├── LICENSE ├── README.md ├── defaults └── main.yml ├── meta └── main.yml ├── tasks ├── databases.yml ├── gitlab-shell.yml ├── gitlab.yml ├── main.yml ├── nginx.yml └── packages.yml └── templates ├── database.yml ├── gitconfig ├── gitlab.yml ├── gitlab_shell_config.yml ├── nginx.conf ├── user_ssh_config └── uwsgi.ini /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013,2014, Damjan Georgievski 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Gitlab 2 | ====== 3 | 4 | Installs [gitlab](https://github.com/gitlabhq/gitlabhq/) from git. 5 | Generally follows the installation document on their site. 6 | 7 | 8 | Requirements 9 | ------------ 10 | 11 | The role is created for Debian-like OS's. Depends on the uWSGI role, and also installs nginx as a frontend. 12 | 13 | 14 | Role Variables 15 | -------------- 16 | 17 | The role uses the following variables, that you can also override: 18 | 19 | * `gitlab_hostname` - override to set the name of the virtual host, also used for email (defaults to `ansible_hostname`) 20 | * `gitlab_branch` - gitlab branch to checkout 21 | * `gitlab_shell_version` - gitlab shell version to checkout 22 | * `gitlab_db_type` - database type to use (mysql by default) 23 | * `gitlab_db_name` - database name (gitlab) 24 | * `gitlab_db_user` - database user (gitlab) 25 | * `gitlab_db_passwd` - database password (probably should change this, it's some random string now) 26 | * `gitlab_user` - system user that's needed for ssh access 27 | * `gitlab_ssh_port` - override if using different port for ssh (22 by default) 28 | 29 | 30 | Usage 31 | ----- 32 | 33 | ansible-galaxy install gdamjan.gitlab 34 | 35 | Also check the [Ansible Galaxy](https://galaxy.ansible.com/intro) about page. 36 | 37 | 38 | License 39 | ------- 40 | 41 | BSD 42 | 43 | Author and other Information 44 | ---------------------------- 45 | 46 | Damjan Georgievski 47 | 48 | [GitHub project page](https://github.com/gdamjan/ansible-gitlab) 49 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | gitlab_branch: 8-6-stable 3 | gitlab_shell_version: v2.6.11 4 | 5 | gitlab_user: git 6 | gitlab_ssh_port: 22 7 | 8 | gitlab_deploy_local_mysql: false 9 | gitlab_deploy_local_redis: false 10 | 11 | gitlab_db_type: mysql 12 | gitlab_db_name: gitlab 13 | gitlab_db_user: gitlab 14 | gitlab_db_passwd: yie6AiGh 15 | 16 | gitlab_redis_host: 127.0.0.1 17 | gitlab_redis_port: 6379 18 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Damjan Georgievski 4 | description: a role that downloads and install gitlab 5 | license: BSD 6 | min_ansible_version: 1.4 7 | platforms: 8 | - name: Ubuntu 9 | versions: 10 | - trusty 11 | - name: Debian 12 | versions: 13 | - jessie 14 | categories: 15 | - web 16 | dependencies: 17 | - gdamjan.uwsgi 18 | -------------------------------------------------------------------------------- /tasks/databases.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # one day add postgresql here too, depending on a variable 3 | # 4 | # 5 | - name: ensure mysql is running 6 | service: name=mysql state=started enabled=yes 7 | 8 | - name: ensure redis is running 9 | service: name=redis-server state=started enabled=yes 10 | 11 | - name: ensure database for gitlab exists 12 | mysql_db: state=present name={{ gitlab_db_name }} collation=utf8_unicode_ci encoding=utf8 13 | 14 | - name: ensure database user for gitlab is present and has privleges 15 | mysql_user: state=present host=localhost name={{ gitlab_db_user }} password={{ gitlab_db_passwd }} priv={{ gitlab_db_name }}.*:ALL 16 | -------------------------------------------------------------------------------- /tasks/gitlab-shell.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # GitLab Shell 3 | 4 | - name: ensure Gitlab-Shell git repository is cloned 5 | git: repo=https://github.com/gitlabhq/gitlab-shell.git dest=/home/{{ gitlab_user }}/gitlab-shell version={{ gitlab_shell_version}} 6 | 7 | - name: ensure gitlab-shell config is written 8 | template: src=gitlab_shell_config.yml dest=/home/{{ gitlab_user }}/gitlab-shell/config.yml mode=0644 9 | 10 | ## actions taken from gitlab-shell/bin/install 11 | - name: .ssh directory 12 | file: dest=/home/{{ gitlab_user }}/.ssh state=directory mode=0700 owner={{ gitlab_user }} group={{ gitlab_user }} 13 | 14 | - name: .ssh/config for git user 15 | template: src=user_ssh_config dest=/home/{{ gitlab_user }}/.ssh/config owner={{ gitlab_user }} group={{ gitlab_user }} mode=0600 16 | 17 | # until state=touch is implemented do it manually https://github.com/ansible/ansible/issues/4097 18 | - name: touch authorized_keys file 19 | command: touch /home/{{ gitlab_user }}/.ssh/authorized_keys creates=/home/{{ gitlab_user }}/.ssh/authorized_keys 20 | 21 | - name: authorized_keys file with proper permisions 22 | file: dest=/home/{{ gitlab_user }}/.ssh/authorized_keys mode=0600 owner={{ gitlab_user }} group={{ gitlab_user }} 23 | 24 | ## TODO maybe: 25 | # chmod -R ug+rwX,o-rwx /home/git/repositories: false 26 | # find /home/git/repositories -type d -print0 | xargs -0 chmod g+s: false 27 | -------------------------------------------------------------------------------- /tasks/gitlab.yml: -------------------------------------------------------------------------------- 1 | --- 2 | ## TODO: parametrize 3 | 4 | - name: ensure there's a user for Gitlab 5 | user: name={{ gitlab_user }} comment="GitLab" createhome=yes 6 | 7 | - name: Clone GitLab source code from git. 8 | git: repo=https://github.com/gitlabhq/gitlabhq.git dest=/home/{{ gitlab_user }}/gitlab version={{ gitlab_branch }} 9 | changed_when: False 10 | 11 | ## setup file system hierarchy and permissions 12 | - name: ensure GitLab can write to the 'log' directory 13 | file: path=/home/{{ gitlab_user }}/log state=directory recurse=yes mode=0700 owner={{ gitlab_user }} 14 | 15 | - name: ensure GitLab can write to 'tmp' 16 | file: path=/home/{{ gitlab_user }}/tmp state=directory recurse=yes mode=0700 owner={{ gitlab_user }} 17 | 18 | - name: ensure GitLab can write to 'tmp/pids' 19 | file: path=/home/{{ gitlab_user }}/tmp/pids state=directory recurse=yes mode=0700 owner={{ gitlab_user }} 20 | 21 | - name: ensure GitLab can write to 'public/uploads' 22 | file: path=/home/{{ gitlab_user }}/gitlab/public/uploads state=directory recurse=yes mode=0700 owner={{ gitlab_user }} 23 | 24 | # would be nice if next 2 can be merged 25 | - name: remove GitLab 'log' directory 26 | file: state=absent path=/home/{{ gitlab_user }}/gitlab/log 27 | 28 | - name: symlink GitLab 'log' directory 29 | file: state=link src=/home/{{ gitlab_user }}/log dest=/home/{{ gitlab_user }}/gitlab/log force=yes 30 | 31 | # would be nice if next 2 can be merged 32 | - name: remove GitLab 'tmp' directory 33 | file: state=absent path=/home/{{ gitlab_user }}/gitlab/tmp 34 | 35 | - name: symlink GitLab 'tmp' directory 36 | file: state=link src=/home/{{ gitlab_user }}/tmp dest=/home/{{ gitlab_user }}/gitlab/tmp force=yes 37 | 38 | - name: ensure directory for satellites exists 39 | file: state=directory path=/home/{{ gitlab_user }}/gitlab-satellites owner={{ gitlab_user }} group={{ gitlab_user }} mode=0750 40 | 41 | - name: ensure directory for repositories exists 42 | file: state=directory path=/home/{{ gitlab_user }}/repositories owner={{ gitlab_user }} group={{ gitlab_user }} mode=2770 43 | 44 | ## config files 45 | - name: .gitconfig for git user 46 | template: src=gitconfig dest=/home/{{ gitlab_user }}/.gitconfig owner={{ gitlab_user }} group={{ gitlab_user }} mode=0644 47 | 48 | - name: ensure GitLab config file exists 49 | template: src=gitlab.yml dest=/home/{{ gitlab_user }}/gitlab/config/gitlab.yml mode=0640 owner=root group={{ gitlab_user }} 50 | 51 | - name: ensure uwsgi config file exists 52 | template: src=uwsgi.ini dest=/etc/uwsgi/vassals/gitlab.ini mode=0644 owner=root group=root 53 | 54 | - name: ensure database config is written 55 | template: src=database.yml dest=/home/{{ gitlab_user }}/gitlab/config/database.yml mode=0640 owner=root group={{ gitlab_user }} 56 | 57 | - name: ensure GitLab bundle is installed 58 | command: chdir=/home/{{ gitlab_user }}/gitlab bundle install --deployment --without development test postgres aws 59 | changed_when: False 60 | 61 | - name: run 'rake gitlab:setup' task 62 | sudo_user: "{{ gitlab_user }}" 63 | shell: > 64 | creates=/home/{{ gitlab_user }}/gitlab:setup 65 | chdir=/home/{{ gitlab_user }}/gitlab 66 | yes 'yes' 67 | | bundle exec rake gitlab:setup RAILS_ENV=production 68 | && touch /home/{{ gitlab_user }}/gitlab:setup 69 | 70 | #- name: Gitlab upgrade 71 | # shell: > 72 | # chdir=/home/{{ gitlab_user }}/gitlab 73 | # bundle exec rake db:migrate RAILS_ENV=production 74 | # bundle exec rake cache:clear RAILS_ENV=production 75 | # bundle exec rake assets:clean RAILS_ENV=production 76 | # bundle exec rake assets:precompile RAILS_ENV=production 77 | # 78 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: packages.yml 3 | - include: databases.yml 4 | - include: gitlab.yml 5 | - include: gitlab-shell.yml 6 | - include: nginx.yml 7 | 8 | ## TODO 9 | # AllowUsers git ... in /etc/ssh/sshd_config 10 | # check what happens with the assets 11 | -------------------------------------------------------------------------------- /tasks/nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # setup nginx ... posibly, this could be a separate role with parameters 3 | - name: Making sure nginx is present... 4 | apt: state=present pkg=nginx 5 | 6 | - name: Making sure that GitLab Nginx site is available... 7 | template: src=nginx.conf dest=/etc/nginx/sites-available/gitlab mode=0755 8 | notify: restart nginx 9 | 10 | - name: Making sure that the default Nginx site is not enabled... 11 | file: path=/etc/nginx/sites-enabled/default state=absent 12 | notify: restart nginx 13 | 14 | - name: Making sure that the GitLab Nginx site is enabled... 15 | file: src=/etc/nginx/sites-available/gitlab path=/etc/nginx/sites-enabled/gitlab state=link 16 | notify: restart nginx 17 | -------------------------------------------------------------------------------- /tasks/packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ensure gitlab dependencies are installed from apt 3 | apt: pkg={{ item }} state=present 4 | with_items: 5 | - build-essential 6 | - zlib1g-dev 7 | - libyaml-dev 8 | - libssl-dev 9 | - libgdbm-dev 10 | - libreadline-dev 11 | - libncurses5-dev 12 | - libffi-dev 13 | - curl 14 | - git-core 15 | - redis-server 16 | - checkinstall 17 | - libxml2-dev 18 | - libxslt1-dev 19 | - libcurl4-openssl-dev 20 | - libicu-dev 21 | - mysql-server 22 | - mysql-client 23 | - libmysqlclient-dev 24 | - ruby 25 | - bundler 26 | - python2.7 27 | - python-mysqldb # Required for ansible mysql module to work, see: http://ansible.cc/docs/modules.html#mysql-user 28 | - python-docutils 29 | - pkg-config 30 | - cmake 31 | - libkrb5-dev 32 | -------------------------------------------------------------------------------- /templates/database.yml: -------------------------------------------------------------------------------- 1 | production: 2 | adapter: mysql2 3 | encoding: utf8 4 | database: {{ gitlab_db_name }} 5 | username: {{ gitlab_db_user }} 6 | password: {{ gitlab_db_passwd }} 7 | socket: /var/run/mysqld/mysqld.sock 8 | 9 | -------------------------------------------------------------------------------- /templates/gitconfig: -------------------------------------------------------------------------------- 1 | [user] 2 | name = GitLab 3 | email = gitlab@{{ gitlab_hostname if gitlab_hostname or ansible_hostname }} 4 | -------------------------------------------------------------------------------- /templates/gitlab.yml: -------------------------------------------------------------------------------- 1 | # # # # # # # # # # # # # # # # # # 2 | # GitLab application config file # 3 | # # # # # # # # # # # # # # # # # # 4 | # 5 | # How to use: 6 | # 1. copy file as gitlab.yml 7 | # 2. Replace gitlab -> host with your domain 8 | # 3. Replace gitlab -> email_from 9 | 10 | production: &base 11 | # 12 | # 1. GitLab app settings 13 | # ========================== 14 | 15 | ## GitLab settings 16 | gitlab: 17 | ## Web server settings 18 | host: {{ gitlab_hostname if gitlab_hostname or ansible_hostname }} 19 | port: 80 20 | https: false 21 | # Uncomment and customize to run in non-root path 22 | # Note that ENV['RAILS_RELATIVE_URL_ROOT'] in config/unicorn.rb may need to be changed 23 | # relative_url_root: /gitlab 24 | 25 | # Uncomment and customize if you can't use the default user to run GitLab (default: 'git') 26 | user: {{ gitlab_user }} 27 | 28 | ## Email settings 29 | # Email address used in the "From" field in mails sent by GitLab 30 | email_from: gitlab@{{ gitlab_hostname if gitlab_hostname or ansible_hostname }} 31 | 32 | # Email address of your support contact (default: same as email_from) 33 | support_email: support@{{ gitlab_hostname if gitlab_hostname or ansible_hostname }} 34 | 35 | ## User settings 36 | default_projects_limit: 10 37 | # default_can_create_group: false # default: true 38 | # username_changing_enabled: false # default: true - User can change her username/namespace 39 | 40 | ## Users management 41 | # signup_enabled: true # default: false - Account passwords are not sent via the email if signup is enabled. 42 | 43 | ## Automatic issue closing 44 | # If a commit message matches this regular express, all issues referenced from the matched text will be closed 45 | # if it's pushed to a project's default branch. 46 | # issue_closing_pattern: ^([Cc]loses|[Ff]ixes) +#\d+ 47 | 48 | ## Default project features settings 49 | default_projects_features: 50 | issues: true 51 | merge_requests: true 52 | wiki: true 53 | wall: false 54 | snippets: false 55 | public: false 56 | 57 | 58 | ## External issues trackers 59 | issues_tracker: 60 | # redmine: 61 | # ## If not nil, link 'Issues' on project page will be replaced with this 62 | # ## Use placeholders: 63 | # ## :project_id - GitLab project identifier 64 | # ## :issues_tracker_id - Project Name or Id in external issue tracker 65 | # project_url: "http://redmine.sample/projects/:issues_tracker_id" 66 | # 67 | # ## If not nil, links from /#\d/ entities from commit messages will replaced with this 68 | # ## Use placeholders: 69 | # ## :project_id - GitLab project identifier 70 | # ## :issues_tracker_id - Project Name or Id in external issue tracker 71 | # ## :id - Issue id (from commit messages) 72 | # issues_url: "http://redmine.sample/issues/:id" 73 | # 74 | # ## If not nil, linkis to creating new issues will be replaced with this 75 | # ## Use placeholders: 76 | # ## :project_id - GitLab project identifier 77 | # ## :issues_tracker_id - Project Name or Id in external issue tracker 78 | # new_issue_url: "http://redmine.sample/projects/:issues_tracker_id/issues/new" 79 | 80 | ## Gravatar 81 | gravatar: 82 | enabled: true # Use user avatar image from Gravatar.com (default: true) 83 | # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm 84 | # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm 85 | 86 | 87 | 88 | # 89 | # 2. Auth settings 90 | # ========================== 91 | 92 | ## LDAP settings 93 | ldap: 94 | enabled: false 95 | host: '_your_ldap_server' 96 | base: '_the_base_where_you_search_for_users' 97 | port: 636 98 | uid: 'sAMAccountName' 99 | method: 'ssl' # "ssl" or "plain" 100 | bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' 101 | password: '_the_password_of_the_bind_user' 102 | allow_username_or_email_login: true 103 | 104 | ## OmniAuth settings 105 | omniauth: 106 | # Allow login via Twitter, Google, etc. using OmniAuth providers 107 | enabled: false 108 | 109 | # CAUTION! 110 | # This allows users to login without having a user account first (default: false). 111 | # User accounts will be created automatically when authentication was successful. 112 | allow_single_sign_on: false 113 | # Locks down those users until they have been cleared by the admin (default: true). 114 | block_auto_created_users: true 115 | 116 | ## Auth providers 117 | # Uncomment the following lines and fill in the data of the auth provider you want to use 118 | # If your favorite auth provider is not listed you can use others: 119 | # see https://github.com/gitlabhq/gitlabhq/wiki/Using-Custom-Omniauth-Providers 120 | # The 'app_id' and 'app_secret' parameters are always passed as the first two 121 | # arguments, followed by optional 'args' which can be either a hash or an array. 122 | providers: 123 | # - { name: 'google_oauth2', app_id: 'YOUR APP ID', 124 | # app_secret: 'YOUR APP SECRET', 125 | # args: { access_type: 'offline', approval_prompt: '' } } 126 | # - { name: 'twitter', app_id: 'YOUR APP ID', 127 | # app_secret: 'YOUR APP SECRET'} 128 | # - { name: 'github', app_id: 'YOUR APP ID', 129 | # app_secret: 'YOUR APP SECRET' } 130 | 131 | 132 | 133 | # 134 | # 3. Advanced settings 135 | # ========================== 136 | 137 | # GitLab Satellites 138 | satellites: 139 | # Relative paths are relative to Rails.root (default: tmp/repo_satellites/) 140 | path: /home/{{ gitlab_user }}/gitlab-satellites/ 141 | 142 | ## Backup settings 143 | backup: 144 | path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/) 145 | # keep_time: 604800 # default: 0 (forever) (in seconds) 146 | 147 | ## GitLab Shell settings 148 | gitlab_shell: 149 | # REPOS_PATH MUST NOT BE A SYMLINK!!! 150 | repos_path: /home/{{ gitlab_user }}/repositories/ 151 | hooks_path: /home/{{ gitlab_user }}/gitlab-shell/hooks/ 152 | 153 | # Git over HTTP 154 | upload_pack: true 155 | receive_pack: true 156 | 157 | # If you use non-standard ssh port you need to specify it 158 | ssh_port: {{ gitlab_ssh_port }} 159 | 160 | ## Git settings 161 | # CAUTION! 162 | # Use the default values unless you really know what you are doing 163 | git: 164 | bin_path: /usr/bin/git 165 | # Max size of a git object (e.g. a commit), in bytes 166 | # This value can be increased if you have very large commits 167 | max_size: 5242880 # 5.megabytes 168 | # Git timeout to read a commit, in seconds 169 | timeout: 10 170 | 171 | # 172 | # 4. Extra customization 173 | # ========================== 174 | 175 | extra: 176 | ## Google analytics. Uncomment if you want it 177 | # google_analytics_id: '_your_tracking_id' 178 | 179 | ## Text under sign-in page (Markdown enabled) 180 | # sign_in_text: | 181 | # ![Company Logo](http://www.companydomain.com/logo.png) 182 | # [Learn more about CompanyName](http://www.companydomain.com/) 183 | 184 | development: 185 | <<: *base 186 | 187 | test: 188 | <<: *base 189 | issues_tracker: 190 | redmine: 191 | project_url: "http://redmine/projects/:issues_tracker_id" 192 | issues_url: "http://redmine/:project_id/:issues_tracker_id/:id" 193 | new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new" 194 | 195 | staging: 196 | <<: *base 197 | -------------------------------------------------------------------------------- /templates/gitlab_shell_config.yml: -------------------------------------------------------------------------------- 1 | # GitLab user. {{ gitlab_user }} by default 2 | user: {{ gitlab_user }} 3 | 4 | # Url to gitlab instance. Used for api calls. Should be ends with slash. 5 | gitlab_url: "http://{{ gitlab_hostname if gitlab_hostname or ansible_hostname }}/" 6 | 7 | http_settings: 8 | # user: someone 9 | # password: somepass 10 | self_signed_cert: false 11 | 12 | # Repositories path 13 | repos_path: "/home/{{ gitlab_user }}/repositories" 14 | 15 | # File used as authorized_keys for gitlab user 16 | auth_file: "/home/{{ gitlab_user }}/.ssh/authorized_keys" 17 | 18 | # Redis settings used for pushing commit notices to gitlab 19 | redis: 20 | bin: /usr/bin/redis-cli 21 | host: 127.0.0.1 22 | port: 6379 23 | # socket: /tmp/redis.socket # Only define this if you want to use sockets 24 | namespace: resque:gitlab 25 | 26 | # Log file. 27 | # Default is gitlab-shell.log in the root directory. 28 | log_file: "/home/{{ gitlab_user }}/log/gitlab-shell.log" 29 | 30 | -------------------------------------------------------------------------------- /templates/nginx.conf: -------------------------------------------------------------------------------- 1 | # GITLAB 2 | 3 | server { 4 | listen *:80 default_server; # e.g., listen 192.168.1.1:80; 5 | # server_name FIXME; # no server name for now, it's the only vhost 6 | 7 | root /home/{{ gitlab_user }}/gitlab/public; 8 | 9 | # individual nginx logs for this gitlab vhost 10 | access_log /var/log/nginx/gitlab_access.log; 11 | error_log /var/log/nginx/gitlab_error.log; 12 | 13 | location / { 14 | # serve static files from defined root folder;. 15 | # @gitlab is a named location for the upstream fallback, see below 16 | try_files $uri $uri/index.html $uri.html @gitlab; 17 | } 18 | 19 | # if a file, which is not found in the root folder is requested, 20 | # then the proxy pass the request to the upsteam (gitlab unicorn) 21 | location @gitlab { 22 | include uwsgi_params; 23 | uwsgi_param SERVER_NAME $host; 24 | uwsgi_modifier1 7; 25 | uwsgi_pass unix:///run/uwsgi/gitlab.sock; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /templates/user_ssh_config: -------------------------------------------------------------------------------- 1 | Host * 2 | StrictHostKeyChecking no 3 | UserKnownHostsFile /dev/null 4 | -------------------------------------------------------------------------------- /templates/uwsgi.ini: -------------------------------------------------------------------------------- 1 | [uwsgi] 2 | master = true 3 | processes = 6 4 | cheaper = 2 5 | 6 | uid = {{ gitlab_user }} 7 | gid = {{ gitlab_user }} 8 | 9 | # reload after 3 days, 500MB or a million requests 10 | reload-on-rss = 500 11 | max-worker-lifetime = 259200 12 | max-requests = 1000000 13 | harakiri = 30 14 | #cheaper-algo = busyness 15 | 16 | socket = /run/uwsgi/gitlab.sock 17 | chmod-socket = 666 18 | chown-socket = %(uid) 19 | 20 | home = /home/{{ gitlab_user }} 21 | chdir = %(home)/gitlab 22 | daemonize = %(home)/log/uwsgi.log 23 | 24 | env = RAILS_ENV=production 25 | env = HOME=%(home) 26 | env = USER=%(uid) 27 | 28 | plugin = rack 29 | rack = config.ru 30 | 31 | rbrequire = rubygems 32 | rbrequire = bundler/setup 33 | 34 | smart-attach-daemon = %(home)/tmp/pids/sidekiq.pid bundle exec rake sidekiq:start 35 | --------------------------------------------------------------------------------