{{ autogenerated }} # see: # https://gitlab.com/gitlab-org/gitlab-ce/blob/master/config/gitlab.yml.example # https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/files/gitlab-cookbooks/gitlab/templates/default/gitlab.yml.erb # (last updated for omnibus-gitlab 8.5.1+ce.0-1-ge732b39) {% from 'macrolib.cfg.in' import cfg, cfg_https, external_url with context %} production: &base # # 1. GitLab app settings # ========================== ## GitLab settings gitlab: ## Web server settings (note: host is the FQDN, do not include http://) {% set default_port = {'http': 80, 'https': 443} %} host: {{ external_url.hostname }} port: {{ external_url.port or default_port[external_url.scheme] }} https: {{ cfg_https }} {# ssh is disabled completely in slapos version # Uncommment this line below if your ssh host is different from HTTP/HTTPS one # (you'd obviously need to replace ssh.host_example.com with your own host). # Otherwise, ssh host will be set to the `host:` value above ssh_host: <%= @gitlab_ssh_host %> #} # WARNING: See config/application.rb under "Relative url support" for the list of # other files that need to be changed for relative url support {# we do not support relative URL relative_url_root: <%= @gitlab_relative_url %> #} # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') user: {{ backend_info.user }} ## Date & Time settings time_zone: '{{ cfg("time_zone") }}' ## Email settings # Uncomment and set to false if you need to disable email sending from GitLab (default: true) email_enabled: {{ cfg('email_enabled') }} # Email address used in the "From" field in mails sent by GitLab email_from: {{ cfg('email_from') }} email_display_name: {{ cfg('email_display_name') }} email_reply_to: {{ cfg('email_reply_to') }} # Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample). ## User settings default_can_create_group: {{ cfg('default_can_create_group') }} # default: true username_changing_enabled: {{ cfg('username_changing_enabled') }} # default: true - User can change her username/namespace ## Default theme ## 1 - Graphite ## 2 - Charcoal ## 3 - Green ## 4 - Gray ## 5 - Violet ## 6 - Blue default_theme: {{ cfg('default_theme') }} # default: 2 {# for now we are ok with default issue-closing pattern ## Automatic issue closing # If a commit message matches this regular expression, all issues referenced from the matched text will be closed. # This happens when the commit is pushed or merged into the default branch of a project. # When not specified the default issue_closing_pattern as specified below will be used. # Tip: you can test your closing pattern at http://rubular.com issue_closing_pattern: <%= single_quote(@gitlab_issue_closing_pattern) %> #} ## Default project features settings default_projects_features: issues: {{ cfg('default_projects_features.issues') }} merge_requests: {{ cfg('default_projects_features.merge_requests') }} wiki: {{ cfg('default_projects_features.wiki') }} snippets: {{ cfg('default_projects_features.snippets') }} builds: false {# builds not supported yet <%= @gitlab_default_projects_features_builds %> #} ## Webhook settings # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10) webhook_timeout: {{ cfg('webhook_timeout') }} {# default is just ok ## Repository downloads directory # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory. # The default is 'tmp/repositories' relative to the root of the Rails app. repository_downloads_path: <%= @gitlab_repository_downloads_path %> #} {# we do not support reply by email ## Reply by email # Allow users to comment on issues and merge requests by replying to notification emails. # For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html incoming_email: enabled: <%= @incoming_email_enabled %> # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to. # The `%{key}` placeholder is added after the user part, after a `+` character, before the `@`. address: <%= single_quote(@incoming_email_address) %> # Email account username # With third party providers, this is usually the full email address. # With self-hosted email servers, this is usually the user part of the email address. user: <%= single_quote(@incoming_email_email) %> # Email account password password: <%= single_quote(@incoming_email_password) %> # IMAP server host host: <%= single_quote(@incoming_email_host) %> # IMAP server port port: <%= @incoming_email_port %> # Whether the IMAP server uses SSL ssl: <%= @incoming_email_ssl %> # Whether the IMAP server uses StartTLS start_tls: <%= @incoming_email_start_tls %> # The mailbox where incoming mail will end up. Usually "inbox". mailbox: <%= single_quote(@incoming_email_mailbox_name) %> #} {# we do not support build artifacts ## Build Artifacts artifacts: enabled: <%= @artifacts_enabled %> # The location where Build Artifacts are stored (default: shared/artifacts). storage_path: <%= @artifacts_path %> #} {# we do not support LFS ## Git LFS lfs: enabled: <%= @lfs_enabled %> # The location where LFS objects are stored (default: shared/lfs-objects). storage_path: <%= @lfs_storage_path %> #} {# we do not support Pages ## GitLab Pages (EE only) pages: enabled: <%= @pages_enabled %> path: <%= @pages_path %> host: <%= @pages_host %> port: <%= @pages_port %> https: <%= @pages_https %> external_http: <%= @pages_external_http %> external_https: <%= @pages_external_https %> #} {# we do not support Elasticsearch ## Elasticsearch (EE only) # Enable it if you are going to use elasticsearch instead of # regular database search elasticsearch: enabled: <%= @elasticsearch_enabled %> host: <%= @elasticsearch_host %> port: <%= @elasticsearch_port %> #} ## Gravatar ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html gravatar: {# default is just ok # gravatar urls: possible placeholders: %{hash} %{size} %{email} plain_url: <%= single_quote(@gravatar_plain_url) %> # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon ssl_url: <%= single_quote(@gravatar_ssl_url) %> # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon #} {# XXX cron jobs are disabled for now - we do not support CI and EE features ## Auxiliary jobs # Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc. # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job cron_jobs: # Flag stuck CI builds as failed stuck_ci_builds_worker: cron: <%= @stuck_ci_builds_worker_cron %> ## # GitLab EE only jobs: # Snapshot active users statistics historical_data_worker: cron: <%= @historical_data_worker_cron %> # Update mirrored repositories update_all_mirrors_worker: cron: <%= @update_all_mirrors_worker_cron %> # In addition to refreshing users when they log in, # periodically refresh LDAP users membership. # NOTE: This will only take effect if LDAP is enabled ldap_sync_worker: cron: <%= @ldap_sync_worker_cron %> #} # # 2. GitLab CI settings # ========================== {# we do not support CI gitlab_ci: # Default project notifications settings: # # Send emails only on broken builds (default: true) all_broken_builds: <%= @gitlab_ci_all_broken_builds %> # # Add pusher to recipients list (default: false) add_pusher: <%= @gitlab_ci_add_pusher || @gitlab_ci_add_committer %> # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root builds_path: <%= @builds_directory %> #} # # 3. Auth settings # ========================== ## LDAP settings # You can inspect a sample of the LDAP users with login access by running: # bundle exec rake gitlab:ldap:check RAILS_ENV=production ldap: enabled: false {# just disabled enabled: <%= @ldap_enabled %> <% if @ldap_servers.any? %> servers: <% @ldap_servers.each do |provider_id, settings| %> <%= provider_id %>: <%= settings.to_json %> <% end %> <% else %> host: <%= single_quote(@ldap_host) %> port: <%= @ldap_port %> uid: <%= single_quote(@ldap_uid) %> method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain" bind_dn: <%= single_quote(@ldap_bind_dn) %> password: <%= single_quote(@ldap_password) %> active_directory: <%= @ldap_active_directory %> allow_username_or_email_login: <%= @ldap_allow_username_or_email_login %> base: <%= single_quote(@ldap_base) %> user_filter: <%= single_quote(@ldap_user_filter) %> ## EE only group_base: <%= single_quote(@ldap_group_base) %> admin_group: <%= single_quote(@ldap_admin_group) %> sync_ssh_keys: <%= single_quote(@ldap_sync_ssh_keys) %> sync_time: <%= @ldap_sync_time %> <% end %> #} ## Kerberos settings kerberos: enabled: false {# just disabled # Allow the HTTP Negotiate authentication method for Git clients enabled: <%= @kerberos_enabled %> # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user, # and should be different from other keytabs in the system. # (default: use default keytab from Krb5 config) keytab: <%= @kerberos_keytab %> # The Kerberos service name to be used by GitLab. # (default: accept any service name in keytab file) service_principal_name: <%= @kerberos_service_principal_name %> # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails. # To support both Basic and Negotiate methods with older versions of Git, configure # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines # to dedicate this port to Kerberos authentication. (default: false) use_dedicated_port: <%= @kerberos_use_dedicated_port %> port: <%= @kerberos_port %> https: <%= @kerberos_https %> #} ## OmniAuth settings omniauth: enabled: false {# just disabled # Allow login via Twitter, Google, etc. using OmniAuth providers enabled: <%= @omniauth_enabled %> # Uncomment this to automatically sign in with a specific omniauth provider's without # showing GitLab's sign-in page (default: show the GitLab sign-in page) auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %> # CAUTION! # This allows users to login without having a user account first. Define the allowed # providers using an array, e.g. ["saml", "twitter"] # User accounts will be created automatically when authentication was successful. allow_single_sign_on: <%= @omniauth_allow_single_sign_on.to_json %> # Locks down those users until they have been cleared by the admin (default: true). block_auto_created_users: <%= @omniauth_block_auto_created_users %> # Look up new users in LDAP servers. If a match is found (same uid), automatically # link the omniauth identity with the LDAP account. (default: false) auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %> # Allow users with existing accounts to login and auto link their account via SAML # login, without having to do a manual login first and manually add SAML # (default: false) auto_link_saml_user: <%= @omniauth_auto_link_saml_user.to_json %> ## Auth providers # Uncomment the following lines and fill in the data of the auth provider you want to use # If your favorite auth provider is not listed you can use others: # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations # The 'app_id' and 'app_secret' parameters are always passed as the first two # arguments, followed by optional 'args' which can be either a hash or an array. # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: # - { name: 'google_oauth2', app_id: 'YOUR APP ID', # app_secret: 'YOUR APP SECRET', # args: { access_type: 'offline', approval_prompt: '' } } # - { name: 'twitter', app_id: 'YOUR APP ID', # app_secret: 'YOUR APP SECRET'} # - { name: 'github', app_id: 'YOUR APP ID', # app_secret: 'YOUR APP SECRET', # args: { scope: 'user:email' } } <% @omniauth_providers.each do |provider| %> - <%= provider.to_json %> <% end %> #} {# default ($RAILS_ROOT/shared/) is ok - we symlinked it to proper place # Shared file storage settings shared: path: <%= @shared_path %> #} # # 4. Advanced settings # ========================== # GitLab Satellites # Important: keep the satellites.path setting until GitLab 9.0 at # least. This setting is fed to 'rm -rf' in # db/migrate/20151023144219_remove_satellites.rb satellites: # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) path: /dev/null timeout: 0 ## Backup settings backup: path: "{{ gitlab.backup }}" # Relative paths are relative to Rails.root (default: tmp/backups/) {# default permission is ok archive_permissions: <%= @backup_archive_permissions %> # Permissions for the resulting backup.tar file (default: 0600) #} keep_time: {{ cfg('backup_keep_time') }} # default: 0 (forever) (in seconds) {# default to backup all schemas is just ok pg_schema: <%= @backup_pg_schema %> # default: nil, it means that all schemas will be backed up #} upload: {# we don't want to upload backup anywhere by gitlab builtin mechanisms # Fog storage connection settings, see http://fog.io/storage/ . connection: <%= @backup_upload_connection.to_json if @backup_upload_connection %> # The remote 'directory' to store your backups. For S3, this would be the bucket name. remote_directory: <%= single_quote(@backup_upload_remote_directory) %> multipart_chunk_size: <%= @backup_multipart_chunk_size %> encryption: <%= @backup_encryption %> #} ## GitLab Shell settings gitlab_shell: path: {{ gitlab_shell_work.location }} # REPOS_PATH MUST NOT BE A SYMLINK!!! repos_path: {{ gitlab.repositories }} hooks_path: {{ gitlab_shell_work.location }}/hooks/ secret_file: {{ gitlab_shell.secret }} # Git over HTTP upload_pack: true receive_pack: true {# Git over SSH is disabled elsewhere (so we don't care about ssh_port) # If you use non-standard ssh port you need to specify it ssh_port: <%= @gitlab_shell_ssh_port %> #} # git-annex support (EE only) # If this setting is set to true, the same setting in config.yml of # gitlab-shell needs to be set to true git_annex_enabled: <%= @git_annex_enabled %> ## Git settings # CAUTION! # Use the default values unless you really know what you are doing git: bin_path: {{ git }} # The next value is the maximum memory size grit can use # Given in number of bytes per git object (e.g. a commit) # This value can be increased if you have very large commits max_size: {{ cfg('git_max_size') }} # Git timeout to read a commit, in seconds timeout: {{ cfg('git_timeout') }} # # 5. Extra customization # ========================== extra: {# we do not use google analytics <% if @extra_google_analytics_id %> ## Google analytics. Uncomment if you want it google_analytics_id: <%= single_quote(@extra_google_analytics_id) %> <% end %> #} {# we do not use piwik <% if @extra_piwik_url %> ## Piwik analytics. piwik_url: <%= single_quote(@extra_piwik_url) %> piwik_site_id: <%= single_quote(@extra_piwik_site_id) %> <% end %> #} {# we are ok (for now) with default rack-attack git settings rack_attack: git_basic_auth: <%= @rack_attack_git_basic_auth.to_json if @rack_attack_git_basic_auth %> #} ## Site ICP License # XXX unquote needed only for slapos.core earlier than # https://lab.nexedi.com/nexedi/slapos.core/commit/347d33d6 # for now we have a lot of old slapos.core deployed... {% if cfg('icp_license') != '' -%} ICP: {{ urllib.unquote_plus( str(cfg('icp_license')) ).decode('utf-8') }} {# ICP: '{{ cfg("icp_license") }}' #} {% endif %} development: <<: *base test: <<: *base gravatar: enabled: true gitlab: host: localhost port: 80 # When you run tests we clone and setup gitlab-shell # In order to setup it correctly you need to specify # your system username you use to run GitLab # user: YOUR_USERNAME satellites: path: tmp/tests/gitlab-satellites/ gitlab_shell: path: tmp/tests/gitlab-shell/ repos_path: tmp/tests/repositories/ hooks_path: tmp/tests/gitlab-shell/hooks/ issues_tracker: redmine: title: "Redmine" project_url: "http://redmine/projects/:issues_tracker_id" issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" ldap: enabled: false servers: main: label: ldap host: 127.0.0.1 port: 3890 uid: 'uid' method: 'plain' # "tls" or "ssl" or "plain" base: 'dc=example,dc=com' user_filter: '' group_base: 'ou=groups,dc=example,dc=com' admin_group: '' sync_ssh_keys: false staging: <<: *base