This formula installs and configures Gitlab Community Edition.
See pillar.example for configuration options.
This formula will clean up unused images from Gitlab Registry every night.
It calls gitlab-ctl registry-garbage-collect via a systemd service.
You can configure it to also delete untagged manifests and the time it will be run (if needed) via pillars, see pillar.example for details.
gitlab-runner can be installed from the official repository using the gitlab.runner state.
It is possible to optionally deploy a full, possibly pre-registered, runner configuration through gitlab-runner.config.
When omitted, the runner is set up in pristine state and must be registered manually (see below).
Besides the runner config.toml it is also possible to deploy a custom systemd timeout override.
For the special case where a provided config.toml utilises a docker-machine executor there is a separate boolean key gitlab-runner.docker-machine that necessarily must be set to True such that the underlying docker requirements can be included.
The injected dependency assumes the presence of exactly the following docker formula: https://github.com/chr4/salt-docker.
To register a runner with a Gitlab instance, use gitlab-runner register to negotiate a fresh runner token and a skeleton config.toml.
The command is interactive, and supports a wide spectrum of options.
Even more options can then be manually entered/adjusted in the generated config.
See the offical runner docs for details.
For later reference, here's some example code of how to potentially automate registration. This is not done, as the registration posibilities are pretty vast:
cmd.run:
- creates: /etc/gitlab-runner/config.toml
- name: |
gitlab-runner register \
--non-interactive \
--name {{ salt['pillar.get']('gitlab:hostname') }} \
--registration-token salt['pillar.get']('gitlab:runner_token') \
--url {{ salt['pillar.get']('gitlab:base_url')}} \
--executor docker \
--docker-image alpinegitlab.pages can be used to configure letsencrypt config file for nginx to listen on port 80 and serve .well-known directory for ACME challenges.
When using this, port 80 shall be disabled in gitlab itself and nginx config shall be added in gitlab.rb:
pages_nginx['redirect_http_to_https'] = false
nginx['redirect_http_to_https'] = false
nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/letsencrypt.conf;"
TLS certificates for required gitlab groups/users can be added by using altnames like in following config:
letsencrypt['alt_names'] = %w(group1.gitlab.pages.tld grpup2.gitlab.pages.tld)
pages_nginx['ssl_certificate'] = '/etc/gitlab/ssl/gitlab.io.ki.crt'
pages_nginx['ssl_certificate_key'] = '/etc/gitlab/ssl/gitlab.io.ki.key'