/quick_start/README.html
7.1807-################################################################################
7.1808-
7.1809-# gitlab_ci['gitlab_ci_all_broken_builds'] = true
7.1810-# gitlab_ci['gitlab_ci_add_pusher'] = true
7.1811-# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
7.1812-
7.1813-################################################################################
7.1814-## GitLab Kubernetes Agent Server
7.1815-##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
7.1816-################################################################################
7.1817-
7.1818-##! Settings used by the GitLab application
7.1819-# gitlab_rails['gitlab_kas_enabled'] = true
7.1820-# gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.example.com/-/kubernetes-agent/'
7.1821-# gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
7.1822-# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.example.com/-/kubernetes-agent/'
7.1823-
7.1824-##! Enable GitLab KAS
7.1825-# gitlab_kas['enable'] = true
7.1826-
7.1827-##! Agent configuration for GitLab KAS
7.1828-# gitlab_kas['agent_configuration_poll_period'] = 20
7.1829-# gitlab_kas['agent_gitops_poll_period'] = 20
7.1830-# gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300
7.1831-# gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60
7.1832-# gitlab_kas['agent_info_cache_ttl'] = 300
7.1833-# gitlab_kas['agent_info_cache_error_ttl'] = 60
7.1834-
7.1835-##! Shared secret used for authentication between KAS and GitLab
7.1836-# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
7.1837-
7.1838-##! Shared secret used for authentication between different KAS instances in a multi-node setup
7.1839-# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
7.1840-
7.1841-##! Listen configuration for GitLab KAS
7.1842-# gitlab_kas['listen_address'] = 'localhost:8150'
7.1843-# gitlab_kas['listen_network'] = 'tcp'
7.1844-# gitlab_kas['listen_websocket'] = true
7.1845-# gitlab_kas['certificate_file'] = "/path/to/certificate.pem"
7.1846-# gitlab_kas['key_file'] = "/path/to/key.pem"
7.1847-# gitlab_kas['internal_api_listen_network'] = 'tcp'
7.1848-# gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
7.1849-# gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem"
7.1850-# gitlab_kas['internal_api_key_file'] = "/path/to/key.pem"
7.1851-# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
7.1852-# gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem"
7.1853-# gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem"
7.1854-# gitlab_kas['private_api_listen_network'] = 'tcp'
7.1855-# gitlab_kas['private_api_listen_address'] = 'localhost:8155'
7.1856-# gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem"
7.1857-# gitlab_kas['private_api_key_file'] = "/path/to/key.pem"
7.1858-
7.1859-##! Metrics configuration for GitLab KAS
7.1860-# gitlab_kas['metrics_usage_reporting_period'] = 60
7.1861-
7.1862-##! Log configuration for GitLab KAS
7.1863-# gitlab_kas['log_level'] = 'info'
7.1864-
7.1865-##! Environment variables for GitLab KAS
7.1866-# gitlab_kas['env'] = {
7.1867-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
7.1868-# # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity
7.1869-# 'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
7.1870-# }
7.1871-
7.1872-##! Error Reporting and Logging with Sentry
7.1873-# gitlab_kas['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
7.1874-# gitlab_kas['sentry_environment'] = 'production'
7.1875-
7.1876-##! Directories for GitLab KAS
7.1877-# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
7.1878-# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
7.1879-# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'
7.1880-
7.1881-################################################################################
7.1882-## GitLab Mattermost
7.1883-##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
7.1884-################################################################################
7.1885-
7.1886-# mattermost_external_url 'http://mattermost.example.com'
7.1887-
7.1888-# mattermost['enable'] = false
7.1889-# mattermost['username'] = 'mattermost'
7.1890-# mattermost['group'] = 'mattermost'
7.1891-# mattermost['uid'] = nil
7.1892-# mattermost['gid'] = nil
7.1893-# mattermost['home'] = '/var/opt/gitlab/mattermost'
7.1894-# mattermost['database_name'] = 'mattermost_production'
7.1895-# mattermost['env'] = {
7.1896-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.1897-# }
7.1898-# mattermost['service_address'] = "127.0.0.1"
7.1899-# mattermost['service_port'] = "8065"
7.1900-# mattermost['service_site_url'] = nil
7.1901-# mattermost['service_allowed_untrusted_internal_connections'] = ""
7.1902-# mattermost['service_enable_api_team_deletion'] = true
7.1903-# mattermost['team_site_name'] = "GitLab Mattermost"
7.1904-# mattermost['sql_driver_name'] = 'mysql'
7.1905-# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
7.1906-# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
7.1907-# mattermost['gitlab_enable'] = false
7.1908-# mattermost['gitlab_id'] = "12345656"
7.1909-# mattermost['gitlab_secret'] = "123456789"
7.1910-# mattermost['gitlab_scope'] = ""
7.1911-# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
7.1912-# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
7.1913-# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
7.1914-# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
7.1915-# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
7.1916-# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
7.1917-
7.1918-################################################################################
7.1919-## Mattermost NGINX
7.1920-################################################################################
7.1921-
7.1922-# All the settings defined in the "GitLab Nginx" section are also available in
7.1923-# this "Mattermost NGINX" section, using the key `mattermost_nginx`. However,
7.1924-# those settings should be explicitly set. That is, settings given as
7.1925-# `nginx['some_setting']` WILL NOT be automatically replicated as
7.1926-# `mattermost_nginx['some_setting']` and should be set separately.
7.1927-
7.1928-# Below you can find settings that are exclusive to "Mattermost NGINX"
7.1929-# mattermost_nginx['enable'] = false
7.1930-
7.1931-# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
7.1932-# mattermost_nginx['proxy_set_headers'] = {
7.1933-# "Host" => "$http_host",
7.1934-# "X-Real-IP" => "$remote_addr",
7.1935-# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
7.1936-# "X-Frame-Options" => "SAMEORIGIN",
7.1937-# "X-Forwarded-Proto" => "https",
7.1938-# "X-Forwarded-Ssl" => "on",
7.1939-# "Upgrade" => "$http_upgrade",
7.1940-# "Connection" => "$connection_upgrade"
7.1941-# }
7.1942-
7.1943-
7.1944-################################################################################
7.1945-## Registry NGINX
7.1946-################################################################################
7.1947-
7.1948-# All the settings defined in the "GitLab Nginx" section are also available in
7.1949-# this "Registry NGINX" section, using the key `registry_nginx`. However, those
7.1950-# settings should be explicitly set. That is, settings given as
7.1951-# `nginx['some_setting']` WILL NOT be automatically replicated as
7.1952-# `registry_nginx['some_setting']` and should be set separately.
7.1953-
7.1954-# Below you can find settings that are exclusive to "Registry NGINX"
7.1955-# registry_nginx['enable'] = false
7.1956-
7.1957-# registry_nginx['proxy_set_headers'] = {
7.1958-# "Host" => "$http_host",
7.1959-# "X-Real-IP" => "$remote_addr",
7.1960-# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
7.1961-# "X-Forwarded-Proto" => "https",
7.1962-# "X-Forwarded-Ssl" => "on"
7.1963-# }
7.1964-
7.1965-# When the registry is automatically enabled using the same domain as `external_url`,
7.1966-# it listens on this port
7.1967-# registry_nginx['listen_port'] = 5050
7.1968-
7.1969-################################################################################
7.1970-## Prometheus
7.1971-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/
7.1972-################################################################################
7.1973-
7.1974-###! **To enable only Monitoring service in this machine, uncomment
7.1975-###! the line below.**
7.1976-###! Docs: https://docs.gitlab.com/ee/administration/high_availability
7.1977-# monitoring_role['enable'] = true
7.1978-
7.1979-# prometheus['enable'] = true
7.1980-# prometheus['monitor_kubernetes'] = true
7.1981-# prometheus['username'] = 'gitlab-prometheus'
7.1982-# prometheus['group'] = 'gitlab-prometheus'
7.1983-# prometheus['uid'] = nil
7.1984-# prometheus['gid'] = nil
7.1985-# prometheus['shell'] = '/bin/sh'
7.1986-# prometheus['home'] = '/var/opt/gitlab/prometheus'
7.1987-# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
7.1988-# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
7.1989-# prometheus['scrape_interval'] = 15
7.1990-# prometheus['scrape_timeout'] = 15
7.1991-# prometheus['external_labels'] = { }
7.1992-# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
7.1993-# prometheus['env'] = {
7.1994-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.1995-# }
7.1996-#
7.1997-### Custom scrape configs
7.1998-#
7.1999-# Prometheus can scrape additional jobs via scrape_configs. The default automatically
7.2000-# includes all of the exporters supported by the omnibus config.
7.2001-#
7.2002-# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
7.2003-#
7.2004-# Example:
7.2005-#
7.2006-# prometheus['scrape_configs'] = [
7.2007-# {
7.2008-# 'job_name': 'example',
7.2009-# 'static_configs' => [
7.2010-# 'targets' => ['hostname:port'],
7.2011-# ],
7.2012-# },
7.2013-# ]
7.2014-#
7.2015-### Custom alertmanager config
7.2016-#
7.2017-# To configure external alertmanagers, create an alertmanager config.
7.2018-#
7.2019-# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
7.2020-#
7.2021-# prometheus['alertmanagers'] = [
7.2022-# {
7.2023-# 'static_configs' => [
7.2024-# {
7.2025-# 'targets' => [
7.2026-# 'hostname:port'
7.2027-# ]
7.2028-# }
7.2029-# ]
7.2030-# }
7.2031-# ]
7.2032-#
7.2033-### Custom Prometheus flags
7.2034-#
7.2035-# prometheus['flags'] = {
7.2036-# 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
7.2037-# 'storage.tsdb.retention.time' => "15d",
7.2038-# 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
7.2039-# }
7.2040-
7.2041-##! Advanced settings. Should be changed only if absolutely needed.
7.2042-# prometheus['listen_address'] = 'localhost:9090'
7.2043-#
7.2044-
7.2045-##! Service name used to register Prometheus as a Consul service
7.2046-# prometheus['consul_service_name'] = 'prometheus'
7.2047-##! Semantic metadata used when registering Prometheus as a Consul service
7.2048-# prometheus['consul_service_meta'] = {}
7.2049-
7.2050-################################################################################
7.2051-###! **Only needed if Prometheus and Rails are not on the same server.**
7.2052-### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node.
7.2053-### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
7.2054-### This value should be the address at which Prometheus is available to a GitLab Rails(Puma, Sidekiq) node.
7.2055-################################################################################
7.2056-# gitlab_rails['prometheus_address'] = 'your.prom:9090'
7.2057-
7.2058-################################################################################
7.2059-## Prometheus Alertmanager
7.2060-################################################################################
7.2061-
7.2062-# alertmanager['enable'] = true
7.2063-# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
7.2064-# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
7.2065-# alertmanager['admin_email'] = 'admin@example.com'
7.2066-# alertmanager['flags'] = {
7.2067-# 'web.listen-address' => "localhost:9093",
7.2068-# 'storage.path' => "/var/opt/gitlab/alertmanager/data",
7.2069-# 'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
7.2070-# }
7.2071-# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
7.2072-# alertmanager['env'] = {
7.2073-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2074-# }
7.2075-
7.2076-##! Advanced settings. Should be changed only if absolutely needed.
7.2077-# alertmanager['listen_address'] = 'localhost:9093'
7.2078-# alertmanager['global'] = {}
7.2079-
7.2080-################################################################################
7.2081-## Prometheus Node Exporter
7.2082-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
7.2083-################################################################################
7.2084-
7.2085-# node_exporter['enable'] = true
7.2086-# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
7.2087-# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
7.2088-# node_exporter['flags'] = {
7.2089-# 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
7.2090-# }
7.2091-# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
7.2092-# node_exporter['env'] = {
7.2093-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2094-# }
7.2095-
7.2096-##! Advanced settings. Should be changed only if absolutely needed.
7.2097-# node_exporter['listen_address'] = 'localhost:9100'
7.2098-
7.2099-##! Service name used to register Node Exporter as a Consul service
7.2100-# node_exporter['consul_service_name'] = 'node-exporter'
7.2101-##! Semantic metadata used when registering Node Exporter as a Consul service
7.2102-# node_exporter['consul_service_meta'] = {}
7.2103-
7.2104-################################################################################
7.2105-## Prometheus Redis exporter
7.2106-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
7.2107-################################################################################
7.2108-
7.2109-# redis_exporter['enable'] = true
7.2110-# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
7.2111-# redis_exporter['flags'] = {
7.2112-# 'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
7.2113-# }
7.2114-# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
7.2115-# redis_exporter['env'] = {
7.2116-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2117-# }
7.2118-
7.2119-##! Advanced settings. Should be changed only if absolutely needed.
7.2120-# redis_exporter['listen_address'] = 'localhost:9121'
7.2121-
7.2122-##! Service name used to register Redis Exporter as a Consul service
7.2123-# redis_exporter['consul_service_name'] = 'redis-exporter'
7.2124-##! Semantic metadata used when registering Redis Exporter as a Consul service
7.2125-# redis_exporter['consul_service_meta'] = {}
7.2126-
7.2127-################################################################################
7.2128-## Prometheus Postgres exporter
7.2129-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
7.2130-################################################################################
7.2131-
7.2132-# postgres_exporter['enable'] = true
7.2133-# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
7.2134-# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
7.2135-# postgres_exporter['flags'] = {}
7.2136-# postgres_exporter['listen_address'] = 'localhost:9187'
7.2137-# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
7.2138-# postgres_exporter['env'] = {
7.2139-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2140-# }
7.2141-# postgres_exporter['sslmode'] = nil
7.2142-# postgres_exporter['per_table_stats'] = false
7.2143-
7.2144-##! Service name used to register Postgres Exporter as a Consul service
7.2145-# postgres_exporter['consul_service_name'] = 'postgres-exporter'
7.2146-##! Semantic metadata used when registering Postgres Exporter as a Consul service
7.2147-# postgres_exporter['consul_service_meta'] = {}
7.2148-
7.2149-################################################################################
7.2150-## Prometheus PgBouncer exporter (EE only)
7.2151-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
7.2152-################################################################################
7.2153-
7.2154-# pgbouncer_exporter['enable'] = false
7.2155-# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
7.2156-# pgbouncer_exporter['listen_address'] = 'localhost:9188'
7.2157-# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
7.2158-# pgbouncer_exporter['env'] = {
7.2159-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2160-# }
7.2161-
7.2162-################################################################################
7.2163-## Prometheus Gitlab exporter
7.2164-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
7.2165-################################################################################
7.2166-
7.2167-
7.2168-# gitlab_exporter['enable'] = true
7.2169-# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
7.2170-# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
7.2171-
7.2172-##! Advanced settings. Should be changed only if absolutely needed.
7.2173-# gitlab_exporter['server_name'] = 'webrick'
7.2174-# gitlab_exporter['listen_address'] = 'localhost'
7.2175-# gitlab_exporter['listen_port'] = '9168'
7.2176-
7.2177-##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
7.2178-##! found.
7.2179-# gitlab_exporter['probe_sidekiq'] = true
7.2180-##! Service name used to register GitLab Exporter as a Consul service
7.2181-# gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
7.2182-##! Semantic metadata used when registering GitLab Exporter as a Consul service
7.2183-# gitlab_exporter['consul_service_meta'] = {}
7.2184-
7.2185-# To completely disable prometheus, and all of it's exporters, set to false
7.2186-# prometheus_monitoring['enable'] = true
7.2187-
7.2188-################################################################################
7.2189-## Grafana Dashboards
7.2190-##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
7.2191-################################################################################
7.2192-
7.2193-# grafana['enable'] = true
7.2194-# grafana['log_directory'] = '/var/log/gitlab/grafana'
7.2195-# grafana['home'] = '/var/opt/gitlab/grafana'
7.2196-# grafana['admin_password'] = 'admin'
7.2197-# grafana['allow_user_sign_up'] = false
7.2198-# grafana['basic_auth_enabled'] = false
7.2199-# grafana['disable_login_form'] = true
7.2200-# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
7.2201-# grafana['gitlab_secret'] = 'GITLAB_SECRET'
7.2202-# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
7.2203-# grafana['allowed_groups'] = []
7.2204-# grafana['gitlab_auth_sign_up'] = true
7.2205-# grafana['env'] = {
7.2206-# 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
7.2207-# }
7.2208-# grafana['metrics_enabled'] = false
7.2209-# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
7.2210-# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
7.2211-# grafana['alerting_enabled'] = false
7.2212-
7.2213-### SMTP Configuration
7.2214-#
7.2215-# See: http://docs.grafana.org/administration/configuration/#smtp
7.2216-#
7.2217-# grafana['smtp'] = {
7.2218-# 'enabled' => true,
7.2219-# 'host' => 'localhost:25',
7.2220-# 'user' => nil,
7.2221-# 'password' => nil,
7.2222-# 'cert_file' => nil,
7.2223-# 'key_file' => nil,
7.2224-# 'skip_verify' => false,
7.2225-# 'from_address' => 'admin@grafana.localhost',
7.2226-# 'from_name' => 'Grafana',
7.2227-# 'ehlo_identity' => 'dashboard.example.com',
7.2228-# 'startTLS_policy' => nil
7.2229-# }
7.2230-
7.2231-# Grafana usage reporting defaults to gitlab_rails['usage_ping_enabled']
7.2232-# grafana['reporting_enabled'] = true
7.2233-
7.2234-### Dashboards
7.2235-#
7.2236-# See: http://docs.grafana.org/administration/provisioning/#dashboards
7.2237-#
7.2238-# NOTE: Setting this will override the default.
7.2239-#
7.2240-# grafana['dashboards'] = [
7.2241-# {
7.2242-# 'name' => 'GitLab Omnibus',
7.2243-# 'orgId' => 1,
7.2244-# 'folder' => 'GitLab Omnibus',
7.2245-# 'type' => 'file',
7.2246-# 'disableDeletion' => true,
7.2247-# 'updateIntervalSeconds' => 600,
7.2248-# 'options' => {
7.2249-# 'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
7.2250-# }
7.2251-# }
7.2252-# ]
7.2253-
7.2254-### Datasources
7.2255-#
7.2256-# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
7.2257-#
7.2258-# NOTE: Setting this will override the default.
7.2259-#
7.2260-# grafana['datasources'] = [
7.2261-# {
7.2262-# 'name' => 'GitLab Omnibus',
7.2263-# 'type' => 'prometheus',
7.2264-# 'access' => 'proxy',
7.2265-# 'url' => 'http://localhost:9090'
7.2266-# }
7.2267-# ]
7.2268-
7.2269-##! Advanced settings. Should be changed only if absolutely needed.
7.2270-# grafana['http_addr'] = 'localhost'
7.2271-# grafana['http_port'] = 3000
7.2272-
7.2273-################################################################################
7.2274-## Gitaly
7.2275-##! Docs:
7.2276-################################################################################
7.2277-
7.2278-# The gitaly['enable'] option exists for the purpose of cluster
7.2279-# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
7.2280-# gitaly['enable'] = true
7.2281-# gitaly['dir'] = "/var/opt/gitlab/gitaly"
7.2282-# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
7.2283-# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
7.2284-# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
7.2285-# gitaly['env'] = {
7.2286-# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
7.2287-# 'HOME' => '/var/opt/gitlab',
7.2288-# 'TZ' => ':/etc/localtime',
7.2289-# 'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages",
7.2290-# 'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
7.2291-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
7.2292-# 'WRAPPER_JSON_LOGGING' => true
7.2293-# }
7.2294-
7.2295-# gitaly['runtime_dir'] = "/var/opt/gitlab/gitaly/run"
7.2296-# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
7.2297-# gitaly['listen_addr'] = "localhost:8075"
7.2298-# gitaly['tls_listen_addr'] = "localhost:9075"
7.2299-# gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem"
7.2300-# gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"
7.2301-# gitaly['prometheus_listen_addr'] = "localhost:9236"
7.2302-# gitaly['logging_level'] = "warn"
7.2303-# gitaly['logging_format'] = "json"
7.2304-# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
7.2305-# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
7.2306-# gitaly['logging_sentry_environment'] = "production"
7.2307-# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
7.2308-# gitaly['auth_token'] = '<secret>'
7.2309-# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
7.2310-# gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests
7.2311-# gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use
7.2312-# gitaly['git_bin_path'] = "/opt/gitlab/embedded/bin/git" # A custom path for the 'git' executable
7.2313-# gitaly['use_bundled_git'] = true # Whether to use bundled Git.
7.2314-# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
7.2315-# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
7.2316-# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
7.2317-# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
7.2318-# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
7.2319-# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
7.2320-# gitaly['concurrency'] = [
7.2321-# {
7.2322-# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
7.2323-# 'max_per_repo' => 20
7.2324-# }, {
7.2325-# 'rpc' => "/gitaly.SSHService/SSHUploadPack",
7.2326-# 'max_per_repo' => 5
7.2327-# }
7.2328-# ]
7.2329-# gitaly['rate_limiting'] = [
7.2330-# {
7.2331-# 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
7.2332-# 'interval' => '1m',
7.2333-# 'burst' => 10
7.2334-# }, {
7.2335-# 'rpc' => "/gitaly.SSHService/SSHUploadPack",
7.2336-# 'interval' => '1m',
7.2337-# 'burst' => 5
7.2338-# }
7.2339-# ]
7.2340-#
7.2341-# gitaly['daily_maintenance_start_hour'] = 22
7.2342-# gitaly['daily_maintenance_start_minute'] = 30
7.2343-# gitaly['daily_maintenance_duration'] = '30m'
7.2344-# gitaly['daily_maintenance_storages'] = ["default"]
7.2345-# gitaly['daily_maintenance_disabled'] = false
7.2346-# gitaly['cgroups_count'] = 10
7.2347-# gitaly['cgroups_mountpoint'] = '/sys/fs/cgroup'
7.2348-# gitaly['cgroups_hierarchy_root'] = 'gitaly'
7.2349-# gitaly['cgroups_memory_enabled'] = true
7.2350-# gitaly['cgroups_memory_limit'] = 1048576
7.2351-# gitaly['cgroups_cpu_enabled'] = true
7.2352-# gitaly['cgroups_cpu_shares'] = 512
7.2353-# gitaly['pack_objects_cache_enabled'] = true
7.2354-# gitaly['pack_objects_cache_dir'] = '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache'
7.2355-# gitaly['pack_objects_cache_max_age'] = '5m'
7.2356-# gitaly['custom_hooks_dir'] = "/var/opt/gitlab/gitaly/custom_hooks"
7.2357-
7.2358-##! Service name used to register Gitaly as a Consul service
7.2359-# gitaly['consul_service_name'] = 'gitaly'
7.2360-##! Semantic metadata used when registering Gitaly as a Consul service
7.2361-# gitaly['consul_service_meta'] = {}
7.2362-
7.2363-################################################################################
7.2364-## Praefect
7.2365-##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md
7.2366-################################################################################
7.2367-
7.2368-# praefect['enable'] = false
7.2369-# praefect['dir'] = "/var/opt/gitlab/praefect"
7.2370-# praefect['log_directory'] = "/var/log/gitlab/praefect"
7.2371-# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
7.2372-# praefect['env'] = {
7.2373-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
7.2374-# 'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
7.2375-# 'WRAPPER_JSON_LOGGING' => true
7.2376-# }
7.2377-# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
7.2378-# praefect['failover_enabled'] = true
7.2379-# praefect['auth_token'] = ""
7.2380-# praefect['auth_transitioning'] = false
7.2381-# praefect['listen_addr'] = "localhost:2305"
7.2382-# praefect['tls_listen_addr'] = "localhost:3305"
7.2383-# praefect['certificate_path'] = "/var/opt/gitlab/prafect/certificate.pem"
7.2384-# praefect['key_path'] = "/var/opt/gitlab/prafect/key.pem"
7.2385-# praefect['prometheus_listen_addr'] = "localhost:9652"
7.2386-# praefect['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
7.2387-# praefect['separate_database_metrics'] = true
7.2388-# praefect['logging_level'] = "warn"
7.2389-# praefect['logging_format'] = "json"
7.2390-# praefect['virtual_storages'] = {
7.2391-# 'default' => {
7.2392-# 'default_replication_factor' => 3,
7.2393-# 'nodes' => {
7.2394-# 'praefect-internal-0' => {
7.2395-# 'address' => 'tcp://10.23.56.78:8075',
7.2396-# 'token' => 'abc123'
7.2397-# },
7.2398-# 'praefect-internal-1' => {
7.2399-# 'address' => 'tcp://10.76.23.31:8075',
7.2400-# 'token' => 'xyz456'
7.2401-# }
7.2402-# }
7.2403-# },
7.2404-# 'alternative' => {
7.2405-# 'nodes' => {
7.2406-# 'praefect-internal-2' => {
7.2407-# 'address' => 'tcp://10.34.1.16:8075',
7.2408-# 'token' => 'abc321'
7.2409-# },
7.2410-# 'praefect-internal-3' => {
7.2411-# 'address' => 'tcp://10.23.18.6:8075',
7.2412-# 'token' => 'xyz890'
7.2413-# }
7.2414-# }
7.2415-# }
7.2416-# }
7.2417-# praefect['sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
7.2418-# praefect['sentry_environment'] = "production"
7.2419-# praefect['auto_migrate'] = true
7.2420-# praefect['database_host'] = 'postgres.external'
7.2421-# praefect['database_port'] = 6432
7.2422-# praefect['database_user'] = 'praefect'
7.2423-# praefect['database_password'] = 'secret'
7.2424-# praefect['database_dbname'] = 'praefect_production'
7.2425-# praefect['database_sslmode'] = 'disable'
7.2426-# praefect['database_sslcert'] = '/path/to/client-cert'
7.2427-# praefect['database_sslkey'] = '/path/to/client-key'
7.2428-# praefect['database_sslrootcert'] = '/path/to/rootcert'
7.2429-# praefect['reconciliation_scheduling_interval'] = '5m'
7.2430-# praefect['reconciliation_histogram_buckets'] = '[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0]'
7.2431-# praefect['database_direct_host'] = 'postgres.internal'
7.2432-# praefect['database_direct_port'] = 5432
7.2433-# praefect['database_direct_user'] = 'praefect'
7.2434-# praefect['database_direct_password'] = 'secret'
7.2435-# praefect['database_direct_dbname'] = 'praefect_production_direct'
7.2436-# praefect['database_direct_sslmode'] = 'disable'
7.2437-# praefect['database_direct_sslcert'] = '/path/to/client-cert'
7.2438-# praefect['database_direct_sslkey'] = '/path/to/client-key'
7.2439-# praefect['database_direct_sslrootcert'] = '/path/to/rootcert'
7.2440-
7.2441-##! Service name used to register Praefect as a Consul service
7.2442-# praefect['consul_service_name'] = 'praefect'
7.2443-##! Semantic metadata used when registering Praefect as a Consul service
7.2444-# praefect['consul_service_meta'] = {}
7.2445-
7.2446-################################################################################
7.2447-# Storage check
7.2448-################################################################################
7.2449-# storage_check['enable'] = false
7.2450-# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
7.2451-# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
7.2452-
7.2453-################################################################################
7.2454-# Let's Encrypt integration
7.2455-################################################################################
7.2456-# letsencrypt['enable'] = nil
7.2457-# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
7.2458-# letsencrypt['group'] = 'root'
7.2459-# letsencrypt['key_size'] = 2048
7.2460-# letsencrypt['owner'] = 'root'
7.2461-# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
7.2462-# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
7.2463-# letsencrypt['auto_renew'] = true
7.2464-# letsencrypt['auto_renew_hour'] = 0
7.2465-# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
7.2466-# letsencrypt['auto_renew_day_of_month'] = "*/4"
7.2467-# letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'
7.2468-
7.2469-##! Turn off automatic init system detection. To skip init detection in
7.2470-##! non-docker containers. Recommended not to change.
7.2471-# package['detect_init'] = true
7.2472-
7.2473-##! Attempt to modify kernel paramaters. To skip this in containers where the
7.2474-##! relevant file system is read-only, set the value to false.
7.2475-# package['modify_kernel_parameters'] = true
7.2476-
7.2477-##! Specify maximum number of tasks that can be created by the systemd unit
7.2478-##! Will be populated as TasksMax value to the unit file if user is on a systemd
7.2479-##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
7.2480-# package['systemd_tasks_max'] = 4915
7.2481-
7.2482-##! Settings to configure order of GitLab's systemd unit.
7.2483-##! Note: We do not recommend changing these values unless absolutely necessary
7.2484-# package['systemd_after'] = 'multi-user.target'
7.2485-# package['systemd_wanted_by'] = 'multi-user.target'
7.2486-################################################################################
7.2487-################################################################################
7.2488-## Configuration Settings for GitLab EE only ##
7.2489-################################################################################
7.2490-################################################################################
7.2491-
7.2492-
7.2493-################################################################################
7.2494-## Auxiliary cron jobs applicable to GitLab EE only
7.2495-################################################################################
7.2496-#
7.2497-# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
7.2498-# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
7.2499-# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
7.2500-# gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0"
7.2501-# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
7.2502-# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
7.2503-# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
7.2504-# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
7.2505-# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
7.2506-# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
7.2507-# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
7.2508-# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
7.2509-# gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0"
7.2510-
7.2511-################################################################################
7.2512-## Kerberos (EE Only)
7.2513-##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
7.2514-################################################################################
7.2515-
7.2516-# gitlab_rails['kerberos_enabled'] = true
7.2517-# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
7.2518-# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
7.2519-# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
7.2520-# gitlab_rails['kerberos_use_dedicated_port'] = true
7.2521-# gitlab_rails['kerberos_port'] = 8443
7.2522-# gitlab_rails['kerberos_https'] = true
7.2523-
7.2524-################################################################################
7.2525-## Package repository
7.2526-##! Docs: https://docs.gitlab.com/ee/administration/packages/
7.2527-################################################################################
7.2528-
7.2529-# gitlab_rails['packages_enabled'] = true
7.2530-# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
7.2531-# gitlab_rails['packages_object_store_enabled'] = false
7.2532-# gitlab_rails['packages_object_store_direct_upload'] = false
7.2533-# gitlab_rails['packages_object_store_background_upload'] = true
7.2534-# gitlab_rails['packages_object_store_proxy_download'] = false
7.2535-# gitlab_rails['packages_object_store_remote_directory'] = "packages"
7.2536-# gitlab_rails['packages_object_store_connection'] = {
7.2537-# 'provider' => 'AWS',
7.2538-# 'region' => 'eu-west-1',
7.2539-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.2540-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.2541-# # # The below options configure an S3 compatible host instead of AWS
7.2542-# # 'host' => 's3.amazonaws.com',
7.2543-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.2544-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.2545-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.2546-# }
7.2547-
7.2548-################################################################################
7.2549-## Dependency proxy
7.2550-##! Docs: https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html
7.2551-################################################################################
7.2552-
7.2553-# gitlab_rails['dependency_proxy_enabled'] = true
7.2554-# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
7.2555-# gitlab_rails['dependency_proxy_object_store_enabled'] = false
7.2556-# gitlab_rails['dependency_proxy_object_store_direct_upload'] = false
7.2557-# gitlab_rails['dependency_proxy_object_store_background_upload'] = true
7.2558-# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
7.2559-# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
7.2560-# gitlab_rails['dependency_proxy_object_store_connection'] = {
7.2561-# 'provider' => 'AWS',
7.2562-# 'region' => 'eu-west-1',
7.2563-# 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
7.2564-# 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
7.2565-# # # The below options configure an S3 compatible host instead of AWS
7.2566-# # 'host' => 's3.amazonaws.com',
7.2567-# # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
7.2568-# # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
7.2569-# # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
7.2570-# }
7.2571-
7.2572-################################################################################
7.2573-## GitLab Sentinel (EE Only)
7.2574-##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
7.2575-################################################################################
7.2576-
7.2577-##! **Make sure you configured all redis['master_*'] keys above before
7.2578-##! continuing.**
7.2579-
7.2580-##! To enable Sentinel and disable all other services in this machine,
7.2581-##! uncomment the line below (if you've enabled Redis role, it will keep it).
7.2582-##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
7.2583-# redis_sentinel_role['enable'] = true
7.2584-
7.2585-# sentinel['enable'] = true
7.2586-
7.2587-##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
7.2588-# sentinel['bind'] = '0.0.0.0'
7.2589-
7.2590-##! Uncomment to change default port
7.2591-# sentinel['port'] = 26379
7.2592-
7.2593-#### Support to run sentinels in a Docker or NAT environment
7.2594-#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
7.2595-# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
7.2596-# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
7.2597-# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
7.2598-# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
7.2599-
7.2600-##! Quorum must reflect the amount of voting sentinels it take to start a
7.2601-##! failover.
7.2602-##! **Value must NOT be greater then the amount of sentinels.**
7.2603-##! The quorum can be used to tune Sentinel in two ways:
7.2604-##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
7.2605-##! we deploy, we are basically making Sentinel more sensible to master
7.2606-##! failures, triggering a failover as soon as even just a minority of
7.2607-##! Sentinels is no longer able to talk with the master.
7.2608-##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
7.2609-##! are making Sentinel able to failover only when there are a very large
7.2610-##! number (larger than majority) of well connected Sentinels which agree
7.2611-##! about the master being down.
7.2612-# sentinel['quorum'] = 1
7.2613-
7.2614-### Consider unresponsive server down after x amount of ms.
7.2615-# sentinel['down_after_milliseconds'] = 10000
7.2616-
7.2617-### Specifies the failover timeout in milliseconds.
7.2618-##! It is used in many ways:
7.2619-##!
7.2620-##! - The time needed to re-start a failover after a previous failover was
7.2621-##! already tried against the same master by a given Sentinel, is two
7.2622-##! times the failover timeout.
7.2623-##!
7.2624-##! - The time needed for a replica replicating to a wrong master according
7.2625-##! to a Sentinel current configuration, to be forced to replicate
7.2626-##! with the right master, is exactly the failover timeout (counting since
7.2627-##! the moment a Sentinel detected the misconfiguration).
7.2628-##!
7.2629-##! - The time needed to cancel a failover that is already in progress but
7.2630-##! did not produced any configuration change (REPLICAOF NO ONE yet not
7.2631-##! acknowledged by the promoted replica).
7.2632-##!
7.2633-##! - The maximum time a failover in progress waits for all the replicas to be
7.2634-##! reconfigured as replicas of the new master. However even after this time
7.2635-##! the replicas will be reconfigured by the Sentinels anyway, but not with
7.2636-##! the exact parallel-syncs progression as specified.
7.2637-# sentinel['failover_timeout'] = 60000
7.2638-
7.2639-### Sentinel TLS settings
7.2640-###! To run Sentinel over TLS, specify values for the following settings
7.2641-# sentinel['tls_port'] = nil
7.2642-# sentinel['tls_cert_file'] = nil
7.2643-# sentinel['tls_key_file'] = nil
7.2644-
7.2645-###! Other TLS related optional settings
7.2646-# sentinel['tls_dh_params_file'] = nil
7.2647-# sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
7.2648-# sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
7.2649-# sentinel['tls_auth_clients'] = 'optional'
7.2650-# sentinel['tls_replication'] = nil
7.2651-# sentinel['tls_cluster'] = nil
7.2652-# sentinel['tls_protocols'] = nil
7.2653-# sentinel['tls_ciphers'] = nil
7.2654-# sentinel['tls_ciphersuites'] = nil
7.2655-# sentinel['tls_prefer_server_ciphers'] = nil
7.2656-# sentinel['tls_session_caching'] = nil
7.2657-# sentinel['tls_session_cache_size'] = nil
7.2658-# sentinel['tls_session_cache_timeout'] = nil
7.2659-
7.2660-### Sentinel hostname support
7.2661-###! When enabled, Redis will leverage hostname support
7.2662-###! Generally this does not need to be changed as we determine this based on
7.2663-###! the provided input from `redis['announce_ip']`
7.2664-###! * This is configured to `true` when a fully qualified hostname is provided
7.2665-###! * This is configured to `false` when an IP address is provided
7.2666-# sentinel['use_hostnames'] = <calculated>
7.2667-
7.2668-################################################################################
7.2669-## Additional Database Settings (EE only)
7.2670-##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
7.2671-################################################################################
7.2672-# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
7.2673-
7.2674-################################################################################
7.2675-## GitLab Geo
7.2676-##! Docs: https://docs.gitlab.com/ee/gitlab-geo
7.2677-################################################################################
7.2678-##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with
7.2679-##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/README.html#roles.
7.2680-
7.2681-# This is an optional identifier which Geo nodes can use to identify themselves.
7.2682-# For example, if external_url is the same for two secondaries, you must specify
7.2683-# a unique Geo node name for those secondaries.
7.2684-#
7.2685-# If it is blank, it defaults to external_url.
7.2686-# gitlab_rails['geo_node_name'] = nil
7.2687-
7.2688-# gitlab_rails['geo_registry_replication_enabled'] = true
7.2689-# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'
7.2690-
7.2691-
7.2692-################################################################################
7.2693-## GitLab Geo Secondary (EE only)
7.2694-################################################################################
7.2695-# geo_secondary['auto_migrate'] = true
7.2696-# geo_secondary['db_adapter'] = "postgresql"
7.2697-# geo_secondary['db_encoding'] = "unicode"
7.2698-# geo_secondary['db_collation'] = nil
7.2699-# geo_secondary['db_database'] = "gitlabhq_geo_production"
7.2700-# geo_secondary['db_username'] = "gitlab_geo"
7.2701-# geo_secondary['db_password'] = nil
7.2702-# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
7.2703-# geo_secondary['db_port'] = 5431
7.2704-# geo_secondary['db_socket'] = nil
7.2705-# geo_secondary['db_sslmode'] = nil
7.2706-# geo_secondary['db_sslcompression'] = 0
7.2707-# geo_secondary['db_sslrootcert'] = nil
7.2708-# geo_secondary['db_sslca'] = nil
7.2709-# geo_secondary['db_prepared_statements'] = false
7.2710-# geo_secondary['db_database_tasks'] = true
7.2711-
7.2712-################################################################################
7.2713-## GitLab Geo Secondary Tracking Database (EE only)
7.2714-################################################################################
7.2715-
7.2716-# geo_postgresql['enable'] = false
7.2717-# geo_postgresql['ha'] = false
7.2718-# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
7.2719-# geo_postgresql['pgbouncer_user'] = nil
7.2720-# geo_postgresql['pgbouncer_user_password'] = nil
7.2721-##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
7.2722-# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
7.2723-# geo_postgresql['log_directory'] = '/var/log/gitlab/geo-postgresql'
7.2724-
7.2725-################################################################################
7.2726-## GitLab Geo Log Cursor Daemon (EE only)
7.2727-################################################################################
7.2728-
7.2729-# geo_logcursor['log_directory'] = '/var/log/gitlab/geo-logcursor'
7.2730-
7.2731-################################################################################
7.2732-## Unleash
7.2733-##! These settings are for GitLab internal use.
7.2734-##! They are used to control feature flags during GitLab development.
7.2735-##! Docs: https://docs.gitlab.com/ee/development/feature_flags
7.2736-################################################################################
7.2737-# gitlab_rails['feature_flags_unleash_enabled'] = false
7.2738-# gitlab_rails['feature_flags_unleash_url'] = nil
7.2739-# gitlab_rails['feature_flags_unleash_app_name'] = nil
7.2740-# gitlab_rails['feature_flags_unleash_instance_id'] = nil
7.2741-
7.2742-################################################################################
7.2743-# Pgbouncer (EE only)
7.2744-# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
7.2745-# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
7.2746-################################################################################
7.2747-# pgbouncer['enable'] = false
7.2748-# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
7.2749-# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
7.2750-# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
7.2751-# pgbouncer['env'] = {
7.2752-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2753-# }
7.2754-# pgbouncer['listen_addr'] = '0.0.0.0'
7.2755-# pgbouncer['listen_port'] = '6432'
7.2756-# pgbouncer['pool_mode'] = 'transaction'
7.2757-# pgbouncer['server_reset_query'] = 'DISCARD ALL'
7.2758-# pgbouncer['application_name_add_host'] = '1'
7.2759-# pgbouncer['max_client_conn'] = '2048'
7.2760-# pgbouncer['default_pool_size'] = '100'
7.2761-# pgbouncer['min_pool_size'] = '0'
7.2762-# pgbouncer['reserve_pool_size'] = '5'
7.2763-# pgbouncer['reserve_pool_timeout'] = '5.0'
7.2764-# pgbouncer['server_round_robin'] = '0'
7.2765-# pgbouncer['log_connections'] = '0'
7.2766-# pgbouncer['server_idle_timeout'] = '30'
7.2767-# pgbouncer['dns_max_ttl'] = '15.0'
7.2768-# pgbouncer['dns_zone_check_period'] = '0'
7.2769-# pgbouncer['dns_nxdomain_ttl'] = '15.0'
7.2770-# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
7.2771-# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
7.2772-# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
7.2773-# pgbouncer['databases'] = {
7.2774-# DATABASE_NAME: {
7.2775-# host: HOSTNAME,
7.2776-# port: PORT
7.2777-# user: USERNAME,
7.2778-# password: PASSWORD
7.2779-###! generate this with `echo -n '$password + $username' | md5sum`
7.2780-# }
7.2781-# ...
7.2782-# }
7.2783-# pgbouncer['logfile'] = nil
7.2784-# pgbouncer['unix_socket_dir'] = nil
7.2785-# pgbouncer['unix_socket_mode'] = '0777'
7.2786-# pgbouncer['unix_socket_group'] = nil
7.2787-# pgbouncer['auth_type'] = 'md5'
7.2788-# pgbouncer['auth_hba_file'] = nil
7.2789-# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
7.2790-# pgbouncer['users'] = {
7.2791-# {
7.2792-# name: USERNAME,
7.2793-# password: MD5_PASSWORD_HASH
7.2794-# }
7.2795-# }
7.2796-# postgresql['pgbouncer_user'] = nil
7.2797-# postgresql['pgbouncer_user_password'] = nil
7.2798-# pgbouncer['server_reset_query_always'] = 0
7.2799-# pgbouncer['server_check_query'] = 'select 1'
7.2800-# pgbouncer['server_check_delay'] = 30
7.2801-# pgbouncer['max_db_connections'] = nil
7.2802-# pgbouncer['max_user_connections'] = nil
7.2803-# pgbouncer['syslog'] = 0
7.2804-# pgbouncer['syslog_facility'] = 'daemon'
7.2805-# pgbouncer['syslog_ident'] = 'pgbouncer'
7.2806-# pgbouncer['log_disconnections'] = 1
7.2807-# pgbouncer['log_pooler_errors'] = 1
7.2808-# pgbouncer['stats_period'] = 60
7.2809-# pgbouncer['verbose'] = 0
7.2810-# pgbouncer['server_lifetime'] = 3600
7.2811-# pgbouncer['server_connect_timeout'] = 15
7.2812-# pgbouncer['server_login_retry'] = 15
7.2813-# pgbouncer['query_timeout'] = 0
7.2814-# pgbouncer['query_wait_timeout'] = 120
7.2815-# pgbouncer['client_idle_timeout'] = 0
7.2816-# pgbouncer['client_login_timeout'] = 60
7.2817-# pgbouncer['autodb_idle_timeout'] = 3600
7.2818-# pgbouncer['suspend_timeout'] = 10
7.2819-# pgbouncer['idle_transaction_timeout'] = 0
7.2820-# pgbouncer['pkt_buf'] = 4096
7.2821-# pgbouncer['listen_backlog'] = 128
7.2822-# pgbouncer['sbuf_loopcnt'] = 5
7.2823-# pgbouncer['max_packet_size'] = 2147483647
7.2824-# pgbouncer['tcp_defer_accept'] = 0
7.2825-# pgbouncer['tcp_socket_buffer'] = 0
7.2826-# pgbouncer['tcp_keepalive'] = 1
7.2827-# pgbouncer['tcp_keepcnt'] = 0
7.2828-# pgbouncer['tcp_keepidle'] = 0
7.2829-# pgbouncer['tcp_keepintvl'] = 0
7.2830-# pgbouncer['disable_pqexec'] = 0
7.2831-
7.2832-## Pgbouncer client TLS options
7.2833-# pgbouncer['client_tls_sslmode'] = 'disable'
7.2834-# pgbouncer['client_tls_ca_file'] = nil
7.2835-# pgbouncer['client_tls_key_file'] = nil
7.2836-# pgbouncer['client_tls_cert_file'] = nil
7.2837-# pgbouncer['client_tls_protocols'] = 'all'
7.2838-# pgbouncer['client_tls_dheparams'] = 'auto'
7.2839-# pgbouncer['client_tls_ecdhcurve'] = 'auto'
7.2840-#
7.2841-## Pgbouncer server TLS options
7.2842-# pgbouncer['server_tls_sslmode'] = 'disable'
7.2843-# pgbouncer['server_tls_ca_file'] = nil
7.2844-# pgbouncer['server_tls_key_file'] = nil
7.2845-# pgbouncer['server_tls_cert_file'] = nil
7.2846-# pgbouncer['server_tls_protocols'] = 'all'
7.2847-# pgbouncer['server_tls_ciphers'] = 'fast'
7.2848-
7.2849-################################################################################
7.2850-# Patroni (EE only)
7.2851-################################################################################
7.2852-# patroni['enable'] = false
7.2853-
7.2854-# patroni['dir'] = '/var/opt/gitlab/patroni'
7.2855-# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'
7.2856-
7.2857-## Patroni dynamic configuration settings
7.2858-# patroni['loop_wait'] = 10
7.2859-# patroni['ttl'] = 30
7.2860-# patroni['retry_timeout'] = 10
7.2861-# patroni['maximum_lag_on_failover'] = 1_048_576
7.2862-# patroni['max_timelines_history'] = 0
7.2863-# patroni['master_start_timeout'] = 300
7.2864-# patroni['use_pg_rewind'] = true
7.2865-# patroni['remove_data_directory_on_rewind_failure'] = false
7.2866-# patroni['remove_data_directory_on_diverged_timelines'] = false
7.2867-# patroni['use_slots'] = true
7.2868-# patroni['replication_password'] = nil
7.2869-# patroni['replication_slots'] = {}
7.2870-# patroni['callbacks'] = {}
7.2871-# patroni['recovery_conf'] = {}
7.2872-# patroni['tags'] = {}
7.2873-
7.2874-## Standby cluster replication settings
7.2875-# patroni['standby_cluster']['enable'] = false
7.2876-# patroni['standby_cluster']['host'] = nil
7.2877-# patroni['standby_cluster']['port'] = 5432
7.2878-# patroni['standby_cluster']['primary_slot_name'] = nil
7.2879-
7.2880-## Global/Universal settings
7.2881-# patroni['scope'] = 'gitlab-postgresql-ha'
7.2882-# patroni['name'] = nil
7.2883-
7.2884-## Log settings
7.2885-# patroni['log_directory'] = '/var/log/gitlab/patroni'
7.2886-# patroni['log_level'] = 'INFO'
7.2887-
7.2888-## Consul specific settings
7.2889-# patroni['consul']['url'] = 'http://127.0.0.1:8500'
7.2890-# patroni['consul']['service_check_interval'] = '10s'
7.2891-# patroni['consul']['register_service'] = true
7.2892-# patroni['consul']['checks'] = []
7.2893-
7.2894-## PostgreSQL configuration override
7.2895-# patroni['postgresql']['hot_standby'] = 'on'
7.2896-
7.2897-## The following must hold the same values on all nodes.
7.2898-## Leave unassined to use PostgreSQL's default values.
7.2899-# patroni['postgresql']['wal_level'] = 'replica'
7.2900-# patroni['postgresql']['wal_log_hints'] = 'on'
7.2901-# patroni['postgresql']['max_worker_processes'] = 8
7.2902-# patroni['postgresql']['max_locks_per_transaction'] = 64
7.2903-# patroni['postgresql']['max_connections'] = 200
7.2904-# patroni['postgresql']['checkpoint_timeout'] = 30
7.2905-
7.2906-## The following can hold different values on all nodes.
7.2907-## Leave unassined to use PostgreSQL's default values.
7.2908-# patroni['postgresql']['wal_keep_segments'] = 8
7.2909-# patroni['postgresql']['max_wal_senders'] = 5
7.2910-# patroni['postgresql']['max_replication_slots'] = 5
7.2911-
7.2912-## Permanent replication slots for Streaming Replication
7.2913-# patroni['replication_slots'] = {
7.2914-# 'geo_secondary' => { 'type' => 'physical' }
7.2915-# }
7.2916-
7.2917-## The address and port that Patroni API binds to and listens on.
7.2918-# patroni['listen_address'] = nil
7.2919-# patroni['port'] = '8008'
7.2920-
7.2921-## The address of the Patroni node that is advertized to other cluster
7.2922-## members to communicate with its API and PostgreSQL. If it is not specified,
7.2923-## it tries to use the first available private IP and falls back to the default
7.2924-## network interface.
7.2925-# patroni['connect_address'] = nil
7.2926-
7.2927-## The port that Patroni API responds to other cluster members. This port is
7.2928-## advertized and by default is the same as patroni['port'].
7.2929-# patroni['connect_port'] = '8008'
7.2930-
7.2931-## Specifies the set of hosts that are allowed to call unsafe REST API endpoints.
7.2932-## Each item can be an hostname, IP address, or CIDR address.
7.2933-## All hosts are allowed if this is unset.
7.2934-# patroni['allowlist'] = []
7.2935-# patroni['allowlist_include_members'] = false
7.2936-
7.2937-## The username and password to use for basic auth on write commands to the
7.2938-## Patroni API. If not specified then the API does not use basic auth.
7.2939-# patroni['username'] = nil
7.2940-# patroni['password'] = nil
7.2941-
7.2942-## TLS configuration for Patroni API. Both certificate and key files are
7.2943-## required to enable TLS. If not specified then the API uses plain HTTP.
7.2944-# patroni['tls_certificate_file'] = nil
7.2945-# patroni['tls_key_file'] = nil
7.2946-# patroni['tls_key_password'] = nil
7.2947-# patroni['tls_ca_file'] = nil
7.2948-# patroni['tls_ciphers'] = nil
7.2949-# patroni['tls_client_mode'] = nil
7.2950-# patroni['tls_client_certificate_file'] = nil
7.2951-# patroni['tls_client_key_file'] = nil
7.2952-# patroni['tls_verify'] = true
7.2953-
7.2954-################################################################################
7.2955-# Consul (EEP only)
7.2956-################################################################################
7.2957-# consul['enable'] = false
7.2958-# consul['dir'] = '/var/opt/gitlab/consul'
7.2959-# consul['username'] = 'gitlab-consul'
7.2960-# consul['group'] = 'gitlab-consul'
7.2961-# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
7.2962-# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
7.2963-# consul['data_dir'] = '/var/opt/gitlab/consul/data'
7.2964-# consul['log_directory'] = '/var/log/gitlab/consul'
7.2965-# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
7.2966-# consul['env'] = {
7.2967-# 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
7.2968-# }
7.2969-# consul['monitoring_service_discovery'] = false
7.2970-# consul['node_name'] = nil
7.2971-# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
7.2972-# consul['configuration'] = {
7.2973-# 'client_addr' => nil,
7.2974-# 'datacenter' => 'gitlab_consul',
7.2975-# 'enable_script_checks' => true,
7.2976-# 'server' => false
7.2977-# }
7.2978-# consul['services'] = []
7.2979-# consul['service_config'] = {
7.2980-# 'postgresql' => {
7.2981-# 'service' => {
7.2982-# 'name' => "postgresql",
7.2983-# 'address' => '',
7.2984-# 'port' => 5432,
7.2985-# 'checks' => [
7.2986-# {
7.2987-# 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
7.2988-# 'interval' => "10s"
7.2989-# }
7.2990-# ]
7.2991-# }
7.2992-# }
7.2993-# }
7.2994-# consul['watchers'] = {
7.2995-# 'postgresql' => {
7.2996-# enable: false,
7.2997-# handler: 'failover_pgbouncer'
7.2998-# }
7.2999-# }
7.3000-#
7.3001-# consul['custom_config_dir'] = '/path/to/service/configs/directory'
7.3002-#
7.3003-
7.3004-#### HTTP API ports
7.3005-# consul['http_port'] = nil
7.3006-# consul['https_port'] = nil
7.3007-
7.3008-#### Gossip encryption
7.3009-# consul['encryption_key'] = nil
7.3010-# consul['encryption_verify_incoming'] = nil
7.3011-# consul['encryption_verify_outgoing'] = nil
7.3012-
7.3013-#### TLS settings
7.3014-# consul['use_tls'] = false
7.3015-# consul['tls_ca_file'] = nil
7.3016-# consul['tls_certificate_file'] = nil
7.3017-# consul['tls_key_file'] = nil
7.3018-# consul['tls_verify_client'] = nil
7.3019-
7.3020-################################################################################
7.3021-# Service desk email settings
7.3022-################################################################################
7.3023-### Service desk email
7.3024-###! Allow users to create new service desk issues by sending an email to
7.3025-###! service desk address.
7.3026-###! Docs: https://docs.gitlab.com/ee/user/project/service_desk.html
7.3027-# gitlab_rails['service_desk_email_enabled'] = false
7.3028-
7.3029-#### Service Desk Mailbox Settings (via `mail_room`)
7.3030-#### Service Desk Email Address
7.3031-####! The email address including the `%{key}` placeholder that will be replaced
7.3032-####! to reference the item being replied to.
7.3033-####! **The placeholder can be omitted but if present, it must appear in the
7.3034-####! "user" part of the address (before the `@`).**
7.3035-# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"
7.3036-
7.3037-#### Service Desk Email account username
7.3038-####! **With third party providers, this is usually the full email address.**
7.3039-####! **With self-hosted email servers, this is usually the user part of the
7.3040-####! email address.**
7.3041-# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"
7.3042-
7.3043-#### Service Desk Email account password
7.3044-# gitlab_rails['service_desk_email_password'] = "[REDACTED]"
7.3045-
7.3046-####! The mailbox where service desk mail will end up. Usually "inbox".
7.3047-# gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
7.3048-####! The IDLE command timeout.
7.3049-# gitlab_rails['service_desk_email_idle_timeout'] = 60
7.3050-####! The file name for internal `mail_room` JSON logfile
7.3051-# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
7.3052-
7.3053-#### Service Desk IMAP Settings
7.3054-# gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
7.3055-# gitlab_rails['service_desk_email_port'] = 993
7.3056-# gitlab_rails['service_desk_email_ssl'] = true
7.3057-# gitlab_rails['service_desk_email_start_tls'] = false
7.3058-
7.3059-#### Inbox options (for Microsoft Graph)
7.3060-# gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph'
7.3061-# gitlab_rails['service_desk_email_inbox_options'] = {
7.3062-# 'tenant_id': 'YOUR-TENANT-ID',
7.3063-# 'client_id': 'YOUR-CLIENT-ID',
7.3064-# 'client_secret': 'YOUR-CLIENT-SECRET',
7.3065-# 'poll_interval': 60 # Optional
7.3066-# }
7.3067-
7.3068-#### How service desk emails are delivered to Rails process. Accept either
7.3069-#### sidekiq or webhook. The default config is sidekiq.
7.3070-# gitlab_rails['service_desk_email_delivery_method'] = "sidekiq"
7.3071-
7.3072-#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
7.3073-#### encoded with base64
7.3074-# gitlab_rails['service_desk_email_auth_token'] = nil
7.3075-
7.3076-################################################################################
7.3077-## Spamcheck (EE only)
7.3078-#################################################################################
7.3079-
7.3080-# spamcheck['enable'] = false
7.3081-# spamcheck['dir'] = '/var/opt/gitlab/spamcheck'
7.3082-# spamcheck['port'] = 8001
7.3083-# spamcheck['external_port'] = nil
7.3084-# spamcheck['monitoring_address'] = ':8003'
7.3085-# spamcheck['log_level'] = 'info'
7.3086-# spamcheck['log_format'] = 'json'
7.3087-# spamcheck['log_output'] = 'stdout'
7.3088-# spamcheck['monitor_mode'] = false
7.3089-# spamcheck['allowlist'] = {}
7.3090-# spamcheck['denylist'] = {}
7.3091-# spamcheck['log_directory'] = "/var/log/gitlab/spamcheck"
7.3092-# spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env"
7.3093-# spamcheck['env'] = {
7.3094-# 'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/cers'
7.3095-# }
7.3096-# spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier"
8.1--- a/etc/gitlab/gitlab.yml Fri May 03 00:36:49 2024 +0000
8.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
8.3@@ -1,1692 +0,0 @@
8.4-# # # # # # # # # # # # # # # # # #
8.5-# GitLab application config file #
8.6-# # # # # # # # # # # # # # # # # #
8.7-#
8.8-########################### NOTE #####################################
8.9-# This file should not receive new settings. All configuration options #
8.10-# * are being moved to ApplicationSetting model! #
8.11-# If a setting requires an application restart say so in that screen. #
8.12-# If you change this file in a merge request, please also create #
8.13-# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests. #
8.14-# For more details see https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md #
8.15-# Be sure to create a MR against the GDK configuration #
8.16-# file (https://gitlab.com/gitlab-org/gitlab-development-kit/-/blob/main/support/templates/gitlab/config/gitlab.yml.erb) too. #
8.17-########################################################################
8.18-#
8.19-#
8.20-# How to use:
8.21-# 1. Copy file as gitlab.yml
8.22-# 2. Update gitlab -> host with your fully qualified domain name
8.23-# 3. Update gitlab -> email_from
8.24-# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
8.25-# IMPORTANT: If Git was installed in a different location use that instead.
8.26-# You can check with `which git`. If a wrong path of Git is specified, it will
8.27-# result in various issues such as failures of GitLab CI builds.
8.28-# 5. Review this configuration file for other settings you may want to adjust
8.29-
8.30-production: &base
8.31- #
8.32- # 1. GitLab app settings
8.33- # ==========================
8.34-
8.35- ## GitLab settings
8.36- gitlab:
8.37- ## Web server settings (note: host is the FQDN, do not include http://)
8.38- host: localhost
8.39- port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
8.40- https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
8.41-
8.42- # Uncomment this line if you want to configure the Rails asset host for a CDN.
8.43- # cdn_host: localhost
8.44-
8.45- # The maximum time Puma can spend on the request. This needs to be smaller than the worker timeout.
8.46- # Default is 95% of the worker timeout
8.47- max_request_duration_seconds: 57
8.48-
8.49- # Uncomment this line below if your ssh host is different from HTTP/HTTPS one
8.50- # (you'd obviously need to replace ssh.host_example.com with your own host).
8.51- # Otherwise, ssh host will be set to the `host:` value above
8.52- # ssh_host: ssh.host_example.com
8.53-
8.54- # Relative URL support
8.55- # WARNING: We recommend using an FQDN to host GitLab in a root path instead
8.56- # of using a relative URL.
8.57- # Documentation: http://doc.gitlab.com/ce/install/relative_url.html
8.58- # Uncomment and customize the following line to run in a non-root path
8.59- #
8.60- # relative_url_root: /gitlab
8.61-
8.62- # Content Security Policy
8.63- # See https://guides.rubyonrails.org/security.html#content-security-policy
8.64- content_security_policy:
8.65- enabled: true
8.66- report_only: false
8.67- directives:
8.68- base_uri:
8.69- child_src:
8.70- connect_src: "'self' http://localhost:* ws://localhost:* wss://localhost:*"
8.71- default_src: "'self'"
8.72- font_src:
8.73- form_action:
8.74- frame_ancestors: "'self'"
8.75- frame_src: "'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
8.76- img_src: "* data: blob:"
8.77- manifest_src:
8.78- media_src:
8.79- object_src: "'none'"
8.80- script_src: "'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
8.81- style_src: "'self' 'unsafe-inline'"
8.82- worker_src: "'self' blob:"
8.83- report_uri:
8.84-
8.85- allowed_hosts: []
8.86-
8.87- # Trusted Proxies
8.88- # Customize if you have GitLab behind a reverse proxy which is running on a different machine.
8.89- # Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
8.90- trusted_proxies:
8.91- # Examples:
8.92- #- 192.168.1.0/24
8.93- #- 192.168.2.1
8.94- #- 2001:0db8::/32
8.95-
8.96- # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
8.97- # user: git
8.98-
8.99- ## Date & Time settings
8.100- # Uncomment and customize if you want to change the default time zone of GitLab application.
8.101- # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production`
8.102- # time_zone: 'UTC'
8.103-
8.104- ## Email settings
8.105- # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
8.106- # email_enabled: true
8.107- # Email address used in the "From" field in mails sent by GitLab
8.108- email_from: example@example.com
8.109- email_display_name: GitLab
8.110- email_reply_to: noreply@example.com
8.111- email_subject_suffix: ''
8.112- email_smime:
8.113- # Uncomment and set to true if you need to enable email S/MIME signing (default: false)
8.114- # enabled: false
8.115- # S/MIME private key file in PEM format, unencrypted
8.116- # Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app).
8.117- # key_file: /home/git/gitlab/.gitlab_smime_key
8.118- # S/MIME public certificate key in PEM format, will be attached to signed messages
8.119- # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app).
8.120- # cert_file: /home/git/gitlab/.gitlab_smime_cert
8.121- # S/MIME extra CA public certificates in PEM format, will be attached to signed messages
8.122- # Optional
8.123- # ca_certs_file: /home/git/gitlab/.gitlab_smime_ca_certs
8.124-
8.125- # Email server smtp settings are in config/initializers/smtp_settings.rb.sample
8.126- # File location to read encrypted SMTP secrets from
8.127- # email_smtp_secret_file: /mnt/gitlab/smtp.yaml.enc # Default: shared/encrypted_settings/smtp.yaml.enc
8.128-
8.129- # default_can_create_group: false # default: true
8.130- # username_changing_enabled: false # default: true - User can change their username/namespace
8.131- ## Default theme ID
8.132- ## 1 - Indigo
8.133- ## 2 - Gray
8.134- ## 3 - Light Gray
8.135- ## 4 - Blue
8.136- ## 5 - Green
8.137- ## 6 - Light Indigo
8.138- ## 7 - Light Blue
8.139- ## 8 - Light Green
8.140- ## 9 - Red
8.141- ## 10 - Light Red
8.142- ## 11 - Dark Mode (alpha)
8.143- # default_theme: 1 # default: 1
8.144-
8.145- ## Automatic issue closing
8.146- # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
8.147- # This happens when the commit is pushed or merged into the default branch of a project.
8.148- # When not specified the default issue_closing_pattern as specified below will be used.
8.149- # Tip: you can test your closing pattern at http://rubular.com.
8.150- # issue_closing_pattern: '\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
8.151-
8.152- ## Default project features settings
8.153- default_projects_features:
8.154- issues: true
8.155- merge_requests: true
8.156- wiki: true
8.157- snippets: true
8.158- builds: true
8.159- container_registry: true
8.160-
8.161- ## Webhook settings
8.162- # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
8.163- # webhook_timeout: 10
8.164-
8.165- ### GraphQL Settings
8.166- # Tells the rails application how long it has to complete a GraphQL request.
8.167- # We suggest this value to be higher than the database timeout value
8.168- # and lower than the worker timeout set in Puma. (default: 30)
8.169- # graphql_timeout: 30
8.170-
8.171- ## Repository downloads directory
8.172- # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
8.173- # The default is 'shared/cache/archive/' relative to the root of the Rails app.
8.174- # repository_downloads_path: shared/cache/archive/
8.175-
8.176- ## Impersonation settings
8.177- impersonation_enabled: true
8.178-
8.179- ## Disable jQuery and CSS animations
8.180- # disable_animations: true
8.181-
8.182- ## Application settings cache expiry in seconds (default: 60)
8.183- # application_settings_cache_seconds: 60
8.184-
8.185- ## Print initial root password to stdout during initialization (default: false)
8.186- # WARNING: setting this to true means that the root password will be printed in
8.187- # plaintext. This can be a security risk.
8.188- # display_initial_root_password: false
8.189-
8.190- # Allows delivery of emails using Microsoft Graph API with OAuth 2.0 client credentials flow.
8.191- microsoft_graph_mailer:
8.192- enabled: false
8.193- # The unique identifier for the user. To use Microsoft Graph on behalf of the user.
8.194- # user_id: "YOUR-USER-ID"
8.195- # The directory tenant the application plans to operate against, in GUID or domain-name format.
8.196- # tenant: "YOUR-TENANT-ID"
8.197- # The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
8.198- # client_id: "YOUR-CLIENT-ID"
8.199- # The client secret that you generated for your app in the app registration portal.
8.200- # client_secret: "YOUR-CLIENT-SECRET-ID"
8.201- # Defaults to "https://login.microsoftonline.com".
8.202- # azure_ad_endpoint:
8.203- # Defaults to "https://graph.microsoft.com".
8.204- # graph_endpoint:
8.205-
8.206- ## Reply by email
8.207- # Allow users to comment on issues and merge requests by replying to notification emails.
8.208- # For documentation on how to set this up, see https://docs.gitlab.com/ee/administration/reply_by_email.html
8.209- incoming_email:
8.210- enabled: false
8.211-
8.212- # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
8.213- # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
8.214- # Please be aware that a placeholder is required for the Service Desk feature to work.
8.215- address: "gitlab-incoming+%{key}@gmail.com"
8.216-
8.217- # Email account username
8.218- # With third party providers, this is usually the full email address.
8.219- # With self-hosted email servers, this is usually the user part of the email address.
8.220- user: "gitlab-incoming@gmail.com"
8.221- # Email account password
8.222- password: "[REDACTED]"
8.223-
8.224- # IMAP server host
8.225- host: "imap.gmail.com"
8.226- # IMAP server port
8.227- port: 993
8.228- # Whether the IMAP server uses SSL
8.229- ssl: true
8.230- # Whether the IMAP server uses StartTLS
8.231- start_tls: false
8.232-
8.233- # The mailbox where incoming mail will end up. Usually "inbox".
8.234- mailbox: "inbox"
8.235- # The IDLE command timeout.
8.236- idle_timeout: 60
8.237- # The log file path for the structured log file.
8.238- # Since `mail_room` is run independently of Rails, an absolute path is preferred.
8.239- # The default is 'log/mail_room_json.log' relative to the root of the Rails app.
8.240- #
8.241- # log_path: log/mail_room_json.log
8.242-
8.243- # If you are using Microsoft Graph instead of IMAP, set this to false to retain
8.244- # messages in the inbox since deleted messages are auto-expunged after some time.
8.245- delete_after_delivery: true
8.246-
8.247- # Whether to expunge (permanently remove) messages from the mailbox when they are marked as deleted after delivery
8.248- # Only applies to IMAP. Microsoft Graph will auto-expunge any deleted messages.
8.249- expunge_deleted: false
8.250-
8.251- # For Microsoft Graph support
8.252- # inbox_method: microsoft_graph
8.253- # inbox_options:
8.254- # tenant_id: "YOUR-TENANT-ID"
8.255- # client_id: "YOUR-CLIENT-ID"
8.256- # client_secret: "YOUR-CLIENT-SECRET"
8.257-
8.258- # How mailroom delivers email content to Rails. There are two methods at the moment:
8.259- # - sidekiq: mailroom pushes the email content to Sidekiq directly. This job
8.260- # is then picked up by Sidekiq.
8.261- # - webhook: mailroom triggers a HTTP POST request to Rails web server. The
8.262- # content is embedded into the request body.
8.263- # Default is sidekiq.
8.264- # delivery_method: sidekiq
8.265-
8.266- # When the delivery method is webhook, those configs tell the url that
8.267- # mailroom can contact to. Note that the combined url must not end with "/".
8.268- # At the moment, the webhook delivery method doesn't support HTTP/HTTPs via
8.269- # UNIX socket.
8.270- # gitlab_url: "http://gitlab.example"
8.271-
8.272- # When the delivery method is webhook, this config is the file that
8.273- # contains the shared secret key for verifying access for mailroom's
8.274- # incoming_email.
8.275- # Default is '.gitlab_mailroom_secret' relative to Rails.root (i.e. root of the GitLab app).
8.276- # secret_file: /home/git/gitlab/.gitlab_mailroom_secret
8.277-
8.278- # File location to read encrypted incoming email secrets from
8.279- # encrypted_secret_file: /mnt/gitlab/smtp.yaml.enc
8.280- # Default: shared/encrypted_settings/incoming_email.yaml.enc
8.281-
8.282- ## Consolidated object store config
8.283- ## This will only take effect if the object_store sections are not defined
8.284- ## within the types (e.g. artifacts, lfs, etc.).
8.285- # object_store:
8.286- # enabled: false
8.287- # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
8.288- # connection:
8.289- # provider: AWS # Only AWS supported at the moment
8.290- # aws_access_key_id: AWS_ACCESS_KEY_ID
8.291- # aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.292- # region: us-east-1
8.293- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.294- # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
8.295- # storage_options:
8.296- # server_side_encryption: AES256 # AES256, aws:kms
8.297- # server_side_encryption_kms_key_id: # Amazon Resource Name. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html
8.298- # objects:
8.299- # artifacts:
8.300- # bucket: artifacts
8.301- # external_diffs:
8.302- # bucket: external-diffs
8.303- # lfs:
8.304- # bucket: lfs-objects
8.305- # uploads:
8.306- # bucket: uploads
8.307- # packages:
8.308- # bucket: packages
8.309- # dependency_proxy:
8.310- # bucket: dependency_proxy
8.311-
8.312- ## Build Artifacts
8.313- artifacts:
8.314- enabled: true
8.315- # The location where build artifacts are stored (default: shared/artifacts).
8.316- # path: shared/artifacts
8.317- # object_store:
8.318- # enabled: false
8.319- # remote_directory: artifacts # The bucket name
8.320- # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
8.321- # connection:
8.322- # provider: AWS # Only AWS supported at the moment
8.323- # aws_access_key_id: AWS_ACCESS_KEY_ID
8.324- # aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.325- # region: us-east-1
8.326- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.327- # endpoint: 'https://s3.amazonaws.com' # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
8.328-
8.329- ## Merge request external diff storage
8.330- external_diffs:
8.331- # If disabled (the default), the diffs are in-database. Otherwise, they can
8.332- # be stored on disk, or in object storage
8.333- enabled: false
8.334- # The location where external diffs are stored (default: shared/lfs-external-diffs).
8.335- # storage_path: shared/external-diffs
8.336- # object_store:
8.337- # enabled: false
8.338- # remote_directory: external-diffs
8.339- # proxy_download: false
8.340- # connection:
8.341- # provider: AWS
8.342- # aws_access_key_id: AWS_ACCESS_KEY_ID
8.343- # aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.344- # region: us-east-1
8.345-
8.346- ## Git LFS
8.347- lfs:
8.348- enabled: true
8.349- # The location where LFS objects are stored (default: shared/lfs-objects).
8.350- # storage_path: shared/lfs-objects
8.351- object_store:
8.352- enabled: false
8.353- remote_directory: lfs-objects # Bucket name
8.354- # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
8.355- connection:
8.356- provider: AWS
8.357- aws_access_key_id: AWS_ACCESS_KEY_ID
8.358- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.359- region: us-east-1
8.360- # Use the following options to configure an AWS compatible host
8.361- # host: 'localhost' # default: s3.amazonaws.com
8.362- # endpoint: 'http://127.0.0.1:9000' # default: nil
8.363- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.364- # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
8.365-
8.366- ## Uploads (attachments, avatars, etc...)
8.367- uploads:
8.368- # The location where uploads objects are stored (default: public/).
8.369- # storage_path: public/
8.370- # base_dir: uploads/-/system
8.371- object_store:
8.372- enabled: false
8.373- remote_directory: uploads # Bucket name
8.374- # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
8.375- connection:
8.376- provider: AWS
8.377- aws_access_key_id: AWS_ACCESS_KEY_ID
8.378- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.379- aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.380- region: us-east-1
8.381- # host: 'localhost' # default: s3.amazonaws.com
8.382- # endpoint: 'http://127.0.0.1:9000' # default: nil
8.383- # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
8.384-
8.385- ## Packages (maven repository, npm registry, etc...)
8.386- packages:
8.387- enabled: true
8.388- dpkg_deb_path: /usr/bin/dpkg-deb
8.389- # The location where build packages are stored (default: shared/packages).
8.390- # storage_path: shared/packages
8.391- object_store:
8.392- enabled: false
8.393- remote_directory: packages # The bucket name
8.394- # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
8.395- connection:
8.396- provider: AWS
8.397- aws_access_key_id: AWS_ACCESS_KEY_ID
8.398- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.399- region: us-east-1
8.400- # host: 'localhost' # default: s3.amazonaws.com
8.401- # endpoint: 'http://127.0.0.1:9000' # default: nil
8.402- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.403- # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
8.404-
8.405- ## Dependency Proxy
8.406- dependency_proxy:
8.407- enabled: true
8.408- # The location where build packages are stored (default: shared/dependency_proxy).
8.409- # storage_path: shared/dependency_proxy
8.410- object_store:
8.411- enabled: false
8.412- remote_directory: dependency_proxy # The bucket name
8.413- # proxy_download: false # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
8.414- connection:
8.415- provider: AWS
8.416- aws_access_key_id: AWS_ACCESS_KEY_ID
8.417- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.418- region: us-east-1
8.419- # host: 'localhost' # default: s3.amazonaws.com
8.420- # endpoint: 'http://127.0.0.1:9000' # default: nil
8.421- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.422- # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
8.423-
8.424- ## Terraform state
8.425- terraform_state:
8.426- enabled: true
8.427- # The location where Terraform state files are stored (default: shared/terraform_state).
8.428- # storage_path: shared/terraform_state
8.429- object_store:
8.430- enabled: false
8.431- remote_directory: terraform # The bucket name
8.432- connection:
8.433- provider: AWS
8.434- aws_access_key_id: AWS_ACCESS_KEY_ID
8.435- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.436- region: us-east-1
8.437- # host: 'localhost' # default: s3.amazonaws.com
8.438- # endpoint: 'http://127.0.0.1:9000' # default: nil
8.439- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.440- # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
8.441-
8.442- ## CI Secure Files
8.443- ci_secure_files:
8.444- enabled: true
8.445- # storage_path: shared/ci_secure_files
8.446- object_store:
8.447- enabled: false
8.448- remote_directory: ci-secure-files # The bucket name
8.449- connection:
8.450- provider: AWS
8.451- aws_access_key_id: AWS_ACCESS_KEY_ID
8.452- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.453- region: us-east-1
8.454- # host: 'localhost' # default: s3.amazonaws.com
8.455- # endpoint: 'http://127.0.0.1:9000' # default: nil
8.456- # aws_signature_version: 4 # For creation of signed URLs. Set to 2 if provider does not support v4.
8.457- # path_style: true # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
8.458-
8.459- ## GitLab Pages
8.460- pages:
8.461- enabled: false
8.462- access_control: false
8.463- # The location where pages are stored (default: shared/pages).
8.464- # path: shared/pages
8.465-
8.466- # The domain under which the pages are served:
8.467- # http://group.example.com/project
8.468- # or project path can be a group page: group.example.com
8.469- host: example.com
8.470- port: 80 # Set to 443 if you serve the pages with HTTPS
8.471- https: false # Set to true if you serve the pages with HTTPS
8.472- artifacts_server: true # Set to false if you want to disable online view of HTML artifacts
8.473- # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
8.474- # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
8.475-
8.476- # File that contains the shared secret key for verifying access for gitlab-pages.
8.477- # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app).
8.478- # secret_file: /home/git/gitlab/.gitlab_pages_secret
8.479- object_store:
8.480- enabled: false
8.481- remote_directory: pages # The bucket name
8.482- connection:
8.483- provider: AWS
8.484- aws_access_key_id: AWS_ACCESS_KEY_ID
8.485- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.486- region: us-east-1
8.487- local_store:
8.488- enabled: true
8.489- # The location where pages are stored (default: shared/pages).
8.490- # path: shared/pages
8.491-
8.492- ## Mattermost
8.493- ## For enabling Add to Mattermost button
8.494- mattermost:
8.495- enabled: false
8.496- host: 'https://mattermost.example.com'
8.497-
8.498- ## Jira connect
8.499- ## To switch to a Jira connect development environment
8.500- jira_connect:
8.501- # atlassian_js_url: 'http://localhost:9292/atlassian.js'
8.502- # enforce_jira_base_url_https: false
8.503- # additional_iframe_ancestors: ['localhost:*']
8.504-
8.505- ## Gravatar
8.506- ## If using gravatar.com, there's nothing to change here. For Libravatar
8.507- ## you'll need to provide the custom URLs. For more information,
8.508- ## see: https://docs.gitlab.com/ee/administration/libravatar.html
8.509- gravatar:
8.510- # Gravatar/Libravatar URLs: possible placeholders: %{hash} %{size} %{email} %{username}
8.511- # plain_url: "http://..." # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
8.512- # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
8.513-
8.514- ## Sidekiq
8.515- sidekiq:
8.516- log_format: json # (text is the original format)
8.517- # An array of tuples indicating the rules for re-routing a worker to a
8.518- # desirable queue before scheduling. For example:
8.519- # routing_rules:
8.520- # - ["resource_boundary=cpu", "cpu_boundary"]
8.521- # - ["feature_category=pages", null]
8.522- # - ["*", "default"]
8.523-
8.524- ## Auxiliary jobs
8.525- # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
8.526- # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
8.527- cron_jobs:
8.528- # Interval, in seconds, for each Sidekiq process to check for scheduled cron jobs that need to be enqueued. If not
8.529- # set, the interval scales dynamically with the number of Sidekiq processes. If set to 0, disable polling for cron
8.530- # jobs entirely.
8.531- # poll_interval: 30
8.532-
8.533- # Flag stuck CI jobs as failed
8.534- stuck_ci_jobs_worker:
8.535- cron: "0 * * * *"
8.536- # Execute scheduled triggers
8.537- pipeline_schedule_worker:
8.538- cron: "3-59/10 * * * *"
8.539- # Remove expired build artifacts
8.540- expire_build_artifacts_worker:
8.541- cron: "*/7 * * * *"
8.542- # Remove expired pipeline artifacts
8.543- ci_pipelines_expire_artifacts_worker:
8.544- cron: "*/23 * * * *"
8.545- # Remove files from object storage
8.546- ci_schedule_delete_objects_worker:
8.547- cron: "*/16 * * * *"
8.548- # Stop expired environments
8.549- environments_auto_stop_cron_worker:
8.550- cron: "24 * * * *"
8.551- # Delete stopped environments
8.552- environments_auto_delete_cron_worker:
8.553- cron: "34 * * * *"
8.554- # Periodically run 'git fsck' on all repositories. If started more than
8.555- # once per hour you will have concurrent 'git fsck' jobs.
8.556- repository_check_worker:
8.557- cron: "20 * * * *"
8.558- # Archive live traces which have not been archived yet
8.559- ci_archive_traces_cron_worker:
8.560- cron: "17 * * * *"
8.561- # Send admin emails once a week
8.562- admin_email_worker:
8.563- cron: "0 0 * * 0"
8.564- # Send emails for personal tokens which are about to expire
8.565- personal_access_tokens_expiring_worker:
8.566- cron: "0 1 * * *"
8.567-
8.568- # Remove outdated repository archives
8.569- repository_archive_cache_worker:
8.570- cron: "0 * * * *"
8.571-
8.572- # Verify custom GitLab Pages domains
8.573- pages_domain_verification_cron_worker:
8.574- cron: "*/15 * * * *"
8.575-
8.576- # Periodically migrate diffs from the database to external storage
8.577- schedule_migrate_external_diffs_worker:
8.578- cron: "15 * * * *"
8.579-
8.580- # Update CI Platform Metrics daily
8.581- ci_platform_metrics_update_cron_worker:
8.582- cron: "47 9 * * *"
8.583-
8.584- # Periodically update ci_runner_versions table with up-to-date versions and status.
8.585- ci_runner_versions_reconciliation_worker:
8.586- cron: "@daily"
8.587-
8.588- # Periodically clean up stale runner machines.
8.589- ci_runners_stale_machines_cleanup_worker:
8.590- cron: "36 * * * *"
8.591-
8.592- # GitLab EE only jobs. These jobs are automatically enabled for an EE
8.593- # installation, and ignored for a CE installation.
8.594- ee_cron_jobs:
8.595- # Schedule snapshots for all devops adoption segments
8.596- analytics_devops_adoption_create_all_snapshots_worker:
8.597- cron: 0 0 1 * *
8.598-
8.599- # Snapshot active users statistics
8.600- historical_data_worker:
8.601- cron: "0 12 * * *"
8.602-
8.603- # In addition to refreshing users when they log in,
8.604- # periodically refresh LDAP users membership.
8.605- # NOTE: This will only take effect if LDAP is enabled
8.606- ldap_sync_worker:
8.607- cron: "30 1 * * *"
8.608-
8.609- # Periodically refresh LDAP groups membership.
8.610- # NOTE: This will only take effect if LDAP is enabled
8.611- ldap_group_sync_worker:
8.612- cron: "0 * * * *"
8.613-
8.614- # GitLab Geo metrics update worker
8.615- # NOTE: This will only take effect if Geo is enabled
8.616- geo_metrics_update_worker:
8.617- cron: "*/1 * * * *"
8.618-
8.619- # GitLab Geo prune event log worker
8.620- # NOTE: This will only take effect if Geo is enabled (primary node only)
8.621- geo_prune_event_log_worker:
8.622- cron: "*/5 * * * *"
8.623-
8.624- # GitLab Geo repository sync worker
8.625- # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
8.626- geo_repository_sync_worker:
8.627- cron: "*/1 * * * *"
8.628-
8.629- # GitLab Geo registry backfill worker
8.630- # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
8.631- geo_secondary_registry_consistency_worker:
8.632- cron: "* * * * *"
8.633-
8.634- # GitLab Geo blob registry sync worker (for backfilling)
8.635- # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
8.636- geo_registry_sync_worker:
8.637- cron: "*/1 * * * *"
8.638-
8.639- # GitLab Geo repository registry sync worker (for backfilling)
8.640- # NOTE: This will only take effect if Geo is enabled (secondary nodes only)
8.641- geo_repository_registry_sync_worker:
8.642- cron: "*/1 * * * *"
8.643-
8.644- # Elasticsearch bulk updater for incremental updates.
8.645- # NOTE: This will only take effect if elasticsearch is enabled.
8.646- elastic_index_bulk_cron_worker:
8.647- cron: "*/1 * * * *"
8.648-
8.649- # Elasticsearch bulk updater for initial updates.
8.650- # NOTE: This will only take effect if elasticsearch is enabled.
8.651- elastic_index_initial_bulk_cron_worker:
8.652- cron: "*/1 * * * *"
8.653-
8.654- # Elasticsearch reindexing worker
8.655- # NOTE: This will only take effect if elasticsearch is enabled.
8.656- elastic_index_initial_bulk_cron_worker:
8.657- cron: "*/10 * * * *"
8.658-
8.659- # Periodically prune stale runners from namespaces having opted-in.
8.660- ci_runners_stale_group_runners_prune_worker_cron:
8.661- cron: "30 * * * *"
8.662-
8.663- # Periodically queue syncing of finished builds from p_ci_finished_build_ch_sync_events to ClickHouse
8.664- click_house_ci_finished_builds_sync_worker:
8.665- cron: "*/3 * * * *"
8.666-
8.667- registry:
8.668- # enabled: true
8.669- # host: registry.example.com
8.670- # port: 5005
8.671- # api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
8.672- # key: config/registry.key
8.673- # path: shared/registry
8.674- # issuer: gitlab-issuer
8.675- # notification_secret: '' # only set it when you use Geo replication feature without built-in Registry
8.676-
8.677- # Add notification settings if you plan to use Geo Replication for the registry
8.678- # notifications:
8.679- # - name: geo_event
8.680- # url: https://example.com/api/v4/container_registry_event/events
8.681- # timeout: 2s
8.682- # threshold: 5
8.683- # backoff: 1s
8.684- # headers:
8.685- # Authorization: secret_phrase
8.686-
8.687- ## Error Reporting and Logging with Sentry
8.688- sentry:
8.689- # enabled: false
8.690- # dsn: https://<key>@sentry.io/<project>
8.691- # clientside_dsn: https://<key>@sentry.io/<project>
8.692- # environment: 'production' # e.g. development, staging, production
8.693-
8.694- ## Geo
8.695- # NOTE: These settings will only take effect if Geo is enabled
8.696- geo:
8.697- # This is an optional identifier which Geo nodes can use to identify themselves.
8.698- # For example, if external_url is the same for two secondaries, you must specify
8.699- # a unique Geo node name for those secondaries.
8.700- #
8.701- # If it is blank, it defaults to external_url.
8.702- node_name: ''
8.703-
8.704- registry_replication:
8.705- # enabled: true
8.706- # primary_api_url: http://localhost:5000/ # internal address to the primary registry, will be used by GitLab to directly communicate with primary registry API
8.707-
8.708- ## Feature Flag https://docs.gitlab.com/ee/operations/feature_flags.html
8.709- feature_flags:
8.710- unleash:
8.711- # enabled: false
8.712- # url: https://gitlab.com/api/v4/feature_flags/unleash/<project_id>
8.713- # app_name: gitlab.com # Environment name of your GitLab instance
8.714- # instance_id: INSTANCE_ID
8.715-
8.716- #
8.717- # 2. GitLab CI settings
8.718- # ==========================
8.719-
8.720- gitlab_ci:
8.721- # Default project notifications settings:
8.722-
8.723- # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
8.724- # builds_path: builds/
8.725-
8.726- #
8.727- # 3. Auth settings
8.728- # ==========================
8.729-
8.730- ## LDAP settings
8.731- # You can test connections and inspect a sample of the LDAP users with login
8.732- # access by running:
8.733- # bundle exec rake gitlab:ldap:check RAILS_ENV=production
8.734- ldap:
8.735- enabled: false
8.736- prevent_ldap_sign_in: false
8.737-
8.738- # File location to read encrypted secrets from
8.739- # secret_file: /mnt/gitlab/ldap.yaml.enc # Default: shared/encrypted_settings/ldap.yaml.enc
8.740-
8.741- # This setting controls the number of seconds between LDAP permission checks
8.742- # for each user. After this time has expired for a given user, their next
8.743- # interaction with GitLab (a click in the web UI, a git pull, etc.) will be
8.744- # slower because the LDAP permission check is being performed. How much
8.745- # slower depends on your LDAP setup, but it is not uncommon for this check
8.746- # to add seconds of waiting time. The default value is to have a "slow
8.747- # click" once every 3600 seconds (i.e., once per hour).
8.748- #
8.749- # Warning: if you set this value too low, every click in GitLab will be a
8.750- # "slow click" for all of your LDAP users.
8.751- # sync_time: 3600
8.752-
8.753- servers:
8.754- ##########################################################################
8.755- #
8.756- # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
8.757- # Enterprise Edition now supports connecting to multiple LDAP servers.
8.758- #
8.759- # If you are updating from the old (pre-7.4) syntax, you MUST give your
8.760- # old server the ID 'main'.
8.761- #
8.762- ##########################################################################
8.763- main: # 'main' is the GitLab 'provider ID' of this LDAP server
8.764- ## label
8.765- #
8.766- # A human-friendly name for your LDAP server. It is OK to change the label later,
8.767- # for instance if you find out it is too large to fit on the web page.
8.768- #
8.769- # Example: 'Paris' or 'Acme, Ltd.'
8.770- label: 'LDAP'
8.771-
8.772- # Example: 'ldap.mydomain.com'
8.773- host: '_your_ldap_server'
8.774- # This port is an example, it is sometimes different but it is always an integer and not a string
8.775- port: 389 # usually 636 for SSL
8.776- uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.
8.777-
8.778- # Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
8.779- bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
8.780- password: '_the_password_of_the_bind_user'
8.781-
8.782- # Encryption method. The "method" key is deprecated in favor of
8.783- # "encryption".
8.784- #
8.785- # Examples: "start_tls" or "simple_tls" or "plain"
8.786- #
8.787- # Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
8.788- # replaced with "simple_tls".
8.789- #
8.790- encryption: 'plain'
8.791-
8.792- # Enables SSL certificate verification if encryption method is
8.793- # "start_tls" or "simple_tls". Defaults to true.
8.794- verify_certificates: true
8.795-
8.796- # OpenSSL::SSL::SSLContext options.
8.797- tls_options:
8.798- # Specifies the path to a file containing a PEM-format CA certificate,
8.799- # e.g. if you need to use an internal CA.
8.800- #
8.801- # Example: '/etc/ca.pem'
8.802- #
8.803- ca_file: ''
8.804-
8.805- # Specifies the SSL version for OpenSSL to use, if the OpenSSL default
8.806- # is not appropriate.
8.807- #
8.808- # Example: 'TLSv1_1'
8.809- #
8.810- ssl_version: ''
8.811-
8.812- # Specific SSL ciphers to use in communication with LDAP servers.
8.813- #
8.814- # Example: 'ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2'
8.815- ciphers: ''
8.816-
8.817- # Client certificate
8.818- #
8.819- # Example:
8.820- # cert: |
8.821- # -----BEGIN CERTIFICATE-----
8.822- # MIIDbDCCAlSgAwIBAgIGAWkJxLmKMA0GCSqGSIb3DQEBCwUAMHcxFDASBgNVBAoTC0dvb2dsZSBJ
8.823- # bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQDEwtMREFQIENsaWVudDEPMA0GA1UE
8.824- # CxMGR1N1aXRlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xOTAyMjAwNzE4
8.825- # rntnF4d+0dd7zP3jrWkbdtoqjLDT/5D7NYRmVCD5vizV98FJ5//PIHbD1gL3a9b2MPAc6k7NV8tl
8.826- # ...
8.827- # 4SbuJPAiJxC1LQ0t39dR6oMCAMab3hXQqhL56LrR6cRBp6Mtlphv7alu9xb/x51y2x+g2zWtsf80
8.828- # Jrv/vKMsIh/sAyuogb7hqMtp55ecnKxceg==
8.829- # -----END CERTIFICATE -----
8.830- cert: ''
8.831-
8.832- # Client private key
8.833- # key: |
8.834- # -----BEGIN PRIVATE KEY-----
8.835- # MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3DmJtLRmJGY4xU1QtI3yjvxO6
8.836- # bNuyE4z1NF6Xn7VSbcAaQtavWQ6GZi5uukMo+W5DHVtEkgDwh92ySZMuJdJogFbNvJvHAayheCdN
8.837- # 7mCQ2UUT9jGXIbmksUn9QMeJVXTZjgJWJzPXToeUdinx9G7+lpVa62UATEd1gaI3oyL72WmpDy/C
8.838- # rntnF4d+0dd7zP3jrWkbdtoqjLDT/5D7NYRmVCD5vizV98FJ5//PIHbD1gL3a9b2MPAc6k7NV8tl
8.839- # ...
8.840- # +9IhSYX+XIg7BZOVDeYqlPfxRvQh8vy3qjt/KUihmEPioAjLaGiihs1Fk5ctLk9A2hIUyP+sEQv9
8.841- # l6RG+a/mW+0rCWn8JAd464Ps9hE=
8.842- # -----END PRIVATE KEY-----
8.843- key: ''
8.844-
8.845- # Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
8.846- # a request if the LDAP server becomes unresponsive.
8.847- # A value of 0 means there is no timeout.
8.848- timeout: 10
8.849-
8.850- # Enable smartcard authentication against the LDAP server. Valid values
8.851- # are "false", "optional", and "required".
8.852- smartcard_auth: false
8.853-
8.854- # This setting specifies if LDAP server is Active Directory LDAP server.
8.855- # For non AD servers it skips the AD specific queries.
8.856- # If your LDAP server is not AD, set this to false.
8.857- active_directory: true
8.858-
8.859- # If allow_username_or_email_login is enabled, GitLab will ignore everything
8.860- # after the first '@' in the LDAP username submitted by the user on login.
8.861- #
8.862- # Example:
8.863- # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
8.864- # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
8.865- #
8.866- # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
8.867- # disable this setting, because the userPrincipalName contains an '@'.
8.868- allow_username_or_email_login: false
8.869-
8.870- # To maintain tight control over the number of active users on your GitLab installation,
8.871- # enable this setting to keep new users blocked until they have been cleared by the admin
8.872- # (default: false).
8.873- block_auto_created_users: false
8.874-
8.875- # Base where we can search for users
8.876- #
8.877- # Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com'
8.878- #
8.879- base: ''
8.880-
8.881- # Filter LDAP users
8.882- #
8.883- # Format: RFC 4515 https://www.rfc-editor.org/rfc/rfc4515
8.884- # Ex. (employeeType=developer)
8.885- #
8.886- # Note: GitLab does not support omniauth-ldap's custom filter syntax.
8.887- #
8.888- # Example for getting only specific users:
8.889- # '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
8.890- #
8.891- user_filter: ''
8.892-
8.893- # Base where we can search for groups
8.894- #
8.895- # Ex. ou=Groups,dc=gitlab,dc=example
8.896- #
8.897- group_base: ''
8.898-
8.899- # LDAP group of users who should be admins in GitLab
8.900- #
8.901- # Ex. GLAdmins
8.902- #
8.903- admin_group: ''
8.904-
8.905- # LDAP group of users who should be marked as external users in GitLab
8.906- #
8.907- # Ex. ['Contractors', 'Interns']
8.908- #
8.909- external_groups: []
8.910-
8.911- # Name of attribute which holds a ssh public key of the user object.
8.912- # If false or nil, SSH key syncronisation will be disabled.
8.913- #
8.914- # Ex. sshpublickey
8.915- #
8.916- sync_ssh_keys: false
8.917-
8.918- # Retry ldap search connection if got empty results with specified response code(s)
8.919- #
8.920- # Ex. [80]
8.921- # retry_empty_result_with_codes: []
8.922-
8.923- # LDAP attributes that GitLab will use to create an account for the LDAP user.
8.924- # The specified attribute can either be the attribute name as a string (e.g. 'mail'),
8.925- # or an array of attribute names to try in order (e.g. ['mail', 'email']).
8.926- # Note that the user's LDAP login will always be the attribute specified as `uid` above.
8.927- attributes:
8.928- # The username will be used in paths for the user's own projects
8.929- # (like `gitlab.example.com/username/project`) and when mentioning
8.930- # them in issues, merge request and comments (like `@username`).
8.931- # If the attribute specified for `username` contains an email address,
8.932- # the GitLab username will be the part of the email address before the '@'.
8.933- username: ['uid', 'userid', 'sAMAccountName']
8.934- email: ['mail', 'email', 'userPrincipalName']
8.935-
8.936- # If no full name could be found at the attribute specified for `name`,
8.937- # the full name is determined using the attributes specified for
8.938- # `first_name` and `last_name`.
8.939- name: 'cn'
8.940- first_name: 'givenName'
8.941- last_name: 'sn'
8.942-
8.943- # If lowercase_usernames is enabled, GitLab will lower case the username.
8.944- lowercase_usernames: false
8.945-
8.946- # GitLab EE only: add more LDAP servers
8.947- # Choose an ID made of a-z and 0-9 . This ID will be stored in the database
8.948- # so that GitLab can remember which LDAP server a user belongs to.
8.949- # uswest2:
8.950- # label:
8.951- # host:
8.952- # ....
8.953-
8.954- ## Smartcard authentication settings
8.955- smartcard:
8.956- # Allow smartcard authentication
8.957- enabled: false
8.958-
8.959- # Path to a file containing a CA certificate bundle
8.960- ca_file: '/etc/ssl/certs/CA.pem'
8.961-
8.962- # Host and port where the client side certificate is requested by the
8.963- # webserver (NGINX/Apache)
8.964- # client_certificate_required_host: smartcard.gitlab.example.com
8.965- # client_certificate_required_port: 3444
8.966-
8.967- # Browser session with smartcard sign-in is required for Git access
8.968- # required_for_git_access: false
8.969-
8.970- # Use X.509 SAN extensions certificates to identify GitLab users
8.971- # Add a subjectAltName to your certificates like: email:user
8.972- # san_extensions: true
8.973-
8.974- ## Kerberos settings
8.975- kerberos:
8.976- # Allow the HTTP Negotiate authentication method for Git clients
8.977- enabled: false
8.978-
8.979- # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
8.980- # and should be different from other keytabs in the system.
8.981- # (default: use default keytab from Krb5 config)
8.982- # keytab: /etc/http.keytab
8.983-
8.984- # The Kerberos service name to be used by GitLab.
8.985- # (default: accept any service name in keytab file)
8.986- # service_principal_name: HTTP/gitlab.example.com@EXAMPLE.COM
8.987-
8.988- # Kerberos realms/domains that are allowed to automatically link LDAP identities.
8.989- # By default, GitLab accepts a realm that matches the domain derived from the
8.990- # LDAP `base` DN. For example, `ou=users,dc=example,dc=com` would allow users
8.991- # with a realm matching `example.com`.
8.992- # simple_ldap_linking_allowed_realms: ['example.com','kerberos.example.com']
8.993-
8.994- # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
8.995- # To support both Basic and Negotiate methods with older versions of Git, configure
8.996- # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
8.997- # to dedicate this port to Kerberos authentication. (default: false)
8.998- # use_dedicated_port: true
8.999- # port: 8443
8.1000- # https: true
8.1001-
8.1002- ## OmniAuth settings
8.1003- omniauth:
8.1004- # Allow login via Twitter, Google, etc. using OmniAuth providers
8.1005- # enabled: true
8.1006-
8.1007- # Uncomment this to automatically sign in with a specific omniauth provider's without
8.1008- # showing GitLab's sign-in page (default: show the GitLab sign-in page)
8.1009- # auto_sign_in_with_provider: saml
8.1010-
8.1011- # Sync user's profile from the specified Omniauth providers every time the user logs in (default: empty).
8.1012- # Define the allowed providers using an array, e.g. ["saml", "twitter"],
8.1013- # or as true/false to allow all providers or none.
8.1014- # When authenticating using LDAP, the user's email is always synced.
8.1015- # sync_profile_from_provider: []
8.1016-
8.1017- # Select which info to sync from the providers above. (default: email).
8.1018- # Define the synced profile info using an array. Available options are "name", "email" and "location"
8.1019- # e.g. ["name", "email", "location"] or as true to sync all available.
8.1020- # This consequently will make the selected attributes read-only.
8.1021- # sync_profile_attributes: true
8.1022-
8.1023- # CAUTION!
8.1024- # This allows users to login without having a user account first. Define the allowed providers
8.1025- # using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
8.1026- # User accounts will be created automatically when authentication was successful.
8.1027- allow_single_sign_on: ["saml"]
8.1028-
8.1029- # Locks down those users until they have been cleared by the admin (default: true).
8.1030- block_auto_created_users: true
8.1031- # Look up new users in LDAP servers. If a match is found (same uid), automatically
8.1032- # link the omniauth identity with the LDAP account. (default: false)
8.1033- auto_link_ldap_user: false
8.1034-
8.1035- # Allow users with existing accounts to login and auto link their account via SAML
8.1036- # login, without having to do a manual login first and manually add SAML
8.1037- # (default: false)
8.1038- auto_link_saml_user: false
8.1039-
8.1040- # CAUTION!
8.1041- # Allows larger SAML messages to be received. Numeric value in bytes (default: 250000)
8.1042- # Too high limits exposes instance to decompression DDoS attack type.
8.1043- saml_message_max_byte_size: 250000
8.1044-
8.1045- # Allow users with existing accounts to sign in and auto link their account via OmniAuth
8.1046- # login, without having to do a manual login first and manually add OmniAuth. Links on email.
8.1047- # Define the allowed providers using an array, e.g. ["saml", "twitter"], or as true/false to
8.1048- # allow all providers or none.
8.1049- # (default: false)
8.1050- auto_link_user: ["saml", "twitter"]
8.1051-
8.1052- # Set different Omniauth providers as external so that all users creating accounts
8.1053- # via these providers will not be able to have access to internal projects. You
8.1054- # will need to use the full name of the provider, like `google_oauth2` for Google.
8.1055- # Refer to the examples below for the full names of the supported providers.
8.1056- # (default: [])
8.1057- external_providers: []
8.1058-
8.1059- # CAUTION!
8.1060- # This allows users to login with the specified providers without two factor. Define the allowed providers
8.1061- # using an array, e.g. ["twitter", 'google_oauth2'], or as true/false to allow all providers or none.
8.1062- # This option should only be configured for providers which already have two factor.
8.1063- # This configration dose not apply to SAML.
8.1064- # (default: false)
8.1065- allow_bypass_two_factor: ["twitter", 'google_oauth2']
8.1066-
8.1067- ## Auth providers
8.1068- # Uncomment the following lines and fill in the data of the auth provider you want to use
8.1069- # If your favorite auth provider is not listed you can use others:
8.1070- # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
8.1071- # The 'app_id' and 'app_secret' parameters are always passed as the first two
8.1072- # arguments, followed by optional 'args' which can be either a hash or an array.
8.1073- # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
8.1074- providers:
8.1075- # - { name: 'alicloud',
8.1076- # app_id: 'YOUR_APP_ID',
8.1077- # app_secret: 'YOUR_APP_SECRET' }
8.1078- # - { name: 'github',
8.1079- # app_id: 'YOUR_APP_ID',
8.1080- # app_secret: 'YOUR_APP_SECRET',
8.1081- # url: "https://github.com/",
8.1082- # verify_ssl: true,
8.1083- # args: { scope: 'user:email' } }
8.1084- # - { name: 'bitbucket',
8.1085- # app_id: 'YOUR_APP_ID',
8.1086- # app_secret: 'YOUR_APP_SECRET' }
8.1087- # - { name: 'dingtalk',
8.1088- # app_id: 'YOUR_APP_ID',
8.1089- # app_secret: 'YOUR_APP_SECRET' }
8.1090- # - { name: 'gitlab',
8.1091- # app_id: 'YOUR_APP_ID',
8.1092- # app_secret: 'YOUR_APP_SECRET',
8.1093- # args: { scope: 'api' } }
8.1094- # - { name: 'google_oauth2',
8.1095- # app_id: 'YOUR_APP_ID',
8.1096- # app_secret: 'YOUR_APP_SECRET',
8.1097- # args: { access_type: 'offline', approval_prompt: '' } }
8.1098- # - { name: 'facebook',
8.1099- # app_id: 'YOUR_APP_ID',
8.1100- # app_secret: 'YOUR_APP_SECRET' }
8.1101- # - { name: 'twitter',
8.1102- # app_id: 'YOUR_APP_ID',
8.1103- # app_secret: 'YOUR_APP_SECRET' }
8.1104- # - { name: 'jwt',
8.1105- # args: {
8.1106- # secret: 'YOUR_APP_SECRET',
8.1107- # algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
8.1108- # uid_claim: 'email',
8.1109- # required_claims: ['name', 'email'],
8.1110- # info_map: { name: 'name', email: 'email' },
8.1111- # auth_url: 'https://example.com/',
8.1112- # valid_within: 3600 # 1 hour
8.1113- # }
8.1114- # }
8.1115- # - { name: 'saml',
8.1116- # label: 'Our SAML Provider',
8.1117- # groups_attribute: 'Groups',
8.1118- # external_groups: ['Contractors', 'Freelancers'],
8.1119- # args: {
8.1120- # assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
8.1121- # idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
8.1122- # idp_sso_target_url: 'https://login.example.com/idp',
8.1123- # issuer: 'https://gitlab.example.com',
8.1124- # name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
8.1125- # } }
8.1126- #
8.1127- # - { name: 'group_saml' }
8.1128- #
8.1129- # - { name: 'crowd',
8.1130- # args: {
8.1131- # crowd_server_url: 'CROWD SERVER URL',
8.1132- # application_name: 'YOUR_APP_NAME',
8.1133- # application_password: 'YOUR_APP_PASSWORD' } }
8.1134- #
8.1135- # - { name: 'auth0',
8.1136- # args: {
8.1137- # client_id: 'YOUR_AUTH0_CLIENT_ID',
8.1138- # client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
8.1139- # namespace: 'YOUR_AUTH0_DOMAIN' } }
8.1140-
8.1141- # FortiAuthenticator settings
8.1142- forti_authenticator:
8.1143- # Allow using FortiAuthenticator as OTP provider
8.1144- enabled: false
8.1145-
8.1146- # Host and port of FortiAuthenticator instance
8.1147- # host: forti_authenticator.example.com
8.1148- # port: 443
8.1149-
8.1150- # Username for accessing FortiAuthenticator API
8.1151- # username: john
8.1152-
8.1153- # Access token for FortiAuthenticator API
8.1154- # access_token: 123s3cr3t456
8.1155-
8.1156- # FortiToken Cloud settings
8.1157- forti_token_cloud:
8.1158- # Allow using FortiToken Cloud as OTP provider
8.1159- enabled: false
8.1160-
8.1161- # Client ID and Secret to access FortiToken Cloud API
8.1162- # client_id: 'YOUR_FORTI_TOKEN_CLOUD_CLIENT_ID'
8.1163- # client_secret: 'YOUR_FORTI_TOKEN_CLOUD_CLIENT_SECRET'
8.1164-
8.1165- # Duo Auth settings
8.1166- duo_auth:
8.1167- # Allow using Duo as an OTP provider
8.1168- enabled: false
8.1169-
8.1170- # Client ID and Secret to access Duo's API
8.1171- # integration_key: 'YOUR_DUO_INTEGRATION_KEY'
8.1172- # secret_key: 'YOUR_DUO_SECRET_KEY'
8.1173- # hostname: 'YOUR_DUO_API_FQDN'
8.1174-
8.1175- # Shared file storage settings
8.1176- shared:
8.1177- # path: /mnt/gitlab # Default: shared
8.1178-
8.1179- # Encrypted Settings configuration
8.1180- encrypted_settings:
8.1181- # path: /mnt/gitlab/encrypted_settings # Default: shared/encrypted_settings
8.1182-
8.1183- # Gitaly settings
8.1184- gitaly:
8.1185- # Default Gitaly authentication token. Can be overridden per storage. Can
8.1186- # be left blank when Gitaly is running locally on a Unix socket, which
8.1187- # is the normal way to deploy Gitaly.
8.1188- token:
8.1189-
8.1190- #
8.1191- # 4. Advanced settings
8.1192- # ==========================
8.1193-
8.1194- ## Repositories settings
8.1195- repositories:
8.1196- # Paths where repositories can be stored. Give the canonicalized absolute pathname.
8.1197- # IMPORTANT: None of the path components may be symlink, because
8.1198- # gitlab-shell invokes Dir.pwd inside the repository path and that results
8.1199- # real path not the symlink.
8.1200- storages: # You must have at least a `default` storage path.
8.1201- default:
8.1202- path: /home/git/repositories/
8.1203- gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port).
8.1204- # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.
8.1205- hgitaly_address: unix:/home/git/gitlab/tmp/sockets/private/hgitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are *not* at this point (tracking issue is hgitaly#3)
8.1206-
8.1207- ## Backup settings
8.1208- backup:
8.1209- path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
8.1210- # gitaly_backup_path: /home/git/gitaly/_build/bin/gitaly-backup # Path of the gitaly-backup binary (default: searches $PATH)
8.1211- # archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
8.1212- # keep_time: 604800 # default: 0 (forever) (in seconds)
8.1213- # pg_schema: public # default: nil, it means that all schemas will be backed up
8.1214- # upload:
8.1215- # # Fog storage connection settings, see https://fog.io/storage/ .
8.1216- # connection:
8.1217- # provider: AWS
8.1218- # region: eu-west-1
8.1219- # aws_access_key_id: AKIAKIAKI
8.1220- # aws_secret_access_key: 'secret123'
8.1221- # # The remote 'directory' to store your backups. For S3, this would be the bucket name.
8.1222- # remote_directory: 'my.s3.bucket'
8.1223- # # Use multipart uploads when file size reaches 100MB, see
8.1224- # # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
8.1225- # multipart_chunk_size: 104857600
8.1226- # # Specifies Amazon S3 storage class to use for backups (optional)
8.1227- # # storage_class: 'STANDARD'
8.1228- # # Turns on AWS Server-Side Encryption with Amazon Customer-Provided Encryption Keys for backups, this is optional
8.1229- # # 'encryption' must be set in order for this to have any effect.
8.1230- # # 'encryption_key' should be set to the 256-bit encryption key for Amazon S3 to use to encrypt or decrypt your data.
8.1231- # # encryption: 'AES256'
8.1232- # # encryption_key: '<key>'
8.1233- # #
8.1234- # # Turns on AWS Server-Side Encryption with Amazon S3-Managed keys (optional)
8.1235- # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
8.1236- # # For SSE-S3, set 'server_side_encryption' to 'AES256'.
8.1237- # # For SS3-KMS, set 'server_side_encryption' to 'aws:kms'. Set
8.1238- # # 'server_side_encryption_kms_key_id' to the ARN of customer master key.
8.1239- # # storage_options:
8.1240- # # server_side_encryption: 'aws:kms'
8.1241- # # server_side_encryption_kms_key_id: 'arn:aws:kms:YOUR-KEY-ID-HERE'
8.1242-
8.1243- ## GitLab Shell settings
8.1244- gitlab_shell:
8.1245- path: /home/git/gitlab-shell/
8.1246- authorized_keys_file: /home/git/.ssh/authorized_keys
8.1247-
8.1248- # File that contains the secret key for verifying access for gitlab-shell.
8.1249- # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
8.1250- # secret_file: /home/git/gitlab/.gitlab_shell_secret
8.1251-
8.1252- # Git over HTTP
8.1253- upload_pack: true
8.1254- receive_pack: true
8.1255-
8.1256- # Git import/fetch timeout, in seconds. Defaults to 3 hours.
8.1257- # git_timeout: 10800
8.1258-
8.1259- # If you use non-standard ssh port you need to specify it
8.1260- # ssh_port: 22
8.1261-
8.1262- workhorse:
8.1263- # File that contains the secret key for verifying access for gitlab-workhorse.
8.1264- # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
8.1265- # secret_file: /home/git/gitlab/.gitlab_workhorse_secret
8.1266-
8.1267- gitlab_kas:
8.1268- # enabled: true
8.1269- # File that contains the secret key for verifying access for gitlab-kas.
8.1270- # Default is '.gitlab_kas_secret' relative to Rails.root (i.e. root of the GitLab app).
8.1271- # secret_file: /home/git/gitlab/.gitlab_kas_secret
8.1272-
8.1273- # The URL to the external KAS API (used by the Kubernetes agents)
8.1274- # external_url: wss://kas.example.com
8.1275-
8.1276- # The URL to the internal KAS API (used by the GitLab backend)
8.1277- # internal_url: grpc://localhost:8153
8.1278-
8.1279- # The URL to the Kubernetes API proxy (used by GitLab users)
8.1280- # external_k8s_proxy_url: https://localhost:8154 # default: nil
8.1281-
8.1282- suggested_reviewers:
8.1283- # File that contains the secret key for verifying access to GitLab internal API for Suggested Reviewers.
8.1284- # Default is '.gitlab_suggested_reviewers_secret' relative to Rails.root (i.e. root of the GitLab app).
8.1285- # secret_file: /home/git/gitlab/.gitlab_suggested_reviewers_secret
8.1286-
8.1287- zoekt:
8.1288- # Files that contain username and password for basic auth for Zoekt
8.1289- # Default is '.gitlab_zoekt_username' and '.gitlab_zoekt_password' in Rails.root
8.1290- # username_file: /home/git/gitlab/.gitlab_zoekt_username
8.1291- # password_file: /home/git/gitlab/.gitlab_zoekt_password
8.1292-
8.1293- ## GitLab Elasticsearch settings
8.1294- elasticsearch:
8.1295- indexer_path: /home/git/gitlab-elasticsearch-indexer/
8.1296-
8.1297- ## Git settings
8.1298- # CAUTION!
8.1299- # Use the default values unless you really know what you are doing
8.1300- git:
8.1301- bin_path: /usr/bin/git
8.1302-
8.1303- ## Mercurial settings
8.1304- mercurial:
8.1305- # application-wide Mercurial settings.
8.1306- #
8.1307- # These *must* include the structural and default settings,
8.1308- # which is typically achieved by listing the `heptapod/required.hgrc`
8.1309- # file from the `heptapod` Python distribution or include it in one of
8.1310- # the files listed here.
8.1311- #
8.1312- # The settings listed here are themselves overridable by Group and Project
8.1313- # level HGRC files.
8.1314- #
8.1315- # Files that don't exist are safely ignored.
8.1316- # The default value is tailored for Heptapod Docker installations
8.1317- # made before version 0.9 without changing their `gitlab.yml` files.
8.1318- #
8.1319- # hgrc:
8.1320- # - /opt/gitlab/etc/docker.hgrc
8.1321- # - /etc/gitlab/heptapod.hgrc
8.1322-
8.1323- # The mercurial command. It MUST be able to import the `heptapod`
8.1324- # extension and its dependencies.
8.1325- # bin_path: hg
8.1326-
8.1327- # URL of the `hgserve` service. It MUST be a loopback URL
8.1328- # (Unix domain socket are not implemented yet)
8.1329- # hgserve_url: http://127.0.0.1:8000
8.1330-
8.1331- # Mercurial internal code selection
8.1332- # Possible values are "c", "rust+c", "pure", "c-allow" and "rust+c-allow"
8.1333- # The "-allow" variants don't require the corresponding binary to be
8.1334- # available. The strict ones do.
8.1335- #
8.1336- # If not set, the compile-time default is used (usually strict)
8.1337- # module_policy:
8.1338-
8.1339- ## Webpack settings
8.1340- # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
8.1341- # on a given port instead of serving directly from /assets/webpack. This is only indended for use
8.1342- # in development.
8.1343- webpack:
8.1344- # dev_server:
8.1345- # enabled: true
8.1346- # host: localhost
8.1347- # port: 3808
8.1348-
8.1349- ## Monitoring
8.1350- # Built in monitoring settings
8.1351- monitoring:
8.1352- # IP whitelist to access monitoring endpoints
8.1353- ip_whitelist:
8.1354- - 127.0.0.0/8
8.1355-
8.1356- # Sidekiq exporter is a dedicated Prometheus metrics server optionally running alongside Sidekiq.
8.1357- sidekiq_exporter:
8.1358- # enabled: true
8.1359- # log_enabled: false
8.1360- # address: localhost
8.1361- # port: 8082
8.1362- # tls_enabled: false
8.1363- # tls_cert_path: /path/to/cert.pem
8.1364- # tls_key_path: /path/to/key.pem
8.1365-
8.1366- sidekiq_health_checks:
8.1367- # enabled: true
8.1368- # address: localhost
8.1369- # port: 8092
8.1370-
8.1371- # Web exporter is a dedicated Prometheus metrics server optionally running alongside Puma.
8.1372- web_exporter:
8.1373- # enabled: true
8.1374- # address: localhost
8.1375- # port: 8083
8.1376- # tls_enabled: false
8.1377- # tls_cert_path: /path/to/cert.pem
8.1378- # tls_key_path: /path/to/key.pem
8.1379-
8.1380- ## Prometheus settings
8.1381- # Do not modify these settings here. They should be modified in /etc/gitlab/gitlab.rb
8.1382- # if you installed GitLab via Omnibus.
8.1383- # If you installed from source, you need to install and configure Prometheus
8.1384- # yourself, and then update the values here.
8.1385- # https://docs.gitlab.com/ee/administration/monitoring/prometheus/
8.1386- prometheus:
8.1387- # enabled: true
8.1388- # server_address: 'localhost:9090'
8.1389- snowplow_micro:
8.1390- enabled: true
8.1391- address: '127.0.0.1:9091'
8.1392-
8.1393- ## Consul settings
8.1394- consul:
8.1395- # api_url: 'http://localhost:8500'
8.1396-
8.1397- shutdown:
8.1398- # # blackout_seconds:
8.1399- # # defines an interval to block healthcheck,
8.1400- # # but continue accepting application requests
8.1401- # # this allows Load Balancer to notice service
8.1402- # # being shutdown and not interrupt any of the clients
8.1403- # blackout_seconds: 10
8.1404-
8.1405- #
8.1406- # 5. Extra customization
8.1407- # ==========================
8.1408-
8.1409- extra:
8.1410- ## Google analytics. Uncomment if you want it
8.1411- # google_analytics_id: '_your_tracking_id'
8.1412-
8.1413- ## Google tag manager
8.1414- # google_tag_manager_id: '_your_tracking_id'
8.1415-
8.1416- ## OneTrust
8.1417- # one_trust_id: '_your_one_trust_id'
8.1418-
8.1419- ## Bizible.
8.1420- # bizible: true
8.1421-
8.1422- ## Matomo analytics.
8.1423- # matomo_url: '_your_matomo_url'
8.1424- # matomo_site_id: '_your_matomo_site_id'
8.1425- # matomo_disable_cookies: false
8.1426-
8.1427- ## Maximum file size for syntax highlighting
8.1428- ## https://docs.gitlab.com/ee/user/project/highlighting.html
8.1429- # maximum_text_highlight_size_kilobytes: 512
8.1430-
8.1431- rack_attack:
8.1432- git_basic_auth:
8.1433- # Rack Attack IP banning enabled
8.1434- # enabled: true
8.1435- #
8.1436- # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
8.1437- # ip_whitelist: ["127.0.0.1"]
8.1438- #
8.1439- # Limit the number of Git HTTP authentication attempts per IP
8.1440- # maxretry: 10
8.1441- #
8.1442- # Reset the auth attempt counter per IP after 60 seconds
8.1443- # findtime: 60
8.1444- #
8.1445- # Ban an IP for one hour (3600s) after too many auth attempts
8.1446- # bantime: 3600
8.1447-
8.1448-development:
8.1449- <<: *base
8.1450-
8.1451- # We want to run web/sidekiq exporters for devs
8.1452- # to catch errors from using them.
8.1453- #
8.1454- # We use random port to not block ability to run
8.1455- # multiple instances of the service
8.1456- monitoring:
8.1457- sidekiq_exporter:
8.1458- enabled: true
8.1459- address: 127.0.0.1
8.1460- port: 0
8.1461- web_exporter:
8.1462- enabled: true
8.1463- address: 127.0.0.1
8.1464- port: 0
8.1465-
8.1466-test:
8.1467- <<: *base
8.1468- gravatar:
8.1469- enabled: true
8.1470- external_diffs:
8.1471- enabled: false
8.1472- # Diffs may be `always` external (the default), or they can be made external
8.1473- # after they have become `outdated` (i.e., the MR is closed or a new version
8.1474- # has been pushed).
8.1475- # when: always
8.1476- # The location where external diffs are stored (default: shared/external-diffs).
8.1477- storage_path: tmp/tests/external-diffs
8.1478- object_store:
8.1479- enabled: false
8.1480- remote_directory: external-diffs # The bucket name
8.1481- connection:
8.1482- provider: AWS # Only AWS supported at the moment
8.1483- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1484- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1485- region: us-east-1
8.1486- lfs:
8.1487- enabled: false
8.1488- # The location where LFS objects are stored (default: shared/lfs-objects).
8.1489- # storage_path: shared/lfs-objects
8.1490- object_store:
8.1491- enabled: false
8.1492- remote_directory: lfs-objects # The bucket name
8.1493- connection:
8.1494- provider: AWS # Only AWS supported at the moment
8.1495- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1496- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1497- region: us-east-1
8.1498- artifacts:
8.1499- path: tmp/tests/artifacts
8.1500- enabled: true
8.1501- # The location where build artifacts are stored (default: shared/artifacts).
8.1502- # path: shared/artifacts
8.1503- object_store:
8.1504- enabled: false
8.1505- remote_directory: artifacts # The bucket name
8.1506- connection:
8.1507- provider: AWS # Only AWS supported at the moment
8.1508- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1509- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1510- region: us-east-1
8.1511- uploads:
8.1512- storage_path: tmp/tests/public
8.1513- object_store:
8.1514- enabled: false
8.1515- connection:
8.1516- provider: AWS # Only AWS supported at the moment
8.1517- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1518- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1519- region: us-east-1
8.1520-
8.1521- terraform_state:
8.1522- enabled: true
8.1523- storage_path: tmp/tests/terraform_state
8.1524- object_store:
8.1525- enabled: false
8.1526- remote_directory: terraform
8.1527- connection:
8.1528- provider: AWS # Only AWS supported at the moment
8.1529- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1530- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1531- region: us-east-1
8.1532-
8.1533- ci_secure_files:
8.1534- enabled: true
8.1535- storage_path: tmp/tests/ci_secure_files
8.1536- object_store:
8.1537- enabled: false
8.1538- remote_directory: ci-secure-files
8.1539- connection:
8.1540- provider: AWS # Only AWS supported at the moment
8.1541- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1542- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1543- region: us-east-1
8.1544-
8.1545- gitlab:
8.1546- host: localhost
8.1547- port: 80
8.1548-
8.1549- content_security_policy:
8.1550- enabled: true
8.1551- report_only: false
8.1552- directives:
8.1553- base_uri:
8.1554- child_src:
8.1555- connect_src:
8.1556- default_src: "'self'"
8.1557- font_src:
8.1558- form_action:
8.1559- frame_ancestors: "'self'"
8.1560- frame_src: "'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"
8.1561- img_src: "* data: blob:"
8.1562- manifest_src:
8.1563- media_src:
8.1564- object_src: "'none'"
8.1565- script_src: "'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"
8.1566- style_src: "'self' 'unsafe-inline'"
8.1567- worker_src: "'self' blob:"
8.1568- report_uri:
8.1569-
8.1570- # When you run tests we clone and set up gitlab-shell
8.1571- # In order to set it up correctly you need to specify
8.1572- # your system username you use to run GitLab
8.1573- # user: YOUR_USERNAME
8.1574- pages:
8.1575- path: tmp/tests/pages
8.1576- object_store:
8.1577- enabled: false
8.1578- remote_directory: pages # The bucket name
8.1579- connection:
8.1580- provider: AWS
8.1581- aws_access_key_id: AWS_ACCESS_KEY_ID
8.1582- aws_secret_access_key: AWS_SECRET_ACCESS_KEY
8.1583- region: us-east-1
8.1584- local_store:
8.1585- enabled: true
8.1586- path: tmp/tests/pages
8.1587- repositories:
8.1588- storages:
8.1589- default:
8.1590- path: tmp/tests/repositories/
8.1591- gitaly_address: unix:tmp/tests/gitaly/praefect.socket
8.1592- hgitaly_address: unix:tmp/tests/hgitaly/hgitaly.socket
8.1593- rhgitaly_address: unix:tmp/tests/hgitaly/rhgitaly.socket
8.1594-
8.1595- gitaly:
8.1596- client_path: tmp/tests/gitaly/_build/bin
8.1597- token: secret
8.1598- workhorse:
8.1599- secret_file: tmp/gitlab_workhorse_test_secret
8.1600- backup:
8.1601- path: tmp/tests/backups
8.1602- gitaly_backup_path: tmp/tests/gitaly/_build/bin/gitaly-backup
8.1603- gitlab_shell:
8.1604- path: tmp/tests/gitlab-shell/
8.1605- authorized_keys_file: tmp/tests/authorized_keys
8.1606- issues_tracker:
8.1607- redmine:
8.1608- title: "Redmine"
8.1609- project_url: "http://redmine/projects/:issues_tracker_id"
8.1610- issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
8.1611- new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
8.1612- jira:
8.1613- title: "Jira"
8.1614- url: https://sample_company.atlassian.net
8.1615- project_key: PROJECT
8.1616-
8.1617- omniauth:
8.1618- # enabled: true
8.1619- allow_single_sign_on: true
8.1620- external_providers: []
8.1621-
8.1622- providers:
8.1623- - { name: 'alicloud',
8.1624- app_id: 'YOUR_APP_ID',
8.1625- app_secret: 'YOUR_APP_SECRET' }
8.1626- - { name: 'github',
8.1627- app_id: 'YOUR_APP_ID',
8.1628- app_secret: 'YOUR_APP_SECRET',
8.1629- url: "https://github.com/",
8.1630- verify_ssl: false,
8.1631- args: { scope: 'user:email' } }
8.1632- - { name: 'bitbucket',
8.1633- app_id: 'YOUR_APP_ID',
8.1634- app_secret: 'YOUR_APP_SECRET' }
8.1635- - { name: 'dingtalk',
8.1636- app_id: 'YOUR_APP_ID',
8.1637- app_secret: 'YOUR_APP_SECRET' }
8.1638- - { name: 'gitlab',
8.1639- app_id: 'YOUR_APP_ID',
8.1640- app_secret: 'YOUR_APP_SECRET',
8.1641- args: { scope: 'api' } }
8.1642- - { name: 'google_oauth2',
8.1643- app_id: 'YOUR_APP_ID',
8.1644- app_secret: 'YOUR_APP_SECRET',
8.1645- args: { access_type: 'offline', approval_prompt: '' } }
8.1646- - { name: 'facebook',
8.1647- app_id: 'YOUR_APP_ID',
8.1648- app_secret: 'YOUR_APP_SECRET' }
8.1649- - { name: 'twitter',
8.1650- app_id: 'YOUR_APP_ID',
8.1651- app_secret: 'YOUR_APP_SECRET' }
8.1652- - { name: 'jwt',
8.1653- app_secret: 'YOUR_APP_SECRET',
8.1654- args: {
8.1655- algorithm: 'HS256',
8.1656- uid_claim: 'email',
8.1657- required_claims: ["name", "email"],
8.1658- info_map: { name: "name", email: "email" },
8.1659- auth_url: 'https://example.com/',
8.1660- valid_within: null,
8.1661- }
8.1662- }
8.1663- - { name: 'auth0',
8.1664- args: {
8.1665- client_id: 'YOUR_AUTH0_CLIENT_ID',
8.1666- client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
8.1667- namespace: 'YOUR_AUTH0_DOMAIN' } }
8.1668- - { name: 'salesforce',
8.1669- app_id: 'YOUR_CLIENT_ID',
8.1670- app_secret: 'YOUR_CLIENT_SECRET'
8.1671- }
8.1672- - { name: 'atlassian_oauth2',
8.1673- app_id: 'YOUR_CLIENT_ID',
8.1674- app_secret: 'YOUR_CLIENT_SECRET',
8.1675- args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' }
8.1676- }
8.1677- ldap:
8.1678- enabled: false
8.1679- servers:
8.1680- main:
8.1681- label: ldap
8.1682- host: 127.0.0.1
8.1683- port: 3890
8.1684- uid: 'uid'
8.1685- encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
8.1686- base: 'dc=example,dc=com'
8.1687- user_filter: ''
8.1688- group_base: 'ou=groups,dc=example,dc=com'
8.1689- admin_group: ''
8.1690- prometheus:
8.1691- enabled: true
8.1692- server_address: 'localhost:9090'
8.1693-
8.1694-staging:
8.1695- <<: *base
10.1--- a/etc/mercurial/hgrc Fri May 03 00:36:49 2024 +0000
10.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
10.3@@ -1,20 +0,0 @@
10.4-[paths]
10.5-core = https://vc.compiler.company/comp/core
10.6-core:pushurl = ssh://git@vc.compiler.company/comp/core
10.7-infra = https://vc.compiler.company/comp/infra
10.8-infra:pushurl = ssh://git@vc.compiler.company/comp/infra
10.9-demo = https://vc.compiler.company/comp/demo
10.10-demo:pushurl = ssh://git@vc.compiler.company/comp/demo
10.11-[extensions]
10.12-clonebundles =
10.13-git =
10.14-share =
10.15-[subrepos]
10.16-allowed = true
10.17-hg:allowed = true
10.18-git:allowed = true
10.19-svn:allowed = true
10.20-[rhg]
10.21-on-unsupported = fallback
10.22-fallback-executable = /bin/hg
10.23-allowed-extensions = clonebundles,git
10.24\ No newline at end of file
11.1--- a/etc/pacman.conf Fri May 03 00:36:49 2024 +0000
11.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
11.3@@ -1,24 +0,0 @@
11.4-[options]
11.5-#RootDir = /
11.6-#DBPath = /var/lib/pacman/
11.7-#CacheDir = /var/cache/pacman/pkg/
11.8-#LogFile = /var/log/pacman.log
11.9-#GPGDir = /etc/pacman.d/gnupg/
11.10-#HookDir = /etc/pacman.d/hooks/
11.11-HoldPkg = pacman glibc
11.12-#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
11.13-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
11.14-#CleanMethod = KeepInstalled
11.15-Architecture = auto
11.16-#IgnorePkg =
11.17-#IgnoreGroup =
11.18-#NoUpgrade =
11.19-#NoExtract =
11.20-#UseSyslog
11.21-#Color
11.22-#NoProgressBar
11.23-CheckSpace
11.24-#VerbosePkgLists
11.25-#ParallelDownloads = 5
11.26-SigLevel = Required DatabaseOptional
11.27-LocalFileSigLevel = Optional
12.1--- a/etc/sbclrc Fri May 03 00:36:49 2024 +0000
12.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
12.3@@ -1,20 +0,0 @@
12.4-;;; /etc/sbclrc --- sbcl system init file -*- mode: common-lisp; -*-
12.5-
12.6-;; this is the system-wide startup script. It's always ran on startup
12.7-;; unless --sysinit flags are used
12.8-
12.9-;;; Code:
12.10-(in-package :cl-user)
12.11-
12.12-#-asdf (require :asdf)
12.13-(setq *debug-beginner-help-p* nil
12.14- *print-case* :downcase
12.15- *print-level* 50
12.16- *print-length* 200)
12.17-
12.18-(pushnew #P"/usr/local/share/lisp/" asdf:*central-registry*)
12.19-#-quicklisp
12.20-(let ((quicklisp-init #P"/usr/local/share/quicklisp/setup.lisp"))
12.21- (when (probe-file quicklisp-init)
12.22- (load quicklisp-init)))
12.23-(pushnew #P"/usr/local/share/lisp/" ql:*local-project-directories*)
13.1--- a/etc/shells Fri May 03 00:36:49 2024 +0000
13.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
13.3@@ -1,10 +0,0 @@
13.4-# Pathnames of valid login shells.
13.5-# See shells(5) for details.
13.6-
13.7-/bin/sh
13.8-/bin/bash
13.9-/bin/rbash
13.10-/usr/bin/sh
13.11-/usr/bin/bash
13.12-/usr/bin/rbash
13.13-/usr/local/bin/nu
13.14\ No newline at end of file
14.1--- a/etc/skel/.bash_profile Fri May 03 00:36:49 2024 +0000
14.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
14.3@@ -1,5 +0,0 @@
14.4-#
14.5-# ~/.bash_profile
14.6-#
14.7-
14.8-[[ -f ~/.bashrc ]] && . ~/.bashrc
15.1--- a/etc/skel/.bashrc Fri May 03 00:36:49 2024 +0000
15.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
15.3@@ -1,21 +0,0 @@
15.4-# ~/.bashrc --- interactive Bash session config
15.5-
15.6-# If not running interactively, don't do anything
15.7-[[ $- != *i* ]] && return
15.8-
15.9-alias ls='ls --color=auto'
15.10-alias ec='emacsclient -c'
15.11-alias et='emacsclient -t'
15.12-
15.13-PS1="\u [\!]:\t:\w\n >> \[\e[0m\]"
15.14-
15.15-export LANG=en_US.UTF-8
15.16-
15.17-export LISP='sbcl'
15.18-export lr='rlwrap sbcl' # lisp repl
15.19-export ESHELL='/usr/bin/bash'
15.20-export ORGANIZATION='The Compiler Company'
15.21-export LANG=en_US.UTF-8
15.22-export ALTERNATE_EDITOR=''
15.23-export EDITOR='emacsclient -t'
15.24-export VISUAL='emacsclient -c'
16.1--- a/etc/skel/.config/nushell/config.nu Fri May 03 00:36:49 2024 +0000
16.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
16.3@@ -1,601 +0,0 @@
16.4-# nushell/config.nu --- Nushell Config File
16.5-
16.6-# For more information on defining custom themes, see
16.7-# https://www.nushell.sh/book/coloring_and_theming.html
16.8-# And here is the theme collection
16.9-# https://github.com/nushell/nu_scripts/tree/main/themes
16.10-
16.11-# summon Emacs via `emacsclient`
16.12-def ec [input?: string] {
16.13- if $input != null {emacsclient -c $input -a=''} else {emacsclient -c . -a=''}
16.14-}
16.15-
16.16-# open Emacs IRC client
16.17-def erc [] {
16.18- emacsclient -c -e '(erc)'
16.19-}
16.20-
16.21-def create_left_prompt [] {
16.22- mut home = ""
16.23- try {
16.24- if $nu.os-info.name == "windows" {
16.25- $home = $env.USERPROFILE
16.26- } else {
16.27- $home = $env.HOME
16.28- }
16.29- }
16.30-
16.31- let dir = ([
16.32- ($env.PWD | str substring 0..($home | str length) | str replace $home "~"),
16.33- ($env.PWD | str substring ($home | str length)..)
16.34- ] | str join)
16.35-
16.36- let path_color = (if (is-admin) { ansi red_bold } else { ansi green_bold })
16.37- let separator_color = (if (is-admin) { ansi light_red_bold } else { ansi light_green_bold })
16.38- let path_segment = $"($path_color)($dir)"
16.39-
16.40- $path_segment | str replace --all (char path_sep) $"($separator_color)/($path_color)"
16.41-}
16.42-
16.43-def create_right_prompt [] {
16.44- let time_segment_color = (ansi magenta)
16.45-
16.46- let time_segment = ([
16.47- (ansi reset)
16.48- $time_segment_color
16.49- (date now | format date '%m/%d/%Y %r')
16.50- ] | str join | str replace --all "([/:])" $"(ansi light_magenta_bold)${1}($time_segment_color)" |
16.51- str replace --all "([AP]M)" $"(ansi light_magenta_underline)${1}")
16.52-
16.53- let last_exit_code = if ($env.LAST_EXIT_CODE != 0) {([
16.54- (ansi rb)
16.55- ($env.LAST_EXIT_CODE)
16.56- ] | str join)
16.57- } else { "" }
16.58-
16.59- ([$last_exit_code, (char space), $time_segment] | str join)
16.60-}
16.61-
16.62-# Use nushell functions to define your right and left prompt
16.63-$env.PROMPT_COMMAND = {|| create_left_prompt }
16.64-$env.PROMPT_COMMAND_RIGHT = {|| create_right_prompt }
16.65-
16.66-# The prompt indicators are environmental variables that represent
16.67-# the state of the prompt
16.68-$env.PROMPT_INDICATOR = {|| "> " }
16.69-$env.PROMPT_INDICATOR_VI_INSERT = {|| ": " }
16.70-$env.PROMPT_INDICATOR_VI_NORMAL = {|| "> " }
16.71-$env.PROMPT_MULTILINE_INDICATOR = {|| "::: " }
16.72-
16.73-let dark_theme = {
16.74- # color for nushell primitives
16.75- separator: white
16.76- leading_trailing_space_bg: { attr: n } # no fg, no bg, attr none effectively turns this off
16.77- header: green_bold
16.78- empty: blue
16.79- # Closures can be used to choose colors for specific values.
16.80- # The value (in this case, a bool) is piped into the closure.
16.81- bool: {|| if $in { 'light_cyan' } else { 'light_gray' } }
16.82- int: white
16.83- filesize: {|e|
16.84- if $e == 0b {
16.85- 'white'
16.86- } else if $e < 1mb {
16.87- 'cyan'
16.88- } else { 'blue' }
16.89- }
16.90- duration: white
16.91- date: {|| (date now) - $in |
16.92- if $in < 1hr {
16.93- 'purple'
16.94- } else if $in < 6hr {
16.95- 'red'
16.96- } else if $in < 1day {
16.97- 'yellow'
16.98- } else if $in < 3day {
16.99- 'green'
16.100- } else if $in < 1wk {
16.101- 'light_green'
16.102- } else if $in < 6wk {
16.103- 'cyan'
16.104- } else if $in < 52wk {
16.105- 'blue'
16.106- } else { 'dark_gray' }
16.107- }
16.108- range: white
16.109- float: white
16.110- string: white
16.111- nothing: white
16.112- binary: white
16.113- cellpath: white
16.114- row_index: green_bold
16.115- record: white
16.116- list: white
16.117- block: white
16.118- hints: dark_gray
16.119- search_result: {bg: red fg: white}
16.120-
16.121- shape_and: purple_bold
16.122- shape_binary: purple_bold
16.123- shape_block: blue_bold
16.124- shape_bool: light_cyan
16.125- shape_closure: green_bold
16.126- shape_custom: green
16.127- shape_datetime: cyan_bold
16.128- shape_directory: cyan
16.129- shape_external: cyan
16.130- shape_externalarg: green_bold
16.131- shape_filepath: cyan
16.132- shape_flag: blue_bold
16.133- shape_float: purple_bold
16.134- # shapes are used to change the cli syntax highlighting
16.135- shape_garbage: { fg: white bg: red attr: b}
16.136- shape_globpattern: cyan_bold
16.137- shape_int: purple_bold
16.138- shape_internalcall: cyan_bold
16.139- shape_list: cyan_bold
16.140- shape_literal: blue
16.141- shape_match_pattern: green
16.142- shape_matching_brackets: { attr: u }
16.143- shape_nothing: light_cyan
16.144- shape_operator: yellow
16.145- shape_or: purple_bold
16.146- shape_pipe: purple_bold
16.147- shape_range: yellow_bold
16.148- shape_record: cyan_bold
16.149- shape_redirection: purple_bold
16.150- shape_signature: green_bold
16.151- shape_string: green
16.152- shape_string_interpolation: cyan_bold
16.153- shape_table: blue_bold
16.154- shape_variable: purple
16.155- shape_vardecl: purple
16.156-}
16.157-
16.158-let light_theme = {
16.159- # color for nushell primitives
16.160- separator: dark_gray
16.161- leading_trailing_space_bg: { attr: n } # no fg, no bg, attr none effectively turns this off
16.162- header: green_bold
16.163- empty: blue
16.164- # Closures can be used to choose colors for specific values.
16.165- # The value (in this case, a bool) is piped into the closure.
16.166- bool: {|| if $in { 'dark_cyan' } else { 'dark_gray' } }
16.167- int: dark_gray
16.168- filesize: {|e|
16.169- if $e == 0b {
16.170- 'dark_gray'
16.171- } else if $e < 1mb {
16.172- 'cyan_bold'
16.173- } else { 'blue_bold' }
16.174- }
16.175- duration: dark_gray
16.176- date: {|| (date now) - $in |
16.177- if $in < 1hr {
16.178- 'purple'
16.179- } else if $in < 6hr {
16.180- 'red'
16.181- } else if $in < 1day {
16.182- 'yellow'
16.183- } else if $in < 3day {
16.184- 'green'
16.185- } else if $in < 1wk {
16.186- 'light_green'
16.187- } else if $in < 6wk {
16.188- 'cyan'
16.189- } else if $in < 52wk {
16.190- 'blue'
16.191- } else { 'dark_gray' }
16.192- }
16.193- range: dark_gray
16.194- float: dark_gray
16.195- string: dark_gray
16.196- nothing: dark_gray
16.197- binary: dark_gray
16.198- cellpath: dark_gray
16.199- row_index: green_bold
16.200- record: white
16.201- list: white
16.202- block: white
16.203- hints: dark_gray
16.204- search_result: {fg: white bg: red}
16.205-
16.206- shape_and: purple_bold
16.207- shape_binary: purple_bold
16.208- shape_block: blue_bold
16.209- shape_bool: light_cyan
16.210- shape_closure: green_bold
16.211- shape_custom: green
16.212- shape_datetime: cyan_bold
16.213- shape_directory: cyan
16.214- shape_external: cyan
16.215- shape_externalarg: green_bold
16.216- shape_filepath: cyan
16.217- shape_flag: blue_bold
16.218- shape_float: purple_bold
16.219- # shapes are used to change the cli syntax highlighting
16.220- shape_garbage: { fg: white bg: red attr: b}
16.221- shape_globpattern: cyan_bold
16.222- shape_int: purple_bold
16.223- shape_internalcall: cyan_bold
16.224- shape_list: cyan_bold
16.225- shape_literal: blue
16.226- shape_match_pattern: green
16.227- shape_matching_brackets: { attr: u }
16.228- shape_nothing: light_cyan
16.229- shape_operator: yellow
16.230- shape_or: purple_bold
16.231- shape_pipe: purple_bold
16.232- shape_range: yellow_bold
16.233- shape_record: cyan_bold
16.234- shape_redirection: purple_bold
16.235- shape_signature: green_bold
16.236- shape_string: green
16.237- shape_string_interpolation: cyan_bold
16.238- shape_table: blue_bold
16.239- shape_variable: purple
16.240- shape_vardecl: purple
16.241-}
16.242-
16.243-# External completer example
16.244-# let carapace_completer = {|spans|
16.245-# carapace $spans.0 nushell $spans | from json
16.246-# }
16.247-
16.248-
16.249-# The default config record. This is where much of your global configuration is setup.
16.250-$env.config = {
16.251- # true or false to enable or disable the welcome banner at startup
16.252- show_banner: false
16.253- ls: {
16.254- use_ls_colors: true # use the LS_COLORS environment variable to colorize output
16.255- clickable_links: true # enable or disable clickable links. Your terminal has to support links.
16.256- }
16.257- rm: {
16.258- always_trash: false # always act as if -t was given. Can be overridden with -p
16.259- }
16.260- table: {
16.261- mode: rounded # basic, compact, compact_double, light, thin, with_love, rounded, reinforced, heavy, none, other
16.262- index_mode: always # "always" show indexes, "never" show indexes, "auto" = show indexes when a table has "index" column
16.263- show_empty: true # show 'empty list' and 'empty record' placeholders for command output
16.264- trim: {
16.265- methodology: wrapping # wrapping or truncating
16.266- wrapping_try_keep_words: true # A strategy used by the 'wrapping' methodology
16.267- truncating_suffix: "..." # A suffix used by the 'truncating' methodology
16.268- }
16.269- }
16.270-
16.271- explore: {
16.272- help_banner: true
16.273- exit_esc: true
16.274-
16.275- command_bar_text: '#C4C9C6'
16.276- # command_bar: {fg: '#C4C9C6' bg: '#223311' }
16.277-
16.278- status_bar_background: {fg: '#1D1F21' bg: '#C4C9C6' }
16.279- # status_bar_text: {fg: '#C4C9C6' bg: '#223311' }
16.280-
16.281- highlight: {bg: 'yellow' fg: 'black' }
16.282-
16.283- status: {
16.284- # warn: {bg: 'yellow', fg: 'blue'}
16.285- # error: {bg: 'yellow', fg: 'blue'}
16.286- # info: {bg: 'yellow', fg: 'blue'}
16.287- }
16.288-
16.289- try: {
16.290- # border_color: 'red'
16.291- # highlighted_color: 'blue'
16.292-
16.293- # reactive: false
16.294- }
16.295-
16.296- table: {
16.297- split_line: '#404040'
16.298-
16.299- cursor: true
16.300-
16.301- line_index: true
16.302- line_shift: true
16.303- line_head_top: true
16.304- line_head_bottom: true
16.305-
16.306- show_head: true
16.307- show_index: true
16.308-
16.309- # selected_cell: {fg: 'white', bg: '#777777'}
16.310- # selected_row: {fg: 'yellow', bg: '#C1C2A3'}
16.311- # selected_column: blue
16.312-
16.313- # padding_column_right: 2
16.314- # padding_column_left: 2
16.315-
16.316- # padding_index_left: 2
16.317- # padding_index_right: 1
16.318- }
16.319-
16.320- config: {
16.321- cursor_color: {bg: 'yellow' fg: 'black' }
16.322-
16.323- # border_color: white
16.324- # list_color: green
16.325- }
16.326- }
16.327-
16.328- history: {
16.329- max_size: 10000 # Session has to be reloaded for this to take effect
16.330- sync_on_enter: true # Enable to share history between multiple sessions, else you have to close the session to write history to file
16.331- file_format: "plaintext" # "sqlite" or "plaintext"
16.332- }
16.333- completions: {
16.334- case_sensitive: false # set to true to enable case-sensitive completions
16.335- quick: true # set this to false to prevent auto-selecting completions when only one remains
16.336- partial: true # set this to false to prevent partial filling of the prompt
16.337- algorithm: "prefix" # prefix or fuzzy
16.338- external: {
16.339- enable: true # set to false to prevent nushell looking into $env.PATH to find more suggestions, `false` recommended for WSL users as this look up may be very slow
16.340- max_results: 100 # setting it lower can improve completion performance at the cost of omitting some options
16.341- completer: null # check 'carapace_completer' above as an example
16.342- }
16.343- }
16.344- filesize: {
16.345- metric: true # true => KB, MB, GB (ISO standard), false => KiB, MiB, GiB (Windows standard)
16.346- format: "auto" # b, kb, kib, mb, mib, gb, gib, tb, tib, pb, pib, eb, eib, auto
16.347- }
16.348- cursor_shape: {
16.349- emacs: line # block, underscore, line, blink_block, blink_underscore, blink_line (line is the default)
16.350- vi_insert: block # block, underscore, line , blink_block, blink_underscore, blink_line (block is the default)
16.351- vi_normal: underscore # block, underscore, line, blink_block, blink_underscore, blink_line (underscore is the default)
16.352- }
16.353- color_config: $dark_theme # if you want a light theme, replace `$dark_theme` to `$light_theme`
16.354- use_grid_icons: true
16.355- footer_mode: "25" # always, never, number_of_rows, auto
16.356- float_precision: 2 # the precision for displaying floats in tables
16.357- # buffer_editor: "emacs" # command that will be used to edit the current line buffer with ctrl+o, if unset fallback to $env.EDITOR and $env.VISUAL
16.358- use_ansi_coloring: true
16.359- bracketed_paste: true # enable bracketed paste, currently useless on windows
16.360- edit_mode: emacs # emacs, vi
16.361- shell_integration: true # enables terminal markers and a workaround to arrow keys stop working issue
16.362- render_right_prompt_on_last_line: false # true or false to enable or disable right prompt to be rendered on last line of the prompt.
16.363-
16.364- hooks: {
16.365- pre_prompt: [{||
16.366- null # replace with source code to run before the prompt is shown
16.367- }]
16.368- pre_execution: [{||
16.369- null # replace with source code to run before the repl input is run
16.370- }]
16.371- env_change: {
16.372- PWD: [{|before, after|
16.373- null # replace with source code to run if the PWD environment is different since the last repl input
16.374- }]
16.375- }
16.376- display_output: {||
16.377- if (term size).columns >= 100 { table -e } else { table }
16.378- }
16.379- command_not_found: {||
16.380- null # replace with source code to return an error message when a command is not found
16.381- }
16.382- }
16.383- menus: [
16.384- # Configuration for default nushell menus
16.385- # Note the lack of source parameter
16.386- {
16.387- name: completion_menu
16.388- only_buffer_difference: false
16.389- marker: "| "
16.390- type: {
16.391- layout: columnar
16.392- columns: 4
16.393- col_width: 20 # Optional value. If missing all the screen width is used to calculate column width
16.394- col_padding: 2
16.395- }
16.396- style: {
16.397- text: green
16.398- selected_text: green_reverse
16.399- description_text: yellow
16.400- }
16.401- }
16.402- {
16.403- name: history_menu
16.404- only_buffer_difference: true
16.405- marker: "? "
16.406- type: {
16.407- layout: list
16.408- page_size: 10
16.409- }
16.410- style: {
16.411- text: green
16.412- selected_text: green_reverse
16.413- description_text: yellow
16.414- }
16.415- }
16.416- {
16.417- name: help_menu
16.418- only_buffer_difference: true
16.419- marker: "? "
16.420- type: {
16.421- layout: description
16.422- columns: 4
16.423- col_width: 20 # Optional value. If missing all the screen width is used to calculate column width
16.424- col_padding: 2
16.425- selection_rows: 4
16.426- description_rows: 10
16.427- }
16.428- style: {
16.429- text: green
16.430- selected_text: green_reverse
16.431- description_text: yellow
16.432- }
16.433- }
16.434- # Example of extra menus created using a nushell source
16.435- # Use the source field to create a list of records that populates
16.436- # the menu
16.437- {
16.438- name: commands_menu
16.439- only_buffer_difference: false
16.440- marker: "# "
16.441- type: {
16.442- layout: columnar
16.443- columns: 4
16.444- col_width: 20
16.445- col_padding: 2
16.446- }
16.447- style: {
16.448- text: green
16.449- selected_text: green_reverse
16.450- description_text: yellow
16.451- }
16.452- source: { |buffer, position|
16.453- $nu.scope.commands
16.454- | where name =~ $buffer
16.455- | each { |it| {value: $it.name description: $it.usage} }
16.456- }
16.457- }
16.458- {
16.459- name: vars_menu
16.460- only_buffer_difference: true
16.461- marker: "# "
16.462- type: {
16.463- layout: list
16.464- page_size: 10
16.465- }
16.466- style: {
16.467- text: green
16.468- selected_text: green_reverse
16.469- description_text: yellow
16.470- }
16.471- source: { |buffer, position|
16.472- $nu.scope.vars
16.473- | where name =~ $buffer
16.474- | sort-by name
16.475- | each { |it| {value: $it.name description: $it.type} }
16.476- }
16.477- }
16.478- {
16.479- name: commands_with_description
16.480- only_buffer_difference: true
16.481- marker: "# "
16.482- type: {
16.483- layout: description
16.484- columns: 4
16.485- col_width: 20
16.486- col_padding: 2
16.487- selection_rows: 4
16.488- description_rows: 10
16.489- }
16.490- style: {
16.491- text: green
16.492- selected_text: green_reverse
16.493- description_text: yellow
16.494- }
16.495- source: { |buffer, position|
16.496- $nu.scope.commands
16.497- | where name =~ $buffer
16.498- | each { |it| {value: $it.name description: $it.usage} }
16.499- }
16.500- }
16.501- ]
16.502- keybindings: [
16.503- {
16.504- name: completion_menu
16.505- modifier: none
16.506- keycode: tab
16.507- mode: [emacs vi_normal vi_insert]
16.508- event: {
16.509- until: [
16.510- { send: menu name: completion_menu }
16.511- { send: menunext }
16.512- ]
16.513- }
16.514- }
16.515- {
16.516- name: completion_previous
16.517- modifier: shift
16.518- keycode: backtab
16.519- mode: [emacs, vi_normal, vi_insert] # Note: You can add the same keybinding to all modes by using a list
16.520- event: { send: menuprevious }
16.521- }
16.522- {
16.523- name: history_menu
16.524- modifier: control
16.525- keycode: char_r
16.526- mode: emacs
16.527- event: { send: menu name: history_menu }
16.528- }
16.529- {
16.530- name: next_page
16.531- modifier: control
16.532- keycode: char_x
16.533- mode: emacs
16.534- event: { send: menupagenext }
16.535- }
16.536- {
16.537- name: undo_or_previous_page
16.538- modifier: control
16.539- keycode: char_z
16.540- mode: emacs
16.541- event: {
16.542- until: [
16.543- { send: menupageprevious }
16.544- { edit: undo }
16.545- ]
16.546- }
16.547- }
16.548- {
16.549- name: yank
16.550- modifier: control
16.551- keycode: char_y
16.552- mode: emacs
16.553- event: {
16.554- until: [
16.555- {edit: pastecutbufferafter}
16.556- ]
16.557- }
16.558- }
16.559- {
16.560- name: unix-line-discard
16.561- modifier: control
16.562- keycode: char_u
16.563- mode: [emacs, vi_normal, vi_insert]
16.564- event: {
16.565- until: [
16.566- {edit: cutfromlinestart}
16.567- ]
16.568- }
16.569- }
16.570- {
16.571- name: kill-line
16.572- modifier: control
16.573- keycode: char_k
16.574- mode: [emacs, vi_normal, vi_insert]
16.575- event: {
16.576- until: [
16.577- {edit: cuttolineend}
16.578- ]
16.579- }
16.580- }
16.581- # Keybindings used to trigger the user defined menus
16.582- {
16.583- name: commands_menu
16.584- modifier: control
16.585- keycode: char_t
16.586- mode: [emacs, vi_normal, vi_insert]
16.587- event: { send: menu name: commands_menu }
16.588- }
16.589- {
16.590- name: vars_menu
16.591- modifier: alt
16.592- keycode: char_o
16.593- mode: [emacs, vi_normal, vi_insert]
16.594- event: { send: menu name: vars_menu }
16.595- }
16.596- {
16.597- name: commands_with_description
16.598- modifier: control
16.599- keycode: char_s
16.600- mode: [emacs, vi_normal, vi_insert]
16.601- event: { send: menu name: commands_with_description }
16.602- }
16.603- ]
16.604-}
17.1--- a/etc/skel/.config/nushell/env.nu Fri May 03 00:36:49 2024 +0000
17.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
17.3@@ -1,15 +0,0 @@
17.4-# nushell/env.nu
17.5-
17.6-$env.NU_LIB_DIRS = [
17.7- ($nu.default-config-dir | path join 'scripts')
17.8-]
17.9-
17.10-$env.NU_PLUGIN_DIRS = [
17.11- ($nu.default-config-dir | path join 'plugins')
17.12-]
17.13-
17.14-$env.ESHELL = '/bin/bash'
17.15-$env.ORGANIZATION = 'The Compiler Company'
17.16-$env.EDITOR = "emacsclient -c -a=''"
17.17-$env.LISP = "sbcl"
17.18-$env.ALTERNATE_EDITOR = ''
18.1--- a/etc/skel/.config/zellij/config.kdl Fri May 03 00:36:49 2024 +0000
18.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
18.3@@ -1,266 +0,0 @@
18.4-keybinds clear-defaults=true {
18.5- normal {
18.6- // uncomment this and adjust key if using copy_on_select=false
18.7- // bind "Alt c" { Copy; }
18.8- }
18.9- locked {
18.10- bind "Esc" { SwitchToMode "Normal"; }
18.11- }
18.12- resize {
18.13- bind "Ctrl n" { SwitchToMode "Normal"; }
18.14- bind "h" "Left" { Resize "Increase Left"; }
18.15- bind "j" "Down" { Resize "Increase Down"; }
18.16- bind "k" "Up" { Resize "Increase Up"; }
18.17- bind "l" "Right" { Resize "Increase Right"; }
18.18- bind "H" { Resize "Decrease Left"; }
18.19- bind "J" { Resize "Decrease Down"; }
18.20- bind "K" { Resize "Decrease Up"; }
18.21- bind "L" { Resize "Decrease Right"; }
18.22- bind "=" "+" { Resize "Increase"; }
18.23- bind "-" { Resize "Decrease"; }
18.24- }
18.25- pane {
18.26- bind "Ctrl p" { SwitchToMode "Normal"; }
18.27- bind "h" "Left" { MoveFocus "Left"; }
18.28- bind "l" "Right" { MoveFocus "Right"; }
18.29- bind "j" "Down" { MoveFocus "Down"; }
18.30- bind "k" "Up" { MoveFocus "Up"; }
18.31- bind "p" { SwitchFocus; }
18.32- bind "n" { NewPane; SwitchToMode "Normal"; }
18.33- bind "d" { NewPane "Down"; SwitchToMode "Normal"; }
18.34- bind "r" { NewPane "Right"; SwitchToMode "Normal"; }
18.35- bind "x" { CloseFocus; SwitchToMode "Normal"; }
18.36- bind "f" { ToggleFocusFullscreen; SwitchToMode "Normal"; }
18.37- bind "z" { TogglePaneFrames; SwitchToMode "Normal"; }
18.38- bind "w" { ToggleFloatingPanes; SwitchToMode "Normal"; }
18.39- bind "e" { TogglePaneEmbedOrFloating; SwitchToMode "Normal"; }
18.40- bind "c" { SwitchToMode "RenamePane"; PaneNameInput 0;}
18.41- }
18.42- move {
18.43- bind "Ctrl h" { SwitchToMode "Normal"; }
18.44- bind "n" "Tab" { MovePane; }
18.45- bind "p" { MovePaneBackwards; }
18.46- bind "h" "Left" { MovePane "Left"; }
18.47- bind "j" "Down" { MovePane "Down"; }
18.48- bind "k" "Up" { MovePane "Up"; }
18.49- bind "l" "Right" { MovePane "Right"; }
18.50- }
18.51- tab {
18.52- bind "Ctrl t" { SwitchToMode "Normal"; }
18.53- bind "r" { SwitchToMode "RenameTab"; TabNameInput 0; }
18.54- bind "h" "Left" "Up" "k" { GoToPreviousTab; }
18.55- bind "l" "Right" "Down" "j" { GoToNextTab; }
18.56- bind "n" { NewTab; SwitchToMode "Normal"; }
18.57- bind "x" { CloseTab; SwitchToMode "Normal"; }
18.58- bind "s" { ToggleActiveSyncTab; SwitchToMode "Normal"; }
18.59- bind "b" { BreakPane; SwitchToMode "Normal"; }
18.60- bind "]" { BreakPaneRight; SwitchToMode "Normal"; }
18.61- bind "[" { BreakPaneLeft; SwitchToMode "Normal"; }
18.62- bind "1" { GoToTab 1; SwitchToMode "Normal"; }
18.63- bind "2" { GoToTab 2; SwitchToMode "Normal"; }
18.64- bind "3" { GoToTab 3; SwitchToMode "Normal"; }
18.65- bind "4" { GoToTab 4; SwitchToMode "Normal"; }
18.66- bind "5" { GoToTab 5; SwitchToMode "Normal"; }
18.67- bind "6" { GoToTab 6; SwitchToMode "Normal"; }
18.68- bind "7" { GoToTab 7; SwitchToMode "Normal"; }
18.69- bind "8" { GoToTab 8; SwitchToMode "Normal"; }
18.70- bind "9" { GoToTab 9; SwitchToMode "Normal"; }
18.71- bind "Tab" { ToggleTab; }
18.72- }
18.73- scroll {
18.74- bind "Ctrl s" { SwitchToMode "Normal"; }
18.75- bind "e" { EditScrollback; SwitchToMode "Normal"; }
18.76- bind "s" { SwitchToMode "EnterSearch"; SearchInput 0; }
18.77- bind "Ctrl c" { ScrollToBottom; SwitchToMode "Normal"; }
18.78- bind "j" "Down" { ScrollDown; }
18.79- bind "k" "Up" { ScrollUp; }
18.80- bind "Ctrl f" "PageDown" "Right" "l" { PageScrollDown; }
18.81- bind "Ctrl b" "PageUp" "Left" "h" { PageScrollUp; }
18.82- bind "d" { HalfPageScrollDown; }
18.83- bind "u" { HalfPageScrollUp; }
18.84- // uncomment this and adjust key if using copy_on_select=false
18.85- // bind "Alt c" { Copy; }
18.86- }
18.87- search {
18.88- bind "Ctrl s" { SwitchToMode "Normal"; }
18.89- bind "Ctrl c" { ScrollToBottom; SwitchToMode "Normal"; }
18.90- bind "j" "Down" { ScrollDown; }
18.91- bind "k" "Up" { ScrollUp; }
18.92- bind "Ctrl f" "PageDown" "Right" "l" { PageScrollDown; }
18.93- bind "Ctrl b" "PageUp" "Left" "h" { PageScrollUp; }
18.94- bind "d" { HalfPageScrollDown; }
18.95- bind "u" { HalfPageScrollUp; }
18.96- bind "n" { Search "down"; }
18.97- bind "p" { Search "up"; }
18.98- bind "c" { SearchToggleOption "CaseSensitivity"; }
18.99- bind "w" { SearchToggleOption "Wrap"; }
18.100- bind "o" { SearchToggleOption "WholeWord"; }
18.101- }
18.102- entersearch {
18.103- bind "Ctrl c" "Esc" { SwitchToMode "Scroll"; }
18.104- bind "Enter" { SwitchToMode "Search"; }
18.105- }
18.106- renametab {
18.107- bind "Ctrl c" { SwitchToMode "Normal"; }
18.108- bind "Esc" { UndoRenameTab; SwitchToMode "Tab"; }
18.109- }
18.110- renamepane {
18.111- bind "Ctrl c" { SwitchToMode "Normal"; }
18.112- bind "Esc" { UndoRenamePane; SwitchToMode "Pane"; }
18.113- }
18.114- session {
18.115- bind "Ctrl o" { SwitchToMode "Normal"; }
18.116- bind "Ctrl s" { SwitchToMode "Scroll"; }
18.117- bind "d" { Detach; }
18.118- bind "w" {
18.119- LaunchOrFocusPlugin "zellij:session-manager" {
18.120- floating true
18.121- move_to_focused_tab true
18.122- };
18.123- SwitchToMode "Normal"
18.124- }
18.125- }
18.126- tmux {
18.127- bind "[" { SwitchToMode "Scroll"; }
18.128- bind "Ctrl b" { Write 2; SwitchToMode "Normal"; }
18.129- bind "\"" { NewPane "Down"; SwitchToMode "Normal"; }
18.130- bind "%" { NewPane "Right"; SwitchToMode "Normal"; }
18.131- bind "z" { ToggleFocusFullscreen; SwitchToMode "Normal"; }
18.132- bind "c" { NewTab; SwitchToMode "Normal"; }
18.133- bind "," { SwitchToMode "RenameTab"; }
18.134- bind "p" { GoToPreviousTab; SwitchToMode "Normal"; }
18.135- bind "n" { GoToNextTab; SwitchToMode "Normal"; }
18.136- bind "Left" { MoveFocus "Left"; SwitchToMode "Normal"; }
18.137- bind "Right" { MoveFocus "Right"; SwitchToMode "Normal"; }
18.138- bind "Down" { MoveFocus "Down"; SwitchToMode "Normal"; }
18.139- bind "Up" { MoveFocus "Up"; SwitchToMode "Normal"; }
18.140- bind "h" { MoveFocus "Left"; SwitchToMode "Normal"; }
18.141- bind "l" { MoveFocus "Right"; SwitchToMode "Normal"; }
18.142- bind "j" { MoveFocus "Down"; SwitchToMode "Normal"; }
18.143- bind "k" { MoveFocus "Up"; SwitchToMode "Normal"; }
18.144- bind "o" { FocusNextPane; }
18.145- bind "d" { Detach; }
18.146- bind "Space" { NextSwapLayout; }
18.147- bind "x" { CloseFocus; SwitchToMode "Normal"; }
18.148- }
18.149- shared_except "locked" {
18.150- bind "Esc" { SwitchToMode "Locked"; }
18.151- bind "Ctrl q" { Quit; }
18.152- bind "Alt n" { NewPane; }
18.153- bind "Alt h" "Alt Left" { MoveFocusOrTab "Left"; }
18.154- bind "Alt l" "Alt Right" { MoveFocusOrTab "Right"; }
18.155- bind "Alt j" "Alt Down" { MoveFocus "Down"; }
18.156- bind "Alt k" "Alt Up" { MoveFocus "Up"; }
18.157- bind "Alt =" "Alt +" { Resize "Increase"; }
18.158- bind "Alt -" { Resize "Decrease"; }
18.159- bind "Alt [" { PreviousSwapLayout; }
18.160- bind "Alt ]" { NextSwapLayout; }
18.161- }
18.162- shared_except "normal" "locked" {
18.163- bind "Enter" "Esc" { SwitchToMode "Normal"; }
18.164- }
18.165- shared_except "pane" "locked" {
18.166- bind "Ctrl p" { SwitchToMode "Pane"; }
18.167- }
18.168- shared_except "resize" "locked" {
18.169- bind "Ctrl n" { SwitchToMode "Resize"; }
18.170- }
18.171- shared_except "scroll" "locked" {
18.172- bind "Ctrl s" { SwitchToMode "Scroll"; }
18.173- }
18.174- shared_except "session" "locked" {
18.175- bind "Ctrl o" { SwitchToMode "Session"; }
18.176- }
18.177- shared_except "tab" "locked" {
18.178- bind "Ctrl t" { SwitchToMode "Tab"; }
18.179- }
18.180- shared_except "move" "locked" {
18.181- bind "Ctrl h" { SwitchToMode "Move"; }
18.182- }
18.183- shared_except "tmux" "locked" {
18.184- }
18.185-}
18.186-
18.187-plugins {
18.188- tab-bar { path "tab-bar"; }
18.189- status-bar { path "status-bar"; }
18.190- strider { path "strider"; }
18.191- compact-bar { path "compact-bar"; }
18.192- session-manager { path "session-manager"; }
18.193-}
18.194-
18.195-// - detach (Default)
18.196-// - quit
18.197-//
18.198-// on_force_close "quit"
18.199-
18.200-// - true
18.201-// - false (Default)
18.202-//
18.203-// simplified_ui true
18.204-
18.205-// Default: $SHELL
18.206-//
18.207-default_shell "nu"
18.208-
18.209-// default_cwd "/stash"
18.210-
18.211-// pane_frames true
18.212-
18.213-// auto_layout true
18.214-
18.215-// session_serialization false
18.216-
18.217-// serialize_pane_viewport true
18.218-
18.219-// scrollback_lines_to_serialize 10000
18.220-
18.221-themes {
18.222- dracula {
18.223- fg 248 248 242
18.224- bg 40 42 54
18.225- red 255 85 85
18.226- green 80 250 123
18.227- yellow 241 250 140
18.228- blue 98 114 164
18.229- magenta 255 121 198
18.230- orange 255 184 108
18.231- cyan 139 233 253
18.232- black 0 0 0
18.233- white 255 255 255
18.234- }
18.235-}
18.236-
18.237-theme "dracula"
18.238-
18.239-// The name of the default layout to load on startup
18.240-// Default: "default"
18.241-//
18.242-default_layout "compact"
18.243-
18.244-// default_mode "locked"
18.245-
18.246-// mouse_mode false
18.247-
18.248-// scroll_buffer_size 10000
18.249-
18.250-// copy_command "wl-copy" // wayland
18.251-
18.252-// - system (default)
18.253-// - primary
18.254-//
18.255-// copy_clipboard "primary"
18.256-
18.257-// copy_on_select false
18.258-
18.259-// Default: $EDITOR or $VISUAL
18.260-//
18.261-// scrollback_editor "/usr/local/bin/emacs"
18.262-
18.263-// mirror_session true
18.264-
18.265-// layout_dir "/path/to/my/layout_dir"
18.266-
18.267-// theme_dir "/path/to/my/theme_dir"
18.268-
18.269-// styled_underlines false
18.270\ No newline at end of file
19.1--- a/etc/skel/.inputrc Fri May 03 00:36:49 2024 +0000
19.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
19.3@@ -1,1 +0,0 @@
19.4-TAB: complete
19.5\ No newline at end of file
20.1--- a/etc/skel/.sbclrc Fri May 03 00:36:49 2024 +0000
20.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
20.3@@ -1,3 +0,0 @@
20.4-;;; ~/.sbclrc --- sbcl user init file -*- mode: common-lisp; -*-
20.5-
20.6-#+aclrepl (require :sb-aclrepl)
21.1--- a/etc/skel/.skelrc Fri May 03 00:36:49 2024 +0000
21.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
21.3@@ -1,6 +0,0 @@
21.4-;;; .skelrc @ 2024-01-28.00:39:30 -*- mode:skel; -*-
21.5-:vc :hg
21.6-:fmt :collapsed
21.7-:tags ("auto")
21.8-:auto-insert t
21.9-:log-level nil
21.10\ No newline at end of file
22.1--- a/etc/systemd/hgitaly.service Fri May 03 00:36:49 2024 +0000
22.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
22.3@@ -1,13 +0,0 @@
22.4-[Unit]
22.5-Description=HGitaly, internal Heptapod service for Mercurial handling
22.6-After=network.target
22.7-
22.8-[Install]
22.9-WantedBy=multi-user.target
22.10-
22.11-[Service]
22.12-User=heptapod
22.13-Group=heptapod
22.14-Environment=HGRCPATH=/etc/heptapod.hgrc
22.15-ExecStart=/usr/local/bin/hg --config extensions.hgitaly= hgitaly-serve --listen unix:///run/user/1001/hgitaly.socket
22.16-Restart=on-failure
23.1--- a/etc/systemd/rhgitaly.service Fri May 03 00:36:49 2024 +0000
23.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
23.3@@ -1,14 +0,0 @@
23.4-[Unit]
23.5-Description=Heptapod RHGitaly Server
23.6-After=network.target
23.7-
23.8-[Service]
23.9-User=heptapod
23.10-Group=heptapod
23.11-# HGRCPATH not needed yet but probably will be at some point
23.12-Environment=HGRCPATH=/etc/heptapod.hgrc
23.13-Environment=RHGITALY_LISTEN_URL=unix:///run/user/1001/rhgitaly.socket
23.14-Environment=RHGITALY_REPOSITORIES_ROOT=/home/hg/repositories
23.15-ExecStartPre=/usr/bin/rm -f /run/user/1001/rhgitaly.socket
23.16-ExecStart=/usr/local/bin/rhgitaly
23.17-Restart=on-failure
24.1--- a/etc/zellij/box-layout.kdl Fri May 03 00:36:49 2024 +0000
24.2+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
24.3@@ -1,17 +0,0 @@
24.4-layout {
24.5- pane size=1 borderless=true {
24.6- plugin location="zellij:tab-bar"
24.7- }
24.8- pane split_direction="vertical" {
24.9- pane command="nu" {
24.10- args "-e" "(sys).host"
24.11- }
24.12- pane split_direction="horizontal" stacked=true {
24.13- pane command="emacsclient" {
24.14- args "-a=''" "-nw" "."
24.15- }
24.16- pane command="sbcl"
24.17- pane command="btm"
24.18- }
24.19- }
24.20-}
24.21\ No newline at end of file
