2021-05-28 22:49:48 +01:00 · 2021-05-28 22:49:48 +01:00 · c7bde8b3dd
commit c7bde8b3dd
parent 5ac5e2f8ab
7 changed files with 50 additions and 0 deletions
--- a/ansible/galaxy-requirements.yml
+++ b/ansible/galaxy-requirements.yml
@ -13,3 +13,4 @@ roles:
    name: proxmox-nag-removal
  - src: chmduquesne.iptables_persistent
  - src: rossmcdonald.telegraf
+  - src: geerlingguy.gitlab
--- a/ansible/group_vars/all/pve.yml
+++ b/ansible/group_vars/all/pve.yml
@ -15,3 +15,5 @@ pve_hosts:
    external_ip: 192.168.2.200
  qbittorrent:
    ip: 10.23.1.21
+  gitlab:
+    ip: 10.23.1.43
--- a/ansible/hosts
+++ b/ansible/hosts
@ -10,3 +10,4 @@ jellyfin
 forrest
 qbittorrent
 restic
+gitlab
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -95,3 +95,7 @@
 - hosts: restic
  roles:
    - restic
+
+- hosts: gitlab
+  roles:
+    - gitlab
--- a/ansible/roles/gitlab/files/gitlab.rb
+++ b/ansible/roles/gitlab/files/gitlab.rb
@ -0,0 +1,36 @@
+external_url 'https://{{ pve_hosts.gitlab.ip }}'  # Obviously temporary
+nginx['redirect_http_to_https'] = false
+alertmanager['enable'] = false
+prometheus_monitoring['enable'] = false
+grafana['enable'] = false
+nginx['status'] = {
+    'enable' => false
+}
+
+nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
+letsencrypt['enable'] = false
+
+gitlab_rails['time_zone'] = '{{ TZ }}'
+
+# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
+puma['worker_processes'] = 2
+sidekiq['max_concurrency'] = 5
+gitaly['ruby_max_rss'] = 200_000_000
+gitaly['cgroups_count'] = 2
+gitaly['cgroups_mountpoint'] = '/sys/fs/cgroup'
+gitaly['cgroups_hierarchy_root'] = 'gitaly'
+gitaly['cgroups_memory_enabled'] = true
+gitaly['cgroups_memory_limit'] = 250000
+gitaly['cgroups_cpu_enabled'] = true
+gitaly['cgroups_cpu_shares'] = 512
+gitaly['env'] = {
+  'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
+}
+
+
+gitlab_rails['gitlab_default_theme'] = 2
+
+nginx['real_ip_header'] = 'X-Forwarded-For'
+#nginx['real_ip_trusted_addresses'] = ['172.80.0.0/16']
+#gitlab_rails['trusted_proxies'] = ['172.80.0.0/16']
--- a/ansible/roles/gitlab/tasks/main.yml
+++ b/ansible/roles/gitlab/tasks/main.yml
@ -0,0 +1,4 @@
+- name: Install and configure GitLab
+  import_role:
+    name: geerlingguy.gitlab
+  become: true
--- a/ansible/roles/gitlab/vars/main.yml
+++ b/ansible/roles/gitlab/vars/main.yml
@ -0,0 +1,2 @@
+gitlab_config_template: files/gitlab.rb
+gitlab_create_self_signed_cert: false