MoTastischYT

Gitlab.rb

Apr 4th, 2022
32
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ## GitLab configuration settings
  2. ##! This file is generated during initial installation and **is not** modified
  3. ##! during upgrades.
  4. ##! Check out the latest version of this file to know about the different
  5. ##! settings that can be configured, when they were introduced and why:
  6. ##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template
  7.  
  8. ##! Locally, the complete template corresponding to the installed version can be found at:
  9. ##! /opt/gitlab/etc/gitlab.rb.template
  10.  
  11. ##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
  12. ##! the gitlab.rb.template from the currently running version.
  13.  
  14. ##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
  15. ##! running `gitlab-ctl reconfigure`
  16.  
  17. ##! In general, the values specified here should reflect what the default value of the attribute will be.
  18. ##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
  19. ##! or connecting to third party services.
  20. ##! In those instances, we endeavour to provide an example configuration.
  21.  
  22. ## GitLab URL
  23. ##! URL on which GitLab will be reachable.
  24. ##! For more details on configuring external_url see:
  25. ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
  26. ##!
  27. ##! Note: During installation/upgrades, the value of the environment variable
  28. ##! EXTERNAL_URL will be used to populate/replace this value.
  29. ##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
  30. ##! address from AWS. For more details, see:
  31. ##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
  32. #external_url 'https://git.motastish.ga'
  33.  
  34. ## Roles for multi-instance GitLab
  35. ##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
  36. ##! Options:
  37. ##! redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
  38. ##! postgres_role consul_role application_role monitoring_role
  39. ##! For more details on each role, see:
  40. ##! https://docs.gitlab.com/omnibus/roles/README.html#roles
  41. ##!
  42. # roles ['redis_sentinel_role', 'redis_master_role']
  43.  
  44. ## Legend
  45. ##! The following notations at the beginning of each line may be used to
  46. ##! differentiate between components of this file and to easily select them using
  47. ##! a regex.
  48. ##! ## Titles, subtitles etc
  49. ##! ##! More information - Description, Docs, Links, Issues etc.
  50. ##! Configuration settings have a single # followed by a single space at the
  51. ##! beginning; Remove them to enable the setting.
  52.  
  53. ##! **Configuration settings below are optional.**
  54.  
  55.  
  56. ################################################################################
  57. ################################################################################
  58. ## Configuration Settings for GitLab CE and EE ##
  59. ################################################################################
  60. ################################################################################
  61.  
  62. ################################################################################
  63. ## gitlab.yml configuration
  64. ##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
  65. ################################################################################
  66. # gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
  67. # gitlab_rails['gitlab_ssh_user'] = ''
  68. # gitlab_rails['time_zone'] = 'UTC'
  69.  
  70. ### Request duration
  71. ###! Tells the rails application how long it has to complete a request
  72. ###! This value needs to be lower than the worker timeout set in puma.
  73. ###! By default, we'll allow 95% of the the worker timeout
  74. # gitlab_rails['max_request_duration_seconds'] = 57
  75.  
  76. ### GitLab email server settings
  77. ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
  78. ###! **Use smtp instead of sendmail/postfix.**
  79.  
  80. # gitlab_rails['smtp_enable'] = true
  81. # gitlab_rails['smtp_address'] = "smtp.server"
  82. # gitlab_rails['smtp_port'] = 465
  83. # gitlab_rails['smtp_user_name'] = "smtp user"
  84. # gitlab_rails['smtp_password'] = "smtp password"
  85. # gitlab_rails['smtp_domain'] = "example.com"
  86. # gitlab_rails['smtp_authentication'] = "login"
  87. # gitlab_rails['smtp_enable_starttls_auto'] = true
  88. # gitlab_rails['smtp_tls'] = false
  89. # gitlab_rails['smtp_pool'] = false
  90.  
  91. ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
  92. ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
  93. # gitlab_rails['smtp_openssl_verify_mode'] = 'none'
  94.  
  95. # gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
  96. # gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
  97.  
  98. ### Email Settings
  99.  
  100. # gitlab_rails['gitlab_email_enabled'] = true
  101.  
  102. ##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
  103. ##! can change the 'From' with this setting.
  104. # gitlab_rails['gitlab_email_from'] = 'example@example.com'
  105. # gitlab_rails['gitlab_email_display_name'] = 'Example'
  106. # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
  107. # gitlab_rails['gitlab_email_subject_suffix'] = ''
  108. # gitlab_rails['gitlab_email_smime_enabled'] = false
  109. # gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
  110. # gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
  111. # gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
  112.  
  113. ### GitLab user privileges
  114. # gitlab_rails['gitlab_default_can_create_group'] = true
  115. # gitlab_rails['gitlab_username_changing_enabled'] = true
  116.  
  117. ### Default Theme
  118. ### Available values:
  119. ##! `1` for Indigo
  120. ##! `2` for Dark
  121. ##! `3` for Light
  122. ##! `4` for Blue
  123. ##! `5` for Green
  124. ##! `6` for Light Indigo
  125. ##! `7` for Light Blue
  126. ##! `8` for Light Green
  127. ##! `9` for Red
  128. ##! `10` for Light Red
  129. # gitlab_rails['gitlab_default_theme'] = 2
  130.  
  131. ### Default project feature settings
  132. # gitlab_rails['gitlab_default_projects_features_issues'] = true
  133. # gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
  134. # gitlab_rails['gitlab_default_projects_features_wiki'] = true
  135. # gitlab_rails['gitlab_default_projects_features_snippets'] = true
  136. # gitlab_rails['gitlab_default_projects_features_builds'] = true
  137. # gitlab_rails['gitlab_default_projects_features_container_registry'] = true
  138.  
  139. ### Automatic issue closing
  140. ###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
  141. ###! information about this pattern.
  142. # gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
  143.  
  144. ### Download location
  145. ###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
  146. ###! is created in the following directory.
  147. ###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
  148. # gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
  149.  
  150. ### Gravatar Settings
  151. # gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
  152. # gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
  153.  
  154. ### Auxiliary jobs
  155. ###! Periodically executed jobs, to self-heal Gitlab, do external
  156. ###! synchronizations, etc.
  157. ###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
  158. ###! https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
  159. # gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
  160. # gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
  161. # gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
  162. # gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
  163. # gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
  164. # gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
  165. # gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
  166. # gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
  167. # gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
  168. # gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
  169. # gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
  170. # gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
  171. # gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
  172. # gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
  173. # gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
  174. # gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
  175. # gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
  176. # gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
  177. # gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
  178. # gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
  179. # gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
  180. # gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
  181. # gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
  182.  
  183. ### Webhook Settings
  184. ###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
  185. ###! request (default: 10)
  186. # gitlab_rails['webhook_timeout'] = 10
  187.  
  188. ### GraphQL Settings
  189. ###! Tells the rails application how long it has to complete a GraphQL request.
  190. ###! We suggest this value to be higher than the database timeout value
  191. ###! and lower than the worker timeout set in puma. (default: 30)
  192. # gitlab_rails['graphql_timeout'] = 30
  193.  
  194. ### Trusted proxies
  195. ###! Customize if you have GitLab behind a reverse proxy which is running on a
  196. ###! different machine.
  197. ###! **Add the IP address for your reverse proxy to the list, otherwise users
  198. ###! will appear signed in from that address.**
  199. gitlab_rails['trusted_proxies'] = ['localhost', '127.0.0.1', '192.168.1.0']
  200.  
  201. ### Content Security Policy
  202. ####! Customize if you want to enable the Content-Security-Policy header, which
  203. ####! can help thwart JavaScript cross-site scripting (XSS) attacks.
  204. ####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
  205. # gitlab_rails['content_security_policy'] = {
  206. # 'enabled' => false,
  207. # 'report_only' => false,
  208. # # Each directive is a String (e.g. "'self'").
  209. # 'directives' => {
  210. # 'base_uri' => nil,
  211. # 'child_src' => nil,
  212. # 'connect_src' => nil,
  213. # 'default_src' => nil,
  214. # 'font_src' => nil,
  215. # 'form_action' => nil,
  216. # 'frame_ancestors' => nil,
  217. # 'frame_src' => nil,
  218. # 'img_src' => nil,
  219. # 'manifest_src' => nil,
  220. # 'media_src' => nil,
  221. # 'object_src' => nil,
  222. # 'script_src' => nil,
  223. # 'style_src' => nil,
  224. # 'worker_src' => nil,
  225. # 'report_uri' => nil,
  226. # }
  227. # }
  228.  
  229. ### Allowed hosts
  230. ###! Customize the `host` headers that should be catered by the Rails
  231. ###! application. By default, everything is allowed.
  232. # gitlab_rails['allowed_hosts'] = []
  233.  
  234. ### Monitoring settings
  235. ###! IP whitelist controlling access to monitoring endpoints
  236. # gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
  237.  
  238. ### Shutdown settings
  239. ###! Defines an interval to block healthcheck,
  240. ###! but continue accepting application requests.
  241. # gitlab_rails['shutdown_blackout_seconds'] = 10
  242.  
  243. ### Reply by email
  244. ###! Allow users to comment on issues and merge requests by replying to
  245. ###! notification emails.
  246. ###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
  247. # gitlab_rails['incoming_email_enabled'] = true
  248.  
  249. #### Incoming Email Address
  250. ####! The email address including the `%{key}` placeholder that will be replaced
  251. ####! to reference the item being replied to.
  252. ####! **The placeholder can be omitted but if present, it must appear in the
  253. ####! "user" part of the address (before the `@`).**
  254. # gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
  255.  
  256. #### Email account username
  257. ####! **With third party providers, this is usually the full email address.**
  258. ####! **With self-hosted email servers, this is usually the user part of the
  259. ####! email address.**
  260. # gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
  261.  
  262. #### Email account password
  263. # gitlab_rails['incoming_email_password'] = "[REDACTED]"
  264.  
  265. #### IMAP Settings
  266. # gitlab_rails['incoming_email_host'] = "imap.gmail.com"
  267. # gitlab_rails['incoming_email_port'] = 993
  268. # gitlab_rails['incoming_email_ssl'] = true
  269. # gitlab_rails['incoming_email_start_tls'] = false
  270.  
  271. #### Incoming Mailbox Settings (via `mail_room`)
  272. ####! The mailbox where incoming mail will end up. Usually "inbox".
  273. # gitlab_rails['incoming_email_mailbox_name'] = "inbox"
  274. ####! The IDLE command timeout.
  275. # gitlab_rails['incoming_email_idle_timeout'] = 60
  276. ####! The file name for internal `mail_room` JSON logfile
  277. # gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
  278. ####! Permanently remove messages from the mailbox when they are deleted after delivery
  279. # gitlab_rails['incoming_email_expunge_deleted'] = false
  280.  
  281. #### Inbox options (for Microsoft Graph)
  282. # gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
  283. # gitlab_rails['incoming_email_inbox_options'] = {
  284. # 'tenant_id': 'YOUR-TENANT-ID',
  285. # 'client_id': 'YOUR-CLIENT-ID',
  286. # 'client_secret': 'YOUR-CLIENT-SECRET',
  287. # 'poll_interval': 60 # Optional
  288. # }
  289.  
  290. #### How incoming emails are delivered to Rails process. Accept either sidekiq
  291. #### or webhook. The default config is sidekiq.
  292. # gitlab_rails['incoming_email_delivery_method'] = "sidekiq"
  293.  
  294. #### Token to authenticate webhook requests. The token must be exactly 32 bytes,
  295. #### encoded with base64
  296. # gitlab_rails['incoming_email_auth_token'] = nil
  297.  
  298. ####! The format of mail_room crash logs
  299. # mailroom['exit_log_format'] = "plain"
  300.  
  301. ### Consolidated (simplified) object storage configuration
  302. ###! This uses a single credential for object storage with multiple buckets.
  303. ###! It also enables Workhorse to upload files directly with its own S3 client
  304. ###! instead of using pre-signed URLs.
  305. ###!
  306. ###! This configuration will only take effect if the object_store
  307. ###! sections are not defined within the types. For example, enabling
  308. ###! gitlab_rails['artifacts_object_store_enabled'] or
  309. ###! gitlab_rails['lfs_object_store_enabled'] will prevent the
  310. ###! consolidated settings from being used.
  311. ###!
  312. ###! Be sure to use different buckets for each type of object.
  313. ###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
  314. # gitlab_rails['object_store']['enabled'] = false
  315. # gitlab_rails['object_store']['connection'] = {}
  316. # gitlab_rails['object_store']['storage_options'] = {}
  317. # gitlab_rails['object_store']['proxy_download'] = false
  318. # gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
  319. # gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
  320. # gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
  321. # gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
  322. # gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
  323. # gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
  324. # gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
  325. # gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
  326.  
  327. ### Job Artifacts
  328. # gitlab_rails['artifacts_enabled'] = true
  329. # gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
  330. ####! Job artifacts Object Store
  331. ####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
  332. # gitlab_rails['artifacts_object_store_enabled'] = false
  333. # gitlab_rails['artifacts_object_store_direct_upload'] = false
  334. # gitlab_rails['artifacts_object_store_background_upload'] = true
  335. # gitlab_rails['artifacts_object_store_proxy_download'] = false
  336. # gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
  337. # gitlab_rails['artifacts_object_store_connection'] = {
  338. # 'provider' => 'AWS',
  339. # 'region' => 'eu-west-1',
  340. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  341. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  342. # # # The below options configure an S3 compatible host instead of AWS
  343. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  344. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  345. # # 'host' => 's3.amazonaws.com',
  346. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  347. # }
  348.  
  349. ### External merge request diffs
  350. # gitlab_rails['external_diffs_enabled'] = false
  351. # gitlab_rails['external_diffs_when'] = nil
  352. # gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
  353. # gitlab_rails['external_diffs_object_store_enabled'] = false
  354. # gitlab_rails['external_diffs_object_store_direct_upload'] = false
  355. # gitlab_rails['external_diffs_object_store_background_upload'] = false
  356. # gitlab_rails['external_diffs_object_store_proxy_download'] = false
  357. # gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
  358. # gitlab_rails['external_diffs_object_store_connection'] = {
  359. # 'provider' => 'AWS',
  360. # 'region' => 'eu-west-1',
  361. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  362. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  363. # # # The below options configure an S3 compatible host instead of AWS
  364. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  365. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  366. # # 'host' => 's3.amazonaws.com',
  367. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  368. # }
  369.  
  370. ### Git LFS
  371. # gitlab_rails['lfs_enabled'] = true
  372. # gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
  373. # gitlab_rails['lfs_object_store_enabled'] = false
  374. # gitlab_rails['lfs_object_store_direct_upload'] = false
  375. # gitlab_rails['lfs_object_store_background_upload'] = true
  376. # gitlab_rails['lfs_object_store_proxy_download'] = false
  377. # gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
  378. # gitlab_rails['lfs_object_store_connection'] = {
  379. # 'provider' => 'AWS',
  380. # 'region' => 'eu-west-1',
  381. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  382. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  383. # # # The below options configure an S3 compatible host instead of AWS
  384. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  385. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  386. # # 'host' => 's3.amazonaws.com',
  387. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  388. # }
  389.  
  390. ### GitLab uploads
  391. ###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
  392. # gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
  393. # gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
  394. # gitlab_rails['uploads_base_dir'] = "uploads/-/system"
  395. # gitlab_rails['uploads_object_store_enabled'] = false
  396. # gitlab_rails['uploads_object_store_direct_upload'] = false
  397. # gitlab_rails['uploads_object_store_background_upload'] = true
  398. # gitlab_rails['uploads_object_store_proxy_download'] = false
  399. # gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
  400. # gitlab_rails['uploads_object_store_connection'] = {
  401. # 'provider' => 'AWS',
  402. # 'region' => 'eu-west-1',
  403. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  404. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  405. # # # The below options configure an S3 compatible host instead of AWS
  406. # # 'host' => 's3.amazonaws.com',
  407. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  408. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  409. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  410. # }
  411.  
  412. ### Terraform state
  413. ###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
  414. # gitlab_rails['terraform_state_enabled'] = true
  415. # gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
  416. # gitlab_rails['terraform_state_object_store_enabled'] = false
  417. # gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
  418. # gitlab_rails['terraform_state_object_store_connection'] = {
  419. # 'provider' => 'AWS',
  420. # 'region' => 'eu-west-1',
  421. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  422. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  423. # # # The below options configure an S3 compatible host instead of AWS
  424. # # 'host' => 's3.amazonaws.com',
  425. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  426. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  427. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  428. # }
  429.  
  430. ### CI Secure Files
  431. # gitlab_rails['ci_secure_files_enabled'] = true
  432. # gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
  433. # gitlab_rails['ci_secure_files_object_store_enabled'] = false
  434. # gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
  435. # gitlab_rails['ci_secure_files_object_store_connection'] = {
  436. # 'provider' => 'AWS',
  437. # 'region' => 'eu-west-1',
  438. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  439. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  440. # # # The below options configure an S3 compatible host instead of AWS
  441. # # 'host' => 's3.amazonaws.com',
  442. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  443. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  444. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  445. # }
  446.  
  447. ### GitLab Pages
  448. # gitlab_rails['pages_object_store_enabled'] = false
  449. # gitlab_rails['pages_object_store_remote_directory'] = "pages"
  450. # gitlab_rails['pages_object_store_connection'] = {
  451. # 'provider' => 'AWS',
  452. # 'region' => 'eu-west-1',
  453. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  454. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  455. # # # The below options configure an S3 compatible host instead of AWS
  456. # # 'host' => 's3.amazonaws.com',
  457. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  458. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  459. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  460. # }
  461. # gitlab_rails['pages_local_store_enabled'] = true
  462. # gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
  463.  
  464. ### Impersonation settings
  465. # gitlab_rails['impersonation_enabled'] = true
  466.  
  467. ### Application settings cache expiry in seconds. (default: 60)
  468. # gitlab_rails['application_settings_cache_seconds'] = 60
  469.  
  470. ### Usage Statistics
  471. # gitlab_rails['usage_ping_enabled'] = true
  472.  
  473. ### GitLab Mattermost
  474. ###! These settings are void if Mattermost is installed on the same omnibus
  475. ###! install
  476. # gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
  477.  
  478. ### LDAP Settings
  479. ###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
  480. ###! **Be careful not to break the indentation in the ldap_servers block. It is
  481. ###! in yaml format and the spaces must be retained. Using tabs will not work.**
  482.  
  483. # gitlab_rails['ldap_enabled'] = false
  484. # gitlab_rails['prevent_ldap_sign_in'] = false
  485.  
  486. ###! **remember to close this block with 'EOS' below**
  487. # gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
  488. # main: # 'main' is the GitLab 'provider ID' of this LDAP server
  489. # label: 'LDAP'
  490. # host: '_your_ldap_server'
  491. # port: 389
  492. # uid: 'sAMAccountName'
  493. # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  494. # password: '_the_password_of_the_bind_user'
  495. # encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
  496. # verify_certificates: true
  497. # smartcard_auth: false
  498. # active_directory: true
  499. # allow_username_or_email_login: false
  500. # lowercase_usernames: false
  501. # block_auto_created_users: false
  502. # base: ''
  503. # user_filter: ''
  504. # ## EE only
  505. # group_base: ''
  506. # admin_group: ''
  507. # sync_ssh_keys: false
  508. #
  509. # secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
  510. # label: 'LDAP'
  511. # host: '_your_ldap_server'
  512. # port: 389
  513. # uid: 'sAMAccountName'
  514. # bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
  515. # password: '_the_password_of_the_bind_user'
  516. # encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
  517. # verify_certificates: true
  518. # smartcard_auth: false
  519. # active_directory: true
  520. # allow_username_or_email_login: false
  521. # lowercase_usernames: false
  522. # block_auto_created_users: false
  523. # base: ''
  524. # user_filter: ''
  525. # ## EE only
  526. # group_base: ''
  527. # admin_group: ''
  528. # sync_ssh_keys: false
  529. # EOS
  530.  
  531. ### Smartcard authentication settings
  532. ###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
  533. # gitlab_rails['smartcard_enabled'] = false
  534. # gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
  535. # gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
  536. # gitlab_rails['smartcard_client_certificate_required_port'] = 3444
  537. # gitlab_rails['smartcard_required_for_git_access'] = false
  538. # gitlab_rails['smartcard_san_extensions'] = false
  539.  
  540. ### OmniAuth Settings
  541. ###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
  542. # gitlab_rails['omniauth_enabled'] = nil
  543. # gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
  544. # gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
  545. # gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
  546. # gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
  547. # gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
  548. # gitlab_rails['omniauth_block_auto_created_users'] = true
  549. # gitlab_rails['omniauth_auto_link_ldap_user'] = false
  550. # gitlab_rails['omniauth_auto_link_saml_user'] = false
  551. # gitlab_rails['omniauth_auto_link_user'] = ['saml']
  552. # gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
  553. # gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
  554. # gitlab_rails['omniauth_providers'] = [
  555. # {
  556. # "name" => "google_oauth2",
  557. # "app_id" => "YOUR APP ID",
  558. # "app_secret" => "YOUR APP SECRET",
  559. # "args" => { "access_type" => "offline", "approval_prompt" => "" }
  560. # }
  561. # ]
  562. # gitlab_rails['omniauth_cas3_session_duration'] = 28800
  563. # gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000
  564.  
  565. ### FortiAuthenticator authentication settings
  566. # gitlab_rails['forti_authenticator_enabled'] = false
  567. # gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
  568. # gitlab_rails['forti_authenticator_port'] = 443
  569. # gitlab_rails['forti_authenticator_username'] = 'admin'
  570. # gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'
  571.  
  572. ### FortiToken Cloud authentication settings
  573. # gitlab_rails['forti_token_cloud_enabled'] = false
  574. # gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
  575. # gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'
  576.  
  577. ### Backup Settings
  578. ###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
  579.  
  580. # gitlab_rails['manage_backup_path'] = true
  581. # gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
  582. # gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"
  583.  
  584. ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
  585. # gitlab_rails['backup_archive_permissions'] = 0644
  586.  
  587. # gitlab_rails['backup_pg_schema'] = 'public'
  588.  
  589. ###! The duration in seconds to keep backups before they are allowed to be deleted
  590. # gitlab_rails['backup_keep_time'] = 604800
  591.  
  592. # gitlab_rails['backup_upload_connection'] = {
  593. # 'provider' => 'AWS',
  594. # 'region' => 'eu-west-1',
  595. # 'aws_access_key_id' => 'AKIAKIAKI',
  596. # 'aws_secret_access_key' => 'secret123',
  597. # # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
  598. # 'use_iam_profile' => false
  599. # }
  600. # gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
  601. # gitlab_rails['backup_multipart_chunk_size'] = 104857600
  602.  
  603. ###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
  604. ###! backups**
  605. # gitlab_rails['backup_encryption'] = 'AES256'
  606. ###! The encryption key to use with AWS Server-Side Encryption.
  607. ###! Setting this value will enable Server-Side Encryption with customer provided keys;
  608. ###! otherwise S3-managed keys are used.
  609. # gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
  610.  
  611. ###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key)
  612. # gitlab_rails['backup_upload_storage_options'] = {
  613. # 'server_side_encryption' => 'aws:kms',
  614. # 'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
  615. # }
  616.  
  617. ###! **Specifies Amazon S3 storage class to use for backups. Valid values
  618. ###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
  619. # gitlab_rails['backup_storage_class'] = 'STANDARD'
  620.  
  621. ###! Skip parts of the backup. Comma separated.
  622. ###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
  623. #gitlab_rails['env'] = {
  624. # "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
  625. #}
  626.  
  627. ### Pseudonymizer Settings
  628. # gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
  629. # gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
  630. # gitlab_rails['pseudonymizer_upload_connection'] = {
  631. # 'provider' => 'AWS',
  632. # 'region' => 'eu-west-1',
  633. # 'aws_access_key_id' => 'AKIAKIAKI',
  634. # 'aws_secret_access_key' => 'secret123'
  635. # }
  636.  
  637.  
  638. ### For setting up different data storing directory
  639. ###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory
  640. ###! **If you want to use a single non-default directory to store git data use a
  641. ###! path that doesn't contain symlinks.**
  642. # git_data_dirs({
  643. # "default" => {
  644. # "path" => "/mnt/nfs-01/git-data"
  645. # }
  646. # })
  647.  
  648. ### Gitaly settings
  649. # gitlab_rails['gitaly_token'] = 'secret token'
  650.  
  651. ### For storing GitLab application uploads, eg. LFS objects, build artifacts
  652. ###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
  653. # gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
  654.  
  655. ### For storing encrypted configuration files
  656. ###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
  657. # gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'
  658.  
  659. ### Wait for file system to be mounted
  660. ###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
  661. # high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
  662.  
  663. ### GitLab Shell settings for GitLab
  664. gitlab_rails['gitlab_shell_ssh_port'] = 2289
  665. # gitlab_rails['gitlab_shell_git_timeout'] = 800
  666.  
  667. ### Extra customization
  668. # gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
  669. # gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
  670. # gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
  671. # gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
  672. # gitlab_rails['extra_bizible'] = false
  673. # gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
  674. # gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
  675. # gitlab_rails['extra_matomo_disable_cookies'] = false
  676.  
  677. ##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
  678. # gitlab_rails['env'] = {
  679. # 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
  680. # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
  681. # }
  682.  
  683. # gitlab_rails['rack_attack_git_basic_auth'] = {
  684. # 'enabled' => false,
  685. # 'ip_whitelist' => ["127.0.0.1"],
  686. # 'maxretry' => 10,
  687. # 'findtime' => 60,
  688. # 'bantime' => 3600
  689. # }
  690.  
  691. ###! **We do not recommend changing these directories.**
  692. # gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
  693. # gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
  694.  
  695. #### Change the initial default admin password and shared runner registration tokens.
  696. ####! **Only applicable on initial setup, changing these settings after database
  697. ####! is created and seeded won't yield any change.**
  698. # gitlab_rails['initial_root_password'] = "password"
  699. # gitlab_rails['initial_shared_runners_registration_token'] = "token"
  700.  
  701. #### Toggle if root password should be printed to STDOUT during initialization
  702. # gitlab_rails['display_initial_root_password'] = false
  703.  
  704. #### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
  705. # gitlab_rails['store_initial_root_password'] = true
  706.  
  707. #### Set path to an initial license to be used while bootstrapping GitLab.
  708. ####! **Only applicable on initial setup, future license updations need to be done via UI.
  709. ####! Updating the file specified in this path won't yield any change after the first reconfigure run.
  710. # gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
  711.  
  712. #### Enable or disable automatic database migrations
  713. # gitlab_rails['auto_migrate'] = true
  714.  
  715. #### This is advanced feature used by large gitlab deployments where loading
  716. #### whole RAILS env takes a lot of time.
  717. # gitlab_rails['rake_cache_clear'] = true
  718.  
  719. ### GitLab database settings
  720. ###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
  721. ###! **Only needed if you use an external database.**
  722. # gitlab_rails['db_adapter'] = "postgresql"
  723. # gitlab_rails['db_encoding'] = "unicode"
  724. # gitlab_rails['db_collation'] = nil
  725. # gitlab_rails['db_database'] = "gitlabhq_production"
  726. # gitlab_rails['db_username'] = "gitlab"
  727. # gitlab_rails['db_password'] = nil
  728. # gitlab_rails['db_host'] = nil
  729. # gitlab_rails['db_port'] = 5432
  730. # gitlab_rails['db_socket'] = nil
  731. # gitlab_rails['db_sslmode'] = nil
  732. # gitlab_rails['db_sslcompression'] = 0
  733. # gitlab_rails['db_sslrootcert'] = nil
  734. # gitlab_rails['db_sslcert'] = nil
  735. # gitlab_rails['db_sslkey'] = nil
  736. # gitlab_rails['db_prepared_statements'] = false
  737. # gitlab_rails['db_statements_limit'] = 1000
  738. # gitlab_rails['db_connect_timeout'] = nil
  739. # gitlab_rails['db_keepalives'] = nil
  740. # gitlab_rails['db_keepalives_idle'] = nil
  741. # gitlab_rails['db_keepalives_interval'] = nil
  742. # gitlab_rails['db_keepalives_count'] = nil
  743. # gitlab_rails['db_tcp_user_timeout'] = nil
  744. # gitlab_rails['db_application_name'] = nil
  745.  
  746.  
  747. ### GitLab Redis settings
  748. ###! Connect to your own Redis instance
  749. ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
  750.  
  751. #### Redis TCP connection
  752. # gitlab_rails['redis_host'] = "127.0.0.1"
  753. # gitlab_rails['redis_port'] = 6379
  754. # gitlab_rails['redis_ssl'] = false
  755. # gitlab_rails['redis_password'] = nil
  756. # gitlab_rails['redis_database'] = 0
  757. # gitlab_rails['redis_enable_client'] = true
  758.  
  759. #### Redis local UNIX socket (will be disabled if TCP method is used)
  760. # gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
  761.  
  762. #### Sentinel support
  763. ####! To have Sentinel working, you must enable Redis TCP connection support
  764. ####! above and define a few Sentinel hosts below (to get a reliable setup
  765. ####! at least 3 hosts).
  766. ####! **You don't need to list every sentinel host, but the ones not listed will
  767. ####! not be used in a fail-over situation to query for the new master.**
  768. # gitlab_rails['redis_sentinels'] = [
  769. # {'host' => '127.0.0.1', 'port' => 26379},
  770. # ]
  771.  
  772. #### Separate instances support
  773. ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
  774. # gitlab_rails['redis_cache_instance'] = nil
  775. # gitlab_rails['redis_cache_sentinels'] = nil
  776. # gitlab_rails['redis_queues_instance'] = nil
  777. # gitlab_rails['redis_queues_sentinels'] = nil
  778. # gitlab_rails['redis_shared_state_instance'] = nil
  779. # gitlab_rails['redis_shared_state_sentinels'] = nil
  780. # gitlab_rails['redis_trace_chunks_instance'] = nil
  781. # gitlab_rails['redis_trace_chunks_sentinels'] = nil
  782. # gitlab_rails['redis_actioncable_instance'] = nil
  783. # gitlab_rails['redis_actioncable_sentinels'] = nil
  784. # gitlab_rails['redis_rate_limiting_instance'] = nil
  785. # gitlab_rails['redis_rate_limiting_sentinels'] = nil
  786. # gitlab_rails['redis_sessions_instance'] = nil
  787. # gitlab_rails['redis_sessions_sentinels'] = nil
  788.  
  789. ################################################################################
  790. ## Container Registry settings
  791. ##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html
  792. ################################################################################
  793.  
  794. # registry_external_url 'https://registry.example.com'
  795.  
  796. ### Settings used by GitLab application
  797. # gitlab_rails['registry_enabled'] = true
  798. # gitlab_rails['registry_host'] = "registry.gitlab.example.com"
  799. # gitlab_rails['registry_port'] = "5005"
  800. # gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
  801.  
  802. # Notification secret, it's used to authenticate notification requests to GitLab application
  803. # You only need to change this when you use external Registry service, otherwise
  804. # it will be taken directly from notification settings of your Registry
  805. # gitlab_rails['registry_notification_secret'] = nil
  806.  
  807. ###! **Do not change the following 3 settings unless you know what you are
  808. ###! doing**
  809. # gitlab_rails['registry_api_url'] = "http://localhost:5000"
  810. # gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
  811. # gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
  812.  
  813. ### Settings used by Registry application
  814. # registry['enable'] = true
  815. # registry['username'] = "registry"
  816. # registry['group'] = "registry"
  817. # registry['uid'] = nil
  818. # registry['gid'] = nil
  819. # registry['dir'] = "/var/opt/gitlab/registry"
  820. # registry['registry_http_addr'] = "localhost:5000"
  821. # registry['debug_addr'] = "localhost:5001"
  822. # registry['log_directory'] = "/var/log/gitlab/registry"
  823. # registry['env_directory'] = "/opt/gitlab/etc/registry/env"
  824. # registry['env'] = {
  825. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  826. # }
  827. # registry['log_level'] = "info"
  828. # registry['log_formatter'] = "text"
  829. # registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
  830. # registry['health_storagedriver_enabled'] = true
  831. # registry['middleware'] = nil
  832. # registry['storage_delete_enabled'] = true
  833. # registry['validation_enabled'] = false
  834. # registry['autoredirect'] = false
  835. # registry['compatibility_schema1_enabled'] = false
  836.  
  837. ### Registry backend storage
  838. ###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
  839. # registry['storage'] = {
  840. # 's3' => {
  841. # 'accesskey' => 's3-access-key',
  842. # 'secretkey' => 's3-secret-key-for-access-key',
  843. # 'bucket' => 'your-s3-bucket',
  844. # 'region' => 'your-s3-region',
  845. # 'regionendpoint' => 'your-s3-regionendpoint'
  846. # },
  847. # 'redirect' => {
  848. # 'disable' => false
  849. # }
  850. # }
  851.  
  852. ### Registry notifications endpoints
  853. # registry['notifications'] = [
  854. # {
  855. # 'name' => 'test_endpoint',
  856. # 'url' => 'https://gitlab.example.com/notify2',
  857. # 'timeout' => '500ms',
  858. # 'threshold' => 5,
  859. # 'backoff' => '1s',
  860. # 'headers' => {
  861. # "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
  862. # }
  863. # }
  864. # ]
  865. ### Default registry notifications
  866. # registry['default_notifications_timeout'] = "500ms"
  867. # registry['default_notifications_threshold'] = 5
  868. # registry['default_notifications_backoff'] = "1s"
  869. # registry['default_notifications_headers'] = {}
  870.  
  871. ################################################################################
  872. ## Error Reporting and Logging with Sentry
  873. ################################################################################
  874. # gitlab_rails['sentry_enabled'] = false
  875. # gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
  876. # gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
  877. # gitlab_rails['sentry_environment'] = 'production'
  878.  
  879. ################################################################################
  880. ## CI_JOB_JWT
  881. ################################################################################
  882. ##! RSA private key used to sign CI_JOB_JWT
  883. # gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.
  884.  
  885. ################################################################################
  886. ## GitLab Workhorse
  887. ##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
  888. ################################################################################
  889.  
  890. # gitlab_workhorse['enable'] = true
  891. # gitlab_workhorse['ha'] = false
  892. # gitlab_workhorse['alt_document_root'] = nil
  893.  
  894. ##! Duration to wait for all requests to finish (e.g. "10s" for 10
  895. ##! seconds). By default this is disabled to preserve the existing
  896. ##! behavior of fast shutdown. This should not be set higher than 30
  897. ##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
  898. ##! the SVWAIT variable) and report a timeout error if the process has
  899. ##! not shut down.
  900. # gitlab_workhorse['shutdown_timeout'] = nil
  901. # gitlab_workhorse['listen_network'] = "tcp"
  902. # gitlab_workhorse['listen_umask'] = 000
  903. # gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
  904. # gitlab_workhorse['auth_backend'] = "http://localhost:8080"
  905.  
  906. ##! Enable Redis keywatcher, if this setting is not present it defaults to true
  907. # gitlab_workhorse['workhorse_keywatcher'] = true
  908.  
  909. ##! the empty string is the default in gitlab-workhorse option parser
  910. # gitlab_workhorse['auth_socket'] = "''"
  911.  
  912. ##! put an empty string on the command line
  913. # gitlab_workhorse['pprof_listen_addr'] = "''"
  914.  
  915. # gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
  916.  
  917. # gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
  918. # gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
  919. # gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
  920.  
  921. ##! limit number of concurrent API requests, defaults to 0 which is unlimited
  922. # gitlab_workhorse['api_limit'] = 0
  923.  
  924. ##! limit number of API requests allowed to be queued, defaults to 0 which
  925. ##! disables queuing
  926. # gitlab_workhorse['api_queue_limit'] = 0
  927.  
  928. ##! duration after which we timeout requests if they sit too long in the queue
  929. # gitlab_workhorse['api_queue_duration'] = "30s"
  930.  
  931. ##! Long polling duration for job requesting for runners
  932. # gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
  933.  
  934. ##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise.
  935. # gitlab_workhorse['propagate_correlation_id'] = false
  936.  
  937. ##! A list of CIDR blocks to allow for propagation of correlation ID.
  938. ##! propagate_correlation_id should also be set to true.
  939. ##! For example: %w(127.0.0.1/32 192.168.0.1/32)
  940. # gitlab_workhorse['trusted_cidrs_for_propagation'] = nil
  941.  
  942. ##! A list of CIDR blocks that must match remote IP addresses to use
  943. ##! X-Forwarded-For HTTP header for the actual client IP. Used in
  944. ##! conjuction with propagate_correlation_id and
  945. ##! trusted_cidrs_for_propagation.
  946. ##! For example: %w(127.0.0.1/32 192.168.0.1/32)
  947. # gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil
  948.  
  949. ##! Log format: default is json, can also be text or none.
  950. # gitlab_workhorse['log_format'] = "json"
  951.  
  952. # gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
  953. # gitlab_workhorse['env'] = {
  954. # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
  955. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  956. # }
  957.  
  958. ##! Resource limitations for the dynamic image scaler.
  959. ##! Exceeding these thresholds will cause Workhorse to serve images in their original size.
  960. ##!
  961. ##! Maximum number of scaler processes that are allowed to execute concurrently.
  962. ##! It is recommended for this not to exceed the number of CPUs available.
  963. # gitlab_workhorse['image_scaler_max_procs'] = 4
  964. ##!
  965. ##! Maximum file size in bytes for an image to be considered eligible for rescaling
  966. # gitlab_workhorse['image_scaler_max_filesize'] = 250000
  967.  
  968. ##! Service name used to register GitLab Workhorse as a Consul service
  969. # gitlab_workhorse['consul_service_name'] = 'workhorse'
  970. ##! Semantic metadata used when registering GitLab Workhorse as a Consul service
  971. # gitlab_workhorse['consul_service_meta'] = {}
  972.  
  973. ################################################################################
  974. ## GitLab User Settings
  975. ##! Modify default git user.
  976. ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
  977. ################################################################################
  978.  
  979. # user['username'] = "git"
  980. # user['group'] = "git"
  981. # user['uid'] = nil
  982. # user['gid'] = nil
  983.  
  984. ##! The shell for the git user
  985. # user['shell'] = "/bin/sh"
  986.  
  987. ##! The home directory for the git user
  988. # user['home'] = "/var/opt/gitlab"
  989.  
  990. # user['git_user_name'] = "GitLab"
  991. # user['git_user_email'] = "gitlab@#{node['fqdn']}"
  992.  
  993. ################################################################################
  994. ## GitLab Puma
  995. ##! Tweak puma settings.
  996. ##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html
  997. ################################################################################
  998.  
  999. # puma['enable'] = true
  1000. # puma['ha'] = false
  1001. # puma['worker_timeout'] = 60
  1002. # puma['worker_processes'] = 2
  1003. # puma['min_threads'] = 4
  1004. # puma['max_threads'] = 4
  1005.  
  1006. ### Advanced settings
  1007. # puma['listen'] = '127.0.0.1'
  1008. # puma['port'] = 8080
  1009. # puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
  1010. # puma['somaxconn'] = 1024
  1011.  
  1012. # puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
  1013. # puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
  1014.  
  1015. ###! **We do not recommend changing this setting**
  1016. # puma['log_directory'] = "/var/log/gitlab/puma"
  1017.  
  1018. ### **Only change these settings if you understand well what they mean**
  1019. ###! Docs: https://github.com/schneems/puma_worker_killer
  1020. # puma['per_worker_max_memory_mb'] = 1024
  1021.  
  1022. # puma['exporter_enabled'] = false
  1023. # puma['exporter_address'] = "127.0.0.1"
  1024. # puma['exporter_port'] = 8083
  1025.  
  1026. ##! Service name used to register Puma as a Consul service
  1027. # puma['consul_service_name'] = 'rails'
  1028. ##! Semantic metadata used when registering Puma as a Consul service
  1029. # puma['consul_service_meta'] = {}
  1030.  
  1031. ################################################################################
  1032. ## GitLab Sidekiq
  1033. ################################################################################
  1034.  
  1035. ##! GitLab allows one to start multiple sidekiq processes. These
  1036. ##! processes can be used to consume a dedicated set of queues. This
  1037. ##! can be used to ensure certain queues are able to handle additional workload.
  1038. ##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html
  1039.  
  1040. # sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
  1041. # sidekiq['log_format'] = "json"
  1042. # sidekiq['shutdown_timeout'] = 4
  1043. # sidekiq['queue_selector'] = false
  1044. # sidekiq['interval'] = nil
  1045. # sidekiq['max_concurrency'] = 50
  1046. # sidekiq['min_concurrency'] = nil
  1047.  
  1048. ##! GitLab allows route a job to a particular queue determined by an array of ##! routing rules.
  1049. ##! Each routing rule is a tuple of queue selector query and corresponding queue. By default,
  1050. ##! the routing rules are not configured (empty array)
  1051.  
  1052. # sidekiq['routing_rules'] = []
  1053.  
  1054. ##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
  1055. ##! Sidekiq process. Multiple queues can be processed by the same process by
  1056. ##! separating them with a comma within the group entry, a `*` will process all queues
  1057.  
  1058. # sidekiq['queue_groups'] = ['*']
  1059.  
  1060. ##! If negate is enabled then Sidekiq will process all the queues that
  1061. ##! don't match those in queue_groups.
  1062.  
  1063. # sidekiq['negate'] = false
  1064.  
  1065. ##! Specifies where Prometheus metrics endpoints should be made available for Sidekiq processes.
  1066. # sidekiq['metrics_enabled'] = true
  1067. # sidekiq['exporter_log_enabled'] = false
  1068. # sidekiq['listen_address'] = "localhost"
  1069. # sidekiq['listen_port'] = 8082
  1070.  
  1071. ##! Specifies where health-check endpoints should be made available for Sidekiq processes.
  1072. ##! Defaults to the same settings as for Prometheus metrics (see above).
  1073. # sidekiq['health_checks_enabled'] = true
  1074. # sidekiq['health_checks_log_enabled'] = false
  1075. # sidekiq['health_checks_listen_address'] = "localhost"
  1076. # sidekiq['health_checks_listen_port'] = 8082
  1077.  
  1078. ##! Service name used to register Sidekiq as a Consul service
  1079. # sidekiq['consul_service_name'] = 'sidekiq'
  1080. ##! Semantic metadata used when registering Sidekiq as a Consul service
  1081. # sidekiq['consul_service_meta'] = {}
  1082.  
  1083. ################################################################################
  1084. ## gitlab-shell
  1085. ################################################################################
  1086.  
  1087. # gitlab_shell['audit_usernames'] = false
  1088. # gitlab_shell['log_level'] = 'INFO'
  1089. # gitlab_shell['log_format'] = 'json'
  1090. # gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
  1091. # gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
  1092.  
  1093. # gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
  1094.  
  1095. ### Migration to Go feature flags
  1096. ###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
  1097. # gitlab_shell['migration'] = { enabled: true, features: [] }
  1098.  
  1099. ### Git trace log file.
  1100. ###! If set, git commands receive GIT_TRACE* environment variables
  1101. ###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
  1102. ###! An absolute path starting with / – the trace output will be appended to
  1103. ###! that file. It needs to exist so we can check permissions and avoid
  1104. ###! throwing warnings to the users.
  1105. # gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
  1106.  
  1107. ##! **We do not recommend changing this directory.**
  1108. # gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
  1109.  
  1110. ################################################################
  1111. ## GitLab PostgreSQL
  1112. ################################################################
  1113.  
  1114. ###! Changing any of these settings requires a restart of postgresql.
  1115. ###! By default, reconfigure reloads postgresql if it is running. If you
  1116. ###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
  1117. ###! after reconfigure in order for the changes to take effect.
  1118. # postgresql['enable'] = true
  1119. # postgresql['listen_address'] = nil
  1120. # postgresql['port'] = 5432
  1121.  
  1122. ## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other
  1123. ## cluster members. This port is used by Patroni to advertize the PostgreSQL connection
  1124. ## endpoint to the cluster. By default it is the same as postgresql['port'].
  1125. # postgresql['connect_port'] = 5432
  1126.  
  1127. ##! **recommend value is 1/4 of total RAM, up to 14GB.**
  1128. # postgresql['shared_buffers'] = "256MB"
  1129.  
  1130. ### Advanced settings
  1131. # postgresql['ha'] = false
  1132. # postgresql['dir'] = "/var/opt/gitlab/postgresql"
  1133. # postgresql['log_directory'] = "/var/log/gitlab/postgresql"
  1134. # postgresql['log_destination'] = nil
  1135. # postgresql['logging_collector'] = nil
  1136. # postgresql['log_truncate_on_rotation'] = nil
  1137. # postgresql['log_rotation_age'] = nil
  1138. # postgresql['log_rotation_size'] = nil
  1139. ##! 'username' affects the system and PostgreSQL user accounts created during installation and cannot be changed
  1140. ##! on an existing installation. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606 for more details.
  1141. # postgresql['username'] = "gitlab-psql"
  1142. # postgresql['group'] = "gitlab-psql"
  1143. ##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
  1144. # postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
  1145. # postgresql['uid'] = nil
  1146. # postgresql['gid'] = nil
  1147. # postgresql['shell'] = "/bin/sh"
  1148. # postgresql['home'] = "/var/opt/gitlab/postgresql"
  1149. # postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
  1150. # postgresql['sql_user'] = "gitlab"
  1151. # postgresql['max_connections'] = 200
  1152. # postgresql['md5_auth_cidr_addresses'] = []
  1153. # postgresql['trust_auth_cidr_addresses'] = []
  1154. # postgresql['wal_buffers'] = "-1"
  1155. # postgresql['autovacuum_max_workers'] = "3"
  1156. # postgresql['autovacuum_freeze_max_age'] = "200000000"
  1157. # postgresql['log_statement'] = nil
  1158. # postgresql['track_activity_query_size'] = "1024"
  1159. # postgresql['shared_preload_libraries'] = nil
  1160. # postgresql['dynamic_shared_memory_type'] = nil
  1161. # postgresql['hot_standby'] = "off"
  1162.  
  1163. ### SSL settings
  1164. # See https://www.postgresql.org/docs/12/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
  1165. # postgresql['ssl'] = 'on'
  1166. # postgresql['hostssl'] = false
  1167. # postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
  1168. # postgresql['ssl_cert_file'] = 'server.crt'
  1169. # postgresql['ssl_key_file'] = 'server.key'
  1170. # postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
  1171. # postgresql['ssl_crl_file'] = nil
  1172. # postgresql['cert_auth_addresses'] = {
  1173. # 'ADDRESS' => {
  1174. # database: 'gitlabhq_production',
  1175. # user: 'gitlab'
  1176. # }
  1177. # }
  1178.  
  1179. ### Replication settings
  1180. ###! Note, some replication settings do not require a full restart. They are documented below.
  1181. # postgresql['wal_level'] = "hot_standby"
  1182. # postgresql['wal_log_hints'] = 'off'
  1183. # postgresql['max_wal_senders'] = 5
  1184. # postgresql['max_replication_slots'] = 0
  1185. # postgresql['max_locks_per_transaction'] = 128
  1186.  
  1187. # Backup/Archive settings
  1188. # postgresql['archive_mode'] = "off"
  1189.  
  1190. ###! Changing any of these settings only requires a reload of postgresql. You do not need to
  1191. ###! restart postgresql if you change any of these and run reconfigure.
  1192. # postgresql['work_mem'] = "16MB"
  1193. # postgresql['maintenance_work_mem'] = "16MB"
  1194. # postgresql['checkpoint_timeout'] = "5min"
  1195. # postgresql['checkpoint_completion_target'] = 0.9
  1196. # postgresql['effective_io_concurrency'] = 1
  1197. # postgresql['checkpoint_warning'] = "30s"
  1198. # postgresql['effective_cache_size'] = "1MB"
  1199. # postgresql['shmmax'] = 17179869184 # or 4294967295
  1200. # postgresql['shmall'] = 4194304 # or 1048575
  1201. # postgresql['autovacuum'] = "on"
  1202. # postgresql['log_autovacuum_min_duration'] = "-1"
  1203. # postgresql['autovacuum_naptime'] = "1min"
  1204. # postgresql['autovacuum_vacuum_threshold'] = "50"
  1205. # postgresql['autovacuum_analyze_threshold'] = "50"
  1206. # postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
  1207. # postgresql['autovacuum_analyze_scale_factor'] = "0.01"
  1208. # postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
  1209. # postgresql['autovacuum_vacuum_cost_limit'] = "-1"
  1210. # postgresql['statement_timeout'] = "60000"
  1211. # postgresql['idle_in_transaction_session_timeout'] = "60000"
  1212. # postgresql['log_line_prefix'] = "%a"
  1213. # postgresql['max_worker_processes'] = 8
  1214. # postgresql['max_parallel_workers_per_gather'] = 0
  1215. # postgresql['log_lock_waits'] = 1
  1216. # postgresql['deadlock_timeout'] = '5s'
  1217. # postgresql['track_io_timing'] = 0
  1218. # postgresql['default_statistics_target'] = 1000
  1219.  
  1220. ### Available in PostgreSQL 9.6 and later
  1221. # postgresql['min_wal_size'] = "80MB"
  1222. # postgresql['max_wal_size'] = "1GB"
  1223.  
  1224. # Backup/Archive settings
  1225. # postgresql['archive_command'] = nil
  1226. # postgresql['archive_timeout'] = "0"
  1227.  
  1228. ### Replication settings
  1229. # postgresql['sql_replication_user'] = "gitlab_replicator"
  1230. # postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
  1231. # postgresql['wal_keep_segments'] = 10
  1232. # postgresql['max_standby_archive_delay'] = "30s"
  1233. # postgresql['max_standby_streaming_delay'] = "30s"
  1234. # postgresql['synchronous_commit'] = on
  1235. # postgresql['synchronous_standby_names'] = ''
  1236. # postgresql['hot_standby_feedback'] = 'off'
  1237. # postgresql['random_page_cost'] = 2.0
  1238. # postgresql['log_temp_files'] = -1
  1239. # postgresql['log_checkpoints'] = 'off'
  1240. # To add custom entries to pg_hba.conf use the following
  1241. # postgresql['custom_pg_hba_entries'] = {
  1242. # APPLICATION: [ # APPLICATION should identify what the settings are used for
  1243. # {
  1244. # type: example,
  1245. # database: example,
  1246. # user: example,
  1247. # cidr: example,
  1248. # method: example,
  1249. # option: example
  1250. # }
  1251. # ]
  1252. # }
  1253. # See https://www.postgresql.org/docs/12/static/auth-pg-hba-conf.html for an explanation
  1254. # of the values
  1255.  
  1256. ### Version settings
  1257. # Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
  1258. # postgresql['version'] = 10
  1259.  
  1260. ################################################################################
  1261. ## GitLab Redis
  1262. ##! **Can be disabled if you are using your own Redis instance.**
  1263. ##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
  1264. ################################################################################
  1265.  
  1266. # redis['enable'] = true
  1267. # redis['ha'] = false
  1268. # redis['hz'] = 10
  1269. # redis['dir'] = "/var/opt/gitlab/redis"
  1270. # redis['log_directory'] = "/var/log/gitlab/redis"
  1271. # redis['username'] = "gitlab-redis"
  1272. # redis['group'] = "gitlab-redis"
  1273. # redis['maxclients'] = "10000"
  1274. # redis['maxmemory'] = "0"
  1275. # redis['maxmemory_policy'] = "noeviction"
  1276. # redis['maxmemory_samples'] = "5"
  1277. # redis['stop_writes_on_bgsave_error'] = true
  1278. # redis['tcp_backlog'] = 511
  1279. # redis['tcp_timeout'] = "60"
  1280. # redis['tcp_keepalive'] = "300"
  1281. # redis['uid'] = nil
  1282. # redis['gid'] = nil
  1283.  
  1284. ### Redis TLS settings
  1285. ###! To run Redis over TLS, specify values for the following settings
  1286. # redis['tls_port'] = nil
  1287. # redis['tls_cert_file'] = nil
  1288. # redis['tls_key_file'] = nil
  1289.  
  1290. ###! Other TLS related optional settings
  1291. # redis['tls_dh_params_file'] = nil
  1292. # redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
  1293. # redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
  1294. # redis['tls_auth_clients'] = 'optional'
  1295. # redis['tls_replication'] = nil
  1296. # redis['tls_cluster'] = nil
  1297. # redis['tls_protocols'] = nil
  1298. # redis['tls_ciphers'] = nil
  1299. # redis['tls_ciphersuites'] = nil
  1300. # redis['tls_prefer_server_ciphers'] = nil
  1301. # redis['tls_session_caching'] = nil
  1302. # redis['tls_session_cache_size'] = nil
  1303. # redis['tls_session_cache_timeout'] = nil
  1304.  
  1305. ### Disable or obfuscate unnecessary redis command names
  1306. ### Uncomment and edit this block to add or remove entries.
  1307. ### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
  1308. ### for detailed usage
  1309. ###
  1310. # redis['rename_commands'] = {
  1311. # 'KEYS': ''
  1312. #}
  1313. #
  1314.  
  1315. ###! **To enable only Redis service in this machine, uncomment
  1316. ###! one of the lines below (choose master or replica instance types).**
  1317. ###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
  1318. ###! https://docs.gitlab.com/ee/administration/high_availability/redis.html
  1319. # redis_master_role['enable'] = true
  1320. # redis_replica_role['enable'] = true
  1321.  
  1322. ### Redis TCP support (will disable UNIX socket transport)
  1323. # redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
  1324. # redis['port'] = 6379
  1325. # redis['password'] = 'redis-password-goes-here'
  1326.  
  1327. ### Redis Sentinel support
  1328. ###! **You need a master replica Redis replication to be able to do failover**
  1329. ###! **Please read the documentation before enabling it to understand the
  1330. ###! caveats:**
  1331. ###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
  1332.  
  1333. ### Replication support
  1334. #### Replica Redis instance
  1335. # redis['master'] = false # by default this is true
  1336.  
  1337. #### Replica and Sentinel shared configuration
  1338. ####! **Both need to point to the master Redis instance to get replication and
  1339. ####! heartbeat monitoring**
  1340. # redis['master_name'] = 'gitlab-redis'
  1341. # redis['master_ip'] = nil
  1342. # redis['master_port'] = 6379
  1343.  
  1344. #### Support to run redis replicas in a Docker or NAT environment
  1345. ####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
  1346. # redis['announce_ip'] = nil
  1347. # redis['announce_port'] = nil
  1348.  
  1349. ####! **Master password should have the same value defined in
  1350. ####! redis['password'] to enable the instance to transition to/from
  1351. ####! master/replica in a failover event.**
  1352. # redis['master_password'] = 'redis-password-goes-here'
  1353.  
  1354. ####! Increase these values when your replicas can't catch up with master
  1355. # redis['client_output_buffer_limit_normal'] = '0 0 0'
  1356. # redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
  1357. # redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
  1358.  
  1359. #####! Redis snapshotting frequency
  1360. #####! Set to [] to disable
  1361. #####! Set to [''] to clear previously set values
  1362. # redis['save'] = [ '900 1', '300 10', '60 10000' ]
  1363.  
  1364. #####! Redis lazy freeing
  1365. #####! Defaults to false
  1366. # redis['lazyfree_lazy_eviction'] = true
  1367. # redis['lazyfree_lazy_expire'] = true
  1368. # redis['lazyfree_lazy_server_del'] = true
  1369. # redis['replica_lazy_flush'] = true
  1370.  
  1371. #####! Redis threaded I/O
  1372. #####! Defaults to disabled
  1373. # redis['io_threads'] = 4
  1374. # redis['io_threads_do_reads'] = true
  1375.  
  1376. ################################################################################
  1377. ## GitLab Web server
  1378. ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
  1379. ################################################################################
  1380.  
  1381. ##! When bundled nginx is disabled we need to add the external webserver user to
  1382. ##! the GitLab webserver group.
  1383. web_server['external_users'] = ['www-data']
  1384. # web_server['username'] = 'gitlab-www'
  1385. # web_server['group'] = 'gitlab-www'
  1386. # web_server['uid'] = nil
  1387. # web_server['gid'] = nil
  1388. # web_server['shell'] = '/bin/false'
  1389. # web_server['home'] = '/var/opt/gitlab/nginx'
  1390.  
  1391. ################################################################################
  1392. ## GitLab NGINX
  1393. ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
  1394. ################################################################################
  1395.  
  1396. nginx['enable'] = false
  1397. # nginx['client_max_body_size'] = '250m'
  1398. # nginx['redirect_http_to_https'] = false
  1399. # nginx['redirect_http_to_https_port'] = 80
  1400.  
  1401. ##! Most root CA's are included by default
  1402. # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
  1403.  
  1404. ##! enable/disable 2-way SSL client authentication
  1405. # nginx['ssl_verify_client'] = "off"
  1406.  
  1407. ##! if ssl_verify_client on, verification depth in the client certificates chain
  1408. # nginx['ssl_verify_depth'] = "1"
  1409.  
  1410. # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
  1411. # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
  1412. # nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
  1413. # nginx['ssl_prefer_server_ciphers'] = "off"
  1414.  
  1415. ##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  1416. ##! https://cipherli.st/**
  1417. # nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
  1418.  
  1419. ##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
  1420. # nginx['ssl_session_cache'] = "shared:SSL:10m"
  1421.  
  1422. ##! **Recommended in: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6**
  1423. # nginx['ssl_session_tickets'] = "off"
  1424.  
  1425. ##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
  1426. # nginx['ssl_session_timeout'] = "1d"
  1427.  
  1428. # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
  1429. # nginx['listen_addresses'] = ['*', '[::]']
  1430.  
  1431. ##! **Defaults to forcing web browsers to always communicate using only HTTPS**
  1432. ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
  1433. # nginx['hsts_max_age'] = 63072000
  1434. # nginx['hsts_include_subdomains'] = false
  1435.  
  1436. ##! Defaults to stripping path information when making cross-origin requests
  1437. # nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
  1438.  
  1439. ##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
  1440. # nginx['gzip_enabled'] = true
  1441.  
  1442. ##! **Override only if you use a reverse proxy**
  1443. ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
  1444. # nginx['listen_port'] = 8929
  1445.  
  1446. ##! **Override only if your reverse proxy internally communicates over HTTP**
  1447. ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
  1448. # nginx['listen_https'] = nil
  1449.  
  1450. ##! **Override only if you use a reverse proxy with proxy protocol enabled**
  1451. ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-proxy-protocol
  1452. # nginx['proxy_protocol'] = false
  1453.  
  1454. # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
  1455. # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
  1456. # nginx['proxy_read_timeout'] = 3600
  1457. # nginx['proxy_connect_timeout'] = 300
  1458. # nginx['proxy_set_headers'] = {
  1459. # "Host" => "$http_host_with_default",
  1460. # "X-Real-IP" => "$remote_addr",
  1461. # "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  1462. # "X-Forwarded-Proto" => "https",
  1463. # "X-Forwarded-Ssl" => "on",
  1464. # "Upgrade" => "$http_upgrade",
  1465. # "Connection" => "$connection_upgrade"
  1466. # }
  1467. # nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
  1468. # nginx['proxy_cache'] = 'gitlab'
  1469. # nginx['proxy_custom_buffer_size'] = '4k'
  1470. # nginx['http2_enabled'] = true
  1471. # nginx['real_ip_trusted_addresses'] = []
  1472. # nginx['real_ip_header'] = nil
  1473. # nginx['real_ip_recursive'] = nil
  1474. # nginx['custom_error_pages'] = {
  1475. # '404' => {
  1476. # 'title' => 'Example title',
  1477. # 'header' => 'Example header',
  1478. # 'message' => 'Example message'
  1479. # }
  1480. # }
  1481.  
  1482. ### Advanced settings
  1483. # nginx['dir'] = "/var/opt/gitlab/nginx"
  1484. # nginx['log_directory'] = "/var/log/gitlab/nginx"
  1485. # nginx['error_log_level'] = "error"
  1486. # nginx['worker_processes'] = 4
  1487. # nginx['worker_connections'] = 10240
  1488. # nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
  1489. # nginx['sendfile'] = 'on'
  1490. # nginx['tcp_nopush'] = 'on'
  1491. # nginx['tcp_nodelay'] = 'on'
  1492. # nginx['hide_server_tokens'] = 'off'
  1493. # nginx['gzip_http_version'] = "1.0"
  1494. # nginx['gzip_comp_level'] = "2"
  1495. # nginx['gzip_proxied'] = "any"
  1496. # nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
  1497. # nginx['keepalive_timeout'] = 65
  1498. # nginx['keepalive_time'] = '1h'
  1499. # nginx['cache_max_size'] = '5000m'
  1500. # nginx['server_names_hash_bucket_size'] = 64
  1501. ##! These paths have proxy_request_buffering disabled
  1502. # nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"
  1503.  
  1504. ### Nginx status
  1505. # nginx['status'] = {
  1506. # "enable" => true,
  1507. # "listen_addresses" => ["127.0.0.1"],
  1508. # "fqdn" => "dev.example.com",
  1509. # "port" => 9999,
  1510. # "vts_enable" => true,
  1511. # "options" => {
  1512. # "server_tokens" => "off", # Don't show the version of NGINX
  1513. # "access_log" => "off", # Disable logs for stats
  1514. # "allow" => "127.0.0.1", # Only allow access from localhost
  1515. # "deny" => "all" # Deny access to anyone else
  1516. # }
  1517. # }
  1518.  
  1519. ##! Service name used to register Nginx as a Consul service
  1520. # nginx['consul_service_name'] = 'nginx'
  1521. ##! Semantic metadata used when registering NGINX as a Consul service
  1522. # nginx['consul_service_meta'] = {}
  1523.  
  1524. ################################################################################
  1525. ## GitLab Logging
  1526. ##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
  1527. ################################################################################
  1528.  
  1529. # logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
  1530. # logging['svlogd_num'] = 30 # keep 30 rotated log files
  1531. # logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
  1532. # logging['svlogd_filter'] = "gzip" # compress logs with gzip
  1533. # logging['svlogd_udp'] = nil # transmit log messages via UDP
  1534. # logging['svlogd_prefix'] = nil # custom prefix for log messages
  1535. # logging['logrotate_frequency'] = "daily" # rotate logs daily
  1536. # logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
  1537. # logging['logrotate_size'] = nil # do not rotate by size by default
  1538. # logging['logrotate_rotate'] = 30 # keep 30 rotated logs
  1539. # logging['logrotate_compress'] = "compress" # see 'man logrotate'
  1540. # logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
  1541. # logging['logrotate_postrotate'] = nil # no postrotate command by default
  1542. # logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
  1543.  
  1544. ### UDP log forwarding
  1545. ##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
  1546.  
  1547. ##! remote host to ship log messages to via UDP
  1548. # logging['udp_log_shipping_host'] = nil
  1549.  
  1550. ##! override the hostname used when logs are shipped via UDP,
  1551. ## by default the system hostname will be used.
  1552. # logging['udp_log_shipping_hostname'] = nil
  1553.  
  1554. ##! remote port to ship log messages to via UDP
  1555. # logging['udp_log_shipping_port'] = 514
  1556.  
  1557. ################################################################################
  1558. ## Logrotate
  1559. ##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
  1560. ##! You can disable built in logrotate feature.
  1561. ################################################################################
  1562. # logrotate['enable'] = true
  1563. # logrotate['log_directory'] = "/var/log/gitlab/logrotate"
  1564.  
  1565. ################################################################################
  1566. ## Users and groups accounts
  1567. ##! Disable management of users and groups accounts.
  1568. ##! **Set only if creating accounts manually**
  1569. ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
  1570. ################################################################################
  1571.  
  1572. # manage_accounts['enable'] = true
  1573.  
  1574. ################################################################################
  1575. ## Storage directories
  1576. ##! Disable managing storage directories
  1577. ##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
  1578. ################################################################################
  1579.  
  1580. ##! **Set only if the select directories are created manually**
  1581. # manage_storage_directories['enable'] = false
  1582. # manage_storage_directories['manage_etc'] = false
  1583.  
  1584. ################################################################################
  1585. ## Runtime directory
  1586. ##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
  1587. ################################################################################
  1588.  
  1589. # runtime_dir '/run'
  1590.  
  1591. ################################################################################
  1592. ## Git
  1593. ##! Advanced setting for configuring git system settings for omnibus-gitlab
  1594. ##! internal git
  1595. ################################################################################
  1596.  
  1597. ##! For multiple options under one header use array of comma separated values,
  1598. ##! eg.:
  1599. ##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
  1600.  
  1601. # omnibus_gitconfig['system'] = {
  1602. # "pack" => ["threads = 1"],
  1603. # "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
  1604. # "repack" => ["writeBitmaps = true"],
  1605. # "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],
  1606. # "core" => [
  1607. # 'alternateRefsCommand="exit 0 #"',
  1608. # "fsyncObjectFiles = true"
  1609. # ],
  1610. # "fetch" => ["writeCommitGraph = true"]
  1611. # }
  1612.  
  1613. ################################################################################
  1614. ## GitLab Pages
  1615. ##! Docs: https://docs.gitlab.com/ee/pages/administration.html
  1616. ################################################################################
  1617.  
  1618. ##! Define to enable GitLab Pages
  1619. # pages_external_url "http://pages.example.com/"
  1620. # gitlab_pages['enable'] = false
  1621.  
  1622. ##! Configure to expose GitLab Pages on external IP address, serving the HTTP
  1623. # gitlab_pages['external_http'] = []
  1624.  
  1625. ##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
  1626. # gitlab_pages['external_https'] = []
  1627.  
  1628. ##! Configure to expose GitLab Pages on external IP address, serving the HTTPS over PROXYv2
  1629. # gitlab_pages['external_https_proxyv2'] = []
  1630.  
  1631. ##! Configure cert when using external IP address
  1632. # gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt"
  1633. # gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key"
  1634.  
  1635. ##! Configure to use the default list of cipher suites
  1636. # gitlab_pages['insecure_ciphers'] = false
  1637.  
  1638. ##! Configure to enable health check endpoint on GitLab Pages
  1639. # gitlab_pages['status_uri'] = "/@status"
  1640.  
  1641. ##! Tune the maximum number of concurrent connections GitLab Pages will handle.
  1642. ##! Default to 0 for unlimited connections.
  1643. # gitlab_pages['max_connections'] = 0
  1644.  
  1645. ##! Configure the maximum length of URIs accepted by GitLab Pages
  1646. ##! By default is limited for security reasons. Set 0 for unlimited
  1647. # gitlab_pages['max_uri_length'] = 1024
  1648.  
  1649. ##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy
  1650. ##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy
  1651. ##! sets the header value X-Request-ID, the value will be propagated in the request chain.
  1652. # gitlab_pages['propagate_correlation_id'] = false
  1653.  
  1654. ##! Configure to use JSON structured logging in GitLab Pages
  1655. # gitlab_pages['log_format'] = "json"
  1656.  
  1657. ##! Configure verbose logging for GitLab Pages
  1658. # gitlab_pages['log_verbose'] = false
  1659.  
  1660. ##! Error Reporting and Logging with Sentry
  1661. # gitlab_pages['sentry_enabled'] = false
  1662. # gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
  1663. # gitlab_pages['sentry_environment'] = 'production'
  1664.  
  1665. ##! Listen for requests forwarded by reverse proxy
  1666. # gitlab_pages['listen_proxy'] = "localhost:8090"
  1667.  
  1668. # gitlab_pages['redirect_http'] = true
  1669. # gitlab_pages['use_http2'] = true
  1670. # gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
  1671. # gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
  1672.  
  1673. # gitlab_pages['artifacts_server'] = true
  1674. # gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
  1675. # gitlab_pages['artifacts_server_timeout'] = 10
  1676.  
  1677. ##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
  1678. # gitlab_pages['metrics_address'] = ":9235"
  1679.  
  1680. ##! Specifies the minimum TLS version ("tls1.2" or "tls1.3")
  1681. # gitlab_pages['tls_min_version'] = "tls1.2"
  1682.  
  1683. ##! Specifies the maximum TLS version ("tls1.2" or "tls1.3")
  1684. # gitlab_pages['tls_max_version'] = "tls1.3"
  1685.  
  1686. ##! Pages access control
  1687. # gitlab_pages['access_control'] = false
  1688. # gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
  1689. # gitlab_pages['gitlab_secret'] = nil # Generated if not present
  1690. # gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
  1691. # gitlab_pages['gitlab_server'] = nil # Defaults to external_url
  1692. # gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer
  1693. # gitlab_pages['auth_secret'] = nil # Generated if not present
  1694. # gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security
  1695.  
  1696. ##! GitLab Pages Server Shutdown Timeout
  1697. ##! Duration ("30s" for 30 seconds)
  1698. # gitlab_pages['server_shutdown_timeout'] = "30s"
  1699.  
  1700. ##! GitLab API HTTP client connection timeout
  1701. # gitlab_pages['gitlab_client_http_timeout'] = "10s"
  1702.  
  1703. ##! GitLab API JWT Token expiry time
  1704. # gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
  1705.  
  1706. ##! Advanced settings for API-based configuration for GitLab Pages.
  1707. ##! The recommended default values are set inside GitLab Pages.
  1708. ##! Should be changed only if absolutely needed.
  1709.  
  1710. ##! The maximum time a domain's configuration is stored in the cache.
  1711. # gitlab_pages['gitlab_cache_expiry'] = "600s"
  1712. ##! The interval at which a domain's configuration is set to be due to refresh (default: 60s).
  1713. # gitlab_pages['gitlab_cache_refresh'] = "60s"
  1714. ##! The interval at which expired items are removed from the cache (default: 60s).
  1715. # gitlab_pages['gitlab_cache_cleanup'] = "60s"
  1716. ##! The maximum time to wait for a response from the GitLab API per request.
  1717. # gitlab_pages['gitlab_retrieval_timeout'] = "30s"
  1718. ##! The interval to wait before retrying to resolve a domain's configuration via the GitLab API.
  1719. # gitlab_pages['gitlab_retrieval_interval'] = "1s"
  1720. ##! The maximum number of times to retry to resolve a domain's configuration via the API
  1721. # gitlab_pages['gitlab_retrieval_retries'] = 3
  1722.  
  1723. ##! Define custom gitlab-pages HTTP headers for the whole instance
  1724. # gitlab_pages['headers'] = []
  1725.  
  1726. ##! Shared secret used for authentication between Pages and GitLab
  1727. # gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
  1728.  
  1729. ##! Advanced settings for serving GitLab Pages from zip archives.
  1730. ##! The recommended default values are set inside GitLab Pages.
  1731. ##! Should be changed only if absolutely needed.
  1732.  
  1733. ##! The maximum time an archive will be cached in memory.
  1734. # gitlab_pages['zip_cache_expiration'] = "60s"
  1735. ##! Zip archive cache cleaning interval.
  1736. # gitlab_pages['zip_cache_cleanup'] = "30s"
  1737. ##! The interval to refresh a cache archive if accessed before expiring.
  1738. # gitlab_pages['zip_cache_refresh'] = "30s"
  1739. ##! The maximum amount of time it takes to open a zip archive from the file system or object storage.
  1740. # gitlab_pages['zip_open_timeout'] = "30s"
  1741.  
  1742. ##! Enable serving content from disk instead of Object Storage
  1743. # gitlab_pages['enable_disk'] = nil
  1744.  
  1745. ##! Rate-limiting options below work in report-only mode:
  1746. ##! they only count rejected requests, but don't reject them
  1747. ##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to
  1748. ##! reject requests.
  1749.  
  1750. ##! Rate limits as described in https://docs.gitlab.com/ee/administration/pages/#rate-limits
  1751.  
  1752. ##! Rate limit HTTP requests per second from a single IP, 0 means is disabled
  1753. # gitlab_pages['rate_limit_source_ip'] = 50.0
  1754. ##! Rate limit HTTP requests from a single IP, maximum burst allowed per second
  1755. # gitlab_pages['rate_limit_source_ip_burst'] = 600
  1756. ##! Rate limit HTTP requests per second to a single domain, 0 means is disabled
  1757. # gitlab_pages['rate_limit_domain'] = 0
  1758. ##! Rate limit HTTP requests to a single domain, maximum burst allowed per second
  1759. # gitlab_pages['rate_limit_domain_burst'] = 10000
  1760.  
  1761. ##! Rate limit new TLS connections per second from a single IP, 0 means is disabled
  1762. # gitlab_pages['rate_limit_tls_source_ip'] = 50.0
  1763. ##! Rate limit new TLS connections from a single IP, maximum burst allowed per second
  1764. # gitlab_pages['rate_limit_tls_source_ip_burst'] = 600
  1765. ##!Rate limit new TLS connections per second from to a single domain, 0 means is disabled
  1766. # gitlab_pages['rate_limit_tls_domain'] = 0
  1767. ##! Rate limit new TLS connections to a single domain, maximum burst allowed per second
  1768. # gitlab_pages['rate_limit_tls_domain_burst'] = 10000
  1769.  
  1770. # gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
  1771. # gitlab_pages['env'] = {
  1772. # 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
  1773. # }
  1774.  
  1775. ################################################################################
  1776. ## GitLab Pages NGINX
  1777. ################################################################################
  1778.  
  1779. # All the settings defined in the "GitLab Nginx" section are also available in
  1780. # this "GitLab Pages NGINX" section, using the key `pages_nginx`. However,
  1781. # those settings should be explicitly set. That is, settings given as
  1782. # `nginx['some_setting']` WILL NOT be automatically replicated as
  1783. # `pages_nginx['some_setting']` and should be set separately.
  1784.  
  1785. # Below you can find settings that are exclusive to "GitLab Pages NGINX"
  1786. # pages_nginx['enable'] = true
  1787.  
  1788. # gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
  1789.  
  1790. ################################################################################
  1791. ## GitLab CI
  1792. ##! Docs: https://docs.gitlab.com/ee/ci/quick_start/README.html
  1793. ################################################################################
  1794.  
  1795. # gitlab_ci['gitlab_ci_all_broken_builds'] = true
  1796. # gitlab_ci['gitlab_ci_add_pusher'] = true
  1797. # gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
  1798.  
  1799. ################################################################################
  1800. ## GitLab Kubernetes Agent Server
  1801. ##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
  1802. ################################################################################
  1803.  
  1804. ##! Settings used by the GitLab application
  1805. # gitlab_rails['gitlab_kas_enabled'] = true
  1806. # gitlab_rails['gitlab_kas_external_url'] = ws://gitlab.example.com/-/kubernetes-agent/
  1807. # gitlab_rails['gitlab_kas_internal_url'] = grpc://localhost:8153
  1808. # gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = https://gitlab.example.com/-/kubernetes-agent/
  1809.  
  1810. ##! Enable GitLab KAS
  1811. # gitlab_kas['enable'] = true
  1812.  
  1813. ##! Agent configuration for GitLab KAS
  1814. # gitlab_kas['agent_configuration_poll_period'] = 20
  1815. # gitlab_kas['agent_gitops_poll_period'] = 20
  1816. # gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300
  1817. # gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60
  1818. # gitlab_kas['agent_info_cache_ttl'] = 300
  1819. # gitlab_kas['agent_info_cache_error_ttl'] = 60
  1820.  
  1821. ##! Shared secret used for authentication between KAS and GitLab
  1822. # gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
  1823.  
  1824. ##! Shared secret used for authentication between different KAS instances in a multi-node setup
  1825. # gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
  1826.  
  1827. ##! Listen configuration for GitLab KAS
  1828. # gitlab_kas['listen_address'] = 'localhost:8150'
  1829. # gitlab_kas['listen_network'] = 'tcp'
  1830. # gitlab_kas['listen_websocket'] = true
  1831. # gitlab_kas['certificate_file'] = "/path/to/certificate.pem"
  1832. # gitlab_kas['key_file'] = "/path/to/key.pem"
  1833. # gitlab_kas['internal_api_listen_network'] = 'tcp'
  1834. # gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
  1835. # gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem"
  1836. # gitlab_kas['internal_api_key_file'] = "/path/to/key.pem"
  1837. # gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
  1838. # gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem"
  1839. # gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem"
  1840. # gitlab_kas['private_api_listen_network'] = 'tcp'
  1841. # gitlab_kas['private_api_listen_address'] = 'localhost:8155'
  1842. # gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem"
  1843. # gitlab_kas['private_api_key_file'] = "/path/to/key.pem"
  1844.  
  1845. ##! Metrics configuration for GitLab KAS
  1846. # gitlab_kas['metrics_usage_reporting_period'] = 60
  1847.  
  1848. ##! Log configuration for GitLab KAS
  1849. # gitlab_kas['log_level'] = 'info'
  1850.  
  1851. ##! Environment variables for GitLab KAS
  1852. # gitlab_kas['env'] = {
  1853. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
  1854. # # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity
  1855. # 'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
  1856. # }
  1857.  
  1858. ##! Error Reporting and Logging with Sentry
  1859. # gitlab_kas['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
  1860. # gitlab_kas['sentry_environment'] = 'production'
  1861.  
  1862. ##! Directories for GitLab KAS
  1863. # gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
  1864. # gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
  1865. # gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'
  1866.  
  1867. ################################################################################
  1868. ## GitLab Mattermost
  1869. ##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
  1870. ################################################################################
  1871.  
  1872. # mattermost_external_url 'http://mattermost.example.com'
  1873.  
  1874. # mattermost['enable'] = false
  1875. # mattermost['username'] = 'mattermost'
  1876. # mattermost['group'] = 'mattermost'
  1877. # mattermost['uid'] = nil
  1878. # mattermost['gid'] = nil
  1879. # mattermost['home'] = '/var/opt/gitlab/mattermost'
  1880. # mattermost['database_name'] = 'mattermost_production'
  1881. # mattermost['env'] = {
  1882. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  1883. # }
  1884. # mattermost['service_address'] = "127.0.0.1"
  1885. # mattermost['service_port'] = "8065"
  1886. # mattermost['service_site_url'] = nil
  1887. # mattermost['service_allowed_untrusted_internal_connections'] = ""
  1888. # mattermost['service_enable_api_team_deletion'] = true
  1889. # mattermost['team_site_name'] = "GitLab Mattermost"
  1890. # mattermost['sql_driver_name'] = 'mysql'
  1891. # mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
  1892. # mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
  1893. # mattermost['gitlab_enable'] = false
  1894. # mattermost['gitlab_id'] = "12345656"
  1895. # mattermost['gitlab_secret'] = "123456789"
  1896. # mattermost['gitlab_scope'] = ""
  1897. # mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
  1898. # mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
  1899. # mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
  1900. # mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
  1901. # mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
  1902. # mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
  1903.  
  1904. ################################################################################
  1905. ## Mattermost NGINX
  1906. ################################################################################
  1907.  
  1908. # All the settings defined in the "GitLab Nginx" section are also available in
  1909. # this "Mattermost NGINX" section, using the key `mattermost_nginx`. However,
  1910. # those settings should be explicitly set. That is, settings given as
  1911. # `nginx['some_setting']` WILL NOT be automatically replicated as
  1912. # `mattermost_nginx['some_setting']` and should be set separately.
  1913.  
  1914. # Below you can find settings that are exclusive to "Mattermost NGINX"
  1915. # mattermost_nginx['enable'] = false
  1916.  
  1917. # mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
  1918. # mattermost_nginx['proxy_set_headers'] = {
  1919. # "Host" => "$http_host",
  1920. # "X-Real-IP" => "$remote_addr",
  1921. # "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  1922. # "X-Frame-Options" => "SAMEORIGIN",
  1923. # "X-Forwarded-Proto" => "https",
  1924. # "X-Forwarded-Ssl" => "on",
  1925. # "Upgrade" => "$http_upgrade",
  1926. # "Connection" => "$connection_upgrade"
  1927. # }
  1928.  
  1929.  
  1930. ################################################################################
  1931. ## Registry NGINX
  1932. ################################################################################
  1933.  
  1934. # All the settings defined in the "GitLab Nginx" section are also available in
  1935. # this "Registry NGINX" section, using the key `registry_nginx`. However, those
  1936. # settings should be explicitly set. That is, settings given as
  1937. # `nginx['some_setting']` WILL NOT be automatically replicated as
  1938. # `registry_nginx['some_setting']` and should be set separately.
  1939.  
  1940. # Below you can find settings that are exclusive to "Registry NGINX"
  1941. # registry_nginx['enable'] = false
  1942.  
  1943. # registry_nginx['proxy_set_headers'] = {
  1944. # "Host" => "$http_host",
  1945. # "X-Real-IP" => "$remote_addr",
  1946. # "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
  1947. # "X-Forwarded-Proto" => "https",
  1948. # "X-Forwarded-Ssl" => "on"
  1949. # }
  1950.  
  1951. # When the registry is automatically enabled using the same domain as `external_url`,
  1952. # it listens on this port
  1953. # registry_nginx['listen_port'] = 5050
  1954.  
  1955. ################################################################################
  1956. ## Prometheus
  1957. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/
  1958. ################################################################################
  1959.  
  1960. ###! **To enable only Monitoring service in this machine, uncomment
  1961. ###! the line below.**
  1962. ###! Docs: https://docs.gitlab.com/ee/administration/high_availability
  1963. # monitoring_role['enable'] = true
  1964.  
  1965. # prometheus['enable'] = true
  1966. # prometheus['monitor_kubernetes'] = true
  1967. # prometheus['username'] = 'gitlab-prometheus'
  1968. # prometheus['group'] = 'gitlab-prometheus'
  1969. # prometheus['uid'] = nil
  1970. # prometheus['gid'] = nil
  1971. # prometheus['shell'] = '/bin/sh'
  1972. # prometheus['home'] = '/var/opt/gitlab/prometheus'
  1973. # prometheus['log_directory'] = '/var/log/gitlab/prometheus'
  1974. # prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
  1975. # prometheus['scrape_interval'] = 15
  1976. # prometheus['scrape_timeout'] = 15
  1977. # prometheus['external_labels'] = { }
  1978. # prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
  1979. # prometheus['env'] = {
  1980. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  1981. # }
  1982. #
  1983. ### Custom scrape configs
  1984. #
  1985. # Prometheus can scrape additional jobs via scrape_configs. The default automatically
  1986. # includes all of the exporters supported by the omnibus config.
  1987. #
  1988. # See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
  1989. #
  1990. # Example:
  1991. #
  1992. # prometheus['scrape_configs'] = [
  1993. # {
  1994. # 'job_name': 'example',
  1995. # 'static_configs' => [
  1996. # 'targets' => ['hostname:port'],
  1997. # ],
  1998. # },
  1999. # ]
  2000. #
  2001. ### Custom alertmanager config
  2002. #
  2003. # To configure external alertmanagers, create an alertmanager config.
  2004. #
  2005. # See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
  2006. #
  2007. # prometheus['alertmanagers'] = [
  2008. # {
  2009. # 'static_configs' => [
  2010. # {
  2011. # 'targets' => [
  2012. # 'hostname:port'
  2013. # ]
  2014. # }
  2015. # ]
  2016. # }
  2017. # ]
  2018. #
  2019. ### Custom Prometheus flags
  2020. #
  2021. # prometheus['flags'] = {
  2022. # 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
  2023. # 'storage.tsdb.retention.time' => "15d",
  2024. # 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
  2025. # }
  2026.  
  2027. ##! Advanced settings. Should be changed only if absolutely needed.
  2028. # prometheus['listen_address'] = 'localhost:9090'
  2029. #
  2030.  
  2031. ##! Service name used to register Prometheus as a Consul service
  2032. # prometheus['consul_service_name'] = 'prometheus'
  2033. ##! Semantic metadata used when registering Prometheus as a Consul service
  2034. # prometheus['consul_service_meta'] = {}
  2035.  
  2036. ################################################################################
  2037. ###! **Only needed if Prometheus and Rails are not on the same server.**
  2038. ### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node.
  2039. ### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
  2040. ### This value should be the address at which Prometheus is available to a GitLab Rails(Puma, Sidekiq) node.
  2041. ################################################################################
  2042. # gitlab_rails['prometheus_address'] = 'your.prom:9090'
  2043.  
  2044. ################################################################################
  2045. ## Prometheus Alertmanager
  2046. ################################################################################
  2047.  
  2048. # alertmanager['enable'] = true
  2049. # alertmanager['home'] = '/var/opt/gitlab/alertmanager'
  2050. # alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
  2051. # alertmanager['admin_email'] = 'admin@example.com'
  2052. # alertmanager['flags'] = {
  2053. # 'web.listen-address' => "localhost:9093",
  2054. # 'storage.path' => "/var/opt/gitlab/alertmanager/data",
  2055. # 'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
  2056. # }
  2057. # alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
  2058. # alertmanager['env'] = {
  2059. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2060. # }
  2061.  
  2062. ##! Advanced settings. Should be changed only if absolutely needed.
  2063. # alertmanager['listen_address'] = 'localhost:9093'
  2064. # alertmanager['global'] = {}
  2065.  
  2066. ################################################################################
  2067. ## Prometheus Node Exporter
  2068. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
  2069. ################################################################################
  2070.  
  2071. # node_exporter['enable'] = true
  2072. # node_exporter['home'] = '/var/opt/gitlab/node-exporter'
  2073. # node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
  2074. # node_exporter['flags'] = {
  2075. # 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
  2076. # }
  2077. # node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
  2078. # node_exporter['env'] = {
  2079. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2080. # }
  2081.  
  2082. ##! Advanced settings. Should be changed only if absolutely needed.
  2083. # node_exporter['listen_address'] = 'localhost:9100'
  2084.  
  2085. ##! Service name used to register Node Exporter as a Consul service
  2086. # node_exporter['consul_service_name'] = 'node-exporter'
  2087. ##! Semantic metadata used when registering Node Exporter as a Consul service
  2088. # node_exporter['consul_service_meta'] = {}
  2089.  
  2090. ################################################################################
  2091. ## Prometheus Redis exporter
  2092. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
  2093. ################################################################################
  2094.  
  2095. # redis_exporter['enable'] = true
  2096. # redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
  2097. # redis_exporter['flags'] = {
  2098. # 'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
  2099. # }
  2100. # redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
  2101. # redis_exporter['env'] = {
  2102. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2103. # }
  2104.  
  2105. ##! Advanced settings. Should be changed only if absolutely needed.
  2106. # redis_exporter['listen_address'] = 'localhost:9121'
  2107.  
  2108. ##! Service name used to register Redis Exporter as a Consul service
  2109. # redis_exporter['consul_service_name'] = 'redis-exporter'
  2110. ##! Semantic metadata used when registering Redis Exporter as a Consul service
  2111. # redis_exporter['consul_service_meta'] = {}
  2112.  
  2113. ################################################################################
  2114. ## Prometheus Postgres exporter
  2115. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
  2116. ################################################################################
  2117.  
  2118. # postgres_exporter['enable'] = true
  2119. # postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
  2120. # postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
  2121. # postgres_exporter['flags'] = {}
  2122. # postgres_exporter['listen_address'] = 'localhost:9187'
  2123. # postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
  2124. # postgres_exporter['env'] = {
  2125. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2126. # }
  2127. # postgres_exporter['sslmode'] = nil
  2128. # postgres_exporter['per_table_stats'] = false
  2129.  
  2130. ##! Service name used to register Postgres Exporter as a Consul service
  2131. # postgres_exporter['consul_service_name'] = 'postgres-exporter'
  2132. ##! Semantic metadata used when registering Postgres Exporter as a Consul service
  2133. # postgres_exporter['consul_service_meta'] = {}
  2134.  
  2135. ################################################################################
  2136. ## Prometheus PgBouncer exporter (EE only)
  2137. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
  2138. ################################################################################
  2139.  
  2140. # pgbouncer_exporter['enable'] = false
  2141. # pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
  2142. # pgbouncer_exporter['listen_address'] = 'localhost:9188'
  2143. # pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
  2144. # pgbouncer_exporter['env'] = {
  2145. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2146. # }
  2147.  
  2148. ################################################################################
  2149. ## Prometheus Gitlab exporter
  2150. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
  2151. ################################################################################
  2152.  
  2153.  
  2154. # gitlab_exporter['enable'] = true
  2155. # gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
  2156. # gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
  2157.  
  2158. ##! Advanced settings. Should be changed only if absolutely needed.
  2159. # gitlab_exporter['server_name'] = 'webrick'
  2160. # gitlab_exporter['listen_address'] = 'localhost'
  2161. # gitlab_exporter['listen_port'] = '9168'
  2162.  
  2163. ##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
  2164. ##! found.
  2165. # gitlab_exporter['probe_sidekiq'] = true
  2166. ##! Service name used to register GitLab Exporter as a Consul service
  2167. # gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
  2168. ##! Semantic metadata used when registering GitLab Exporter as a Consul service
  2169. # gitlab_exporter['consul_service_meta'] = {}
  2170.  
  2171. # To completely disable prometheus, and all of it's exporters, set to false
  2172. # prometheus_monitoring['enable'] = true
  2173.  
  2174. ################################################################################
  2175. ## Grafana Dashboards
  2176. ##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
  2177. ################################################################################
  2178.  
  2179. # grafana['enable'] = true
  2180. # grafana['log_directory'] = '/var/log/gitlab/grafana'
  2181. # grafana['home'] = '/var/opt/gitlab/grafana'
  2182. # grafana['admin_password'] = 'admin'
  2183. # grafana['allow_user_sign_up'] = false
  2184. # grafana['basic_auth_enabled'] = false
  2185. # grafana['disable_login_form'] = true
  2186. # grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
  2187. # grafana['gitlab_secret'] = 'GITLAB_SECRET'
  2188. # grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
  2189. # grafana['allowed_groups'] = []
  2190. # grafana['gitlab_auth_sign_up'] = true
  2191. # grafana['env'] = {
  2192. # 'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
  2193. # }
  2194. # grafana['metrics_enabled'] = false
  2195. # grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
  2196. # grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
  2197. # grafana['alerting_enabled'] = false
  2198.  
  2199. ### SMTP Configuration
  2200. #
  2201. # See: http://docs.grafana.org/administration/configuration/#smtp
  2202. #
  2203. # grafana['smtp'] = {
  2204. # 'enabled' => true,
  2205. # 'host' => 'localhost:25',
  2206. # 'user' => nil,
  2207. # 'password' => nil,
  2208. # 'cert_file' => nil,
  2209. # 'key_file' => nil,
  2210. # 'skip_verify' => false,
  2211. # 'from_address' => 'admin@grafana.localhost',
  2212. # 'from_name' => 'Grafana',
  2213. # 'ehlo_identity' => 'dashboard.example.com',
  2214. # 'startTLS_policy' => nil
  2215. # }
  2216.  
  2217. # Grafana usage reporting defaults to gitlab_rails['usage_ping_enabled']
  2218. # grafana['reporting_enabled'] = true
  2219.  
  2220. ### Dashboards
  2221. #
  2222. # See: http://docs.grafana.org/administration/provisioning/#dashboards
  2223. #
  2224. # NOTE: Setting this will override the default.
  2225. #
  2226. # grafana['dashboards'] = [
  2227. # {
  2228. # 'name' => 'GitLab Omnibus',
  2229. # 'orgId' => 1,
  2230. # 'folder' => 'GitLab Omnibus',
  2231. # 'type' => 'file',
  2232. # 'disableDeletion' => true,
  2233. # 'updateIntervalSeconds' => 600,
  2234. # 'options' => {
  2235. # 'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
  2236. # }
  2237. # }
  2238. # ]
  2239.  
  2240. ### Datasources
  2241. #
  2242. # See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
  2243. #
  2244. # NOTE: Setting this will override the default.
  2245. #
  2246. # grafana['datasources'] = [
  2247. # {
  2248. # 'name' => 'GitLab Omnibus',
  2249. # 'type' => 'prometheus',
  2250. # 'access' => 'proxy',
  2251. # 'url' => 'http://localhost:9090'
  2252. # }
  2253. # ]
  2254.  
  2255. ##! Advanced settings. Should be changed only if absolutely needed.
  2256. # grafana['http_addr'] = 'localhost'
  2257. # grafana['http_port'] = 3000
  2258.  
  2259. ################################################################################
  2260. ## Gitaly
  2261. ##! Docs:
  2262. ################################################################################
  2263.  
  2264. # The gitaly['enable'] option exists for the purpose of cluster
  2265. # deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
  2266. # gitaly['enable'] = true
  2267. # gitaly['dir'] = "/var/opt/gitlab/gitaly"
  2268. # gitaly['log_directory'] = "/var/log/gitlab/gitaly"
  2269. # gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
  2270. # gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
  2271. # gitaly['env'] = {
  2272. # 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
  2273. # 'HOME' => '/var/opt/gitlab',
  2274. # 'TZ' => ':/etc/localtime',
  2275. # 'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages",
  2276. # 'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
  2277. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
  2278. # 'WRAPPER_JSON_LOGGING' => true
  2279. # }
  2280.  
  2281. ##! internal_socket_dir is the directory that will contain internal gitaly sockets,
  2282. ##! separate from socket_path which is the socket that external clients listen on
  2283.  
  2284. # gitaly['internal_socket_dir'] = "/var/opt/gitlab/gitaly"
  2285. # gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
  2286. # gitaly['listen_addr'] = "localhost:8075"
  2287. # gitaly['tls_listen_addr'] = "localhost:9075"
  2288. # gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem"
  2289. # gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"
  2290. # gitaly['prometheus_listen_addr'] = "localhost:9236"
  2291. # gitaly['logging_level'] = "warn"
  2292. # gitaly['logging_format'] = "json"
  2293. # gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
  2294. # gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
  2295. # gitaly['logging_sentry_environment'] = "production"
  2296. # gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
  2297. # gitaly['auth_token'] = '<secret>'
  2298. # gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
  2299. # gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests
  2300. # gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use
  2301. # gitaly['git_bin_path'] = "/opt/gitlab/embedded/bin/git" # A custom path for the 'git' executable
  2302. # gitaly['use_bundled_git'] = true # Whether to use bundled Git.
  2303. # gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
  2304. # gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
  2305. # gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
  2306. # gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
  2307. # gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
  2308. # gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
  2309. # gitaly['concurrency'] = [
  2310. # {
  2311. # 'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
  2312. # 'max_per_repo' => 20
  2313. # }, {
  2314. # 'rpc' => "/gitaly.SSHService/SSHUploadPack",
  2315. # 'max_per_repo' => 5
  2316. # }
  2317. # ]
  2318. #
  2319. # gitaly['daily_maintenance_start_hour'] = 22
  2320. # gitaly['daily_maintenance_start_minute'] = 30
  2321. # gitaly['daily_maintenance_duration'] = '30m'
  2322. # gitaly['daily_maintenance_storages'] = ["default"]
  2323. # gitaly['daily_maintenance_disabled'] = false
  2324. # gitaly['cgroups_count'] = 10
  2325. # gitaly['cgroups_mountpoint'] = '/sys/fs/cgroup'
  2326. # gitaly['cgroups_hierarchy_root'] = 'gitaly'
  2327. # gitaly['cgroups_memory_enabled'] = true
  2328. # gitaly['cgroups_memory_limit'] = 1048576
  2329. # gitaly['cgroups_cpu_enabled'] = true
  2330. # gitaly['cgroups_cpu_shares'] = 512
  2331. # gitaly['pack_objects_cache_enabled'] = true
  2332. # gitaly['pack_objects_cache_dir'] = '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache'
  2333. # gitaly['pack_objects_cache_max_age'] = '5m'
  2334. # gitaly['custom_hooks_dir'] = "/var/opt/gitlab/gitaly/custom_hooks"
  2335.  
  2336. ##! Service name used to register Gitaly as a Consul service
  2337. # gitaly['consul_service_name'] = 'gitaly'
  2338. ##! Semantic metadata used when registering Gitaly as a Consul service
  2339. # gitaly['consul_service_meta'] = {}
  2340.  
  2341. ################################################################################
  2342. ## Praefect
  2343. ##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md
  2344. ################################################################################
  2345.  
  2346. # praefect['enable'] = false
  2347. # praefect['dir'] = "/var/opt/gitlab/praefect"
  2348. # praefect['log_directory'] = "/var/log/gitlab/praefect"
  2349. # praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
  2350. # praefect['env'] = {
  2351. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
  2352. # 'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
  2353. # 'WRAPPER_JSON_LOGGING' => true
  2354. # }
  2355. # praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
  2356. # praefect['failover_enabled'] = true
  2357. # praefect['auth_token'] = ""
  2358. # praefect['auth_transitioning'] = false
  2359. # praefect['listen_addr'] = "localhost:2305"
  2360. # praefect['tls_listen_addr'] = "localhost:3305"
  2361. # praefect['certificate_path'] = "/var/opt/gitlab/prafect/certificate.pem"
  2362. # praefect['key_path'] = "/var/opt/gitlab/prafect/key.pem"
  2363. # praefect['prometheus_listen_addr'] = "localhost:9652"
  2364. # praefect['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
  2365. # praefect['separate_database_metrics'] = true
  2366. # praefect['logging_level'] = "warn"
  2367. # praefect['logging_format'] = "json"
  2368. # praefect['virtual_storages'] = {
  2369. # 'default' => {
  2370. # 'default_replication_factor' => 3,
  2371. # 'nodes' => {
  2372. # 'praefect-internal-0' => {
  2373. # 'address' => 'tcp://10.23.56.78:8075',
  2374. # 'token' => 'abc123'
  2375. # },
  2376. # 'praefect-internal-1' => {
  2377. # 'address' => 'tcp://10.76.23.31:8075',
  2378. # 'token' => 'xyz456'
  2379. # }
  2380. # }
  2381. # },
  2382. # 'alternative' => {
  2383. # 'nodes' => {
  2384. # 'praefect-internal-2' => {
  2385. # 'address' => 'tcp://10.34.1.16:8075',
  2386. # 'token' => 'abc321'
  2387. # },
  2388. # 'praefect-internal-3' => {
  2389. # 'address' => 'tcp://10.23.18.6:8075',
  2390. # 'token' => 'xyz890'
  2391. # }
  2392. # }
  2393. # }
  2394. # }
  2395. # praefect['sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
  2396. # praefect['sentry_environment'] = "production"
  2397. # praefect['auto_migrate'] = true
  2398. # praefect['database_host'] = 'postgres.external'
  2399. # praefect['database_port'] = 6432
  2400. # praefect['database_user'] = 'praefect'
  2401. # praefect['database_password'] = 'secret'
  2402. # praefect['database_dbname'] = 'praefect_production'
  2403. # praefect['database_sslmode'] = 'disable'
  2404. # praefect['database_sslcert'] = '/path/to/client-cert'
  2405. # praefect['database_sslkey'] = '/path/to/client-key'
  2406. # praefect['database_sslrootcert'] = '/path/to/rootcert'
  2407. # praefect['reconciliation_scheduling_interval'] = '5m'
  2408. # praefect['reconciliation_histogram_buckets'] = '[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0]'
  2409. # praefect['database_direct_host'] = 'postgres.internal'
  2410. # praefect['database_direct_port'] = 5432
  2411. # praefect['database_direct_user'] = 'praefect'
  2412. # praefect['database_direct_password'] = 'secret'
  2413. # praefect['database_direct_dbname'] = 'praefect_production_direct'
  2414. # praefect['database_direct_sslmode'] = 'disable'
  2415. # praefect['database_direct_sslcert'] = '/path/to/client-cert'
  2416. # praefect['database_direct_sslkey'] = '/path/to/client-key'
  2417. # praefect['database_direct_sslrootcert'] = '/path/to/rootcert'
  2418.  
  2419. ##! Service name used to register Praefect as a Consul service
  2420. # praefect['consul_service_name'] = 'praefect'
  2421. ##! Semantic metadata used when registering Praefect as a Consul service
  2422. # praefect['consul_service_meta'] = {}
  2423.  
  2424. ################################################################################
  2425. # Storage check
  2426. ################################################################################
  2427. # storage_check['enable'] = false
  2428. # storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
  2429. # storage_check['log_directory'] = '/var/log/gitlab/storage-check'
  2430.  
  2431. ################################################################################
  2432. # Let's Encrypt integration
  2433. ################################################################################
  2434. # letsencrypt['enable'] = nil
  2435. # letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
  2436. # letsencrypt['group'] = 'root'
  2437. # letsencrypt['key_size'] = 2048
  2438. # letsencrypt['owner'] = 'root'
  2439. # letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
  2440. # See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
  2441. # letsencrypt['auto_renew'] = true
  2442. # letsencrypt['auto_renew_hour'] = 0
  2443. # letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
  2444. # letsencrypt['auto_renew_day_of_month'] = "*/4"
  2445. # letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'
  2446.  
  2447. ##! Turn off automatic init system detection. To skip init detection in
  2448. ##! non-docker containers. Recommended not to change.
  2449. # package['detect_init'] = true
  2450.  
  2451. ##! Attempt to modify kernel paramaters. To skip this in containers where the
  2452. ##! relevant file system is read-only, set the value to false.
  2453. # package['modify_kernel_parameters'] = true
  2454.  
  2455. ##! Specify maximum number of tasks that can be created by the systemd unit
  2456. ##! Will be populated as TasksMax value to the unit file if user is on a systemd
  2457. ##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
  2458. # package['systemd_tasks_max'] = 4915
  2459.  
  2460. ##! Settings to configure order of GitLab's systemd unit.
  2461. ##! Note: We do not recommend changing these values unless absolutely necessary
  2462. # package['systemd_after'] = 'multi-user.target'
  2463. # package['systemd_wanted_by'] = 'multi-user.target'
  2464. ################################################################################
  2465. ################################################################################
  2466. ## Configuration Settings for GitLab EE only ##
  2467. ################################################################################
  2468. ################################################################################
  2469.  
  2470.  
  2471. ################################################################################
  2472. ## Auxiliary cron jobs applicable to GitLab EE only
  2473. ################################################################################
  2474. #
  2475. # gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
  2476. # gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
  2477. # gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
  2478. # gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0"
  2479. # gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
  2480. # gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
  2481. # gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
  2482. # gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
  2483. # gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
  2484. # gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
  2485. # gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
  2486. # gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
  2487. # gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0"
  2488.  
  2489. ################################################################################
  2490. ## Kerberos (EE Only)
  2491. ##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
  2492. ################################################################################
  2493.  
  2494. # gitlab_rails['kerberos_enabled'] = true
  2495. # gitlab_rails['kerberos_keytab'] = /etc/http.keytab
  2496. # gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
  2497. # gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
  2498. # gitlab_rails['kerberos_use_dedicated_port'] = true
  2499. # gitlab_rails['kerberos_port'] = 8443
  2500. # gitlab_rails['kerberos_https'] = true
  2501.  
  2502. ################################################################################
  2503. ## Package repository
  2504. ##! Docs: https://docs.gitlab.com/ee/administration/packages/
  2505. ################################################################################
  2506.  
  2507. # gitlab_rails['packages_enabled'] = true
  2508. # gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
  2509. # gitlab_rails['packages_object_store_enabled'] = false
  2510. # gitlab_rails['packages_object_store_direct_upload'] = false
  2511. # gitlab_rails['packages_object_store_background_upload'] = true
  2512. # gitlab_rails['packages_object_store_proxy_download'] = false
  2513. # gitlab_rails['packages_object_store_remote_directory'] = "packages"
  2514. # gitlab_rails['packages_object_store_connection'] = {
  2515. # 'provider' => 'AWS',
  2516. # 'region' => 'eu-west-1',
  2517. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  2518. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  2519. # # # The below options configure an S3 compatible host instead of AWS
  2520. # # 'host' => 's3.amazonaws.com',
  2521. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  2522. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  2523. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  2524. # }
  2525.  
  2526. ################################################################################
  2527. ## Dependency proxy
  2528. ##! Docs: https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html
  2529. ################################################################################
  2530.  
  2531. # gitlab_rails['dependency_proxy_enabled'] = true
  2532. # gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
  2533. # gitlab_rails['dependency_proxy_object_store_enabled'] = false
  2534. # gitlab_rails['dependency_proxy_object_store_direct_upload'] = false
  2535. # gitlab_rails['dependency_proxy_object_store_background_upload'] = true
  2536. # gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
  2537. # gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
  2538. # gitlab_rails['dependency_proxy_object_store_connection'] = {
  2539. # 'provider' => 'AWS',
  2540. # 'region' => 'eu-west-1',
  2541. # 'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
  2542. # 'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
  2543. # # # The below options configure an S3 compatible host instead of AWS
  2544. # # 'host' => 's3.amazonaws.com',
  2545. # # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
  2546. # # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
  2547. # # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
  2548. # }
  2549.  
  2550. ################################################################################
  2551. ## GitLab Sentinel (EE Only)
  2552. ##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
  2553. ################################################################################
  2554.  
  2555. ##! **Make sure you configured all redis['master_*'] keys above before
  2556. ##! continuing.**
  2557.  
  2558. ##! To enable Sentinel and disable all other services in this machine,
  2559. ##! uncomment the line below (if you've enabled Redis role, it will keep it).
  2560. ##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
  2561. # redis_sentinel_role['enable'] = true
  2562.  
  2563. # sentinel['enable'] = true
  2564.  
  2565. ##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
  2566. # sentinel['bind'] = '0.0.0.0'
  2567.  
  2568. ##! Uncomment to change default port
  2569. # sentinel['port'] = 26379
  2570.  
  2571. #### Support to run sentinels in a Docker or NAT environment
  2572. #####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
  2573. # In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
  2574. # Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
  2575. # sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
  2576. # sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
  2577.  
  2578. ##! Quorum must reflect the amount of voting sentinels it take to start a
  2579. ##! failover.
  2580. ##! **Value must NOT be greater then the amount of sentinels.**
  2581. ##! The quorum can be used to tune Sentinel in two ways:
  2582. ##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
  2583. ##! we deploy, we are basically making Sentinel more sensible to master
  2584. ##! failures, triggering a failover as soon as even just a minority of
  2585. ##! Sentinels is no longer able to talk with the master.
  2586. ##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
  2587. ##! are making Sentinel able to failover only when there are a very large
  2588. ##! number (larger than majority) of well connected Sentinels which agree
  2589. ##! about the master being down.
  2590. # sentinel['quorum'] = 1
  2591.  
  2592. ### Consider unresponsive server down after x amount of ms.
  2593. # sentinel['down_after_milliseconds'] = 10000
  2594.  
  2595. ### Specifies the failover timeout in milliseconds.
  2596. ##! It is used in many ways:
  2597. ##!
  2598. ##! - The time needed to re-start a failover after a previous failover was
  2599. ##! already tried against the same master by a given Sentinel, is two
  2600. ##! times the failover timeout.
  2601. ##!
  2602. ##! - The time needed for a replica replicating to a wrong master according
  2603. ##! to a Sentinel current configuration, to be forced to replicate
  2604. ##! with the right master, is exactly the failover timeout (counting since
  2605. ##! the moment a Sentinel detected the misconfiguration).
  2606. ##!
  2607. ##! - The time needed to cancel a failover that is already in progress but
  2608. ##! did not produced any configuration change (REPLICAOF NO ONE yet not
  2609. ##! acknowledged by the promoted replica).
  2610. ##!
  2611. ##! - The maximum time a failover in progress waits for all the replicas to be
  2612. ##! reconfigured as replicas of the new master. However even after this time
  2613. ##! the replicas will be reconfigured by the Sentinels anyway, but not with
  2614. ##! the exact parallel-syncs progression as specified.
  2615. # sentinel['failover_timeout'] = 60000
  2616.  
  2617. ### Sentinel TLS settings
  2618. ###! To run Sentinel over TLS, specify values for the following settings
  2619. # sentinel['tls_port'] = nil
  2620. # sentinel['tls_cert_file'] = nil
  2621. # sentinel['tls_key_file'] = nil
  2622.  
  2623. ###! Other TLS related optional settings
  2624. # sentinel['tls_dh_params_file'] = nil
  2625. # sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
  2626. # sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
  2627. # sentinel['tls_auth_clients'] = 'optional'
  2628. # sentinel['tls_replication'] = nil
  2629. # sentinel['tls_cluster'] = nil
  2630. # sentinel['tls_protocols'] = nil
  2631. # sentinel['tls_ciphers'] = nil
  2632. # sentinel['tls_ciphersuites'] = nil
  2633. # sentinel['tls_prefer_server_ciphers'] = nil
  2634. # sentinel['tls_session_caching'] = nil
  2635. # sentinel['tls_session_cache_size'] = nil
  2636. # sentinel['tls_session_cache_timeout'] = nil
  2637.  
  2638. ### Sentinel hostname support
  2639. ###! When enabled, Redis will leverage hostname support
  2640. ###! Generally this does not need to be changed as we determine this based on
  2641. ###! the provided input from `redis['announce_ip']`
  2642. ###! * This is configured to `true` when a fully qualified hostname is provided
  2643. ###! * This is configured to `false` when an IP address is provided
  2644. # sentinel['use_hostnames'] = <calculated>
  2645.  
  2646. ################################################################################
  2647. ## Additional Database Settings (EE only)
  2648. ##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
  2649. ################################################################################
  2650. # gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
  2651.  
  2652. ################################################################################
  2653. ## GitLab Geo
  2654. ##! Docs: https://docs.gitlab.com/ee/gitlab-geo
  2655. ################################################################################
  2656. ##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with
  2657. ##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/README.html#roles.
  2658.  
  2659. # This is an optional identifier which Geo nodes can use to identify themselves.
  2660. # For example, if external_url is the same for two secondaries, you must specify
  2661. # a unique Geo node name for those secondaries.
  2662. #
  2663. # If it is blank, it defaults to external_url.
  2664. # gitlab_rails['geo_node_name'] = nil
  2665.  
  2666. # gitlab_rails['geo_registry_replication_enabled'] = true
  2667. # gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'
  2668.  
  2669.  
  2670. ################################################################################
  2671. ## GitLab Geo Secondary (EE only)
  2672. ################################################################################
  2673. # geo_secondary['auto_migrate'] = true
  2674. # geo_secondary['db_adapter'] = "postgresql"
  2675. # geo_secondary['db_encoding'] = "unicode"
  2676. # geo_secondary['db_collation'] = nil
  2677. # geo_secondary['db_database'] = "gitlabhq_geo_production"
  2678. # geo_secondary['db_username'] = "gitlab_geo"
  2679. # geo_secondary['db_password'] = nil
  2680. # geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
  2681. # geo_secondary['db_port'] = 5431
  2682. # geo_secondary['db_socket'] = nil
  2683. # geo_secondary['db_sslmode'] = nil
  2684. # geo_secondary['db_sslcompression'] = 0
  2685. # geo_secondary['db_sslrootcert'] = nil
  2686. # geo_secondary['db_sslca'] = nil
  2687. # geo_secondary['db_prepared_statements'] = false
  2688.  
  2689. ################################################################################
  2690. ## GitLab Geo Secondary Tracking Database (EE only)
  2691. ################################################################################
  2692.  
  2693. # geo_postgresql['enable'] = false
  2694. # geo_postgresql['ha'] = false
  2695. # geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
  2696. # geo_postgresql['pgbouncer_user'] = nil
  2697. # geo_postgresql['pgbouncer_user_password'] = nil
  2698. ##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
  2699. # geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
  2700.  
  2701. ################################################################################
  2702. ## Unleash
  2703. ##! These settings are for GitLab internal use.
  2704. ##! They are used to control feature flags during GitLab development.
  2705. ##! Docs: https://docs.gitlab.com/ee/development/feature_flags
  2706. ################################################################################
  2707. # gitlab_rails['feature_flags_unleash_enabled'] = false
  2708. # gitlab_rails['feature_flags_unleash_url'] = nil
  2709. # gitlab_rails['feature_flags_unleash_app_name'] = nil
  2710. # gitlab_rails['feature_flags_unleash_instance_id'] = nil
  2711.  
  2712. ################################################################################
  2713. # Pgbouncer (EE only)
  2714. # See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
  2715. # See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
  2716. ################################################################################
  2717. # pgbouncer['enable'] = false
  2718. # pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
  2719. # pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
  2720. # pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
  2721. # pgbouncer['env'] = {
  2722. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2723. # }
  2724. # pgbouncer['listen_addr'] = '0.0.0.0'
  2725. # pgbouncer['listen_port'] = '6432'
  2726. # pgbouncer['pool_mode'] = 'transaction'
  2727. # pgbouncer['server_reset_query'] = 'DISCARD ALL'
  2728. # pgbouncer['application_name_add_host'] = '1'
  2729. # pgbouncer['max_client_conn'] = '2048'
  2730. # pgbouncer['default_pool_size'] = '100'
  2731. # pgbouncer['min_pool_size'] = '0'
  2732. # pgbouncer['reserve_pool_size'] = '5'
  2733. # pgbouncer['reserve_pool_timeout'] = '5.0'
  2734. # pgbouncer['server_round_robin'] = '0'
  2735. # pgbouncer['log_connections'] = '0'
  2736. # pgbouncer['server_idle_timeout'] = '30'
  2737. # pgbouncer['dns_max_ttl'] = '15.0'
  2738. # pgbouncer['dns_zone_check_period'] = '0'
  2739. # pgbouncer['dns_nxdomain_ttl'] = '15.0'
  2740. # pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
  2741. # pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
  2742. # pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
  2743. # pgbouncer['databases'] = {
  2744. # DATABASE_NAME: {
  2745. # host: HOSTNAME,
  2746. # port: PORT
  2747. # user: USERNAME,
  2748. # password: PASSWORD
  2749. ###! generate this with `echo -n '$password + $username' | md5sum`
  2750. # }
  2751. # ...
  2752. # }
  2753. # pgbouncer['logfile'] = nil
  2754. # pgbouncer['unix_socket_dir'] = nil
  2755. # pgbouncer['unix_socket_mode'] = '0777'
  2756. # pgbouncer['unix_socket_group'] = nil
  2757. # pgbouncer['auth_type'] = 'md5'
  2758. # pgbouncer['auth_hba_file'] = nil
  2759. # pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
  2760. # pgbouncer['users'] = {
  2761. # {
  2762. # name: USERNAME,
  2763. # password: MD5_PASSWORD_HASH
  2764. # }
  2765. # }
  2766. # postgresql['pgbouncer_user'] = nil
  2767. # postgresql['pgbouncer_user_password'] = nil
  2768. # pgbouncer['server_reset_query_always'] = 0
  2769. # pgbouncer['server_check_query'] = 'select 1'
  2770. # pgbouncer['server_check_delay'] = 30
  2771. # pgbouncer['max_db_connections'] = nil
  2772. # pgbouncer['max_user_connections'] = nil
  2773. # pgbouncer['syslog'] = 0
  2774. # pgbouncer['syslog_facility'] = 'daemon'
  2775. # pgbouncer['syslog_ident'] = 'pgbouncer'
  2776. # pgbouncer['log_disconnections'] = 1
  2777. # pgbouncer['log_pooler_errors'] = 1
  2778. # pgbouncer['stats_period'] = 60
  2779. # pgbouncer['verbose'] = 0
  2780. # pgbouncer['server_lifetime'] = 3600
  2781. # pgbouncer['server_connect_timeout'] = 15
  2782. # pgbouncer['server_login_retry'] = 15
  2783. # pgbouncer['query_timeout'] = 0
  2784. # pgbouncer['query_wait_timeout'] = 120
  2785. # pgbouncer['client_idle_timeout'] = 0
  2786. # pgbouncer['client_login_timeout'] = 60
  2787. # pgbouncer['autodb_idle_timeout'] = 3600
  2788. # pgbouncer['suspend_timeout'] = 10
  2789. # pgbouncer['idle_transaction_timeout'] = 0
  2790. # pgbouncer['pkt_buf'] = 4096
  2791. # pgbouncer['listen_backlog'] = 128
  2792. # pgbouncer['sbuf_loopcnt'] = 5
  2793. # pgbouncer['max_packet_size'] = 2147483647
  2794. # pgbouncer['tcp_defer_accept'] = 0
  2795. # pgbouncer['tcp_socket_buffer'] = 0
  2796. # pgbouncer['tcp_keepalive'] = 1
  2797. # pgbouncer['tcp_keepcnt'] = 0
  2798. # pgbouncer['tcp_keepidle'] = 0
  2799. # pgbouncer['tcp_keepintvl'] = 0
  2800. # pgbouncer['disable_pqexec'] = 0
  2801.  
  2802. ## Pgbouncer client TLS options
  2803. # pgbouncer['client_tls_sslmode'] = 'disable'
  2804. # pgbouncer['client_tls_ca_file'] = nil
  2805. # pgbouncer['client_tls_key_file'] = nil
  2806. # pgbouncer['client_tls_cert_file'] = nil
  2807. # pgbouncer['client_tls_protocols'] = 'all'
  2808. # pgbouncer['client_tls_dheparams'] = 'auto'
  2809. # pgbouncer['client_tls_ecdhcurve'] = 'auto'
  2810. #
  2811. ## Pgbouncer server TLS options
  2812. # pgbouncer['server_tls_sslmode'] = 'disable'
  2813. # pgbouncer['server_tls_ca_file'] = nil
  2814. # pgbouncer['server_tls_key_file'] = nil
  2815. # pgbouncer['server_tls_cert_file'] = nil
  2816. # pgbouncer['server_tls_protocols'] = 'all'
  2817. # pgbouncer['server_tls_ciphers'] = 'fast'
  2818.  
  2819. ################################################################################
  2820. # Patroni (EE only)
  2821. ################################################################################
  2822. # patroni['enable'] = false
  2823.  
  2824. # patroni['dir'] = '/var/opt/gitlab/patroni'
  2825. # patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'
  2826.  
  2827. ## Patroni dynamic configuration settings
  2828. # patroni['loop_wait'] = 10
  2829. # patroni['ttl'] = 30
  2830. # patroni['retry_timeout'] = 10
  2831. # patroni['maximum_lag_on_failover'] = 1_048_576
  2832. # patroni['max_timelines_history'] = 0
  2833. # patroni['master_start_timeout'] = 300
  2834. # patroni['use_pg_rewind'] = true
  2835. # patroni['remove_data_directory_on_rewind_failure'] = false
  2836. # patroni['remove_data_directory_on_diverged_timelines'] = false
  2837. # patroni['use_slots'] = true
  2838. # patroni['replication_password'] = nil
  2839. # patroni['replication_slots'] = {}
  2840. # patroni['callbacks'] = {}
  2841. # patroni['recovery_conf'] = {}
  2842. # patroni['tags'] = {}
  2843.  
  2844. ## Standby cluster replication settings
  2845. # patroni['standby_cluster']['enable'] = false
  2846. # patroni['standby_cluster']['host'] = nil
  2847. # patroni['standby_cluster']['port'] = 5432
  2848. # patroni['standby_cluster']['primary_slot_name'] = nil
  2849.  
  2850. ## Global/Universal settings
  2851. # patroni['scope'] = 'gitlab-postgresql-ha'
  2852. # patroni['name'] = nil
  2853.  
  2854. ## Log settings
  2855. # patroni['log_directory'] = '/var/log/gitlab/patroni'
  2856. # patroni['log_level'] = 'INFO'
  2857.  
  2858. ## Consul specific settings
  2859. # patroni['consul']['url'] = 'http://127.0.0.1:8500'
  2860. # patroni['consul']['service_check_interval'] = '10s'
  2861. # patroni['consul']['register_service'] = true
  2862. # patroni['consul']['checks'] = []
  2863.  
  2864. ## PostgreSQL configuration override
  2865. # patroni['postgresql']['hot_standby'] = 'on'
  2866.  
  2867. ## The following must hold the same values on all nodes.
  2868. ## Leave unassined to use PostgreSQL's default values.
  2869. # patroni['postgresql']['wal_level'] = 'replica'
  2870. # patroni['postgresql']['wal_log_hints'] = 'on'
  2871. # patroni['postgresql']['max_worker_processes'] = 8
  2872. # patroni['postgresql']['max_locks_per_transaction'] = 64
  2873. # patroni['postgresql']['max_connections'] = 200
  2874. # patroni['postgresql']['checkpoint_timeout'] = 30
  2875.  
  2876. ## The following can hold different values on all nodes.
  2877. ## Leave unassined to use PostgreSQL's default values.
  2878. # patroni['postgresql']['wal_keep_segments'] = 8
  2879. # patroni['postgresql']['max_wal_senders'] = 5
  2880. # patroni['postgresql']['max_replication_slots'] = 5
  2881.  
  2882. ## Permanent replication slots for Streaming Replication
  2883. # patroni['replication_slots'] = {
  2884. # 'geo_secondary' => { 'type' => 'physical' }
  2885. # }
  2886.  
  2887. ## The address and port that Patroni API binds to and listens on.
  2888. # patroni['listen_address'] = nil
  2889. # patroni['port'] = '8008'
  2890.  
  2891. ## The address of the Patroni node that is advertized to other cluster
  2892. ## members to communicate with its API and PostgreSQL. If it is not specified,
  2893. ## it tries to use the first available private IP and falls back to the default
  2894. ## network interface.
  2895. # patroni['connect_address'] = nil
  2896.  
  2897. ## The port that Patroni API responds to other cluster members. This port is
  2898. ## advertized and by default is the same as patroni['port'].
  2899. # patroni['connect_port'] = '8008'
  2900.  
  2901. ## Specifies the set of hosts that are allowed to call unsafe REST API endpoints.
  2902. ## Each item can be an hostname, IP address, or CIDR address.
  2903. ## All hosts are allowed if this is unset.
  2904. # patroni['allowlist'] = []
  2905. # patroni['allowlist_include_members'] = false
  2906.  
  2907. ## The username and password to use for basic auth on write commands to the
  2908. ## Patroni API. If not specified then the API does not use basic auth.
  2909. # patroni['username'] = nil
  2910. # patroni['password'] = nil
  2911.  
  2912. ## TLS configuration for Patroni API. Both certificate and key files are
  2913. ## required to enable TLS. If not specified then the API uses plain HTTP.
  2914. # patroni['tls_certificate_file'] = nil
  2915. # patroni['tls_key_file'] = nil
  2916. # patroni['tls_key_password'] = nil
  2917. # patroni['tls_ca_file'] = nil
  2918. # patroni['tls_ciphers'] = nil
  2919. # patroni['tls_client_mode'] = nil
  2920. # patroni['tls_client_certificate_file'] = nil
  2921. # patroni['tls_client_key_file'] = nil
  2922. # patroni['tls_verify'] = true
  2923.  
  2924. ################################################################################
  2925. # Consul (EEP only)
  2926. ################################################################################
  2927. # consul['enable'] = false
  2928. # consul['dir'] = '/var/opt/gitlab/consul'
  2929. # consul['username'] = 'gitlab-consul'
  2930. # consul['group'] = 'gitlab-consul'
  2931. # consul['config_file'] = '/var/opt/gitlab/consul/config.json'
  2932. # consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
  2933. # consul['data_dir'] = '/var/opt/gitlab/consul/data'
  2934. # consul['log_directory'] = '/var/log/gitlab/consul'
  2935. # consul['env_directory'] = '/opt/gitlab/etc/consul/env'
  2936. # consul['env'] = {
  2937. # 'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
  2938. # }
  2939. # consul['monitoring_service_discovery'] = false
  2940. # consul['node_name'] = nil
  2941. # consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
  2942. # consul['configuration'] = {
  2943. # 'client_addr' => nil,
  2944. # 'datacenter' => 'gitlab_consul',
  2945. # 'enable_script_checks' => true,
  2946. # 'server' => false
  2947. # }
  2948. # consul['services'] = []
  2949. # consul['service_config'] = {
  2950. # 'postgresql' => {
  2951. # 'service' => {
  2952. # 'name' => "postgresql",
  2953. # 'address' => '',
  2954. # 'port' => 5432,
  2955. # 'checks' => [
  2956. # {
  2957. # 'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
  2958. # 'interval' => "10s"
  2959. # }
  2960. # ]
  2961. # }
  2962. # }
  2963. # }
  2964. # consul['watchers'] = {
  2965. # 'postgresql' => {
  2966. # enable: false,
  2967. # handler: 'failover_pgbouncer'
  2968. # }
  2969. # }
  2970. #
  2971. # consul['custom_config_dir'] = '/path/to/service/configs/directory'
  2972. #
  2973.  
  2974. #### HTTP API ports
  2975. # consul['http_port'] = nil
  2976. # consul['https_port'] = nil
  2977.  
  2978. #### Gossip encryption
  2979. # consul['encryption_key'] = nil
  2980. # consul['encryption_verify_incoming'] = nil
  2981. # consul['encryption_verify_outgoing'] = nil
  2982.  
  2983. #### TLS settings
  2984. # consul['use_tls'] = false
  2985. # consul['tls_ca_file'] = nil
  2986. # consul['tls_certificate_file'] = nil
  2987. # consul['tls_key_file'] = nil
  2988. # consul['tls_verify_client'] = nil
  2989.  
  2990. ################################################################################
  2991. # Service desk email settings
  2992. ################################################################################
  2993. ### Service desk email
  2994. ###! Allow users to create new service desk issues by sending an email to
  2995. ###! service desk address.
  2996. ###! Docs: https://docs.gitlab.com/ee/user/project/service_desk.html
  2997. # gitlab_rails['service_desk_email_enabled'] = false
  2998.  
  2999. #### Service Desk Mailbox Settings (via `mail_room`)
  3000. #### Service Desk Email Address
  3001. ####! The email address including the `%{key}` placeholder that will be replaced
  3002. ####! to reference the item being replied to.
  3003. ####! **The placeholder can be omitted but if present, it must appear in the
  3004. ####! "user" part of the address (before the `@`).**
  3005. # gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"
  3006.  
  3007. #### Service Desk Email account username
  3008. ####! **With third party providers, this is usually the full email address.**
  3009. ####! **With self-hosted email servers, this is usually the user part of the
  3010. ####! email address.**
  3011. # gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"
  3012.  
  3013. #### Service Desk Email account password
  3014. # gitlab_rails['service_desk_email_password'] = "[REDACTED]"
  3015.  
  3016. ####! The mailbox where service desk mail will end up. Usually "inbox".
  3017. # gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
  3018. ####! The IDLE command timeout.
  3019. # gitlab_rails['service_desk_email_idle_timeout'] = 60
  3020. ####! The file name for internal `mail_room` JSON logfile
  3021. # gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
  3022.  
  3023. #### Service Desk IMAP Settings
  3024. # gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
  3025. # gitlab_rails['service_desk_email_port'] = 993
  3026. # gitlab_rails['service_desk_email_ssl'] = true
  3027. # gitlab_rails['service_desk_email_start_tls'] = false
  3028.  
  3029. #### Inbox options (for Microsoft Graph)
  3030. # gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph'
  3031. # gitlab_rails['service_desk_email_inbox_options'] = {
  3032. # 'tenant_id': 'YOUR-TENANT-ID',
  3033. # 'client_id': 'YOUR-CLIENT-ID',
  3034. # 'client_secret': 'YOUR-CLIENT-SECRET',
  3035. # 'poll_interval': 60 # Optional
  3036. # }
  3037.  
  3038. #### How service desk emails are delivered to Rails process. Accept either
  3039. #### sidekiq or webhook. The default config is sidekiq.
  3040. # gitlab_rails['service_desk_email_delivery_method'] = "sidekiq"
  3041.  
  3042. #### Token to authenticate webhook requests. The token must be exactly 32 bytes,
  3043. #### encoded with base64
  3044. # gitlab_rails['service_desk_email_auth_token'] = nil
  3045.  
  3046. ################################################################################
  3047. ## Spamcheck (EE only)
  3048. #################################################################################
  3049.  
  3050. # spamcheck['enable'] = false
  3051. # spamcheck['dir'] = '/var/opt/gitlab/spamcheck'
  3052. # spamcheck['port'] = 8001
  3053. # spamcheck['external_port'] = nil
  3054. # spamcheck['monitoring_address'] = ':8003'
  3055. # spamcheck['log_level'] = 'info'
  3056. # spamcheck['log_format'] = 'json'
  3057. # spamcheck['log_output'] = 'stdout'
  3058. # spamcheck['monitor_mode'] = false
  3059. # spamcheck['allowlist'] = {}
  3060. # spamcheck['denylist'] = {}
  3061. # spamcheck['log_directory'] = "/var/log/gitlab/spamcheck"
  3062. # spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env"
  3063. # spamcheck['env'] = {
  3064. # 'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/cers'
  3065. # }
  3066. # spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier"
  3067.  
RAW Paste Data Copied