· 9 years ago · Mar 09, 2017, 05:10 PM
1## GitLab configuration settings
2##! This file is generated during initial installation and **is not** modified
3##! during upgrades.
4##! Check out the latest version of this file to know about the different
5##! settings that can be configured by this file, which may be found at:
6##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
7
8
9## GitLab URL
10##! URL on which GitLab will be reachable.
11##! For more details on configuring external_url see:
12##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
13external_url 'http://git.example.at'
14
15## Legend
16##! The following notations at the beginning of each line may be used to
17##! differentiate between components of this file and to easily select them using
18##! a regex.
19##! ## Titles, subtitles etc
20##! ##! More information - Description, Docs, Links, Issues etc.
21##! Configuration settings have a single # followed by a single space at the
22##! beginning; Remove them to enable the setting.
23
24##! **Configuration settings below are optional.**
25##! **The values currently assigned are only examples and ARE NOT the default
26##! values.**
27
28
29################################################################################
30################################################################################
31## Configuration Settings for GitLab CE and EE ##
32################################################################################
33################################################################################
34
35################################################################################
36## gitlab.yml configuration
37##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
38################################################################################
39# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
40# gitlab_rails['time_zone'] = 'UTC'
41
42### Email Settings
43# gitlab_rails['gitlab_email_enabled'] = true
44# gitlab_rails['gitlab_email_from'] = 'example@example.com'
45# gitlab_rails['gitlab_email_display_name'] = 'Example'
46# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
47# gitlab_rails['gitlab_email_subject_suffix'] = ''
48
49### GitLab user privileges
50# gitlab_rails['gitlab_default_can_create_group'] = true
51# gitlab_rails['gitlab_username_changing_enabled'] = true
52
53### Default Theme
54# gitlab_rails['gitlab_default_theme'] = 2
55
56### Default project feature settings
57# gitlab_rails['gitlab_default_projects_features_issues'] = true
58# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
59# gitlab_rails['gitlab_default_projects_features_wiki'] = true
60# gitlab_rails['gitlab_default_projects_features_snippets'] = false
61# gitlab_rails['gitlab_default_projects_features_builds'] = true
62# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
63
64### Automatic issue closing
65###! See https://docs.gitlab.com/ce/customization/issue_closing.html for more
66###! information about this pattern.
67# gitlab_rails['gitlab_issue_closing_pattern'] = "((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
68
69### Download location
70###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
71###! is created in the following directory.
72# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
73
74### Gravatar Settings
75# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
76# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
77
78### Auxiliary jobs
79###! Periodically executed jobs, to self-heal Gitlab, do external
80###! synchronizations, etc.
81###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
82###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
83# gitlab_rails['stuck_ci_builds_worker_cron'] = "0 0 * * *"
84# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
85# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
86# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
87# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
88
89### Webhook Settings
90###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
91###! request (default: 10)
92# gitlab_rails['webhook_timeout'] = 10
93
94### Trusted proxies
95###! Customize if you have GitLab behind a reverse proxy which is running on a
96###! different machine.
97###! **Add the IP address for your reverse proxy to the list, otherwise users
98###! will appear signed in from that address.**
99# gitlab_rails['trusted_proxies'] = []
100
101### Reply by email
102###! Allow users to comment on issues and merge requests by replying to
103###! notification emails.
104###! Docs: https://docs.gitlab.com/ce/administration/reply_by_email.html
105# gitlab_rails['incoming_email_enabled'] = true
106
107#### Incoming Email Address
108####! The email address including the `%{key}` placeholder that will be replaced
109####! to reference the item being replied to.
110####! **The placeholder can be omitted but if present, it must appear in the
111####! "user" part of the address (before the `@`).**
112# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
113
114#### Email account username
115####! **With third party providers, this is usually the full email address.**
116####! **With self-hosted email servers, this is usually the user part of the
117####! email address.**
118# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
119
120#### Email account password
121# gitlab_rails['incoming_email_password'] = "[REDACTED]"
122
123#### IMAP Settings
124# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
125# gitlab_rails['incoming_email_port'] = 993
126# gitlab_rails['incoming_email_ssl'] = true
127# gitlab_rails['incoming_email_start_tls'] = false
128
129#### Incoming Mailbox Settings
130####! The mailbox where incoming mail will end up. Usually "inbox".
131# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
132####! The location where incoming mails will be logged.
133# gitlab_rails['incoming_email_log_directory'] = "/var/log/gitlab/mailroom"
134
135### Build Artifacts
136# gitlab_rails['artifacts_enabled'] = true
137# gitlab_rails['artifacts_path'] = "/mnt/storage/artifacts"
138
139### Git LFS
140# gitlab_rails['lfs_enabled'] = true
141# gitlab_rails['lfs_storage_path'] = "/mnt/storage/lfs-objects"
142
143### GitLab Mattermost
144###! These settings are void if Mattermost is installed on the same omnibus
145###! install
146# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
147
148### LDAP Settings
149###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
150###! **Be careful not to break the indentation in the ldap_servers block. It is
151###! in yaml format and the spaces must be retained. Using tabs will not work.**
152
153# gitlab_rails['ldap_enabled'] = false
154
155###! **remember to close this block with 'EOS' below**
156# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
157# main: # 'main' is the GitLab 'provider ID' of this LDAP server
158# label: 'LDAP'
159# host: '_your_ldap_server'
160# port: 389
161# uid: 'sAMAccountName'
162# method: 'plain' # "tls" or "ssl" or "plain"
163# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
164# password: '_the_password_of_the_bind_user'
165# active_directory: true
166# allow_username_or_email_login: false
167# block_auto_created_users: false
168# base: ''
169# user_filter: ''
170# attributes:
171# username: ['uid', 'userid', 'sAMAccountName']
172# email: ['mail', 'email', 'userPrincipalName']
173# name: 'cn'
174# first_name: 'givenName'
175# last_name: 'sn'
176# ## EE only
177# group_base: ''
178# admin_group: ''
179# sync_ssh_keys: false
180#
181# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
182# label: 'LDAP'
183# host: '_your_ldap_server'
184# port: 389
185# uid: 'sAMAccountName'
186# method: 'plain' # "tls" or "ssl" or "plain"
187# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
188# password: '_the_password_of_the_bind_user'
189# active_directory: true
190# allow_username_or_email_login: false
191# block_auto_created_users: false
192# base: ''
193# user_filter: ''
194# attributes:
195# username: ['uid', 'userid', 'sAMAccountName']
196# email: ['mail', 'email', 'userPrincipalName']
197# name: 'cn'
198# first_name: 'givenName'
199# last_name: 'sn'
200# ## EE only
201# group_base: ''
202# admin_group: ''
203# sync_ssh_keys: false
204# EOS
205
206### OmniAuth Settings
207###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
208# gitlab_rails['omniauth_enabled'] = false
209# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
210# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
211# gitlab_rails['omniauth_block_auto_created_users'] = true
212# gitlab_rails['omniauth_auto_link_ldap_user'] = false
213# gitlab_rails['omniauth_auto_link_saml_user'] = false
214# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
215# gitlab_rails['omniauth_providers'] = [
216# {
217# "name" => "google_oauth2",
218# "app_id" => "YOUR APP ID",
219# "app_secret" => "YOUR APP SECRET",
220# "args" => { "access_type" => "offline", "approval_prompt" => "" }
221# }
222# ]
223
224###! **If you setup Bitbucket importer under omniauth providers you will need to
225###! add the keys which will allow connection between Bitbucket and GitLab.**
226###! Docs: https://docs.gitlab.com/ce/integration/bitbucket.html
227# gitlab_rails['bitbucket'] = {
228# 'known_hosts_key' => 'bitbucket.org,207.223.240.182 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==',
229# 'private_key' => '-----BEGIN RSA PRIVATE KEY-----
230# MIIEowIBAAKCAQEAyXxYHwz2KjcwSjTREwlhYHqrf/8U0UM8ej3cqQ551gE4Wo3t
231# -----END RSA PRIVATE KEY-----',
232# 'public_key' => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJfFgfDPYqN git@gitlab.example.com'
233# }
234
235### Backup Settings
236###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
237
238# gitlab_rails['manage_backup_path'] = true
239# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
240
241###! Docs: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-archive-permissions
242# gitlab_rails['backup_archive_permissions'] = 0644
243
244# gitlab_rails['backup_pg_schema'] = 'public'
245# gitlab_rails['backup_keep_time'] = 604800
246# gitlab_rails['backup_upload_connection'] = {
247# 'provider' => 'AWS',
248# 'region' => 'eu-west-1',
249# 'aws_access_key_id' => 'AKIAKIAKI',
250# 'aws_secret_access_key' => 'secret123'
251# }
252# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
253# gitlab_rails['backup_multipart_chunk_size'] = 104857600
254
255###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
256###! backups**
257# gitlab_rails['backup_encryption'] = 'AES256'
258
259### For setting up different data storing directory
260###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
261###! **If you want to use a single non-default directory to store git data use a
262###! path that doesn't contain symlinks.**
263# git_data_dirs({"default" => "/var/opt/gitlab/git-data"})
264
265### For storing GitLab application uploads, eg. LFS objects, build artifacts
266###! Docs: https://docs.gitlab.com/ce/development/shared_files.html
267# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
268
269
270### DEPRECATED: gitlab_rails['satellites_timeout'] = 30
271
272### GitLab Shell settings for GitLab
273# gitlab_rails['gitlab_shell_ssh_port'] = 22
274# gitlab_rails['git_max_size'] = 20971520
275# gitlab_rails['git_timeout'] = 10
276
277### Extra customization
278# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
279# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
280# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
281
282##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
283# gitlab_rails['env'] = {
284# 'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
285# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
286# }
287
288# gitlab_rails['rack_attack_git_basic_auth'] = {
289# 'enabled' => true,
290# 'ip_whitelist' => ["127.0.0.1"],
291# 'maxretry' => 10,
292# 'findtime' => 60,
293# 'bantime' => 3600
294# }
295
296# gitlab_rails['rack_attack_protected_paths'] = [
297# '/users/password',
298# '/users/sign_in',
299# '/api/#{API::API.version}/session.json',
300# '/api/#{API::API.version}/session',
301# '/users',
302# '/users/confirmation',
303# '/unsubscribes/',
304# '/import/github/personal_access_token'
305# ]
306
307###! **We do not recommend changing these directories.**
308# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
309# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
310
311### GitLab application settings
312# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
313# gitlab_rails['rate_limit_requests_per_period'] = 10
314# gitlab_rails['rate_limit_period'] = 60
315
316#### Change the initial default admin password and shared runner registraion tokens.
317####! **Only applicable on initial setup, changing these settings after database
318####! is created and seeded won't yield any change.**
319# gitlab_rails['initial_root_password'] = "password"
320# gitlab_rails['initial_shared_runners_registration_token'] = "token"
321
322#### Enable or disable automatic database migrations
323# gitlab_rails['auto_migrate'] = true
324
325#### This is advanced feature used by large gitlab deployments where loading
326#### whole RAILS env takes a lot of time.
327# gitlab_rails['rake_cache_clear'] = true
328
329### GitLab database settings
330###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
331###! **Only needed if you use an external database.**
332# gitlab_rails['db_adapter'] = "postgresql"
333# gitlab_rails['db_encoding'] = "unicode"
334# gitlab_rails['db_collation'] = nil
335# gitlab_rails['db_database'] = "gitlabhq_production"
336# gitlab_rails['db_pool'] = 10
337# gitlab_rails['db_username'] = "gitlab"
338# gitlab_rails['db_password'] = nil
339# gitlab_rails['db_host'] = nil
340# gitlab_rails['db_port'] = 5432
341# gitlab_rails['db_socket'] = nil
342# gitlab_rails['db_sslmode'] = nil
343# gitlab_rails['db_sslrootcert'] = nil
344
345
346### GitLab Redis settings
347###! Connect to your own Redis instance
348###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
349
350#### Redis TCP connection
351# gitlab_rails['redis_host'] = "127.0.0.1"
352# gitlab_rails['redis_port'] = 6379
353# gitlab_rails['redis_password'] = nil
354# gitlab_rails['redis_database'] = 0
355
356#### Redis local UNIX socket (will be disabled if TCP method is used)
357# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
358
359#### Sentinel support
360####! To have Sentinel working, you must enable Redis TCP connection support
361####! above and define a few Sentinel hosts below (to get a reliable setup
362####! at least 3 hosts).
363####! **You don't need to list every sentinel host, but the ones not listed will
364####! not be used in a fail-over situation to query for the new master.**
365# gitlab_rails['redis_sentinels'] = [
366# {'host' => '127.0.0.1', 'port' => 26379},
367# ]
368
369### GitLab email server settings
370###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
371###! **Use smtp instead of sendmail/postfix.**
372
373# gitlab_rails['smtp_enable'] = true
374# gitlab_rails['smtp_address'] = "smtp.server"
375# gitlab_rails['smtp_port'] = 465
376# gitlab_rails['smtp_user_name'] = "smtp user"
377# gitlab_rails['smtp_password'] = "smtp password"
378# gitlab_rails['smtp_domain'] = "example.com"
379# gitlab_rails['smtp_authentication'] = "login"
380# gitlab_rails['smtp_enable_starttls_auto'] = true
381# gitlab_rails['smtp_tls'] = false
382
383###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
384###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
385# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
386
387# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
388# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
389
390################################################################################
391## Container Registry settings
392##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
393################################################################################
394
395# registry_external_url 'https://registry.gitlab.example.com'
396
397### Settings used by GitLab application
398# gitlab_rails['registry_enabled'] = true
399# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
400# gitlab_rails['registry_port'] = "5005"
401# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
402
403###! **Do not change the following 3 settings unless you know what you are
404###! doing**
405# gitlab_rails['registry_api_url'] = "http://localhost:5000"
406# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
407# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
408
409### Settings used by Registry application
410# registry['enable'] = true
411# registry['username'] = "registry"
412# registry['group'] = "registry"
413# registry['uid'] = nil
414# registry['gid'] = nil
415# registry['dir'] = "/var/opt/gitlab/registry"
416# registry['registry_http_addr'] = "localhost:5000"
417# registry['debug_addr'] = "localhost:5001"
418# registry['log_directory'] = "/var/log/gitlab/registry"
419# registry['log_level'] = "info"
420# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
421# registry['storage_delete_enabled'] = true
422
423### Registry backend storage
424###! Docs: https://docs.gitlab.com/ce/administration/container_registry.html#container-registry-storage-driver
425# registry['storage'] = {
426# 's3' => {
427# 'accesskey' => 'AKIAKIAKI',
428# 'secretkey' => 'secret123',
429# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
430# }
431# }
432
433
434################################################################################
435## GitLab Workhorse
436##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
437################################################################################
438
439# gitlab_workhorse['enable'] = true
440# gitlab_workhorse['ha'] = false
441# gitlab_workhorse['listen_network'] = "unix"
442# gitlab_workhorse['listen_umask'] = 000
443# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/socket"
444# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
445
446##! the empty string is the default in gitlab-workhorse option parser
447# gitlab_workhorse['auth_socket'] = "''"
448
449##! put an empty string on the command line
450# gitlab_workhorse['pprof_listen_addr'] = "''"
451
452##! put an empty string on the command line
453# gitlab_workhorse['prometheus_listen_addr'] = "''"
454
455# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
456# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
457# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
458
459##! limit number of concurrent API requests, defaults to 0 which is unlimited
460# gitlab_workhorse['api_limit'] = 0
461
462##! limit number of API requests allowed to be queued, defaults to 0 which
463##! disables queuing
464# gitlab_workhorse['api_queue_limit'] = 0
465
466##! duration after which we timeout requests if they sit too long in the queue
467# gitlab_workhorse['api_queue_duration'] = "30s"
468
469# gitlab_workhorse['env'] = {
470# 'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
471# }
472
473################################################################################
474## GitLab User Settings
475##! Modify default git user.
476##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
477################################################################################
478
479# user['username'] = "git"
480# user['group'] = "git"
481# user['uid'] = nil
482# user['gid'] = nil
483
484##! The shell for the git user
485# user['shell'] = "/bin/sh"
486
487##! The home directory for the git user
488# user['home'] = "/var/opt/gitlab"
489
490# user['git_user_name'] = "GitLab"
491# user['git_user_email'] = "gitlab@#{node['fqdn']}"
492
493################################################################################
494## GitLab Unicorn
495##! Tweak unicorn settings.
496##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
497################################################################################
498
499# unicorn['worker_timeout'] = 60
500###! Minimum worker_processes is 2 at this moment
501###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
502# unicorn['worker_processes'] = 2
503
504### Advanced settings
505# unicorn['listen'] = '127.0.0.1'
506# unicorn['port'] = 8080
507# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
508# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
509# unicorn['tcp_nopush'] = true
510# unicorn['backlog_socket'] = 1024
511
512###! **Make sure somaxconn is equal or higher then backlog_socket**
513# unicorn['somaxconn'] = 1024
514
515###! **We do not recommend changing this setting**
516# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
517
518### **Only change these settings if you understand well what they mean**
519###! Docs: https://about.gitlab.com/2015/06/05/how-gitlab-uses-unicorn-and-unicorn-worker-killer/
520###! https://github.com/kzk/unicorn-worker-killer
521# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
522# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
523
524################################################################################
525## GitLab Sidekiq
526################################################################################
527
528# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
529# sidekiq['shutdown_timeout'] = 4
530# sidekiq['concurrency'] = 25
531
532################################################################################
533## gitlab-shell
534################################################################################
535
536# gitlab_shell['audit_usernames'] = false
537# gitlab_shell['log_level'] = 'INFO'
538# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
539# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
540# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
541
542##! **If enabled, git-annex needs to be installed on the server where GitLab is
543##! setup.
544##! For Debian and Ubuntu systems this can be done with:
545##! `sudo apt-get install git-annex`.
546##! For CentOS:
547##! `sudo yum install epel-release && sudo yum install git-annex`**
548# gitlab_shell['git_annex_enabled'] = false
549
550# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
551
552### Git trace log file.
553###! If set, git commands receive GIT_TRACE* environment variables
554###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
555###! An absolute path starting with / – the trace output will be appended to
556###! that file. It needs to exist so we can check permissions and avoid
557###! throwing warnings to the users.
558# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
559
560##! **We do not recommend changing this directory.**
561# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
562
563################################################################
564## GitLab PostgreSQL
565################################################################
566
567# postgresql['enable'] = true
568# postgresql['listen_address'] = nil
569# postgresql['port'] = 5432
570# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
571
572##! **recommend value is 1/4 of total RAM, up to 14GB.**
573# postgresql['shared_buffers'] = "256MB"
574
575### Advanced settings
576# postgresql['ha'] = false
577# postgresql['dir'] = "/var/opt/gitlab/postgresql"
578# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
579# postgresql['username'] = "gitlab-psql"
580# postgresql['uid'] = nil
581# postgresql['gid'] = nil
582# postgresql['shell'] = "/bin/sh"
583# postgresql['home'] = "/var/opt/gitlab/postgresql"
584# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
585# postgresql['sql_user'] = "gitlab"
586# postgresql['sql_ci_user'] = "gitlab_ci"
587# postgresql['max_connections'] = 200
588# postgresql['md5_auth_cidr_addresses'] = []
589# postgresql['trust_auth_cidr_addresses'] = []
590# postgresql['shmmax'] = 17179869184 # or 4294967295
591# postgresql['shmall'] = 4194304 # or 1048575
592# postgresql['work_mem'] = "8MB"
593# postgresql['maintenance_work_mem'] = "16MB"
594# postgresql['effective_cache_size'] = "1MB"
595# postgresql['checkpoint_segments'] = 10
596# postgresql['checkpoint_timeout'] = "5min"
597# postgresql['checkpoint_completion_target'] = 0.9
598# postgresql['checkpoint_warning'] = "30s"
599# postgresql['wal_buffers'] = "-1"
600# postgresql['autovacuum'] = "on"
601# postgresql['log_autovacuum_min_duration'] = "-1"
602# postgresql['autovacuum_max_workers'] = "3"
603# postgresql['autovacuum_naptime'] = "1min"
604# postgresql['autovacuum_vacuum_threshold'] = "50"
605# postgresql['autovacuum_analyze_threshold'] = "50"
606# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
607# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
608# postgresql['autovacuum_freeze_max_age'] = "200000000"
609# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
610# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
611# postgresql['statement_timeout'] = "0"
612# postgresql['log_line_prefix'] = "%a"
613# postgresql['track_activity_query_size'] = "1024"
614# postgresql['shared_preload_libraries'] = nil
615
616### Replication settings
617# postgresql['sql_replication_user'] = "gitlab_replicator"
618# postgresql['wal_level'] = "hot_standby"
619# postgresql['max_wal_senders'] = 5
620# postgresql['wal_keep_segments'] = 10
621# postgresql['hot_standby'] = "off"
622# postgresql['max_standby_archive_delay'] = "30s"
623# postgresql['max_standby_streaming_delay'] = "30s"
624# postgresql['max_replication_slots'] = 0
625# postgresql['synchronous_commit'] = on
626# postgresql['synchronous_standby_names'] = ''
627
628# Backup/Archive settings
629# default['gitlab']['postgresql']['archive_mode'] = "off"
630# default['gitlab']['postgresql']['archive_command'] = nil
631# default['gitlab']['postgresql']['archive_timeout'] = "60"
632
633### Available in PostgreSQL 9.6 and later
634# postgresql['min_wal_size'] = 80MB
635# postgresql['max_wal_size'] = 1GB
636
637################################################################################
638## GitLab Redis
639##! **Can be disabled if you are using your own Redis instance.**
640##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
641################################################################################
642
643# redis['enable'] = true
644# redis['username'] = "gitlab-redis"
645# redis['maxclients'] = "10000"
646# redis['tcp_timeout'] = "60"
647# redis['tcp_keepalive'] = "300"
648# redis['uid'] = nil
649# redis['gid'] = nil
650
651###! **To enable only Redis service in this machine, uncomment
652###! one of the lines below (choose master or slave instance types).**
653###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
654###! https://docs.gitlab.com/ce/administration/high_availability/redis.html
655# redis_master_role['enable'] = true
656# redis_slave_role['enable'] = true
657
658### Redis TCP support (will disable UNIX socket transport)
659# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
660# redis['port'] = 6379
661# redis['password'] = 'redis-password-goes-here'
662
663### Redis Sentinel support
664###! **You need a master slave Redis replication to be able to do failover**
665###! **Please read the documentation before enabling it to understand the
666###! caveats:**
667###! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
668
669### Replication support
670#### Slave Redis instance
671# redis['master'] = false # by default this is true
672
673#### Slave and Sentinel shared configuration
674####! **Both need to point to the master Redis instance to get replication and
675####! heartbeat monitoring**
676# redis['master_name'] = 'gitlab-redis'
677# redis['master_ip'] = nil
678# redis['master_port'] = 6379
679
680####! **Master password should have the same value defined in
681####! redis['password'] to enable the instance to transition to/from
682####! master/slave in a failover event.**
683# redis['master_password'] = 'redis-password-goes-here'
684
685####! Increase these values when your slaves can't catch up with master
686# redis['client_output_buffer_limit_normal'] = '0 0 0'
687# redis['client_output_buffer_limit_slave'] = '256mb 64mb 60'
688# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
689
690################################################################################
691## GitLab Web server
692##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
693################################################################################
694
695##! When bundled nginx is disabled we need to add the external webserver user to
696##! the GitLab webserver group.
697# web_server['external_users'] = []
698web_server['username'] = 'apache'
699web_server['group'] = 'apache'
700# web_server['uid'] = nil
701# web_server['gid'] = nil
702# web_server['shell'] = '/bin/false'
703# web_server['home'] = '/var/opt/gitlab/nginx'
704
705################################################################################
706## GitLab Nginx
707##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
708################################################################################
709
710nginx['enable'] = false
711# nginx['client_max_body_size'] = '250m'
712# nginx['redirect_http_to_https'] = false
713# nginx['redirect_http_to_https_port'] = 80
714
715##! Most root CA's are included by default
716# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
717
718##! enable/disable 2-way SSL client authentication
719# nginx['ssl_verify_client'] = "off"
720
721##! if ssl_verify_client on, verification depth in the client certificates chain
722# nginx['ssl_verify_depth'] = "1"
723
724# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
725# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
726# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
727# nginx['ssl_prefer_server_ciphers'] = "on"
728
729##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
730##! https://cipherli.st/**
731# nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
732
733##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
734# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
735
736##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
737# nginx['ssl_session_timeout'] = "5m"
738
739# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
740# nginx['listen_addresses'] = ['*', '[::]']
741
742##! **Override only if you use a reverse proxy**
743##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
744# nginx['listen_port'] = nil
745
746##! **Override only if your reverse proxy internally communicates over HTTP**
747##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
748# nginx['listen_https'] = nil
749
750# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
751# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
752# nginx['proxy_read_timeout'] = 3600
753# nginx['proxy_connect_timeout'] = 300
754# nginx['proxy_set_headers'] = {
755# "Host" => "$http_host",
756# "X-Real-IP" => "$remote_addr",
757# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
758# "X-Forwarded-Proto" => "https",
759# "X-Forwarded-Ssl" => "on",
760# "Upgrade" => "$http_upgrade",
761# "Connection" => "$connection_upgrade"
762# }
763# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
764# nginx['proxy_cache'] = 'gitlab'
765# nginx['http2_enabled'] = true
766# nginx['real_ip_trusted_addresses'] = []
767# nginx['real_ip_header'] = nil
768# nginx['real_ip_recursive'] = nil
769# nginx['custom_error_pages'] = {
770# '404' => {
771# 'title' => 'Example title',
772# 'header' => 'Example header',
773# 'message' => 'Example message'
774# }
775# }
776
777### Advanced settings
778# nginx['dir'] = "/var/opt/gitlab/nginx"
779# nginx['log_directory'] = "/var/log/gitlab/nginx"
780# nginx['worker_processes'] = 4
781# nginx['worker_connections'] = 10240
782# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
783# nginx['sendfile'] = 'on'
784# nginx['tcp_nopush'] = 'on'
785# nginx['tcp_nodelay'] = 'on'
786# nginx['gzip'] = "on"
787# nginx['gzip_http_version'] = "1.0"
788# nginx['gzip_comp_level'] = "2"
789# nginx['gzip_proxied'] = "any"
790# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
791# nginx['keepalive_timeout'] = 65
792# nginx['cache_max_size'] = '5000m'
793# nginx['server_names_hash_bucket_size'] = 64
794
795### Nginx status
796# nginx['status'] = {
797# "enable" => true,
798# "listen_addresses" => ["127.0.0.1"],
799# "fqdn" => "dev.example.com",
800# "port" => 9999,
801# "options" => {
802# "stub_status" => "on", # Turn on stats
803# "server_tokens" => "off", # Don't show the version of NGINX
804# "access_log" => "on", # Disable logs for stats
805# "allow" => "127.0.0.1", # Only allow access from localhost
806# "deny" => "all" # Deny access to anyone else
807# }
808# }
809
810################################################################################
811## GitLab Logging
812##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
813################################################################################
814
815# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
816# logging['svlogd_num'] = 30 # keep 30 rotated log files
817# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
818# logging['svlogd_filter'] = "gzip" # compress logs with gzip
819# logging['svlogd_udp'] = nil # transmit log messages via UDP
820# logging['svlogd_prefix'] = nil # custom prefix for log messages
821# logging['logrotate_frequency'] = "daily" # rotate logs daily
822# logging['logrotate_size'] = nil # do not rotate by size by default
823# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
824# logging['logrotate_compress'] = "compress" # see 'man logrotate'
825# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
826# logging['logrotate_postrotate'] = nil # no postrotate command by default
827# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
828
829################################################################################
830## Logrotate
831##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
832##! You can disable built in logrotate feature.
833################################################################################
834# logrotate['enable'] = true
835
836################################################################################
837## Users and groups accounts
838##! Disable management of users and groups accounts.
839##! **Set only if creating accounts manually**
840##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
841################################################################################
842
843# manage_accounts['enable'] = false
844
845################################################################################
846## Storage directories
847##! Disable managing storage directories
848##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
849################################################################################
850
851##! **Set only if the select directories are created manually**
852# manage_storage_directories['enable'] = false
853# manage_storage_directories['manage_etc'] = false
854
855################################################################################
856## Git
857##! Advanced setting for configuring git system settings for omnibus-gitlab
858##! internal git
859################################################################################
860
861##! For multiple options under one header use array of comma separated values,
862##! eg.:
863##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
864
865# omnibus_gitconfig['system'] = {
866# "pack" => ["threads = 1"],
867# "receive" => ["fsckObjects = true"],
868# "repack" => ["writeBitmaps = true"],
869# "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/"],
870# }
871
872################################################################################
873## GitLab Pages
874##! Docs: https://docs.gitlab.com/ce/pages/administration.html
875################################################################################
876
877##! Define to enable GitLab Pages
878# pages_external_url "http://pages.example.com/"
879# gitlab_pages['enable'] = false
880
881##! Configure to expose GitLab Pages on external IP address, serving the HTTP
882# gitlab_pages['external_http'] = nil
883
884##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
885# gitlab_pages['external_https'] = nil
886
887# gitlab_pages['listen_proxy'] = "localhost:8090"
888# gitlab_pages['redirect_http'] = true
889# gitlab_pages['use_http2'] = true
890# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
891# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
892
893##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
894# gitlab_pages['metrics_address'] = "localhost:1234"
895
896################################################################################
897## GitLab Pages NGINX
898################################################################################
899
900# pages_nginx['enable'] = false
901# pages_nginx['redirect_http_to_https'] = false
902# pages_nginx['redirect_http_to_https_port'] = 80
903# pages_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
904# pages_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
905# pages_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
906# pages_nginx['ssl_prefer_server_ciphers'] = "on"
907
908##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
909##! https://cipherli.st/
910# pages_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
911
912##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html
913# pages_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
914
915##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
916# pages_nginx['ssl_session_timeout'] = "5m"
917
918##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
919# pages_nginx['ssl_dhparam'] = nil
920
921# pages_nginx['listen_addresses'] = ['*', '[::]']
922
923##! **Override only if you use a reverse proxy**
924##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
925# pages_nginx['listen_port'] = nil
926
927##! **Override only if your reverse proxy internally communicates over HTTP**
928##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
929# pages_nginx['listen_https'] = nil
930
931# pages_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
932
933### Advanced settings
934# pages_nginx['dir'] = "/var/opt/gitlab/nginx"
935# pages_nginx['log_directory'] = "/var/log/gitlab/nginx"
936
937# gitlab_rails['pages_path'] = "/mnt/storage/pages"
938
939################################################################################
940## GitLab CI
941##! Docs: https://docs.gitlab.com/omnibus/gitlab-ci/README.html
942################################################################################
943
944# gitlab_ci['gitlab_ci_all_broken_builds'] = true
945# gitlab_ci['gitlab_ci_add_pusher'] = true
946# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
947
948### DEPRECATED: ci_external_url 'http://ci.example.com'
949
950################################################################################
951## GitLab Mattermost
952##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
953################################################################################
954
955# mattermost_external_url 'http://mattermost.example.com'
956
957# mattermost['enable'] = false
958# mattermost['username'] = 'mattermost'
959# mattermost['group'] = 'mattermost'
960# mattermost['uid'] = nil
961# mattermost['gid'] = nil
962# mattermost['home'] = '/var/opt/gitlab/mattermost'
963# mattermost['database_name'] = 'mattermost_production'
964
965# mattermost['service_use_ssl'] = false
966# mattermost['service_address'] = "127.0.0.1"
967# mattermost['service_port'] = "8065"
968# mattermost['service_site_url'] = nil
969# mattermost['service_maximum_login_attempts'] = 10
970# mattermost['service_segment_developer_key'] = nil
971# mattermost['service_google_developer_key'] = nil
972# mattermost['service_enable_incoming_webhooks'] = true
973# mattermost['service_enable_post_username_override'] = true
974# mattermost['service_enable_post_icon_override'] = true
975# mattermost['service_enable_testing'] = false
976# mattermost['service_enable_security_fix_alert'] = true
977# mattermost['service_enable_insecure_outgoing_connections'] = false
978# mattermost['service_allow_cors_from'] = ""
979# mattermost['service_enable_outgoing_webhooks'] = true
980# mattermost['service_enable_commands'] = true
981# mattermost['service_enable_custom_emoji'] = false
982# mattermost['service_enable_only_admin_integrations'] = true
983# mattermost['service_enable_oauth_service_provider'] = false
984# mattermost['service_enable_developer'] = false
985# mattermost['service_session_length_web_in_days'] = 30
986# mattermost['service_session_length_mobile_in_days'] = 30
987# mattermost['service_session_length_sso_in_days'] = 30
988# mattermost['service_session_cache_in_minutes'] = 10
989# mattermost['service_connection_security'] = nil
990# mattermost['service_tls_cert_file'] = nil
991# mattermost['service_tls_key_file'] = nil
992# mattermost['service_use_lets_encrypt'] = false
993# mattermost['service_lets_encrypt_cert_cache_file'] = "./config/letsencrypt.cache"
994# mattermost['service_forward_80_to_443'] = false
995# mattermost['service_read_timeout'] = 300
996# mattermost['service_write_timeout'] = 300
997
998# mattermost['team_site_name'] = "GitLab Mattermost"
999# mattermost['team_max_users_per_team'] = 150
1000# mattermost['team_enable_team_creation'] = true
1001# mattermost['team_enable_user_creation'] = true
1002# mattermost['team_enable_open_server'] = false
1003# mattermost['team_allow_public_link'] = true
1004# mattermost['team_allow_valet_default'] = false
1005# mattermost['team_restrict_creation_to_domains'] = "gmail.com"
1006# mattermost['team_restrict_team_names'] = true
1007# mattermost['team_restrict_direct_message'] = "any"
1008# mattermost['team_max_channels_per_team'] = 2000
1009
1010# mattermost['sql_driver_name'] = 'mysql'
1011# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
1012# mattermost['sql_data_source_replicas'] = ["mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"]
1013# mattermost['sql_max_idle_conns'] = 10
1014# mattermost['sql_max_open_conns'] = 10
1015# mattermost['sql_trace'] = false
1016
1017# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost'
1018# mattermost['log_console_enable'] = true
1019# mattermost['log_console_level'] = 'INFO'
1020# mattermost['log_enable_file'] = false
1021# mattermost['log_file_level'] = 'INFO'
1022# mattermost['log_file_format'] = nil
1023# mattermost['log_enable_diagnostics'] = true
1024
1025# mattermost['gitlab_enable'] = false
1026# mattermost['gitlab_id'] = "12345656"
1027# mattermost['gitlab_secret'] = "123456789"
1028# mattermost['gitlab_scope'] = ""
1029# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
1030# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
1031# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v3/user"
1032
1033# mattermost['aws'] = {'S3AccessKeyId' => '123', 'S3SecretAccessKey' => '123', 'S3Bucket' => 'aa', 'S3Region' => 'bb'}
1034
1035# mattermost['email_enable_sign_up_with_email'] = true
1036# mattermost['email_enable_sign_in_with_email'] = true
1037# mattermost['email_enable_sign_in_with_username'] = false
1038# mattermost['email_send_email_notifications'] = false
1039# mattermost['email_require_email_verification'] = false
1040# mattermost['email_smtp_username'] = nil
1041# mattermost['email_smtp_password'] = nil
1042# mattermost['email_smtp_server'] = nil
1043# mattermost['email_smtp_port'] = nil
1044# mattermost['email_connection_security'] = nil
1045# mattermost['email_feedback_name'] = nil
1046# mattermost['email_feedback_email'] = nil
1047# mattermost['email_feedback_organization'] = nil
1048# mattermost['email_send_push_notifications'] = true
1049# mattermost['email_push_notification_server'] = ""
1050# mattermost['email_push_notification_contents'] = "generic"
1051# mattermost['email_enable_batching'] = false
1052# mattermost['email_batching_buffer_size'] = 256
1053# mattermost['email_batching_interval'] = 30
1054
1055# mattermost['file_max_file_size'] = 52428800
1056# mattermost['file_driver_name'] = "local"
1057# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
1058# mattermost['file_enable_public_link'] = true
1059# mattermost['file_thumbnail_width'] = 120
1060# mattermost['file_thumbnail_height'] = 100
1061# mattermost['file_preview_width'] = 1024
1062# mattermost['file_preview_height'] = 0
1063# mattermost['file_profile_width'] = 128
1064# mattermost['file_profile_height'] = 128
1065# mattermost['file_initial_font'] = 'luximbi.ttf'
1066# mattermost['file_amazon_s3_access_key_id'] = nil
1067# mattermost['file_amazon_s3_bucket'] = nil
1068# mattermost['file_amazon_s3_secret_access_key'] = nil
1069# mattermost['file_amazon_s3_region'] = nil
1070# mattermost["file_amazon_s3_endpoint"] = nil
1071# mattermost["file_amazon_s3_bucket_endpoint"] = nil
1072# mattermost["file_amazon_s3_location_constraint"] = false
1073# mattermost["file_amazon_s3_lowercase_bucket"] = false
1074# mattermost["file_amazon_s3_ssl"] = true
1075
1076# mattermost['ratelimit_enable_rate_limiter'] = false
1077# mattermost['ratelimit_per_sec'] = 10
1078# mattermost['ratelimit_memory_store_size'] = 10000
1079# mattermost['ratelimit_vary_by_remote_addr'] = true
1080# mattermost['ratelimit_vary_by_header'] = nil
1081# mattermost['ratelimit_max_burst'] = 100
1082
1083# mattermost['support_terms_of_service_link'] = "/static/help/terms.html"
1084# mattermost['support_privacy_policy_link'] = "/static/help/privacy.html"
1085# mattermost['support_about_link'] = "/static/help/about.html"
1086# mattermost['support_report_a_problem_link'] = "/static/help/report_problem.html"
1087# mattermost['support_email'] = "support@example.com"
1088
1089# mattermost['privacy_show_email_address'] = true
1090# mattermost['privacy_show_full_name'] = true
1091
1092# mattermost['localization_server_locale'] = "en"
1093# mattermost['localization_client_locale'] = "en"
1094# mattermost['localization_available_locales'] = "en,es,fr,ja,pt-BR"
1095
1096# mattermost['webrtc_enable'] = false
1097# mattermost['webrtc_gateway_websocket_url'] = nil
1098# mattermost['webrtc_gateway_admin_url'] = nil
1099# mattermost['webrtc_gateway_admin_secret'] = nil
1100# mattermost['webrtc_gateway_stun_uri'] = nil
1101# mattermost['webrtc_gateway_turn_uri'] = nil
1102# mattermost['webrtc_gateway_turn_username'] = nil
1103# mattermost['webrtc_gateway_turn_shared_key'] = ni
1104
1105################################################################################
1106## Mattermost NGINX
1107################################################################################
1108
1109# mattermost_nginx['enable'] = false
1110# mattermost_nginx['client_max_body_size'] = '250m'
1111# mattermost_nginx['redirect_http_to_https'] = false
1112# mattermost_nginx['redirect_http_to_https_port'] = 80
1113# mattermost_nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
1114# mattermost_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
1115# mattermost_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
1116# mattermost_nginx['ssl_prefer_server_ciphers'] = "on"
1117
1118##! Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
1119##! https://cipherli.st/
1120# mattermost_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
1121
1122##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1123# mattermost_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1124
1125##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1126# mattermost_nginx['ssl_session_timeout'] = "5m"
1127
1128##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
1129# mattermost_nginx['ssl_dhparam'] = nil
1130
1131# mattermost_nginx['listen_addresses'] = ['*', '[::]']
1132
1133##! **Override only if you use a reverse proxy**
1134##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1135# mattermost_nginx['listen_port'] = nil
1136
1137##! **Override only if your reverse proxy internally communicates over HTTP**
1138##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1139# mattermost_nginx['listen_https'] = nil
1140
1141# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1142# mattermost_nginx['proxy_set_headers'] = {
1143# "Host" => "$http_host",
1144# "X-Real-IP" => "$remote_addr",
1145# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1146# "X-Frame-Options" => "SAMEORIGIN",
1147# "X-Forwarded-Proto" => "https",
1148# "X-Forwarded-Ssl" => "on",
1149# "Upgrade" => "$http_upgrade",
1150# "Connection" => "$connection_upgrade"
1151# }
1152# mattermost_nginx['real_ip_trusted_addresses'] = []
1153# mattermost_nginx['real_ip_header'] = nil
1154# mattermost_nginx['real_ip_recursive'] = nil
1155
1156### Advanced settings
1157# mattermost_nginx['dir'] = "/var/opt/gitlab/nginx"
1158# mattermost_nginx['log_directory'] = "/var/log/gitlab/nginx"
1159# mattermost_nginx['worker_processes'] = 4
1160# mattermost_nginx['worker_connections'] = 10240
1161# mattermost_nginx['sendfile'] = 'on'
1162# mattermost_nginx['tcp_nopush'] = 'on'
1163# mattermost_nginx['tcp_nodelay'] = 'on'
1164# mattermost_nginx['gzip'] = "on"
1165# mattermost_nginx['gzip_http_version'] = "1.0"
1166# mattermost_nginx['gzip_comp_level'] = "2"
1167# mattermost_nginx['gzip_proxied'] = "any"
1168# mattermost_nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
1169# mattermost_nginx['keepalive_timeout'] = 65
1170# mattermost_nginx['cache_max_size'] = '5000m'
1171
1172################################################################################
1173## Registry NGINX
1174################################################################################
1175
1176# registry_nginx['enable'] = false
1177# registry_nginx['redirect_http_to_https'] = false
1178# registry_nginx['redirect_http_to_https_port'] = 80
1179# registry_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
1180# registry_nginx['ssl_prefer_server_ciphers'] = "on"
1181# registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem"
1182# registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key"
1183
1184##! **Override only if you use a reverse proxy**
1185##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
1186# registry_nginx['listen_port'] = nil
1187
1188##! **Override only if your reverse proxy internally communicates over HTTP**
1189##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
1190# registry_nginx['listen_https'] = nil
1191
1192# registry_nginx['proxy_set_headers'] = {
1193# "Host" => "$http_host",
1194# "X-Real-IP" => "$remote_addr",
1195# "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
1196# "X-Forwarded-Proto" => "https",
1197# "X-Forwarded-Ssl" => "on"
1198# }
1199
1200##! Recommended by : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
1201##! https://cipherli.st/
1202# registry_nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
1203
1204##! Recommended in https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1205# registry_nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
1206
1207##! Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html
1208# registry_nginx['ssl_session_timeout'] = "5m"
1209
1210##! Path to ci_dhparams.pem, eg. /etc/gitlab/ssl/ci_dhparams.pem
1211# registry_nginx['ssl_dhparam'] = nil
1212
1213# registry_nginx['listen_addresses'] = ['*', '[::]']
1214
1215### Advanced settings
1216# registry_nginx['log_directory'] = "/var/log/gitlab/nginx"
1217
1218# registry_nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
1219
1220################################################################################
1221## Prometheus
1222##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html
1223################################################################################
1224
1225# prometheus['enable'] = false
1226# prometheus['username'] = 'gitlab-prometheus'
1227# prometheus['uid'] = nil
1228# prometheus['gid'] = nil
1229# prometheus['shell'] = '/bin/sh'
1230# prometheus['home'] = '/var/opt/gitlab/prometheus'
1231# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
1232# prometheus['scrape_interval'] = 15
1233# prometheus['scrape_timeout'] = 15
1234# prometheus['flags'] = {
1235# 'storage.local.path' => "#{node['gitlab']['prometheus']['home']}/data",
1236# 'storage.local.memory-chunks' => '50000',
1237# 'storage.local.max-chunks-to-persist' => '40000',
1238# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
1239# }
1240
1241##! Advanced settings. Should be changed only if absolutely needed.
1242# prometheus['listen_address'] = 'localhost:9090'
1243
1244################################################################################
1245## Prometheus Node Exporter
1246##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html
1247################################################################################
1248
1249# node_exporter['enable'] = false
1250# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
1251# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
1252# node_exporter['flags'] = {
1253# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
1254# }
1255
1256##! Advanced settings. Should be changed only if absolutely needed.
1257# node_exporter['listen_address'] = 'localhost:9100'
1258
1259################################################################################
1260## Prometheus Redis exporter
1261##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html
1262################################################################################
1263
1264# redis_exporter['enable'] = false
1265# redis_exporter['log_directory'] = "/var/log/gitlab/redis-exporter"
1266# redis_exporter['flags'] = {
1267# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
1268# }
1269
1270##! Advanced settings. Should be changed only if absolutely needed.
1271# redis_exporter['listen_address'] = 'localhost:9121'
1272
1273################################################################################
1274## Postgres exporter
1275##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html
1276################################################################################
1277
1278# postgres_exporter['enable'] = false
1279# postgres_exporter['log_directory'] = "/var/log/gitlab/postgres-exporter"
1280# postgres_exporter['flags'] = {}
1281# postgres_exporter['listen_address'] = 'localhost:9187'
1282
1283################################################################################
1284## Gitlab monitor
1285##! Docs: https://docs.gitlab.com/ce/administration/monitoring/performance/prometheus.html
1286################################################################################
1287
1288
1289# gitlab_monitor['enable'] = false
1290# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
1291# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
1292
1293##! Advanced settings. Should be changed only if absolutely needed.
1294# gitlab_monitor['listen_address'] = 'localhost:9168'
1295
1296
1297################################################################################
1298################################################################################
1299## Configuration Settings for GitLab EE only ##
1300################################################################################
1301################################################################################
1302
1303
1304################################################################################
1305## Auxiliary cron jobs applicable to GitLab EE only
1306################################################################################
1307#
1308# gitlab_rails['geo_bulk_notify_worker_cron'] = "*/10 * * * * *"
1309# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
1310# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
1311
1312################################################################################
1313## Kerberos (EE Only)
1314##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
1315################################################################################
1316
1317# gitlab_rails['kerberos_enabled'] = true
1318# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
1319# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
1320# gitlab_rails['kerberos_use_dedicated_port'] = true
1321# gitlab_rails['kerberos_port'] = 8443
1322# gitlab_rails['kerberos_https'] = true
1323
1324################################################################################
1325## GitLab Sentinel (EE Only)
1326##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
1327################################################################################
1328
1329##! **Make sure you configured all redis['master_*'] keys above before
1330##! continuing.**
1331
1332##! To enable Sentinel and disable all other services in this machine,
1333##! uncomment the line below (if you've enabled Redis role, it will keep it).
1334##! Docs: https://docs.gitlab.com/ce/administration/high_availability/redis.html
1335# redis_sentinel_role['enable'] = true
1336
1337# sentinel['enable'] = true
1338
1339##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
1340# sentinel['bind'] = '0.0.0.0'
1341
1342##! Uncomment to change default port
1343# sentinel['port'] = 26379
1344
1345##! Quorum must reflect the amount of voting sentinels it take to start a
1346##! failover.
1347##! **Value must NOT be greater then the amount of sentinels.**
1348##! The quorum can be used to tune Sentinel in two ways:
1349##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
1350##! we deploy, we are basically making Sentinel more sensible to master
1351##! failures, triggering a failover as soon as even just a minority of
1352##! Sentinels is no longer able to talk with the master.
1353##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
1354##! are making Sentinel able to failover only when there are a very large
1355##! number (larger than majority) of well connected Sentinels which agree
1356##! about the master being down.
1357# sentinel['quorum'] = 1
1358
1359### Consider unresponsive server down after x amount of ms.
1360# sentinel['down_after_milliseconds'] = 10000
1361
1362### Specifies the failover timeout in milliseconds.
1363##! It is used in many ways:
1364##!
1365##! - The time needed to re-start a failover after a previous failover was
1366##! already tried against the same master by a given Sentinel, is two
1367##! times the failover timeout.
1368##!
1369##! - The time needed for a slave replicating to a wrong master according
1370##! to a Sentinel current configuration, to be forced to replicate
1371##! with the right master, is exactly the failover timeout (counting since
1372##! the moment a Sentinel detected the misconfiguration).
1373##!
1374##! - The time needed to cancel a failover that is already in progress but
1375##! did not produced any configuration change (SLAVEOF NO ONE yet not
1376##! acknowledged by the promoted slave).
1377##!
1378##! - The maximum time a failover in progress waits for all the slaves to be
1379##! reconfigured as slaves of the new master. However even after this time
1380##! the slaves will be reconfigured by the Sentinels anyway, but not with
1381##! the exact parallel-syncs progression as specified.
1382# sentinel['failover_timeout'] = 60000
1383
1384################################################################################
1385## Logging (Additional, EE Only features)
1386##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only-
1387################################################################################
1388
1389##! remote host to ship log messages to via UDP
1390# logging['udp_log_shipping_host'] = nil
1391
1392##! remote port to ship log messages to via UDP
1393# logging['udp_log_shipping_port'] = 514
1394
1395################################################################################
1396## GitLab Sidekiq Cluster (EE only)
1397################################################################################
1398
1399##! GitLab Enterprise Edition allows one to start an extra set of Sidekiq processes
1400##! besides the default one. These processes can be used to consume a dedicated set
1401##! of queues. This can be used to ensure certain queues always have dedicated
1402##! workers, no matter the amount of jobs that need to be processed.
1403
1404# sidekiq_cluster['enable'] = false
1405# sidekiq_cluster['ha'] = false
1406# sidekiq_cluster['log_directory'] = "/var/log/gitlab/sidekiq-cluster"
1407# sidekiq_cluster['interval'] = 5 # The number of seconds to wait between worker checks
1408
1409##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
1410##! Sidekiq process. Multiple queues can be processed by the same process by
1411##! separating them with a comma within the group entry
1412
1413# sidekiq_cluster['queue_groups'] = [
1414# "process_commit,post_receive",
1415# "gitlab_shell"
1416# ]