-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
gitlab.yml
741 lines (653 loc) · 32 KB
/
gitlab.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
# # # # # # # # # # # # # # # # # #
# GitLab application config file #
# # # # # # # # # # # # # # # # # #
#
########################### NOTE #####################################
# This file should not receive new settings. All configuration options #
# * are being moved to ApplicationSetting model! #
# If a setting requires an application restart say so in that screen. #
# If you change this file in a Merge Request, please also create #
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests #
########################################################################
#
#
# How to use:
# 1. Copy file as gitlab.yml
# 2. Update gitlab -> host with your fully qualified domain name
# 3. Update gitlab -> email_from
# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
# IMPORTANT: If Git was installed in a different location use that instead.
# You can check with `which git`. If a wrong path of Git is specified, it will
# result in various issues such as failures of GitLab CI builds.
# 5. Review this configuration file for other settings you may want to adjust
production: &base
#
# 1. GitLab app settings
# ==========================
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
host: {{GITLAB_HOST}}
port: {{GITLAB_PORT}} # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
https: {{GITLAB_HTTPS}} # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
# (you'd obviously need to replace ssh.host_example.com with your own host).
# Otherwise, ssh host will be set to the `host:` value above
ssh_host: {{GITLAB_SSH_HOST}}
# Relative URL support
# WARNING: We recommend using an FQDN to host GitLab in a root path instead
# of using a relative URL.
# Documentation: http://doc.gitlab.com/ce/install/relative_url.html
# Uncomment and customize the following line to run in a non-root path
#
relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}}
# Trusted Proxies
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
trusted_proxies:
- {{GITLAB_TRUSTED_PROXIES}}
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
# user: git
## Date & Time settings
# Uncomment and customize if you want to change the default time zone of GitLab application.
# To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production`
time_zone: '{{GITLAB_TIMEZONE}}'
## Email settings
# Uncomment and set to false if you need to disable email sending from GitLab (default: true)
email_enabled: {{GITLAB_EMAIL_ENABLED}}
# Email address used in the "From" field in mails sent by GitLab
email_from: {{GITLAB_EMAIL}}
email_display_name: {{GITLAB_EMAIL_DISPLAY_NAME}}
email_reply_to: {{GITLAB_EMAIL_REPLY_TO}}
email_subject_suffix: '{{GITLAB_EMAIL_SUBJECT_SUFFIX}}'
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample
default_projects_limit: {{GITLAB_PROJECTS_LIMIT}}
default_can_create_group: {{GITLAB_CREATE_GROUP}} # default: true
username_changing_enabled: {{GITLAB_USERNAME_CHANGE}} # default: true - User can change her username/namespace
## Default theme ID
## 1 - Indigo
## 2 - Dark
## 3 - Light
## 4 - Blue
## 5 - Green
## 6 - Light Indigo
## 7 - Light Blue
## 8 - Light Green
## 9 - Red
## 10 - Light Red
default_theme: {{GITLAB_DEFAULT_THEME}}
# Enable or disable user signups (first run only)
signup_enabled: {{GITLAB_SIGNUP_ENABLED}}
## Automatic issue closing
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
# This happens when the commit is pushed or merged into the default branch of a project.
# When not specified the default issue_closing_pattern as specified below will be used.
# Tip: you can test your closing pattern at http://rubular.com.
# issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
## Default project features settings
default_projects_features:
issues: {{GITLAB_PROJECTS_ISSUES}}
merge_requests: {{GITLAB_PROJECTS_MERGE_REQUESTS}}
wiki: {{GITLAB_PROJECTS_WIKI}}
snippets: {{GITLAB_PROJECTS_SNIPPETS}}
builds: {{GITLAB_PROJECTS_BUILDS}}
container_registry: {{GITLAB_PROJECTS_CONTAINER_REGISTRY}}
## Webhook settings
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
webhook_timeout: {{GITLAB_WEBHOOK_TIMEOUT}}
## Repository downloads directory
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
# The default is 'shared/cache/archive/' relative to the root of the Rails app.
repository_downloads_path: {{GITLAB_DOWNLOADS_DIR}}
## Reply by email
# Allow users to comment on issues and merge requests by replying to notification emails.
# For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
incoming_email:
enabled: {{GITLAB_INCOMING_EMAIL_ENABLED}}
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
address: "{{GITLAB_INCOMING_EMAIL_ADDRESS}}"
# Email account username
# With third party providers, this is usually the full email address.
# With self-hosted email servers, this is usually the user part of the email address.
user: "{{IMAP_USER}}"
# Email account password
password: "{{IMAP_PASS}}"
# IMAP server host
host: "{{IMAP_HOST}}"
# IMAP server port
port: {{IMAP_PORT}}
# Whether the IMAP server uses SSL
ssl: {{IMAP_SSL}}
# Whether the IMAP server uses StartTLS
start_tls: {{IMAP_STARTTLS}}
# The mailbox where incoming mail will end up. Usually "inbox".
mailbox: "{{IMAP_MAILBOX}}"
# The IDLE command timeout.
idle_timeout: {{IMAP_TIMEOUT}}
## Build Artifacts
artifacts:
enabled: {{GITLAB_ARTIFACTS_ENABLED}}
# The location where build artifacts are stored (default: shared/artifacts).
path: {{GITLAB_ARTIFACTS_DIR}}
object_store:
enabled: {{GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
background_upload: {{GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment
aws_access_key_id: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## Git LFS
lfs:
enabled: {{GITLAB_LFS_ENABLED}}
# The location where LFS objects are stored (default: shared/lfs-objects).
storage_path: {{GITLAB_LFS_OBJECTS_DIR}}
object_store:
enabled: {{GITLAB_LFS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
background_upload: {{GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment
aws_access_key_id: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## Uploads (attachments, avatars, etc...)
uploads:
# The location where uploads objects are stored (default: public/).
storage_path: {{GITLAB_UPLOADS_STORAGE_PATH}}
base_dir: {{GITLAB_UPLOADS_BASE_DIR}}
object_store:
enabled: {{GITLAB_UPLOADS_OBJECT_STORE_ENABLED}}
remote_directory: {{GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY}} # The bucket name
direct_upload: {{GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD}} # Use Object Storage directly for uploads instead of background uploads if enabled (Default: false)
background_upload: {{GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD}} # Temporary option to limit automatic upload (Default: true)
proxy_download: {{GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD}} # Passthrough all downloads via GitLab instead of using Redirects to Object Storage
connection:
provider: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER}} # Only AWS supported at the moment
aws_access_key_id: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID}}
aws_secret_access_key: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY}}
region: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION}}
host: '{{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST}}' # default: s3.amazonaws.com
endpoint: '{{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT}}' # default: nil
path_style: {{GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE}} # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
## GitLab Pages
pages:
enabled: {{GITLAB_PAGES_ENABLED}}
# The location where pages are stored (default: shared/pages).
# path: shared/pages
# The domain under which the pages are served:
# http://group.example.com/project
# or project path can be a group page: group.example.com
host: {{GITLAB_PAGES_DOMAIN}}
port: {{GITLAB_PAGES_PORT}} # Set to 443 if you serve the pages with HTTPS
https: {{GITLAB_PAGES_HTTPS}} # Set to true if you serve the pages with HTTPS
artifacts_server: {{GITLAB_PAGES_ARTIFACTS_SERVER}}
external_http: {{GITLAB_PAGES_EXTERNAL_HTTP}} # If defined, enables custom domain support in GitLab Pages
external_https: {{GITLAB_PAGES_EXTERNAL_HTTPS}} # If defined, enables custom domain and certificate support in GitLab Pages
## Mattermost
## For enabling Add to Mattermost button
mattermost:
enabled: {{GITLAB_MATTERMOST_ENABLED}}
host: '{{GITLAB_MATTERMOST_URL}}'
## Gravatar
## If using gravatar.com, there's nothing to change here. For Libravatar
## you'll need to provide the custom URLs. For more information,
## see: https://docs.gitlab.com/ee/customization/libravatar.html
gravatar:
enabled: {{GITLAB_GRAVATAR_ENABLED}} # Use user avatar image from Gravatar.com (default: true)
# gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
plain_url: "{{GITLAB_GRAVATAR_HTTP_URL}}" # default: https://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
ssl_url: "{{GITLAB_GRAVATAR_HTTPS_URL}}" # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
## Sidekiq
sidekiq:
log_format: {{GITLAB_SIDEKIQ_LOG_FORMAT}} # (json is also supported)
## Auxiliary jobs
# Periodically executed jobs, to self-heal GitLab, do external synchronizations, etc.
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
cron_jobs:
# Flag stuck CI jobs as failed
stuck_ci_jobs_worker:
cron: "0 * * * *"
# Execute scheduled triggers
pipeline_schedule_worker:
cron: "{{GITLAB_PIPELINE_SCHEDULE_WORKER_CRON}}"
# Remove expired build artifacts
expire_build_artifacts_worker:
cron: "50 * * * *"
# Periodically run 'git fsck' on all repositories. If started more than
# once per hour you will have concurrent 'git fsck' jobs.
repository_check_worker:
cron: "20 * * * *"
# Send admin emails once a week
admin_email_worker:
cron: "0 0 * * 0"
# Remove outdated repository archives
repository_archive_cache_worker:
cron: "0 * * * *"
# Verify custom GitLab Pages domains
pages_domain_verification_cron_worker:
cron: "*/15 * * * *"
registry:
enabled: {{GITLAB_REGISTRY_ENABLED}}
host: {{GITLAB_REGISTRY_HOST}}
port: {{GITLAB_REGISTRY_PORT}}
api_url: {{GITLAB_REGISTRY_API_URL}} # internal address to the registry, will be used by GitLab to directly communicate with API
key: {{GITLAB_REGISTRY_KEY_PATH}}
path: {{GITLAB_REGISTRY_DIR}}
issuer: {{GITLAB_REGISTRY_ISSUER}}
#
# 2. GitLab CI settings
# ==========================
gitlab_ci:
# Default project notifications settings:
#
# Send emails only on broken builds (default: true)
all_broken_builds: {{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}
#
# Add pusher to recipients list (default: false)
add_pusher: {{GITLAB_NOTIFY_PUSHER}}
# The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
builds_path: {{GITLAB_BUILDS_DIR}}
#
# 3. Auth settings
# ==========================
## LDAP settings
# You can inspect a sample of the LDAP users with login access by running:
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
ldap:
enabled: {{LDAP_ENABLED}}
servers:
##########################################################################
#
# Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
# Enterprise Edition now supports connecting to multiple LDAP servers.
#
# If you are updating from the old (pre-7.4) syntax, you MUST give your
# old server the ID 'main'.
#
##########################################################################
main: # 'main' is the GitLab 'provider ID' of this LDAP server
## label
#
# A human-friendly name for your LDAP server. It is OK to change the label later,
# for instance if you find out it is too large to fit on the web page.
#
# Example: 'Paris' or 'Acme, Ltd.'
label: '{{LDAP_LABEL}}'
host: '{{LDAP_HOST}}'
port: {{LDAP_PORT}}
uid: '{{LDAP_UID}}'
encryption: '{{LDAP_METHOD}}' # "start_tls" or "simple_tls" or "plain"
verify_certificates: {{LDAP_VERIFY_SSL}}
ca_file: '{{LDAP_CA_FILE}}'
ssl_version: '{{LDAP_SSL_VERSION}}'
bind_dn: '{{LDAP_BIND_DN}}'
password: '{{LDAP_PASS}}'
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
# a request if the LDAP server becomes unresponsive.
# A value of 0 means there is no timeout.
timeout: {{LDAP_TIMEOUT}}
# This setting specifies if LDAP server is Active Directory LDAP server.
# For non AD servers it skips the AD specific queries.
# If your LDAP server is not AD, set this to false.
active_directory: {{LDAP_ACTIVE_DIRECTORY}}
# If allow_username_or_email_login is enabled, GitLab will ignore everything
# after the first '@' in the LDAP username submitted by the user on login.
#
# Example:
# - the user enters '[email protected]' and 'p@ssw0rd' as LDAP credentials;
# - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
#
# If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
# disable this setting, because the userPrincipalName contains an '@'.
allow_username_or_email_login: {{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}
# To maintain tight control over the number of active users on your GitLab installation,
# enable this setting to keep new users blocked until they have been cleared by the admin
# (default: false).
block_auto_created_users: {{LDAP_BLOCK_AUTO_CREATED_USERS}}
# Base where we can search for users
#
# Ex. ou=People,dc=gitlab,dc=example
#
base: '{{LDAP_BASE}}'
# Filter LDAP users
#
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
# Ex. (employeeType=developer)
#
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
#
user_filter: '{{LDAP_USER_FILTER}}'
# LDAP attributes that GitLab will use to create an account for the LDAP user.
# The specified attribute can either be the attribute name as a string (e.g. 'mail'),
# or an array of attribute names to try in order (e.g. ['mail', 'email']).
# Note that the user's LDAP login will always be the attribute specified as `uid` above.
attributes:
# The username will be used in paths for the user's own projects
# (like `gitlab.example.com/username/project`) and when mentioning
# them in issues, merge request and comments (like `@username`).
# If the attribute specified for `username` contains an email address,
# the GitLab username will be the part of the email address before the '@'.
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
# If no full name could be found at the attribute specified for `name`,
# the full name is determined using the attributes specified for
# `first_name` and `last_name`.
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
# If lowercase_usernames is enabled, GitLab will lower case the username.
lowercase_usernames: {{LDAP_LOWERCASE_USERNAMES}}
# GitLab EE only: add more LDAP servers
# Choose an ID made of a-z and 0-9 . This ID will be stored in the database
# so that GitLab can remember which LDAP server a user belongs to.
# uswest2:
# label:
# host:
# ....
## OmniAuth settings
omniauth:
# Allow login via Twitter, Google, etc. using OmniAuth providers
enabled: {{OAUTH_ENABLED}}
# Uncomment this to automatically sign in with a specific omniauth provider's without
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
auto_sign_in_with_provider: {{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}
# Sync user's email address from the specified Omniauth provider every time the user logs
# in (default: nil). And consequently make this field read-only.
# sync_email_from_provider: cas3
# CAUTION!
# This allows users to login without having a user account first. Define the allowed providers
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
# User accounts will be created automatically when authentication was successful.
allow_single_sign_on: [{{OAUTH_ALLOW_SSO}}]
# Locks down those users until they have been cleared by the admin (default: true).
block_auto_created_users: {{OAUTH_BLOCK_AUTO_CREATED_USERS}}
# Look up new users in LDAP servers. If a match is found (same uid), automatically
# link the omniauth identity with the LDAP account. (default: false)
auto_link_ldap_user: {{OAUTH_AUTO_LINK_LDAP_USER}}
# Allow users with existing accounts to login and auto link their account via SAML
# login, without having to do a manual login first and manually add SAML
# (default: false)
auto_link_saml_user: {{OAUTH_AUTO_LINK_SAML_USER}}
# Set different Omniauth providers as external so that all users creating accounts
# via these providers will not be able to have access to internal projects. You
# will need to use the full name of the provider, like `google_oauth2` for Google.
# Refer to the examples below for the full names of the supported providers.
# (default: [])
external_providers: [{{OAUTH_EXTERNAL_PROVIDERS}}]
## Auth providers
# Uncomment the following lines and fill in the data of the auth provider you want to use
# If your favorite auth provider is not listed you can use others:
# see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
# The 'app_id' and 'app_secret' parameters are always passed as the first two
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
providers:
# See omniauth-cas3 for more configuration details
- { name: 'cas3',
label: '{{OAUTH_CAS3_LABEL}}',
args: {
url: '{{OAUTH_CAS3_SERVER}}',
disable_ssl_verification: {{OAUTH_CAS3_DISABLE_SSL_VERIFICATION}},
login_url: '{{OAUTH_CAS3_LOGIN_URL}}',
service_validate_url: '{{OAUTH_CAS3_VALIDATE_URL}}',
logout_url: '{{OAUTH_CAS3_LOGOUT_URL}}'} }
- { name: 'authentiq',
app_id: '{{OAUTH_AUTHENTIQ_CLIENT_ID}}',
app_secret: 'OAUTH_AUTHENTIQ_CLIENT_SECRET',
args: { scope: {{OAUTH_AUTHENTIQ_SCOPE}}, redirect_uri: '{{OAUTH_AUTHENTIQ_REDIRECT_URI}}' } }
- { name: 'github',
label: 'GitHub',
app_id: '{{OAUTH_GITHUB_API_KEY}}',
app_secret: '{{OAUTH_GITHUB_APP_SECRET}}',
url: "{{OAUTH_GITHUB_URL}}",
verify_ssl: {{OAUTH_GITHUB_VERIFY_SSL}},
args: { scope: '{{OAUTH_GITHUB_SCOPE}}' } }
- { name: 'bitbucket',
app_id: '{{OAUTH_BITBUCKET_API_KEY}}',
app_secret: '{{OAUTH_BITBUCKET_APP_SECRET}}' }
- { name: 'gitlab',
label: 'GitLab.com',
app_id: '{{OAUTH_GITLAB_API_KEY}}',
app_secret: '{{OAUTH_GITLAB_APP_SECRET}}',
args: { scope: '{{OAUTH_GITLAB_SCOPE}}' } }
- { name: 'google_oauth2',
label: 'Google',
app_id: '{{OAUTH_GOOGLE_API_KEY}}',
app_secret: '{{OAUTH_GOOGLE_APP_SECRET}}',
args: {
access_type: 'offline',
approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}',
hd: [{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}] } }
- { name: 'facebook',
app_id: '{{OAUTH_FACEBOOK_API_KEY}}',
app_secret: '{{OAUTH_FACEBOOK_APP_SECRET}}' }
- { name: 'twitter',
app_id: '{{OAUTH_TWITTER_API_KEY}}',
app_secret: '{{OAUTH_TWITTER_APP_SECRET}}' }
- { name: 'saml',
label: '{{OAUTH_SAML_LABEL}}',
groups_attribute: '{{OAUTH_SAML_GROUPS_ATTRIBUTE}}',
external_groups: [{{OAUTH_SAML_EXTERNAL_GROUPS}}],
args: {
assertion_consumer_service_url: '{{OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}}',
idp_cert_fingerprint: '{{OAUTH_SAML_IDP_CERT_FINGERPRINT}}',
idp_sso_target_url: '{{OAUTH_SAML_IDP_SSO_TARGET_URL}}',
issuer: '{{OAUTH_SAML_ISSUER}}',
attribute_statements: {
first_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME}}'],
last_name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME}}'],
name: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME}}'],
email: ['{{OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL}}'] },
name_identifier_format: '{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}' } }
- { name: 'crowd',
args: {
crowd_server_url: '{{OAUTH_CROWD_SERVER_URL}}',
application_name: '{{OAUTH_CROWD_APP_NAME}}',
application_password: '{{OAUTH_CROWD_APP_PASSWORD}}' } }
- { name: 'auth0',
args: {
client_id: '{{OAUTH_AUTH0_CLIENT_ID}}',
client_secret: '{{OAUTH_AUTH0_CLIENT_SECRET}}',
namespace: '{{OAUTH_AUTH0_DOMAIN}}' } }
- { name: 'azure_oauth2',
args: {
client_id: '{{OAUTH_AZURE_API_KEY}}',
client_secret: '{{OAUTH_AZURE_API_SECRET}}',
tenant_id: '{{OAUTH_AZURE_TENANT_ID}}' } }
# SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
# cas3:
# session_duration: 28800
# Shared file storage settings
shared:
path: {{GITLAB_SHARED_DIR}}
# Gitaly settings
gitaly:
# Path to the directory containing Gitaly client executables.
client_path: {{GITALY_CLIENT_PATH}}
# Default Gitaly authentication token. Can be overriden per storage. Can
# be left blank when Gitaly is running locally on a Unix socket, which
# is the normal way to deploy Gitaly.
token: {{GITALY_TOKEN}}
#
# 4. Advanced settings
# ==========================
## Repositories settings
repositories:
# Paths where repositories can be stored. Give the canonicalized absolute pathname.
# IMPORTANT: None of the path components may be symlink, because
# gitlab-shell invokes Dir.pwd inside the repository path and that results
# real path not the symlink.
storages: # You must have at least a `default` storage path.
default:
path: {{GITLAB_REPOS_DIR}}/
gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
## Backup settings
backup:
path: "{{GITLAB_BACKUP_DIR}}" # Relative paths are relative to Rails.root (default: tmp/backups/)
archive_permissions: {{GITLAB_BACKUP_ARCHIVE_PERMISSIONS}} # Permissions for the resulting backup.tar file (default: 0600)
keep_time: {{GITLAB_BACKUP_EXPIRY}} # default: 0 (forever) (in seconds)
pg_schema: {{GITLAB_BACKUP_PG_SCHEMA}} # default: nil, it means that all schemas will be backed up
upload:
# Fog storage connection settings, see http://fog.io/storage/ .
#start-aws
connection:
provider: AWS
region: {{AWS_BACKUP_REGION}}
endpoint: {{AWS_BACKUP_ENDPOINT}}
path_style: {{AWS_BACKUP_PATH_STYLE}}
aws_access_key_id: {{AWS_BACKUP_ACCESS_KEY_ID}}
aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}'
# The remote 'directory' to store your backups. For S3, this would be the bucket name.
remote_directory: '{{AWS_BACKUP_BUCKET}}'
#start-multipart-aws
# Use multipart uploads when file size reaches 100MB, see
# http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
multipart_chunk_size: {{AWS_BACKUP_MULTIPART_CHUNK_SIZE}}
#end-multipart-aws
#start-encryption-aws
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
encryption: 'AES256'
#end-encryption-aws
# Specifies Amazon S3 storage class to use for backups, this is optional
storage_class: '{{AWS_BACKUP_STORAGE_CLASS}}'
# Fog storage connection settings, see http://fog.io/storage/ .
#end-aws
#start-gcs
connection:
provider: Google
google_storage_access_key_id: {{GCS_BACKUP_ACCESS_KEY_ID}}
google_storage_secret_access_key: '{{GCS_BACKUP_SECRET_ACCESS_KEY}}'
remote_directory: '{{GCS_BACKUP_BUCKET}}'
#end-gcs
## GitLab Shell settings
gitlab_shell:
path: {{GITLAB_SHELL_INSTALL_DIR}}/
hooks_path: {{GITLAB_SHELL_INSTALL_DIR}}/hooks/
# File that contains the secret key for verifying access for gitlab-shell.
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
secret_file: {{GITLAB_INSTALL_DIR}}/.gitlab_shell_secret
# Git over HTTP
upload_pack: true
receive_pack: true
# Git import/fetch timeout, in seconds. Defaults to 3 hours.
# git_timeout: 10800
# If you use non-standard ssh port you need to specify it
ssh_port: {{GITLAB_SSH_PORT}}
## Git settings
# CAUTION!
# Use the default values unless you really know what you are doing
git:
bin_path: /usr/bin/git
## Webpack settings
# If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
# on a given port instead of serving directly from /assets/webpack. This is only indended for use
# in development.<Paste>
webpack:
# dev_server:
# enabled: true
# host: localhost
# port: 3808
## Monitoring
# Built in monitoring settings
monitoring:
# Time between sampling of unicorn socket metrics, in seconds
unicorn_sampler_interval: {{GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL}}
# IP whitelist to access monitoring endpoints
ip_whitelist:
- {{GITLAB_MONITORING_IP_WHITELIST}}
# Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
sidekiq_exporter:
enabled: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED}}
address: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS}}
port: {{GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT}}
#
# 5. Extra customization
# ==========================
extra:
## Google analytics. Uncomment if you want it
google_analytics_id: '{{GOOGLE_ANALYTICS_ID}}'
## Piwik analytics.
piwik_url: '{{PIWIK_URL}}'
piwik_site_id: '{{PIWIK_SITE_ID}}'
rack_attack:
git_basic_auth:
# Rack Attack IP banning enabled
enabled: {{RACK_ATTACK_ENABLED}}
#
# Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
ip_whitelist: [{{RACK_ATTACK_WHITELIST}}]
#
# Limit the number of Git HTTP authentication attempts per IP
maxretry: {{RACK_ATTACK_MAXRETRY}}
#
# Reset the auth attempt counter per IP after 60 seconds
findtime: {{RACK_ATTACK_FINDTIME}}
#
# Ban an IP for one hour (3600s) after too many auth attempts
bantime: {{RACK_ATTACK_BANTIME}}
development:
<<: *base
test:
<<: *base
gravatar:
enabled: true
lfs:
enabled: false
gitlab:
host: localhost
port: 80
# When you run tests we clone and setup gitlab-shell
# In order to setup it correctly you need to specify
# your system username you use to run GitLab
# user: YOUR_USERNAME
pages:
path: tmp/tests/pages
artifacts:
path: tmp/tests/artifacts
repositories:
storages:
default:
path: tmp/tests/repositories/
gitaly_adress: unix:tmp/tests/gitaly/gitaly.socket
backup:
path: tmp/tests/backups
gitlab_shell:
path: tmp/tests/gitlab-shell/
hooks_path: tmp/tests/gitlab-shell/hooks/
issues_tracker:
redmine:
title: "Redmine"
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
jira:
title: "JIRA"
url: https://sample_company.atlasian.net
project_key: PROJECT
ldap:
enabled: false
servers:
main:
label: ldap
host: 127.0.0.1
port: 3890
uid: 'uid'
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
base: 'dc=example,dc=com'
user_filter: ''
group_base: 'ou=groups,dc=example,dc=com'
admin_group: ''
staging:
<<: *base