From c7bde8b3ddc27b988f6a8ef4ea6ecf2266537031 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 28 May 2021 22:49:48 +0100 Subject: [PATCH] Init a GitLab server Some day i'll make up my mind on which server to use, honest! --- ansible/galaxy-requirements.yml | 1 + ansible/group_vars/all/pve.yml | 2 ++ ansible/hosts | 1 + ansible/main.yml | 4 ++++ ansible/roles/gitlab/files/gitlab.rb | 36 ++++++++++++++++++++++++++++ ansible/roles/gitlab/tasks/main.yml | 4 ++++ ansible/roles/gitlab/vars/main.yml | 2 ++ 7 files changed, 50 insertions(+) create mode 100644 ansible/roles/gitlab/files/gitlab.rb create mode 100644 ansible/roles/gitlab/tasks/main.yml create mode 100644 ansible/roles/gitlab/vars/main.yml diff --git a/ansible/galaxy-requirements.yml b/ansible/galaxy-requirements.yml index d32e3ad..1baf510 100644 --- a/ansible/galaxy-requirements.yml +++ b/ansible/galaxy-requirements.yml @@ -13,3 +13,4 @@ roles: name: proxmox-nag-removal - src: chmduquesne.iptables_persistent - src: rossmcdonald.telegraf + - src: geerlingguy.gitlab diff --git a/ansible/group_vars/all/pve.yml b/ansible/group_vars/all/pve.yml index a20eb1e..f5c97a1 100644 --- a/ansible/group_vars/all/pve.yml +++ b/ansible/group_vars/all/pve.yml @@ -15,3 +15,5 @@ pve_hosts: external_ip: 192.168.2.200 qbittorrent: ip: 10.23.1.21 + gitlab: + ip: 10.23.1.43 diff --git a/ansible/hosts b/ansible/hosts index ec376e1..5d4174a 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -10,3 +10,4 @@ jellyfin forrest qbittorrent restic +gitlab diff --git a/ansible/main.yml b/ansible/main.yml index 6fafe82..215dd54 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -95,3 +95,7 @@ - hosts: restic roles: - restic + +- hosts: gitlab + roles: + - gitlab diff --git a/ansible/roles/gitlab/files/gitlab.rb b/ansible/roles/gitlab/files/gitlab.rb new file mode 100644 index 0000000..e1a1731 --- /dev/null +++ b/ansible/roles/gitlab/files/gitlab.rb @@ -0,0 +1,36 @@ +external_url 'https://{{ pve_hosts.gitlab.ip }}' # Obviously temporary +nginx['redirect_http_to_https'] = false +alertmanager['enable'] = false +prometheus_monitoring['enable'] = false +grafana['enable'] = false +nginx['status'] = { + 'enable' => false +} + +nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem" +nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key" +letsencrypt['enable'] = false + +gitlab_rails['time_zone'] = '{{ TZ }}' + +# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html +puma['worker_processes'] = 2 +sidekiq['max_concurrency'] = 5 +gitaly['ruby_max_rss'] = 200_000_000 +gitaly['cgroups_count'] = 2 +gitaly['cgroups_mountpoint'] = '/sys/fs/cgroup' +gitaly['cgroups_hierarchy_root'] = 'gitaly' +gitaly['cgroups_memory_enabled'] = true +gitaly['cgroups_memory_limit'] = 250000 +gitaly['cgroups_cpu_enabled'] = true +gitaly['cgroups_cpu_shares'] = 512 +gitaly['env'] = { + 'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2' +} + + +gitlab_rails['gitlab_default_theme'] = 2 + +nginx['real_ip_header'] = 'X-Forwarded-For' +#nginx['real_ip_trusted_addresses'] = ['172.80.0.0/16'] +#gitlab_rails['trusted_proxies'] = ['172.80.0.0/16'] diff --git a/ansible/roles/gitlab/tasks/main.yml b/ansible/roles/gitlab/tasks/main.yml new file mode 100644 index 0000000..d1cb727 --- /dev/null +++ b/ansible/roles/gitlab/tasks/main.yml @@ -0,0 +1,4 @@ +- name: Install and configure GitLab + import_role: + name: geerlingguy.gitlab + become: true diff --git a/ansible/roles/gitlab/vars/main.yml b/ansible/roles/gitlab/vars/main.yml new file mode 100644 index 0000000..ed244a9 --- /dev/null +++ b/ansible/roles/gitlab/vars/main.yml @@ -0,0 +1,2 @@ +gitlab_config_template: files/gitlab.rb +gitlab_create_self_signed_cert: false