From 5e227fdb36fb8d44a4aae6e762b9f928f8f8dc74 Mon Sep 17 00:00:00 2001
From: iv <isabelle.vallet@nexedi.com>
Date: Thu, 11 Aug 2016 08:35:24 -0700
Subject: [PATCH] gitlab: Sync upstream configs from omnibus-gitlab
 8.8.7+ce.1-0-g5116476

Like f6f97d72 - pristine copy from omnibus-gitlab 8.8.7+ce.1-0-g5116476

Changes are:

    - gitlab.yml.erb
      Add gitlab_default_projects_features_container_registry variable to be used by docker containers

    - nginx.conf.erb
      Docker related password storage
      https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1218 (commit f74472d4)

    - rack_attack.rb.erb
      Disable Rack Attack throttling if admin disables it in config file

    - smtp_settings.rb.erb
      If authentication is not enabled for smtp, don't place it in the config.

The following files stay the same:

    - database.yml.erb
    - gitconfig.erb
    - gitlab-shell-config.yml.erb
    - nginx-gitlab-http.conf.erb
    - resque.yml.erb
    - unicorn.rb.erb
---
 software/gitlab/template/gitlab.yml.erb       | 11 +++++++++++
 software/gitlab/template/nginx.conf.erb       |  4 ++++
 software/gitlab/template/rack_attack.rb.erb   |  3 ++-
 software/gitlab/template/smtp_settings.rb.erb |  9 ++++-----
 4 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/software/gitlab/template/gitlab.yml.erb b/software/gitlab/template/gitlab.yml.erb
index 2525d9730..a3f9f42a9 100644
--- a/software/gitlab/template/gitlab.yml.erb
+++ b/software/gitlab/template/gitlab.yml.erb
@@ -73,6 +73,7 @@ production: &base
       wiki: <%= @gitlab_default_projects_features_wiki %>
       snippets: <%= @gitlab_default_projects_features_snippets %>
       builds: <%= @gitlab_default_projects_features_builds %>
+      container_registry: <%= @gitlab_default_projects_features_container_registry %>
 
     ## Webhook settings
     # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
@@ -124,6 +125,16 @@ production: &base
     # The location where LFS objects are stored (default: shared/lfs-objects).
     storage_path: <%= @lfs_storage_path %>
 
+  ## Container Registry
+  registry:
+    enabled: <%= @registry_enabled %>
+    host: <%= @registry_host %>
+    port: <%= @registry_port %>
+    api_url: <%= @registry_api_url %> # internal address to the registry, will be used by GitLab to directly communicate with API
+    path: <%= @registry_path %>
+    key: <%= @registry_key_path %>
+    issuer: <%= @registry_issuer %>
+
   ## GitLab Pages (EE only)
   pages:
     enabled: <%= @pages_enabled %>
diff --git a/software/gitlab/template/nginx.conf.erb b/software/gitlab/template/nginx.conf.erb
index eb7771a94..4b3b16faf 100644
--- a/software/gitlab/template/nginx.conf.erb
+++ b/software/gitlab/template/nginx.conf.erb
@@ -51,5 +51,9 @@ http {
   include <%= @gitlab_mattermost_http_config %>;
   <% end %>
 
+  <% if @gitlab_registry_http_config %>
+  include <%= @gitlab_registry_http_config %>;
+  <% end %>
+
   <%= @custom_nginx_config %>
 }
diff --git a/software/gitlab/template/rack_attack.rb.erb b/software/gitlab/template/rack_attack.rb.erb
index 2402c0cc2..3207067ae 100644
--- a/software/gitlab/template/rack_attack.rb.erb
+++ b/software/gitlab/template/rack_attack.rb.erb
@@ -20,8 +20,9 @@ paths_to_be_protected = [
 # Create one big regular expression that matches strings starting with any of
 # the paths_to_be_protected.
 paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
 
-unless Rails.env.test?
+unless Rails.env.test? || !rack_attack_enabled
   Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
     if req.post? && req.path =~ paths_regex
       req.ip
diff --git a/software/gitlab/template/smtp_settings.rb.erb b/software/gitlab/template/smtp_settings.rb.erb
index 591bff983..cc35db473 100644
--- a/software/gitlab/template/smtp_settings.rb.erb
+++ b/software/gitlab/template/smtp_settings.rb.erb
@@ -2,16 +2,15 @@
 # erased! To change the contents below, edit /etc/gitlab/gitlab.rb
 # and run `sudo gitlab-ctl reconfigure`.
 
-<% rails_app = @app == 'gitlab' ? 'Gitlab' : 'GitlabCi' %>
-<% container = @app == 'gitlab' ? 'gitlab-rails' : 'gitlab-ci' %>
-
 if Rails.env.production?
-  <%= rails_app %>::Application.config.action_mailer.delivery_method = :smtp
+  Gitlab::Application.config.action_mailer.delivery_method = :smtp
 
   ActionMailer::Base.smtp_settings = {
+    <% unless @smtp_authentication.nil? %>
     authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>,
+    <% end %>
 <% %w{ address port user_name password domain enable_starttls_auto tls ssl openssl_verify_mode ca_path ca_file }.each do |key| %>
-  <% value = node['gitlab'][container]["smtp_#{key}"] %>
+  <% value = node['gitlab']['gitlab-rails']["smtp_#{key}"] %>
     <%= "#{key}: #{value.inspect}," unless value.nil? %>
 <% end %>
   }
-- 
2.30.9