add gitlab

roles/gitlab/templates/docker-compose.yml

@@ -0,0 +1,116 @@
+version: '3'
+
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:latest
+    container_name: gitlab
+    restart: unless-stopped
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://gitlab.{{ server.domain }}'
+
+        gitlab_rails['lfs_enabled'] = true
+        gitlab_rails['gitlab_shell_ssh_port'] = 22
+        nginx['listen_port'] = 80
+        nginx['listen_https'] = false
+        nginx['proxy_set_headers'] = {
+          'X-Forwarded-Proto' => 'https',
+          'X-Forwarded-Ssl' => 'on',
+          'Host' => 'gitlab.{{ server.domain }}'
+        }
+
+        registry['enable'] = true
+        registry_external_url 'https://registry.{{ server.domain }}'
+        registry_nginx['listen_port'] = 80
+        registry_nginx['listen_https'] = false
+
+        puma['worker_processes'] = 0
+        sidekiq['max_concurrency'] = 10
+        gitlab_rails['env'] = {
+          'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
+        }
+        gitaly['configuration'] = {
+          concurrency: [
+            {
+              'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
+              'max_per_repo' => 3,
+            }, {
+              'rpc' => "/gitaly.SSHService/SSHUploadPack",
+              'max_per_repo' => 3,
+            },
+          ],
+          cgroups: {
+            repositories: {
+              count: 2,
+            },
+            mountpoint: '/sys/fs/cgroup',
+            hierarchy_root: 'gitaly',
+            memory_bytes: 500000,
+            cpu_shares: 512,
+          },
+        }
+        gitaly['env'] = {
+          'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000',
+          'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
+        }
+    volumes:
+      - {{ server.work_dir }}/gitlab/data/:/var/opt/gitlab/
+      - {{ server.work_dir }}/gitlab/config/:/etc/gitlab/
+      - {{ server.work_dir }}/gitlab/logs/:/var/log/gitlab/
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - proxy
+      - interne
+      - metrics
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=proxy
+      # HTTP Reverse proxy Gitlab
+      - traefik.http.routers.gitlab-secure.entrypoints=https
+      - traefik.http.routers.gitlab-secure.rule=Host(`gitlab.{{ server.domain }}`)
+      - traefik.http.routers.gitlab-secure.tls=true
+      - traefik.http.routers.gitlab-secure.tls.certresolver=sslResolver
+      - traefik.http.routers.gitlab-secure.service=gitlab
+      - traefik.http.services.gitlab.loadbalancer.server.port=80
+      # HTTP Reverse proxy Registry
+      - traefik.http.routers.gitlab-registry-secure.entrypoints=https
+      - traefik.http.routers.gitlab-registry-secure.rule=Host(`registry.{{ server.domain }}`)
+      - traefik.http.routers.gitlab-registry-secure.tls=true
+      - traefik.http.routers.gitlab-registry-secure.tls.certresolver=sslResolver
+      - traefik.http.routers.gitlab-registry-secure.service=gitlab-registry
+      - traefik.http.services.gitlab-registry.loadbalancer.server.port=80
+      # TCP SSH Reverse proxy Gitlab
+      - traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`gitlab.{{ server.domain }}`)
+      - traefik.tcp.routers.gitlab-ssh.entrypoints=ssh
+      - traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh
+      - traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22
+    logging:
+      driver: loki
+      options:
+        loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
+        mode: non-blocking
+
+  gitlab-runner:
+    image: gitlab/gitlab-runner:alpine
+    container_name: gitlab-runner
+    restart: unless-stopped
+    depends_on:
+      - gitlab
+    volumes:
+      - {{ server.work_dir }}/gitlab/runner/:/etc/gitlab-runner/
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - interne
+    logging:
+      driver: loki
+      options:
+        loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
+        mode: non-blocking
+
+networks:
+  interne:
+  metrics:
+    external: true
+  proxy:
+    external: true