add gitlab
This commit is contained in:
parent
4e62432a58
commit
82e2cdb355
7 changed files with 147 additions and 0 deletions
|
@ -16,6 +16,7 @@
|
||||||
- { role: home_assistant, tags: ["home_assistant"] }
|
- { role: home_assistant, tags: ["home_assistant"] }
|
||||||
- { role: n8n, tags: ["n8n"] }
|
- { role: n8n, tags: ["n8n"] }
|
||||||
- { role: matrix, tags: ["matrix"] }
|
- { role: matrix, tags: ["matrix"] }
|
||||||
|
- { role: gitlab, tags: ["gitlab"] }
|
||||||
- { role: iptables, tags: ["iptables"] }
|
- { role: iptables, tags: ["iptables"] }
|
||||||
- { role: borg, tags: ["borg"] }
|
- { role: borg, tags: ["borg"] }
|
||||||
- { role: watchtower, tags: ["watchtower"] }
|
- { role: watchtower, tags: ["watchtower"] }
|
||||||
|
|
22
roles/gitlab/tasks/base.yml
Normal file
22
roles/gitlab/tasks/base.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check gitlab directory exist
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: gitlab
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Copy template conf
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "gitlab/{{ item.dest }}"
|
||||||
|
loop:
|
||||||
|
- { src: 'docker-compose.yml', dest: 'docker-compose.yml' }
|
||||||
|
register: gitlab_copy_templates_results
|
||||||
|
|
||||||
|
- name: Update and restart container
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: gitlab
|
||||||
|
state: present
|
||||||
|
pull: true
|
||||||
|
restarted: "{{ gitlab_copy_templates_results.changed }}"
|
||||||
|
become: true
|
4
roles/gitlab/tasks/main.yml
Normal file
4
roles/gitlab/tasks/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- ansible.builtin.import_tasks: base.yml
|
||||||
|
name: base
|
116
roles/gitlab/templates/docker-compose.yml
Normal file
116
roles/gitlab/templates/docker-compose.yml
Normal file
|
@ -0,0 +1,116 @@
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
gitlab:
|
||||||
|
image: gitlab/gitlab-ce:latest
|
||||||
|
container_name: gitlab
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
GITLAB_OMNIBUS_CONFIG: |
|
||||||
|
external_url 'https://gitlab.{{ server.domain }}'
|
||||||
|
|
||||||
|
gitlab_rails['lfs_enabled'] = true
|
||||||
|
gitlab_rails['gitlab_shell_ssh_port'] = 22
|
||||||
|
nginx['listen_port'] = 80
|
||||||
|
nginx['listen_https'] = false
|
||||||
|
nginx['proxy_set_headers'] = {
|
||||||
|
'X-Forwarded-Proto' => 'https',
|
||||||
|
'X-Forwarded-Ssl' => 'on',
|
||||||
|
'Host' => 'gitlab.{{ server.domain }}'
|
||||||
|
}
|
||||||
|
|
||||||
|
registry['enable'] = true
|
||||||
|
registry_external_url 'https://registry.{{ server.domain }}'
|
||||||
|
registry_nginx['listen_port'] = 80
|
||||||
|
registry_nginx['listen_https'] = false
|
||||||
|
|
||||||
|
puma['worker_processes'] = 0
|
||||||
|
sidekiq['max_concurrency'] = 10
|
||||||
|
gitlab_rails['env'] = {
|
||||||
|
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000'
|
||||||
|
}
|
||||||
|
gitaly['configuration'] = {
|
||||||
|
concurrency: [
|
||||||
|
{
|
||||||
|
'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
|
||||||
|
'max_per_repo' => 3,
|
||||||
|
}, {
|
||||||
|
'rpc' => "/gitaly.SSHService/SSHUploadPack",
|
||||||
|
'max_per_repo' => 3,
|
||||||
|
},
|
||||||
|
],
|
||||||
|
cgroups: {
|
||||||
|
repositories: {
|
||||||
|
count: 2,
|
||||||
|
},
|
||||||
|
mountpoint: '/sys/fs/cgroup',
|
||||||
|
hierarchy_root: 'gitaly',
|
||||||
|
memory_bytes: 500000,
|
||||||
|
cpu_shares: 512,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
gitaly['env'] = {
|
||||||
|
'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000',
|
||||||
|
'GITALY_COMMAND_SPAWN_MAX_PARALLEL' => '2'
|
||||||
|
}
|
||||||
|
volumes:
|
||||||
|
- {{ server.work_dir }}/gitlab/data/:/var/opt/gitlab/
|
||||||
|
- {{ server.work_dir }}/gitlab/config/:/etc/gitlab/
|
||||||
|
- {{ server.work_dir }}/gitlab/logs/:/var/log/gitlab/
|
||||||
|
- /etc/timezone:/etc/timezone:ro
|
||||||
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- interne
|
||||||
|
- metrics
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.docker.network=proxy
|
||||||
|
# HTTP Reverse proxy Gitlab
|
||||||
|
- traefik.http.routers.gitlab-secure.entrypoints=https
|
||||||
|
- traefik.http.routers.gitlab-secure.rule=Host(`gitlab.{{ server.domain }}`)
|
||||||
|
- traefik.http.routers.gitlab-secure.tls=true
|
||||||
|
- traefik.http.routers.gitlab-secure.tls.certresolver=sslResolver
|
||||||
|
- traefik.http.routers.gitlab-secure.service=gitlab
|
||||||
|
- traefik.http.services.gitlab.loadbalancer.server.port=80
|
||||||
|
# HTTP Reverse proxy Registry
|
||||||
|
- traefik.http.routers.gitlab-registry-secure.entrypoints=https
|
||||||
|
- traefik.http.routers.gitlab-registry-secure.rule=Host(`registry.{{ server.domain }}`)
|
||||||
|
- traefik.http.routers.gitlab-registry-secure.tls=true
|
||||||
|
- traefik.http.routers.gitlab-registry-secure.tls.certresolver=sslResolver
|
||||||
|
- traefik.http.routers.gitlab-registry-secure.service=gitlab-registry
|
||||||
|
- traefik.http.services.gitlab-registry.loadbalancer.server.port=80
|
||||||
|
# TCP SSH Reverse proxy Gitlab
|
||||||
|
- traefik.tcp.routers.gitlab-ssh.rule=HostSNI(`gitlab.{{ server.domain }}`)
|
||||||
|
- traefik.tcp.routers.gitlab-ssh.entrypoints=ssh
|
||||||
|
- traefik.tcp.routers.gitlab-ssh.service=gitlab-ssh
|
||||||
|
- traefik.tcp.services.gitlab-ssh.loadbalancer.server.port=22
|
||||||
|
logging:
|
||||||
|
driver: loki
|
||||||
|
options:
|
||||||
|
loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
|
||||||
|
mode: non-blocking
|
||||||
|
|
||||||
|
gitlab-runner:
|
||||||
|
image: gitlab/gitlab-runner:alpine
|
||||||
|
container_name: gitlab-runner
|
||||||
|
restart: unless-stopped
|
||||||
|
depends_on:
|
||||||
|
- gitlab
|
||||||
|
volumes:
|
||||||
|
- {{ server.work_dir }}/gitlab/runner/:/etc/gitlab-runner/
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
networks:
|
||||||
|
- interne
|
||||||
|
logging:
|
||||||
|
driver: loki
|
||||||
|
options:
|
||||||
|
loki-url: "https://lokidoki:vEGH5Z5siWgcDkNknvCVzPCyqhHSBJCBjeBRZJvxUP8SdgfxJ6AqCGutCWugGsx5@loki.mrdev023.fr/loki/api/v1/push"
|
||||||
|
mode: non-blocking
|
||||||
|
|
||||||
|
networks:
|
||||||
|
interne:
|
||||||
|
metrics:
|
||||||
|
external: true
|
||||||
|
proxy:
|
||||||
|
external: true
|
|
@ -64,6 +64,7 @@
|
||||||
|
|
||||||
# SSH
|
# SSH
|
||||||
/sbin/iptables -A INPUT -p tcp --dport {{ server.ssh_port }} -j ACCEPT
|
/sbin/iptables -A INPUT -p tcp --dport {{ server.ssh_port }} -j ACCEPT
|
||||||
|
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT # ACCEPT SSH INPUT THROUGH TRAEFIK
|
||||||
/sbin/iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT # ACCEPT SSH OUTPUT LIKE GIT
|
/sbin/iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT # ACCEPT SSH OUTPUT LIKE GIT
|
||||||
|
|
||||||
# ICMP (Ping)
|
# ICMP (Ping)
|
||||||
|
|
|
@ -6,6 +6,8 @@ log:
|
||||||
accessLog: {}
|
accessLog: {}
|
||||||
|
|
||||||
entryPoints:
|
entryPoints:
|
||||||
|
ssh:
|
||||||
|
address: ":22"
|
||||||
http:
|
http:
|
||||||
address: ":80"
|
address: ":80"
|
||||||
http:
|
http:
|
||||||
|
|
|
@ -13,6 +13,7 @@ services:
|
||||||
vpn:
|
vpn:
|
||||||
ipv4_address: {{ server.vpn.reverse_proxy_ip }}
|
ipv4_address: {{ server.vpn.reverse_proxy_ip }}
|
||||||
ports:
|
ports:
|
||||||
|
- 22:22
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
volumes:
|
volumes:
|
||||||
|
|
Loading…
Reference in a new issue