1_settings.rb 24.5 KB
Newer Older
1 2
# rubocop:disable GitlabSecurity/PublicSend

3
require_dependency Rails.root.join('lib/gitlab') # Load Gitlab as soon as possible
4

5
class Settings < Settingslogic
6
  source ENV.fetch('GITLAB_CONFIG') { "#{Rails.root}/config/gitlab.yml" }
7
  namespace Rails.env
8 9

  class << self
10 11
    def gitlab_on_standard_port?
      on_standard_port?(gitlab)
12
    end
13

14 15
    def host_without_www(url)
      host(url).sub('www.', '')
16
    end
17

Valery Sizov's avatar
Valery Sizov committed
18
    def build_gitlab_ci_url
Douwe Maan's avatar
Douwe Maan committed
19 20 21 22 23 24
      custom_port =
        if on_standard_port?(gitlab)
          nil
        else
          ":#{gitlab.port}"
        end
Douwe Maan's avatar
Douwe Maan committed
25

26 27 28 29 30 31
      [
        gitlab.protocol,
        "://",
        gitlab.host,
        custom_port,
        gitlab.relative_url_root
Valery Sizov's avatar
Valery Sizov committed
32 33
      ].join('')
    end
34

35 36 37 38
    def build_pages_url
      base_url(pages).join('')
    end

39
    def build_gitlab_shell_ssh_path_prefix
40 41
      user_host = "#{gitlab_shell.ssh_user}@#{gitlab_shell.ssh_host}"

42
      if gitlab_shell.ssh_port != 22
43
        "ssh://#{user_host}:#{gitlab_shell.ssh_port}/"
44
      else
45
        if gitlab_shell.ssh_host.include? ':'
46
          "[#{user_host}]:"
47
        else
48
          "#{user_host}:"
49
        end
50 51 52
      end
    end

53
    def build_base_gitlab_url
54
      base_url(gitlab).join('')
55 56
    end

57
    def build_gitlab_url
58
      (base_url(gitlab) + [gitlab.relative_url_root]).join('')
59
    end
60

61 62 63
    # check that values in `current` (string or integer) is a contant in `modul`.
    def verify_constant_array(modul, current, default)
      values = default || []
64
      unless current.nil?
65 66 67 68 69 70 71 72 73 74 75
        values = []
        current.each do |constant|
          values.push(verify_constant(modul, constant, nil))
        end
        values.delete_if { |value| value.nil? }
      end
      values
    end

    # check that `current` (string or integer) is a contant in `modul`.
    def verify_constant(modul, current, default)
76
      constant = modul.constants.find { |name| modul.const_get(name) == current }
77 78 79 80 81 82
      value = constant.nil? ? default : modul.const_get(constant)
      if current.is_a? String
        value = modul.const_get(current.upcase) rescue default
      end
      value
    end
83

84 85 86 87
    def absolute(path)
      File.expand_path(path, Rails.root)
    end

88 89
    private

90 91
    def base_url(config)
      custom_port = on_standard_port?(config) ? nil : ":#{config.port}"
92

93 94 95 96 97
      [
        config.protocol,
        "://",
        config.host,
        custom_port
98 99
      ]
    end
100

101 102 103 104
    def on_standard_port?(config)
      config.port.to_i == (config.https ? 443 : 80)
    end

105 106 107 108 109 110 111 112 113 114
    # Extract the host part of the given +url+.
    def host(url)
      url = url.downcase
      url = "http://#{url}" unless url.start_with?('http')

      # Get rid of the path so that we don't even have to encode it
      url_without_path = url.sub(%r{(https?://[^\/]+)/?.*}, '\1')

      URI.parse(url_without_path).host
    end
115

116 117 118 119
    # Runs every minute in a random ten-minute period on Sundays, to balance the
    # load on the server receiving these pings. The usage ping is safe to run
    # multiple times because of a 24 hour exclusive lock.
    def cron_for_usage_ping
120
      hour = rand(24)
121
      minute = rand(6)
122

123
      "#{minute}0-#{minute}9 #{hour} * * 0"
124
    end
125 126
  end
end
127 128 129

# Default settings
Settings['ldap'] ||= Settingslogic.new({})
130
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
131

132 133 134
# backwards compatibility, we only have one host
if Settings.ldap['enabled'] || Rails.env.test?
  if Settings.ldap['host'].present?
135 136
    # We detected old LDAP configuration syntax. Update the config to make it
    # look like it was entered with the new syntax.
137
    server = Settings.ldap.except('sync_time')
138
    Settings.ldap['servers'] = {
139
      'main' => server
140
    }
141 142
  end

143
  Settings.ldap['servers'].each do |key, server|
144 145
    server = Settingslogic.new(server)

146
    server['label'] ||= 'LDAP'
147
    server['timeout'] ||= 10.seconds
148
    server['block_auto_created_users'] = false if server['block_auto_created_users'].nil?
149 150
    server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil?
    server['active_directory'] = true if server['active_directory'].nil?
151
    server['attributes'] = {} if server['attributes'].nil?
152
    server['provider_name'] ||= "ldap#{key}".downcase
153
    server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name'])
154 155 156 157 158

    # For backwards compatibility
    server['encryption'] ||= server['method']
    server['encryption'] = 'simple_tls' if server['encryption'] == 'ssl'
    server['encryption'] = 'start_tls' if server['encryption'] == 'tls'
Michael Kozono's avatar
Michael Kozono committed
159

160 161 162 163 164
    # Certificate verification was added in 9.4.2, and defaulted to false for
    # backwards-compatibility.
    #
    # Since GitLab 10.0, verify_certificates defaults to true for security.
    server['verify_certificates'] = true if server['verify_certificates'].nil?
165 166

    Settings.ldap['servers'][key] = server
167 168
  end
end
169 170

Settings['omniauth'] ||= Settingslogic.new({})
171
Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
172
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
173
Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
174
Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil?
175 176
Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block_auto_created_users'].nil?
Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
177
Settings.omniauth['auto_link_saml_user'] = false if Settings.omniauth['auto_link_saml_user'].nil?
178 179 180 181 182 183 184 185 186 187 188 189 190 191

Settings.omniauth['sync_profile_from_provider'] = false if Settings.omniauth['sync_profile_from_provider'].nil?
Settings.omniauth['sync_profile_attributes'] = ['email'] if Settings.omniauth['sync_profile_attributes'].nil?

# Handle backwards compatibility with merge request 11268
if Settings.omniauth['sync_email_from_provider']
  if Settings.omniauth['sync_profile_from_provider'].is_a?(Array)
    Settings.omniauth['sync_profile_from_provider'] |= [Settings.omniauth['sync_email_from_provider']]
  elsif !Settings.omniauth['sync_profile_from_provider']
    Settings.omniauth['sync_profile_from_provider'] = [Settings.omniauth['sync_email_from_provider']]
  end

  Settings.omniauth['sync_profile_attributes'] |= ['email'] unless Settings.omniauth['sync_profile_attributes'] == true
end
192

193
Settings.omniauth['providers'] ||= []
tduehr's avatar
tduehr committed
194 195 196 197
Settings.omniauth['cas3'] ||= Settingslogic.new({})
Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket'
198

199 200 201
# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.

github_default_url = "https://github.com"
202
github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github" }
203 204 205 206 207 208 209 210 211 212

if github_settings
  # For compatibility with old config files (before 7.8)
  # where people dont have url in github settings
  if github_settings['url'].blank?
    github_settings['url'] = github_default_url
  end

  github_settings["args"] ||= Settingslogic.new({})

Douwe Maan's avatar
Douwe Maan committed
213 214 215 216 217 218 219 220 221 222
  github_settings["args"]["client_options"] =
    if github_settings["url"].include?(github_default_url)
      OmniAuth::Strategies::GitHub.default_options[:client_options]
    else
      {
        "site"          => File.join(github_settings["url"], "api/v3"),
        "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
        "token_url"     => File.join(github_settings["url"], "login/oauth/access_token")
      }
    end
223
end
224

225
Settings['shared'] ||= Settingslogic.new({})
226
Settings.shared['path'] = Settings.absolute(Settings.shared['path'] || "shared")
227

228
Settings['issues_tracker'] ||= {}
229

230 231 232
#
# GitLab
#
233
Settings['gitlab'] ||= Settingslogic.new({})
234
Settings.gitlab['default_projects_limit'] ||= 100000
235
Settings.gitlab['default_branch_protection'] ||= 2
236
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
237
Settings.gitlab['default_theme'] = Gitlab::Themes::APPLICATION_DEFAULT if Settings.gitlab['default_theme'].nil?
238
Settings.gitlab['host']       ||= ENV['GITLAB_HOST'] || 'localhost'
239
Settings.gitlab['ssh_host']   ||= Settings.gitlab.host
240
Settings.gitlab['https']        = false if Settings.gitlab['https'].nil?
241
Settings.gitlab['port']       ||= ENV['GITLAB_PORT'] || (Settings.gitlab.https ? 443 : 80)
242
Settings.gitlab['relative_url_root'] ||= ENV['RAILS_RELATIVE_URL_ROOT'] || ''
243
Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http"
244
Settings.gitlab['email_enabled'] ||= true if Settings.gitlab['email_enabled'].nil?
245 246 247
Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings.gitlab.host}"
Settings.gitlab['email_display_name'] ||= ENV['GITLAB_EMAIL_DISPLAY_NAME'] || 'GitLab'
Settings.gitlab['email_reply_to'] ||= ENV['GITLAB_EMAIL_REPLY_TO'] || "noreply@#{Settings.gitlab.host}"
248
Settings.gitlab['email_subject_suffix'] ||= ENV['GITLAB_EMAIL_SUBJECT_SUFFIX'] || ""
249 250
Settings.gitlab['base_url']   ||= Settings.__send__(:build_base_gitlab_url)
Settings.gitlab['url']        ||= Settings.__send__(:build_gitlab_url)
251
Settings.gitlab['user']       ||= 'git'
252 253 254 255 256
Settings.gitlab['user_home']  ||= begin
  Etc.getpwnam(Settings.gitlab['user']).dir
rescue ArgumentError # no user configured
  '/home/' + Settings.gitlab['user']
end
257
Settings.gitlab['time_zone'] ||= nil
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
258
Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
259
Settings.gitlab['password_authentication_enabled'] ||= true if Settings.gitlab['password_authentication_enabled'].nil?
260
Settings.gitlab['restricted_visibility_levels'] = Settings.__send__(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
261
Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil?
262
Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil?
263
Settings.gitlab['default_projects_features'] ||= {}
264
Settings.gitlab['webhook_timeout'] ||= 10
265
Settings.gitlab['max_attachment_size'] ||= 10
266
Settings.gitlab['session_expire_delay'] ||= 10080
267 268 269
Settings.gitlab.default_projects_features['issues']             = true if Settings.gitlab.default_projects_features['issues'].nil?
Settings.gitlab.default_projects_features['merge_requests']     = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
Settings.gitlab.default_projects_features['wiki']               = true if Settings.gitlab.default_projects_features['wiki'].nil?
270
Settings.gitlab.default_projects_features['snippets']           = true if Settings.gitlab.default_projects_features['snippets'].nil?
271 272
Settings.gitlab.default_projects_features['builds']             = true if Settings.gitlab.default_projects_features['builds'].nil?
Settings.gitlab.default_projects_features['container_registry'] = true if Settings.gitlab.default_projects_features['container_registry'].nil?
273
Settings.gitlab.default_projects_features['visibility_level']   = Settings.__send__(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
274
Settings.gitlab['domain_whitelist'] ||= []
275
Settings.gitlab['import_sources'] ||= Gitlab::ImportSources.values
276
Settings.gitlab['trusted_proxies'] ||= []
277
Settings.gitlab['no_todos_messages'] ||= YAML.load_file(Rails.root.join('config', 'no_todos_messages.yml'))
278
Settings.gitlab['usage_ping_enabled'] = true if Settings.gitlab['usage_ping_enabled'].nil?
279

Valery Sizov's avatar
Valery Sizov committed
280 281 282 283
#
# CI
#
Settings['gitlab_ci'] ||= Settingslogic.new({})
284 285 286
Settings.gitlab_ci['shared_runners_enabled'] = true if Settings.gitlab_ci['shared_runners_enabled'].nil?
Settings.gitlab_ci['all_broken_builds']     = true if Settings.gitlab_ci['all_broken_builds'].nil?
Settings.gitlab_ci['add_pusher']            = false if Settings.gitlab_ci['add_pusher'].nil?
287
Settings.gitlab_ci['builds_path']           = Settings.absolute(Settings.gitlab_ci['builds_path'] || "builds/")
288
Settings.gitlab_ci['url']                 ||= Settings.__send__(:build_gitlab_ci_url)
Valery Sizov's avatar
Valery Sizov committed
289

Douwe Maan's avatar
Douwe Maan committed
290 291 292
#
# Reply by email
#
293
Settings['incoming_email'] ||= Settingslogic.new({})
294
Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled'].nil?
Douwe Maan's avatar
Douwe Maan committed
295

Kamil Trzcinski's avatar
Kamil Trzcinski committed
296 297 298 299 300
#
# Build Artifacts
#
Settings['artifacts'] ||= Settingslogic.new({})
Settings.artifacts['enabled']      = true if Settings.artifacts['enabled'].nil?
301
Settings.artifacts['path']         = Settings.absolute(Settings.artifacts['path'] || File.join(Settings.shared['path'], "artifacts"))
302
Settings.artifacts['max_size']   ||= 100 # in megabytes
Kamil Trzcinski's avatar
Kamil Trzcinski committed
303

304 305 306 307
#
# Registry
#
Settings['registry'] ||= Settingslogic.new({})
308 309
Settings.registry['enabled']       ||= false
Settings.registry['host']          ||= "example.com"
310
Settings.registry['port']          ||= nil
311 312 313
Settings.registry['api_url']       ||= "http://localhost:5000/"
Settings.registry['key']           ||= nil
Settings.registry['issuer']        ||= nil
Kamil Trzcinski's avatar
Kamil Trzcinski committed
314
Settings.registry['host_port']     ||= [Settings.registry['host'], Settings.registry['port']].compact.join(':')
315
Settings.registry['path']            = Settings.absolute(Settings.registry['path'] || File.join(Settings.shared['path'], 'registry'))
316

317
#
Kamil Trzcinski's avatar
Kamil Trzcinski committed
318
# Pages
319
#
Kamil Trzcinski's avatar
Kamil Trzcinski committed
320
Settings['pages'] ||= Settingslogic.new({})
321 322 323 324 325 326 327 328 329
Settings.pages['enabled']           = false if Settings.pages['enabled'].nil?
Settings.pages['path']              = Settings.absolute(Settings.pages['path'] || File.join(Settings.shared['path'], "pages"))
Settings.pages['https']             = false if Settings.pages['https'].nil?
Settings.pages['host']              ||= "example.com"
Settings.pages['port']              ||= Settings.pages.https ? 443 : 80
Settings.pages['protocol']          ||= Settings.pages.https ? "https" : "http"
Settings.pages['url']               ||= Settings.__send__(:build_pages_url)
Settings.pages['external_http']     ||= false unless Settings.pages['external_http'].present?
Settings.pages['external_https']    ||= false unless Settings.pages['external_https'].present?
330
Settings.pages['artifacts_server']  ||= Settings.pages['enabled'] if Settings.pages['artifacts_server'].nil?
Kamil Trzcinski's avatar
Kamil Trzcinski committed
331

Marin Jankovski's avatar
Marin Jankovski committed
332 333 334 335
#
# Git LFS
#
Settings['lfs'] ||= Settingslogic.new({})
Marin Jankovski's avatar
Marin Jankovski committed
336
Settings.lfs['enabled']      = true if Settings.lfs['enabled'].nil?
337
Settings.lfs['storage_path'] = Settings.absolute(Settings.lfs['storage_path'] || File.join(Settings.shared['path'], "lfs-objects"))
Marin Jankovski's avatar
Marin Jankovski committed
338

339 340 341 342
#
# Mattermost
#
Settings['mattermost'] ||= Settingslogic.new({})
Kamil Trzcinski's avatar
Kamil Trzcinski committed
343 344
Settings.mattermost['enabled'] = false if Settings.mattermost['enabled'].nil?
Settings.mattermost['host'] = nil unless Settings.mattermost.enabled
345

346 347 348
#
# Gravatar
#
349
Settings['gravatar'] ||= Settingslogic.new({})
350
Settings.gravatar['enabled']      = true if Settings.gravatar['enabled'].nil?
351 352
Settings.gravatar['plain_url']  ||= 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
Settings.gravatar['ssl_url']    ||= 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
353
Settings.gravatar['host']         = Settings.host_without_www(Settings.gravatar['plain_url'])
354

355 356 357 358
#
# Cron Jobs
#
Settings['cron_jobs'] ||= Settingslogic.new({})
359 360 361
Settings.cron_jobs['stuck_ci_jobs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_ci_jobs_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['stuck_ci_jobs_worker']['job_class'] = 'StuckCiJobsWorker'
362
Settings.cron_jobs['pipeline_schedule_worker'] ||= Settingslogic.new({})
363
Settings.cron_jobs['pipeline_schedule_worker']['cron'] ||= '19 * * * *'
364
Settings.cron_jobs['pipeline_schedule_worker']['job_class'] = 'PipelineScheduleWorker'
365
Settings.cron_jobs['expire_build_artifacts_worker'] ||= Settingslogic.new({})
366
Settings.cron_jobs['expire_build_artifacts_worker']['cron'] ||= '50 * * * *'
367
Settings.cron_jobs['expire_build_artifacts_worker']['job_class'] = 'ExpireBuildArtifactsWorker'
368 369
Settings.cron_jobs['repository_check_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['repository_check_worker']['cron'] ||= '20 * * * *'
370
Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::BatchWorker'
Jacob Vosmaer's avatar
Jacob Vosmaer committed
371
Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({})
372
Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0'
Jacob Vosmaer's avatar
Jacob Vosmaer committed
373
Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
374 375 376
Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['repository_archive_cache_worker']['job_class'] = 'RepositoryArchiveCacheWorker'
377 378 379
Settings.cron_jobs['import_export_project_cleanup_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['import_export_project_cleanup_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['import_export_project_cleanup_worker']['job_class'] = 'ImportExportProjectCleanupWorker'
380 381 382
Settings.cron_jobs['requests_profiles_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['requests_profiles_worker']['cron'] ||= '0 0 * * *'
Settings.cron_jobs['requests_profiles_worker']['job_class'] = 'RequestsProfilesWorker'
383 384 385
Settings.cron_jobs['remove_expired_members_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_expired_members_worker']['cron'] ||= '10 0 * * *'
Settings.cron_jobs['remove_expired_members_worker']['job_class'] = 'RemoveExpiredMembersWorker'
Douwe Maan's avatar
Douwe Maan committed
386 387 388
Settings.cron_jobs['remove_expired_group_links_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_expired_group_links_worker']['cron'] ||= '10 0 * * *'
Settings.cron_jobs['remove_expired_group_links_worker']['job_class'] = 'RemoveExpiredGroupLinksWorker'
389
Settings.cron_jobs['prune_old_events_worker'] ||= Settingslogic.new({})
390
Settings.cron_jobs['prune_old_events_worker']['cron'] ||= '0 */6 * * *'
391
Settings.cron_jobs['prune_old_events_worker']['job_class'] = 'PruneOldEventsWorker'
392

393 394 395
Settings.cron_jobs['trending_projects_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['trending_projects_worker']['cron'] = '0 1 * * *'
Settings.cron_jobs['trending_projects_worker']['job_class'] = 'TrendingProjectsWorker'
396 397 398
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['cron'] ||= '20 0 * * *'
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['job_class'] = 'RemoveUnreferencedLfsObjectsWorker'
399 400 401
Settings.cron_jobs['stuck_import_jobs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_import_jobs_worker']['cron'] ||= '15 * * * *'
Settings.cron_jobs['stuck_import_jobs_worker']['job_class'] = 'StuckImportJobsWorker'
402
Settings.cron_jobs['gitlab_usage_ping_worker'] ||= Settingslogic.new({})
403
Settings.cron_jobs['gitlab_usage_ping_worker']['cron'] ||= Settings.__send__(:cron_for_usage_ping)
404
Settings.cron_jobs['gitlab_usage_ping_worker']['job_class'] = 'GitlabUsagePingWorker'
405

406 407 408 409
Settings.cron_jobs['schedule_update_user_activity_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['schedule_update_user_activity_worker']['cron'] ||= '30 0 * * *'
Settings.cron_jobs['schedule_update_user_activity_worker']['job_class'] = 'ScheduleUpdateUserActivityWorker'

410 411 412 413
Settings.cron_jobs['remove_old_web_hook_logs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_old_web_hook_logs_worker']['cron'] ||= '40 0 * * *'
Settings.cron_jobs['remove_old_web_hook_logs_worker']['job_class'] = 'RemoveOldWebHookLogsWorker'

414 415 416 417
Settings.cron_jobs['stuck_merge_jobs_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_merge_jobs_worker']['cron'] ||= '0 */2 * * *'
Settings.cron_jobs['stuck_merge_jobs_worker']['job_class'] = 'StuckMergeJobsWorker'

418 419 420 421
#
# GitLab Shell
#
Settings['gitlab_shell'] ||= Settingslogic.new({})
422 423
Settings.gitlab_shell['path']           = Settings.absolute(Settings.gitlab_shell['path'] || Settings.gitlab['user_home'] + '/gitlab-shell/')
Settings.gitlab_shell['hooks_path']     = Settings.absolute(Settings.gitlab_shell['hooks_path'] || Settings.gitlab['user_home'] + '/gitlab-shell/hooks/')
424
Settings.gitlab_shell['secret_file'] ||= Rails.root.join('.gitlab_shell_secret')
425 426
Settings.gitlab_shell['receive_pack']   = true if Settings.gitlab_shell['receive_pack'].nil?
Settings.gitlab_shell['upload_pack']    = true if Settings.gitlab_shell['upload_pack'].nil?
427
Settings.gitlab_shell['ssh_host']     ||= Settings.gitlab.ssh_host
428 429 430
Settings.gitlab_shell['ssh_port']     ||= 22
Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
431
Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix)
432
Settings.gitlab_shell['git_timeout'] ||= 800
433

434 435 436 437 438 439
#
# Workhorse
#
Settings['workhorse'] ||= Settingslogic.new({})
Settings.workhorse['secret_file'] ||= Rails.root.join('.gitlab_workhorse_secret')

440 441 442 443 444
#
# Repositories
#
Settings['repositories'] ||= Settingslogic.new({})
Settings.repositories['storages'] ||= {}
445 446 447 448 449 450 451
unless Settings.repositories.storages['default']
  Settings.repositories.storages['default'] ||= {}
  # We set the path only if the default storage doesn't exist, in case it exists
  # but follows the pre-9.0 configuration structure. `6_validations.rb` initializer
  # will validate all storages and throw a relevant error to the user if necessary.
  Settings.repositories.storages['default']['path'] ||= Settings.gitlab['user_home'] + '/repositories/'
end
452

453 454 455
Settings.repositories.storages.each do |key, storage|
  storage = Settingslogic.new(storage)

456 457
  # Expand relative paths
  storage['path'] = Settings.absolute(storage['path'])
458 459

  Settings.repositories.storages[key] = storage
460 461
end

462 463 464 465 466 467 468
#
# The repository_downloads_path is used to remove outdated repository
# archives, if someone has it configured incorrectly, and it points
# to the path where repositories are stored this can cause some
# data-integrity issue. In this case, we sets it to the default
# repository_downloads_path value.
#
469
repositories_storages          = Settings.repositories.storages.values
470 471 472
repository_downloads_path      = Settings.gitlab['repository_downloads_path'].to_s.gsub(/\/$/, '')
repository_downloads_full_path = File.expand_path(repository_downloads_path, Settings.gitlab['user_home'])

473
if repository_downloads_path.blank? || repositories_storages.any? { |rs| [repository_downloads_path, repository_downloads_full_path].include?(rs['path'].gsub(/\/$/, '')) }
474 475 476
  Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive')
end

477 478 479
#
# Backup
#
480
Settings['backup'] ||= Settingslogic.new({})
481
Settings.backup['keep_time']  ||= 0
482
Settings.backup['pg_schema']    = nil
483
Settings.backup['path']         = Settings.absolute(Settings.backup['path'] || "tmp/backups/")
484
Settings.backup['archive_permissions'] ||= 0600
485
Settings.backup['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil })
486
Settings.backup['upload']['multipart_chunk_size'] ||= 104857600
487
Settings.backup['upload']['encryption'] ||= nil
488
Settings.backup['upload']['storage_class'] ||= nil
489

490 491 492
#
# Git
#
493
Settings['git'] ||= Settingslogic.new({})
494
Settings.git['bin_path'] ||= '/usr/bin/git'
495

496 497 498
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
# db/migrate/20151023144219_remove_satellites.rb
499
Settings['satellites'] ||= Settingslogic.new({})
500
Settings.satellites['path'] = Settings.absolute(Settings.satellites['path'] || "tmp/repo_satellites/")
501 502 503 504 505

#
# Extra customization
#
Settings['extra'] ||= Settingslogic.new({})
506

507 508 509 510 511
#
# Rack::Attack settings
#
Settings['rack_attack'] ||= Settingslogic.new({})
Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({})
512
Settings.rack_attack.git_basic_auth['enabled'] = true if Settings.rack_attack.git_basic_auth['enabled'].nil?
513
Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
514 515 516 517
Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute
Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour

518 519 520 521 522
#
# Gitaly
#
Settings['gitaly'] ||= Settingslogic.new({})

523 524 525 526 527 528 529 530 531
#
# Webpack settings
#
Settings['webpack'] ||= Settingslogic.new({})
Settings.webpack['dev_server'] ||= Settingslogic.new({})
Settings.webpack.dev_server['enabled'] ||= false
Settings.webpack.dev_server['host']    ||= 'localhost'
Settings.webpack.dev_server['port']    ||= 3808

532
#
533
# Monitoring settings
534
#
535
Settings['monitoring'] ||= Settingslogic.new({})
536
Settings.monitoring['ip_whitelist'] ||= ['127.0.0.1/8']
537
Settings.monitoring['unicorn_sampler_interval'] ||= 10
538 539 540 541
Settings.monitoring['sidekiq_exporter'] ||= Settingslogic.new({})
Settings.monitoring.sidekiq_exporter['enabled'] ||= false
Settings.monitoring.sidekiq_exporter['address'] ||= 'localhost'
Settings.monitoring.sidekiq_exporter['port'] ||= 3807
542

543 544 545 546 547
#
# Testing settings
#
if Rails.env.test?
  Settings.gitlab['default_projects_limit']   = 42
548
  Settings.gitlab['default_can_create_group'] = true
549
  Settings.gitlab['default_can_create_team']  = false
Robert Speicher's avatar
Robert Speicher committed
550
end
551 552

# Force a refresh of application settings at startup
553
ApplicationSetting.expire