From b152c48ed31b448eaf38a905d18e327faedee082 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 10 Feb 2021 19:08:36 +0100
Subject: [PATCH] [gitlab] smtp server and https push
---
ansible.cfg | 3 +++
group_vars/git.yml | 19 +++++++++--------
host_vars/gitzly.adm.crans.org.yml | 3 ++-
plays/gitlab.yml | 2 +-
roles/gitlab/handlers/main.yml | 3 +++
roles/gitlab/tasks/main.yml | 4 +---
roles/gitlab/templates/gitlab.rb.j2 | 32 +++++++++++++++++------------
7 files changed, 40 insertions(+), 26 deletions(-)
create mode 100644 roles/gitlab/handlers/main.yml
diff --git a/ansible.cfg b/ansible.cfg
index 720ce959..52176e1d 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -17,6 +17,9 @@ inventory = ./hosts
# Custom header in templates
# ansible_managed = Ansible managed, see https://gitlab.crans.org/nounous/ansible
+# Maximum size of files to be considered for diff display
+max_diff_size = 1000000
+
# Do not use cows (with cowsay)
nocows = 1
diff --git a/group_vars/git.yml b/group_vars/git.yml
index 165a90a0..ad11520d 100644
--- a/group_vars/git.yml
+++ b/group_vars/git.yml
@@ -1,20 +1,23 @@
---
-
glob_gitlab:
url: 'https://gitlab.crans.org'
time_zone: 'Europe/Paris'
email: 'gitlab@crans.org'
email_display_name: 'Crans GitLab'
- ldap_label: 'Crans'
- ldap_host: '172.16.10.147'
- ldap_port: 389
- ldap_uid: 'uid'
- ldap_bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org'
- ldap_base: 'cn=Utilisateurs,dc=crans,dc=org'
- ldap_user_filter: '(&(!(shadowExpire=0))(uid=*))'
+ ldap:
+ label: 'Crans'
+ host: "{{ query('ldap', 'ip', 're2o-ldap', 'adm') | first }}"
+ port: 389
+ uid: 'uid'
+ bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org'
+ base: 'cn=Utilisateurs,dc=crans,dc=org'
+ user_filter: '(&(!(shadowExpire=0))(uid=*))'
cas_name: 'cas3'
cas_label: 'CAS Cr@ns'
cas_url: 'https://cas.crans.org'
+ smtp:
+ address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
+ port: 25
glob_nginx:
service_name: gitlab-omnibus-ssl-nginx
diff --git a/host_vars/gitzly.adm.crans.org.yml b/host_vars/gitzly.adm.crans.org.yml
index 4afe2491..65032e0c 100644
--- a/host_vars/gitzly.adm.crans.org.yml
+++ b/host_vars/gitzly.adm.crans.org.yml
@@ -19,4 +19,5 @@ loc_certbot:
domains: "*.adm.crans.org"
loc_gitlab:
- ldap_bind_password: "{{ vault_gitlab_ldap_password }}"
+ ldap:
+ bind_password: "{{ vault_gitlab_ldap_password }}"
diff --git a/plays/gitlab.yml b/plays/gitlab.yml
index 4d1714bc..ff4cd57f 100755
--- a/plays/gitlab.yml
+++ b/plays/gitlab.yml
@@ -10,7 +10,7 @@
- hosts: git
vars:
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
- gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({})) }}'
+ gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
roles:
- certbot
- gitlab
diff --git a/roles/gitlab/handlers/main.yml b/roles/gitlab/handlers/main.yml
new file mode 100644
index 00000000..cf8b6429
--- /dev/null
+++ b/roles/gitlab/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: Reconfigure Gitlab
+ command: gitlab-ctl reconfigure
diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml
index 62bfcbcd..9f22e1aa 100644
--- a/roles/gitlab/tasks/main.yml
+++ b/roles/gitlab/tasks/main.yml
@@ -24,6 +24,4 @@
mode: 0600
owner: root
group: root
-
-- name: Reconfigure Gitlab
- command: gitlab-ctl reconfigure
+ notify: Reconfigure Gitlab
diff --git a/roles/gitlab/templates/gitlab.rb.j2 b/roles/gitlab/templates/gitlab.rb.j2
index 8f7ca2b7..9b2e7f39 100644
--- a/roles/gitlab/templates/gitlab.rb.j2
+++ b/roles/gitlab/templates/gitlab.rb.j2
@@ -79,15 +79,20 @@ gitlab_rails['time_zone'] = '{{ gitlab.time_zone }}'
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**
-# gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
-# gitlab_rails['smtp_port'] = 465
+gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_address'] = "{{ gitlab.smtp.address }}"
+gitlab_rails['smtp_port'] = {{ gitlab.smtp.port }}
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+gitlab_rails['smtp_enable_starttls_auto'] = false
+gitlab_rails['smtp_ssl'] = false
+gitlab_rails['smtp_force_ssl'] = false
###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
@@ -443,24 +448,25 @@ gitlab_rails['ldap_enabled'] = true
###! **remember to close this block with 'EOS' below**
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
main: # 'main' is the GitLab 'provider ID' of this LDAP server
- label: '{{ gitlab.ldap_label }}'
- host: '{{ gitlab.ldap_host }}'
- port: {{ gitlab.ldap_port }}
- uid: '{{ gitlab.ldap_uid }}'
- bind_dn: '{{ gitlab.ldap_bind_dn }}'
- password: '{{ gitlab.ldap_bind_password }}'
-# encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-# verify_certificates: true
+ label: '{{ gitlab.ldap.label }}'
+ host: '{{ gitlab.ldap.host }}'
+ port: {{ gitlab.ldap.port }}
+ uid: '{{ gitlab.ldap.uid }}'
+ bind_dn: '{{ gitlab.ldap.bind_dn }}'
+ password: '{{ gitlab.ldap.bind_password }}'
+ encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+ verify_certificates: true
# smartcard_auth: false
# active_directory: true
allow_username_or_email_login: true
# lowercase_usernames: false
# block_auto_created_users: false
- base: '{{ gitlab.ldap_base }}'
- user_filter: '{{ gitlab.ldap_user_filter }}'
+ base: '{{ gitlab.ldap.base }}'
+ user_filter: '{{ gitlab.ldap.user_filter }}'
attributes:
username: ['uid',]
email: ['mail',]
+EOS
# ## EE only
# group_base: ''
# admin_group: ''
--
GitLab