add gitlab role

2021-08-24 12:16:11 +02:00
commit 80cf4f9a51
11 changed files with 419 additions and 0 deletions
--- a/templates/Gitlab.gitlab-license.j2
+++ b/templates/Gitlab.gitlab-license.j2
@@ -0,0 +1 @@
+{{ gitlab_ee_license }}
--- a/templates/gitlab-secrets.json.j2
+++ b/templates/gitlab-secrets.json.j2
@@ -0,0 +1,51 @@
+{
+  "gitlab_workhorse": {
+    "secret_token": "{{ gitlab_secrets_workhorse_token }}"
+  },
+  "gitlab_shell": {
+    "secret_token": "{{ gitlab_secrets_shell_token }}"
+  },
+  "gitlab_rails": {
+    "secret_key_base": "{{ gitlab_secrets_rails_key_base }}",
+    "db_key_base": "{{ gitlab_secrets_rails_db_key_base }}",
+    "otp_key_base": "{{ gitlab_secrets_rails_otp_key_base }}",
+    "encrypted_settings_key_base": "{{ gitlab_secrets_rails_encrypted_settings_key_base }}"
+    "openid_connect_signing_key": "{{ gitlab_secrets_rails_openid_connect_signing_key }}"
+    "ci_jwt_signing_key": "{{ gitlab_secrets_rails_ci_jwt_signing_key }}"
+  },
+  "gitlab_pages": {
+    "gitlab_secret": {% if gitlab_secrets_pages_secret | length %}"{{ gitlab_secrets_pages_secret }}"{% else %}null{% endif %},
+    "gitlab_id": {% if gitlab_secrets_pages_id | length %}"{{ gitlab_secrets_pages_id }}"{% else %}null{% endif %},
+    "auth_secret": {% if gitlab_secrets_pages_auth_secret | length %}"{{ gitlab_secrets_pages_auth_secret }}"{% else %}null{% endif %},
+    "api_secret_key": {% if gitlab_secrets_pages_api_secret_key | length %}"{{ gitlab_secrets_pages_api_secret_key }}"{% else %}""{% endif %}
+  },
+  {% if gitlab_kas_api_key is defined %}
+  "gitlab_kas": {
+    "api_secret_key": "{{ gitlab_secrets_kas_api_key }}"
+  },
+  {% endif %}
+  "grafana": {
+    "secret_key": "{{ gitlab_secrets_grafana_secret_key }}",
+    "gitlab_secret": "{{ gitlab_secrets_grafana_gitlab_secret }}",
+    "gitlab_application_id": "{{ gitlab_secrets_grafana_gitlab_application_id }}",
+    "admin_password": "{{ gitlab_secrets_grafana_admin_password }}",
+    "metrics_basic_auth_password": {% if gitlab_secrets_grafana_metrics_basic_auth_password | length %}"{{ gitlab_secrets_grafana_metrics_basic_auth_password }}"{% else %}null{% endif %}
+  },
+  "registry": {
+    "http_secret": "{{ gitlab_secrets_registry_http_secret }}",
+    "internal_certificate": "{{ gitlab_secrets_registry_internal_certificate }}",
+    "internal_key": "{{ gitlab_secrets_registry_internal_key }}"
+  },
+  "letsencrypt": {
+    "auto_enabled": {% if gitlab_secrets_letsencrypt_auto_enabled | length %}"{{ gitlab_secrets_letsencrypt_auto_enabled }}"{% else %}null{% endif %}
+  },
+  "mattermost": {
+    "email_invite_salt": "{{ gitlab_secrets_mattermost_invite_salt }}",
+    "file_public_link_salt": "{{ gitlab_secrets_mattermost_file_public_link_salt }}",
+    "sql_at_rest_encrypt_key": "{{ gitlab_secrets_mattermost_sql_at_rest_encrypt_key }}"
+  },
+  "postgresql": {
+    "internal_certificate": "{{ gitlab_secrets_postgresql_internal_certificate }}",
+    "internal_key": "{{ gitlab_secrets_postgresql_internal_key }}" 
+  }
+}
--- a/templates/gitlab.rb.j2
+++ b/templates/gitlab.rb.j2
@@ -0,0 +1,75 @@
+# vim: ts=2 sw=2 et ft=ruby
+
+# general configs
+
+external_url '{{ gitlab_conf_external_url }}'
+
+# gitlab configs
+
+gitlab_rails['backup_path'] = "{{ gitlab_conf_backup_path }}"
+gitlab_rails['env'] = {"SSL_CERT_FILE"=>"{{ gitlab_conf_ssl_cert_bundle }}"}
+gitlab_rails['gitlab_email_display_name'] = "{{ gitlab_conf_email_display_name }}"
+gitlab_rails['gitlab_email_from'] = "{{ gitlab_conf_email_from }}"
+gitlab_rails['gitlab_email_reply_to'] = "{{ gitlab_conf_email_reply_to }}"
+gitlab_rails['initial_root_password'] = "{{ gitlab_conf_initial_root_pw }}"
+gitlab_rails['initial_shared_runners_registration_token'] = "{{ gitlab_conf_initial_shared_runner_registration_token }}"
+gitlab_rails['ldap_enabled'] = {{ gitlab_conf_ldap_enabled }}
+gitlab_rails['manage_backup_path'] = {{ gitlab_conf_manage_backup_path }}
+gitlab_rails['ldap_servers'] = { 
+  "main"=>{ 
+    "active_directory"=>{{ gitlab_conf_ldap_servers.active_directory }}, 
+    "admin_group"=>"{{ gitlab_conf_ldap_servers.admin_group }}", 
+    "allow_username_or_email_login"=>{{ gitlab_conf_ldap_servers.allow_username_or_email_login }},
+    "attributes"=>{
+      "email"=>["mail", "email", "userPrincipalName"], 
+      "first_name"=>"givenName", 
+      "last_name"=>"sn", 
+      "name"=>"nosuchattribute", 
+      "username"=>["uid", "userid", "sAMAccountName"]
+    }, 
+    "base"=>"{{ gitlab_conf_ldap_servers.base }}",
+    "bind_dn"=>"{{ gitlab_conf_ldap_servers.bind_dn }}",
+    "block_auto_created_users"=>{{ gitlab_conf_ldap_servers.block_auto_created_users }},
+    "encryption"=>"{{ gitlab_conf_ldap_servers.encryption }}",
+    "group_base"=>"{{ gitlab_conf_ldap_servers.group_base }}",
+    "host"=>"{{ gitlab_conf_ldap_servers.host }}",
+    "label"=>"{{ gitlab_conf_ldap_servers.label }}",
+    "password"=>"{{ gitlab_conf_ldap_servers.password }}",
+    "port"=>"{{ gitlab_conf_ldap_servers.port }}",
+    "sync_ssh_keys"=>{{ gitlab_conf_ldap_servers.sync_ssh_keys }},
+    "tls_options"=>{
+      "ca_file"=>"{{ gitlab_conf_ldap_servers.ca_file }}",
+    },
+    "uid"=>"{{ gitlab_conf_ldap_servers.uid }}",
+    "verify_certificates"=>{{ gitlab_conf_ldap_servers.verify_certificates }},
+  }
+}
+gitlab_rails['omniauth_providers'] = [{
+  "args"=>{
+    "client_options"=>{
+      "identifier"=>"{{ gitlab_conf_omniauth_providers.identifier }}",
+      "redirect_uri"=>"{{ gitlab_conf_omniauth_providers.redirect_uri }}",
+      "secret"=>"{{ gitlab_conf_omniauth_providers.secret }}",
+    },
+    "discovery"=>{{ gitlab_conf_omniauth_providers.discovery }},
+    "issuer"=>"{{ gitlab_conf_omniauth_providers.issuer }}",
+    "name"=>"{{ gitlab_conf_omniauth_providers.name }}",
+    "response_type"=>"code",
+    "scope"=>["openid", "profile"]
+  },
+  "label"=>"{{ gitlab_conf_omniauth_providers.label }}",
+  "name"=>"openid_connect"
+}]
+
+# nginx configs
+
+nginx['enable'] = {{ gitlab_conf_nginx_enable }}
+nginx['redirect_http_to_https'] = {{ gitlab_conf_nginx_redirect_https }}
+nginx['ssl_certificate'] = "{{ gitlab_conf_nginx_ssl_certificate }}"
+nginx['ssl_certificate_key'] = "{{ gitlab_conf_nginx_ssl_certificate_key }}"
+
+# letsencrypt configs
+
+letsencrypt['enable'] = {{ gitlab_conf_letsencrypt_enable }}
+
+
--- a/templates/gitlab.repo.j2
+++ b/templates/gitlab.repo.j2
@@ -0,0 +1,10 @@
+{{ ansible_managed | comment }}
+[gitlab_gitlab-ee]
+name=gitlab_gitlab-ee
+baseurl={{ gitlab_repo_base_url }}
+repo_gpgcheck=0
+gpgcheck=0
+enabled=1
+sslverify=1
+sslcacert={{ gitlab_cacert_bundle }}
+metadata_expire=300