YunoHost-Apps/gitlab_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/gitlab_ynh.git synced 2024-09-03 18:36:35 +02:00
Code Issues Activity Actions

Merge branch 'testing' into fix-lxc-issue

Browse source
This commit is contained in:
Kay0u 2019-10-29 18:04:52 +09:00
commit 66980f9d5a
No known key found for this signature in database
GPG key ID: 7FF262C033518333
11 changed files with 486 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
GitLab is a web-based Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features, using an open-source license, developed by GitLab Inc.
**Shipped version:** 12.1.3
**Shipped version:** 12.4.0
## Screenshots

236
conf/gitlab.rb
View file

@ -22,6 +22,16 @@
##! settings that can be configured by this file, which may be found at:
##! https://gitlab.com/gitlab-org/omnibus-gitlab/raw/master/files/gitlab-config-template/gitlab.rb.template
##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
##! the gitlab.rb.template from the currently running version.
##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
##! running `gitlab-ctl reconfigure`
##! In general, the values specified here should reflect what the default value of the attribute will be.
##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
##! or connecting to third party services.
##! In those instances, we endeavour to provide an example configuration.
## GitLab URL
##! URL on which GitLab will be reachable.
@ -48,8 +58,6 @@ external_url '__GENERATED_EXTERNAL_URL__'
##! beginning; Remove them to enable the setting.
##! **Configuration settings below are optional.**
##! **The values currently assigned are only examples and ARE NOT the default
##! values.**
################################################################################
@ -71,6 +79,9 @@ external_url '__GENERATED_EXTERNAL_URL__'
# gitlab_rails['gitlab_email_display_name'] = 'Example'
# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
# gitlab_rails['gitlab_email_subject_suffix'] = ''
# gitlab_rails['gitlab_email_smime_enabled'] = false
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
### GitLab user privileges
# gitlab_rails['gitlab_default_can_create_group'] = true
@ -109,7 +120,7 @@ external_url '__GENERATED_EXTERNAL_URL__'
###! https://docs.gitlab.com/ce/ci/yaml/README.html#artifacts:expire_in
# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
# gitlab_rails['pipeline_schedule_worker_cron'] = "41 * * * *"
# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
@ -131,6 +142,34 @@ external_url '__GENERATED_EXTERNAL_URL__'
###! will appear signed in from that address.**
# gitlab_rails['trusted_proxies'] = []
### Content Security Policy
####! Customize if you want to enable the Content-Security-Policy header, which
####! can help thwart JavaScript cross-site scripting (XSS) attacks.
####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# gitlab_rails['content_security_policy'] = {
# 'enabled' => false,
# 'report_only' => false,
# # Each directive is a String (e.g. "'self'").
# 'directives' => {
# 'base_uri' => nil,
# 'child_src' => nil,
# 'connect_src' => nil,
# 'default_src' => nil,
# 'font_src' => nil,
# 'form_action' => nil,
# 'frame_ancestors' => nil,
# 'frame_src' => nil,
# 'img_src' => nil,
# 'manifest_src' => nil,
# 'media_src' => nil,
# 'object_src' => nil,
# 'script_src' => nil,
# 'style_src' => nil,
# 'worker_src' => nil,
# 'report_uri' => nil,
# }
# }
### Monitoring settings
###! IP whitelist controlling access to monitoring endpoints
# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
@ -274,6 +313,50 @@ external_url '__GENERATED_EXTERNAL_URL__'
gitlab_rails['ldap_enabled'] = true
###! **remember to close this block with 'EOS' below**
# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
# main: # 'main' is the GitLab 'provider ID' of this LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
#
# secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
# label: 'LDAP'
# host: '_your_ldap_server'
# port: 389
# uid: 'sAMAccountName'
# bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
# password: '_the_password_of_the_bind_user'
# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
# verify_certificates: true
# smartcard_auth: false
# active_directory: true
# allow_username_or_email_login: false
# lowercase_usernames: false
# block_auto_created_users: false
# base: ''
# user_filter: ''
# ## EE only
# group_base: ''
# admin_group: ''
# sync_ssh_keys: false
# EOS
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' # remember to close this block with 'EOS' below
main: # 'main' is the GitLab 'provider ID' of this LDAP server
label: 'LDAP'
@ -296,6 +379,7 @@ EOS
# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
# gitlab_rails['smartcard_required_for_git_access'] = false
# gitlab_rails['smartcard_san_extensions'] = false
### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ce/integration/omniauth.html
@ -309,6 +393,7 @@ EOS
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
# gitlab_rails['omniauth_providers'] = [
# {
# "name" => "google_oauth2",
@ -353,6 +438,11 @@ EOS
###! include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
# gitlab_rails['backup_storage_class'] = 'STANDARD'
###! Skip parts of the backup. Comma separated.
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
#gitlab_rails['env'] = {
# "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}
### Pseudonymizer Settings
# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
@ -409,17 +499,6 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
# 'bantime' => 3600
# }
# gitlab_rails['rack_attack_protected_paths'] = [
# '/users/password',
# '/users/sign_in',
# '/api/#{API::API.version}/session.json',
# '/api/#{API::API.version}/session',
# '/users',
# '/users/confirmation',
# '/unsubscribes/',
# '/import/github/personal_access_token'
# ]
###! **We do not recommend changing these directories.**
# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
@ -438,7 +517,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
#### Set path to an initial license to be used while bootstrapping GitLab.
####! **Only applicable on initial setup, future license updations need to be done via UI.
####! Updating the file specified in this path won't yield any change after the first reconfigure run.
# gitlab_rails['iniitial_license_file'] = '/etc/gitlab/company.gitlab-license'
# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
#### Enable or disable automatic database migrations
# gitlab_rails['auto_migrate'] = true
@ -463,6 +542,8 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
# gitlab_rails['db_sslmode'] = nil
# gitlab_rails['db_sslcompression'] = 0
# gitlab_rails['db_sslrootcert'] = nil
# gitlab_rails['db_sslcert'] = nil
# gitlab_rails['db_sslkey'] = nil
# gitlab_rails['db_prepared_statements'] = false
# gitlab_rails['db_statements_limit'] = 1000
@ -527,7 +608,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
##! Docs: https://docs.gitlab.com/ce/administration/container_registry.html
################################################################################
# registry_external_url 'https://registry.gitlab.example.com'
# registry_external_url 'https://registry.example.com'
### Settings used by GitLab application
# gitlab_rails['registry_enabled'] = true
@ -535,6 +616,11 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
# Notification secret, it's used to authenticate notification requests to GitLab application
# You only need to change this when you use external Registry service, otherwise
# it will be taken directly from notification settings of your Registry
# gitlab_rails['registry_notification_secret'] = nil
###! **Do not change the following 3 settings unless you know what you are
###! doing**
# gitlab_rails['registry_api_url'] = "http://localhost:5000"
@ -570,6 +656,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
# 's3' => {
# 'accesskey' => 'AKIAKIAKI',
# 'secretkey' => 'secret123',
# 'region' => 'us-east-1',
# 'bucket' => 'gitlab-registry-bucket-AKIAKIAKI'
# }
# }
@ -676,7 +763,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = __SSH_PORT__
# unicorn['enable'] = true
# unicorn['worker_timeout'] = 60
###! Minimum worker_processes is 2 at this moment
###! See https://gitlab.com/gitlab-org/gitlab-ce/issues/18771
###! See https://gitlab.com/gitlab-org/gitlab-foss/issues/18771
unicorn['worker_processes'] = __UNICORN_WORKER_PROCESSES__
### Advanced settings
@ -699,6 +786,11 @@ unicorn['port'] = __UNICORN_PORT__
# unicorn['worker_memory_limit_min'] = "400 * 1 << 20"
# unicorn['worker_memory_limit_max'] = "650 * 1 << 20"
# unicorn['exporter_enabled'] = false
# unicorn['exporter_address'] = "127.0.0.1"
# unicorn['exporter_port'] = 8083
# unicorn['exporter_blackout_seconds'] = 10
################################################################################
## GitLab Puma
##! Tweak puma settings. You should only use Unicorn or Puma, not both.
@ -724,7 +816,12 @@ unicorn['port'] = __UNICORN_PORT__
### **Only change these settings if you understand well what they mean**
###! Docs: https://github.com/schneems/puma_worker_killer
# puma['per_worker_max_memory_mb'] = 650
# puma['per_worker_max_memory_mb'] = 850
# puma['exporter_enabled'] = false
# puma['exporter_address'] = "127.0.0.1"
# puma['exporter_port'] = 8083
# puma['exporter_blackout_seconds'] = 10
################################################################################
## GitLab Sidekiq
@ -894,6 +991,9 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
# See https://www.postgresql.org/docs/9.6/static/auth-pg-hba-conf.html for an explanation
# of the values
### Version settings
# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
# postgresql['version'] = 10
################################################################################
## GitLab Redis
@ -918,6 +1018,16 @@ sidekiq['listen_port'] = __SIDEKIQ_PORT__
# redis['uid'] = nil
# redis['gid'] = nil
### Disable or obfuscate unnecessary redis command names
### Uncomment and edit this block to add or remove entries.
### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
### for detailed usage
###
# redis['rename_commands'] = {
# 'KEYS': ''
#}
#
###! **To enable only Redis service in this machine, uncomment
###! one of the lines below (choose master or slave instance types).**
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
@ -1003,12 +1113,12 @@ nginx['client_max_body_size'] = '__CLIENT_MAX_BODY_SIZE__'
# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
# nginx['ssl_prefer_server_ciphers'] = "on"
##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##! https://cipherli.st/**
# nginx['ssl_protocols'] = "TLSv1.2"
# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_cache'] = "builtin:1000 shared:SSL:10m"
@ -1140,6 +1250,7 @@ nginx['listen_https'] = false
##! You can disable built in logrotate feature.
################################################################################
# logrotate['enable'] = true
# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
################################################################################
## Users and groups accounts
@ -1248,16 +1359,6 @@ nginx['listen_https'] = false
##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
# gitlab_pages['tls_max_version'] = "tls1.2"
##! Configure the pages admin API
# gitlab_pages['admin_secret_token'] = 'custom secret'
# gitlab_pages['admin_https_listener'] = '0.0.0.0:5678'
# gitlab_pages['admin_https_cert'] = '/etc/gitlab/pages-admin.crt'
# gitlab_pages['admin_https_key'] = '/etc/gitlab/pages-admin.key'
##! Client side configuration for gitlab-pages admin API, in case pages runs on a different host
# gitlab_rails['pages_admin_address'] = 'pages.gitlab.example.com:5678'
# gitlab_rails['pages_admin_certificate'] = '/etc/gitlab/pages-admin.crt'
##! Pages access control
# gitlab_pages['access_control'] = false
# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
@ -1266,6 +1367,9 @@ nginx['listen_https'] = false
# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
# gitlab_pages['auth_secret'] = nil # Generated if not present
##! Define custom gitlab-pages HTTP headers for the whole instance
# gitlab_pages['headers'] = []
################################################################################
## GitLab Pages NGINX
################################################################################
@ -1440,9 +1544,9 @@ nginx['listen_https'] = false
### Custom Prometheus flags
#
# prometheus['flags'] = {
# 'storage.tsdb.path' => "#{node['gitlab']['prometheus']['home']}/data",
# 'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
# 'storage.tsdb.retention.time' => "15d",
# 'config.file' => "#{node['gitlab']['prometheus']['home']}/prometheus.yml"
# 'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
# }
##! Advanced settings. Should be changed only if absolutely needed.
@ -1457,9 +1561,9 @@ nginx['listen_https'] = false
# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
# alertmanager['admin_email'] = 'admin@example.com'
# alertmanager['flags'] = {
# 'web.listen-address' => "#{node['gitlab']['alertmanager']['listen_address']}"
# 'storage.path' => "#{node['gitlab']['alertmanager']['home']}/data"
# 'config.file' => "#{node['gitlab']['alertmanager']['home']}/alertmanager.yml"
# 'web.listen-address' => "localhost:9093"
# 'storage.path' => "/var/opt/gitlab/alertmanager/data"
# 'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
# }
# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
# alertmanager['env'] = {
@ -1468,6 +1572,7 @@ nginx['listen_https'] = false
##! Advanced settings. Should be changed only if absolutely needed.
# alertmanager['listen_address'] = 'localhost:9093'
# alertmanager['global'] = {}
################################################################################
## Prometheus Node Exporter
@ -1478,7 +1583,7 @@ nginx['listen_https'] = false
# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
# node_exporter['flags'] = {
# 'collector.textfile.directory' => "#{node['gitlab']['node-exporter']['home']}/textfile_collector"
# 'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
# }
# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
# node_exporter['env'] = {
@ -1496,7 +1601,7 @@ nginx['listen_https'] = false
# redis_exporter['enable'] = true
# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
# redis_exporter['flags'] = {
# 'redis.addr' => "unix://#{node['gitlab']['gitlab-rails']['redis_socket']}",
# 'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
# }
# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
# redis_exporter['env'] = {
@ -1535,22 +1640,22 @@ nginx['listen_https'] = false
# }
################################################################################
## Prometheus Gitlab monitor
##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_monitor_exporter.html
## Prometheus Gitlab exporter
##! Docs: https://docs.gitlab.com/ce/administration/monitoring/prometheus/gitlab_exporter.html
################################################################################
# gitlab_monitor['enable'] = true
# gitlab_monitor['log_directory'] = "/var/log/gitlab/gitlab-monitor"
# gitlab_monitor['home'] = "/var/opt/gitlab/gitlab-monitor"
# gitlab_exporter['enable'] = true
# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
##! Advanced settings. Should be changed only if absolutely needed.
# gitlab_monitor['listen_address'] = 'localhost'
# gitlab_monitor['listen_port'] = '9168'
# gitlab_exporter['listen_address'] = 'localhost'
# gitlab_exporter['listen_port'] = '9168'
##! Manage gitlab-monitor sidekiq probes. false by default when Sentinels are
##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
##! found.
# gitlab_monitor['probe_sidekiq'] = true
# gitlab_exporter['probe_sidekiq'] = true
# To completely disable prometheus, and all of it's exporters, set to false
# prometheus_monitoring['enable'] = true
@ -1565,6 +1670,8 @@ grafana['enable'] = false
# grafana['home'] = '/var/opt/gitlab/grafana'
# grafana['admin_password'] = 'admin'
# grafana['allow_user_sign_up'] = false
# grafana['basic_auth_enabled'] = false
# grafana['disable_login_form'] = true
# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
# grafana['gitlab_secret'] = 'GITLAB_SECRET'
# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
@ -1645,9 +1752,11 @@ grafana['enable'] = false
# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
# gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests
# gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use
# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
# gitaly['storage'] = [
# {
@ -1669,6 +1778,32 @@ grafana['enable'] = false
# }
# ]
################################################################################
## Praefect
##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md
################################################################################
# praefect['enable'] = false
# praefect['virtual_storage_name'] = "praefect"
# praefect['auth_token'] = ""
# praefect['auth_transitioning'] = false
# praefect['listen_addr'] = "localhost:2305"
# praefect['prometheus_listen_addr'] = "localhost:9652"
# praefect['logging_level'] = "warn"
# praefect['logging_format'] = "json"
# praefect['storage_nodes'] = [
# {
# 'storage' => 'praefect',
# 'address' => 'tcp://12:23:56:78',
# 'token' => 'abc123'
# },
# {
# 'storoge' => 'praefect-2',
# 'address' => 'tcp://praefect2.internal',
# 'token' => 'xyz456'
# }
# ]
################################################################################
# Storage check
################################################################################
@ -1695,6 +1830,11 @@ grafana['enable'] = false
##! non-docker containers. Recommended not to change.
# package['detect_init'] = true
##! Specify maximum number of tasks that can be created by the systemd unit
##! Will be populated as TasksMax value to the unit file if user is on a systemd
##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
# package['systemd_tasks_max'] = 4915
################################################################################
################################################################################
## Configuration Settings for GitLab EE only ##
@ -1894,6 +2034,10 @@ grafana['enable'] = false
# If it is blank, it defaults to external_url.
# gitlab_rails['geo_node_name'] = nil
# gitlab_rails['geo_registry_replication_enabled'] = true
# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5000'
################################################################################
## GitLab Geo Secondary (EE only)
################################################################################

103
config_panel.json
View file

@ -11,9 +11,11 @@
"id": "is_public",
"options": [
{
"name": "Is it a public app ?",
"id": "is_public",
"type": "bool",
"name": "is_public",
"ask": {
"en": "Is it a public app ?"
},
"type": "boolean",
"default": true
}
]
@ -23,10 +25,12 @@
"id": "overwrite_files",
"options": [
{
"name": "Overwrite the nginx config file ?",
"name": "overwrite_nginx",
"ask": {
"en": "Overwrite the nginx config file ?"
},
"help": "If the file is overwritten, a backup will be created.",
"id": "overwrite_nginx",
"type": "bool",
"type": "boolean",
"default": true
}
]
@ -36,10 +40,91 @@
"id": "users",
"options": [
{
"name": "Authorized external user creation ?",
"name": "use_web_account",
"ask": {
"en": "Authorized external user creation ?"
},
"help": "Allow user to be created without yunohost account.",
"id": "use_web_account",
"type": "bool",
"type": "boolean",
"default": true
}
]
},
{
"name": "Backup strategy",
"id": "backup_strategy",
"help": "WARNING: If you disable one of these backup, it will not be restored in case of error, use this feature at your own risk",
"options": [
{
"name": "backup_db",
"ask": {
"en": "Should gitlab backup the database ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_uploads",
"ask": {
"en": "Should gitlab backup attachments ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_repositories",
"ask": {
"en": "Should gitlab backup git repositories data ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_builds",
"ask": {
"en": "Should gitlab backup CI job output logs ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_artifacts",
"ask": {
"en": "Should gitlab backup CI job artifacts ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_lfs",
"ask": {
"en": "Should gitlab backup LFS objects ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_registry",
"ask": {
"en": "Should gitlab backup container registry images ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
},
{
"name": "backup_pages",
"ask": {
"en": "Should gitlab backup pages content ?"
},
"help": "https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup",
"type": "boolean",
"default": true
}
]

4
manifest.json
View file

@ -2,7 +2,7 @@
"name": "Gitlab",
"id": "gitlab",
"packaging_format": 1,
"version": "12.1.3~ynh1",
"version": "12.4.0~ynh1",
"description": {
"en": "GitLab is a Git-repository manager.",
"fr": "GitLab est un gestionnaire de dépôts Git."
@ -14,7 +14,7 @@
"email": "pierre@kayou.io"
},
"requirements": {
"yunohost": ">= 3.5.0"
"yunohost": ">= 3.6.0"
},
"multi_instance": false,
"services": [

20
scripts/_common.sh
View file

@ -4,25 +4,7 @@
# SET ALL CONSTANTS
#=================================================
pkg_dependencies="openssh-server"
#=================================================
# BOOLEAN CONVERTER
#=================================================
bool_to_01 () {
local var="$1"
[ "$var" = "true" ] && var=1
[ "$var" = "false" ] && var=0
echo "$var"
}
bool_to_true_false () {
local var="$1"
[ "$var" = "1" ] && var=true
[ "$var" = "0" ] && var=false
echo "$var"
}
pkg_dependencies="openssh-server bc"
#=================================================
# EXPERIMENTAL HELPERS

46
scripts/backup
View file

@ -32,6 +32,15 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
config_path=$(ynh_app_setting_get --app=$app --key=config_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
backup_db=$(ynh_app_setting_get --app="$app" --key=backup_db)
backup_uploads=$(ynh_app_setting_get --app="$app" --key=backup_uploads)
backup_repositories=$(ynh_app_setting_get --app="$app" --key=backup_repositories)
backup_builds=$(ynh_app_setting_get --app="$app" --key=backup_builds)
backup_artifacts=$(ynh_app_setting_get --app="$app" --key=backup_artifacts)
backup_lfs=$(ynh_app_setting_get --app="$app" --key=backup_lfs)
backup_registry=$(ynh_app_setting_get --app="$app" --key=backup_registry)
backup_pages=$(ynh_app_setting_get --app="$app" --key=backup_pages)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
@ -46,10 +55,45 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
ynh_script_progression --message="Backuping of Gitlab..." --weight=9
to_skip=""
if [ $backup_db -eq 0 ]; then
to_skip="db,"$to_skip
fi
if [ $backup_uploads -eq 0 ]; then
to_skip="uploads,"$to_skip
fi
if [ $backup_repositories -eq 0 ]; then
to_skip="repositories,"$to_skip
fi
if [ $backup_builds -eq 0 ]; then
to_skip="builds,"$to_skip
fi
if [ $backup_artifacts -eq 0 ]; then
to_skip="artifacts,"$to_skip
fi
if [ $backup_lfs -eq 0 ]; then
to_skip="lfs,"$to_skip
fi
if [ $backup_registry -eq 0 ]; then
to_skip="registry,"$to_skip
fi
if [ $backup_pages -eq 0 ]; then
to_skip="pages,"$to_skip
fi
# Use gitlab-rake to backup
# For the complete doc: https://docs.gitlab.com/ce/raketasks/backup_restore.html
# For the filename: https://docs.gitlab.com/ce/raketasks/backup_restore.html#backup-filename
gitlab-rake gitlab:backup:create BACKUP=last
# For the backup strategy: https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
gitlab-backup create BACKUP=last SKIP=$to_skip
ynh_backup --src_path="/var/opt/$app/backups/last_gitlab_backup.tar"

81
scripts/config
View file

@ -27,19 +27,41 @@ app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
# is_public
old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
old_is_public=$(bool_to_true_false $old_is_public)
is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
# Overwrite nginx configuration
old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
old_overwrite_nginx=$(bool_to_true_false $old_overwrite_nginx)
overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
# use_web_account
old_use_web_account="$(ynh_app_setting_get --app=$app --key=use_web_account)"
old_use_web_account=$(bool_to_true_false $old_use_web_account)
use_web_account="${YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT:-$old_use_web_account}"
# backup_strategy
old_backup_db="$(ynh_app_setting_get --app=$app --key=backup_db)"
backup_db="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_DB:-$old_backup_db}"
old_backup_uploads="$(ynh_app_setting_get --app=$app --key=backup_uploads)"
backup_uploads="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_UPLOADS:-$old_backup_uploads}"
old_backup_repositories="$(ynh_app_setting_get --app=$app --key=backup_repositories)"
backup_repositories="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REPOSITORIES:-$old_backup_repositories}"
old_backup_builds="$(ynh_app_setting_get --app=$app --key=backup_builds)"
backup_builds="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_BUILDS:-$old_backup_builds}"
old_backup_artifacts="$(ynh_app_setting_get --app=$app --key=backup_artifacts)"
backup_artifacts="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_ARTIFACTS:-$old_backup_artifacts}"
old_backup_lfs="$(ynh_app_setting_get --app=$app --key=backup_lfs)"
backup_lfs="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_LFS:-$old_backup_lfs}"
old_backup_registry="$(ynh_app_setting_get --app=$app --key=backup_registry)"
backup_registry="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REGISTRY:-$old_backup_registry}"
old_backup_pages="$(ynh_app_setting_get --app=$app --key=backup_pages)"
backup_pages="${YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_PAGES:-$old_backup_pages}"
#=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
#=================================================
@ -48,11 +70,27 @@ show_config() {
# here you are supposed to read some config file/database/other then print the values
# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
echo "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
echo "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
echo "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
ynh_return "YNH_CONFIG_MAIN_USERS_USE_WEB_ACCOUNT=$use_web_account"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_DB=$backup_db"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_UPLOADS=$backup_uploads"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REPOSITORIES=$backup_repositories"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_BUILDS=$backup_builds"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_ARTIFACTS=$backup_artifacts"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_LFS=$backup_lfs"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_REGISTRY=$backup_registry"
ynh_return "YNH_CONFIG_MAIN_BACKUP_STRATEGY_BACKUP_PAGES=$backup_pages"
}
#=================================================
@ -61,23 +99,30 @@ show_config() {
apply_config() {
# Change public accessibility
if [ "$is_public" = "true" ]
then
yunohost app action run $app public_private --args is_public=1
else
yunohost app action run $app public_private --args is_public=0
fi
yunohost app action run $app public_private --args is_public=$is_public
# Change use_web_account
if [ "$use_web_account" = "true" ]
then
yunohost app action run $app web_account --args use_web_account=1
else
yunohost app action run $app web_account --args use_web_account=0
fi
yunohost app action run $app web_account --args use_web_account=$use_web_account
# Set overwrite_nginx
ynh_app_setting_set --app=$app --key=overwrite_nginx --value="$overwrite_nginx"
# Set backup_db
ynh_app_setting_set --app=$app --key=backup_db --value="$backup_db"
# Set backup_uploads
ynh_app_setting_set --app=$app --key=backup_uploads --value="$backup_uploads"
# Set backup_repositories
ynh_app_setting_set --app=$app --key=backup_repositories --value="$backup_repositories"
# Set backup_builds
ynh_app_setting_set --app=$app --key=backup_builds --value="$backup_builds"
# Set backup_artifacts
ynh_app_setting_set --app=$app --key=backup_artifacts --value="$backup_artifacts"
# Set backup_lfs
ynh_app_setting_set --app=$app --key=backup_lfs --value="$backup_lfs"
# Set backup_registry
ynh_app_setting_set --app=$app --key=backup_registry --value="$backup_registry"
# Set backup_pages
ynh_app_setting_set --app=$app --key=backup_pages --value="$backup_pages"
}
#=================================================

47
scripts/install
View file

@ -54,18 +54,6 @@ else
your hardware and the result of the command \"uname -m\"." 1
fi
# https://docs.gitlab.com/ee/install/requirements.html#unicorn-workers
unicorn_worker_processes=$(($(nproc) + 1 ))
# If the server has at least 2GB of RAM
if [ $(ynh_check_ram --no_swap) -ge 2000 ]; then
# Min 3 worker processes
unicorn_worker_processes=$(($unicorn_worker_processes>3?$unicorn_worker_processes:3))
else
# 2 worker processes
unicorn_worker_processes=2
fi
# Could be an option?
client_max_body_size="250m"
@ -84,7 +72,6 @@ ynh_app_setting_set --app=$app --key=use_web_account --value=$use_web_account
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=config_path --value=$config_path
ynh_app_setting_set --app=$app --key=architecture --value=$architecture
ynh_app_setting_set --app=$app --key=unicorn_worker_processes --value=$unicorn_worker_processes
ynh_app_setting_set --app=$app --key=client_max_body_size --value=$client_max_body_size
ynh_app_setting_set --app=$app --key=overwrite_nginx --value="1"
@ -112,6 +99,24 @@ ynh_script_progression --message="Installing dependencies..." --weight=5
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# DEFINE THE NUMBER OF WORKERS USED
#=================================================
# https://docs.gitlab.com/ce/install/requirements.html#unicorn-workers
unicorn_worker_processes=$(bc <<< "($(nproc) * 1.5 + 1) / 1")
# If the server has at least 2GB of RAM
if [ $(ynh_check_ram --no_swap) -ge 2000 ]; then
# Min 3 worker processes
unicorn_worker_processes=$(($unicorn_worker_processes>3?$unicorn_worker_processes:3))
else
# 2 worker processes
unicorn_worker_processes=2
fi
ynh_app_setting_set --app=$app --key=unicorn_worker_processes --value=$unicorn_worker_processes
#=================================================
# ADD SWAP IF NEEDED
#=================================================
@ -120,7 +125,7 @@ total_memory=$(ynh_check_ram)
total_swap=$(ynh_check_ram --only_swap)
swap_needed=0
# https://docs.gitlab.com/ee/install/requirements.html#memory
# https://docs.gitlab.com/ce/install/requirements.html#memory
if [ $total_memory -lt 8192 ]; then
# Need a minimum of 8Go of memory
swap_needed=$((8192 - $total_memory))
@ -212,6 +217,20 @@ newuser.confirmation_token = nil
newuser.save
ApplicationSetting.last.update_attributes(password_authentication_enabled_for_web: $use_web_account, signup_enabled: $use_web_account)" | gitlab-rails console
#=================================================
# DEFINE THE BACKUP STRATEGY: https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
#=================================================
ynh_app_setting_set --app=$app --key=backup_db --value=1
ynh_app_setting_set --app=$app --key=backup_uploads --value=1
ynh_app_setting_set --app=$app --key=backup_repositories --value=1
ynh_app_setting_set --app=$app --key=backup_builds --value=1
ynh_app_setting_set --app=$app --key=backup_artifacts --value=1
ynh_app_setting_set --app=$app --key=backup_lfs --value=1
ynh_app_setting_set --app=$app --key=backup_registry --value=1
ynh_app_setting_set --app=$app --key=backup_pages --value=1
#=================================================
# RECONFIGURE TO TAKE INTO ACCOUNT CHANGES
#=================================================

9
scripts/restore
View file

@ -71,7 +71,7 @@ total_memory=$(ynh_check_ram)
total_swap=$(ynh_check_ram --only_swap)
swap_needed=0
# https://docs.gitlab.com/ee/install/requirements.html#memory
# https://docs.gitlab.com/ce/install/requirements.html#memory
if [ $total_memory -lt 8192 ]; then
# Need a minimum of 8Go of memory
swap_needed=$((8192 - $total_memory))
@ -137,7 +137,12 @@ gitlab-ctl stop sidekiq
# Use gitlab-rake to backup
# Doc: https://docs.gitlab.com/ce/raketasks/backup_restore.html#restore-for-omnibus-gitlab-installations
ynh_exec_warn_less gitlab-rake gitlab:backup:restore force=yes BACKUP=$last_backup
ynh_exec_warn_less gitlab-backup restore force=yes BACKUP=$last_backup
# https://docs.gitlab.com/ce/raketasks/backup_restore.html#container-registry-push-failures-after-restoring-from-a-backup
if ynh_user_exists --username="registry" && [ -d "/var/opt/gitlab/gitlab-rails/shared/registry/docker" ]; then
chown -R registry:registry /var/opt/gitlab/gitlab-rails/shared/registry/docker
fi
#=================================================
# GENERIC FINALIZATION

49
scripts/upgrade
View file

@ -33,6 +33,15 @@ unicorn_worker_processes=$(ynh_app_setting_get --app="$app" --key=unicorn_worker
client_max_body_size=$(ynh_app_setting_get --app="$app" --key=client_max_body_size)
overwrite_nginx=$(ynh_app_setting_get --app="$app" --key=overwrite_nginx)
backup_db=$(ynh_app_setting_get --app="$app" --key=backup_db)
backup_uploads=$(ynh_app_setting_get --app="$app" --key=backup_uploads)
backup_repositories=$(ynh_app_setting_get --app="$app" --key=backup_repositories)
backup_builds=$(ynh_app_setting_get --app="$app" --key=backup_builds)
backup_artifacts=$(ynh_app_setting_get --app="$app" --key=backup_artifacts)
backup_lfs=$(ynh_app_setting_get --app="$app" --key=backup_lfs)
backup_registry=$(ynh_app_setting_get --app="$app" --key=backup_registry)
backup_pages=$(ynh_app_setting_get --app="$app" --key=backup_pages)
#=================================================
# CHECK VERSION
#=================================================
@ -65,7 +74,7 @@ if [ -z "$config_path" ]; then
fi
if [ -z "$unicorn_worker_processes" ]; then
# https://docs.gitlab.com/ee/install/requirements.html#unicorn-workers
# https://docs.gitlab.com/ce/install/requirements.html#unicorn-workers
unicorn_worker_processes=$(($(nproc) + 1 ))
# If the server has at least 2GB of RAM
@ -146,6 +155,39 @@ if [ -e "/etc/apt/sources.list.d/gitlab-ce.list" ]; then
ynh_secure_remove --file="/etc/apt/sources.list.d/gitlab-ce.list"
fi
# Define the backup strategy: https://docs.gitlab.com/ce/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
if [ -z "$backup_db" ]; then
ynh_app_setting_set --app=$app --key=backup_db --value=1
fi
if [ -z "$backup_uploads" ]; then
ynh_app_setting_set --app=$app --key=backup_uploads --value=1
fi
if [ -z "$backup_repositories" ]; then
ynh_app_setting_set --app=$app --key=backup_repositories --value=1
fi
if [ -z "$backup_builds" ]; then
ynh_app_setting_set --app=$app --key=backup_builds --value=1
fi
if [ -z "$backup_artifacts" ]; then
ynh_app_setting_set --app=$app --key=backup_artifacts --value=1
fi
if [ -z "$backup_lfs" ]; then
ynh_app_setting_set --app=$app --key=backup_lfs --value=1
fi
if [ -z "$backup_registry" ]; then
ynh_app_setting_set --app=$app --key=backup_registry --value=1
fi
if [ -z "$backup_pages" ]; then
ynh_app_setting_set --app=$app --key=backup_pages --value=1
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
@ -188,7 +230,7 @@ total_memory=$(ynh_check_ram)
total_swap=$(ynh_check_ram --only_swap)
swap_needed=0
# https://docs.gitlab.com/ee/install/requirements.html#memory
# https://docs.gitlab.com/ce/install/requirements.html#memory
if [ $total_memory -lt 8192 ]; then
# Need a minimum of 8Go of memory
swap_needed=$((8192 - $total_memory))
@ -236,6 +278,9 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Setting up source files..." --weight=200
# To avoid the automatic backup, already performed by YunoHost: https://docs.gitlab.com/omnibus/update/#updating-methods
touch $config_path/skip-auto-backup
current_version=$(grep gitlab-ce /opt/gitlab/version-manifest.txt | cut -d' ' -f2)
# Load the last available version

6
scripts/upgrade.d/upgrade.last.sh
View file

@ -1,8 +1,8 @@
gitlab_version="12.1.3"
gitlab_version="12.4.0"
gitlab_x86_64_source_sha256="27f49d2249ce8af1750b4eb1133e5b9a9f9ccd4b38004a3b483e3f538ac13167"
gitlab_x86_64_source_sha256="a8e84fe14b8ea1e63b6746478475f1253528d25414f5dd4538cb0f229ed42d82"
gitlab_arm_source_sha256="4ca3f23d7e6d0f2e3dd288e811920bb85b44191f1da7befbd9606badb2a836dc"
gitlab_arm_source_sha256="ab5ae257dc3b26f463a5afaf1344f4218fb545080e8e9a0f071d8cd59da2f259"
gitlab_filename="gitlab-ce-${gitlab_version}.deb"