diff --git a/Dockerfile b/Dockerfile index 994e44c6..d881b76b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,13 +7,15 @@ ENV GITLAB_VERSION=8.1.4 \ GITLAB_USER="git" \ GITLAB_HOME="/home/git" \ GITLAB_LOG_DIR="/var/log/gitlab" \ - SETUP_DIR="/var/cache/gitlab" \ + GITLAB_CACHE_DIR="/etc/docker-gitlab" \ RAILS_ENV=production ENV GITLAB_INSTALL_DIR="${GITLAB_HOME}/gitlab" \ GITLAB_SHELL_INSTALL_DIR="${GITLAB_HOME}/gitlab-shell" \ GITLAB_GIT_HTTP_SERVER_INSTALL_DIR="${GITLAB_HOME}/gitlab-git-http-server" \ - GITLAB_DATA_DIR="${GITLAB_HOME}/data" + GITLAB_DATA_DIR="${GITLAB_HOME}/data" \ + GITLAB_BUILD_DIR="${GITLAB_CACHE_DIR}/build" \ + GITLAB_RUNTIME_DIR="${GITLAB_CACHE_DIR}/runtime" RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E6030699E45FA1715D88E1DF1F24 \ && echo "deb http://ppa.launchpad.net/git-core/ppa/ubuntu trusty main" >> /etc/apt/sources.list \ @@ -36,10 +38,10 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv E1DD270288B4E60 && gem install --no-document bundler \ && rm -rf /var/lib/apt/lists/* -COPY assets/setup/ ${SETUP_DIR}/ -RUN bash ${SETUP_DIR}/install.sh +COPY assets/build/ ${GITLAB_BUILD_DIR}/ +RUN bash ${GITLAB_BUILD_DIR}/install.sh -COPY assets/config/ ${SETUP_DIR}/config/ +COPY assets/runtime/ ${GITLAB_RUNTIME_DIR}/ COPY entrypoint.sh /sbin/entrypoint.sh RUN chmod 755 /sbin/entrypoint.sh diff --git a/README.md b/README.md index 73b2e58e..40225f0c 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ wget -qO- https://get.docker.com/ | sh Fedora and RHEL/CentOS users should try disabling selinux with `setenforce 0` and check if resolves the issue. If it does than there is not much that I can help you with. You can either stick with selinux disabled (not recommended by redhat) or switch to using ubuntu. -You may also set `DEBUG_ENTRYPOINT=true` to enable debugging of the entrypoint script, which could help you pin point any configuration issues. +You may also set `DEBUG=true` to enable debugging of the entrypoint script, which could help you pin point any configuration issues. If using the latest docker version and/or disabling selinux does not fix the issue then please file a issue request on the [issues](https://github.com/sameersbn/docker-gitlab/issues) page. @@ -749,7 +749,7 @@ These options should contain something like: Below is the complete list of available options that can be used to customize your gitlab installation. -- **DEBUG_ENTRYPOINT**: Set this to `true` to enable entrypoint debugging. +- **DEBUG**: Set this to `true` to enable entrypoint debugging. - **GITLAB_HOST**: The hostname of the GitLab server. Defaults to `localhost` - **GITLAB_CI_HOST**: If you are migrating from GitLab CI use this parameter to configure the redirection to the GitLab service so that your existing runners continue to work without any changes. No defaults. - **GITLAB_PORT**: The port of the GitLab server. This value indicates the public port on which the GitLab application will be accessible on the network and appropriately configures GitLab to generate the correct urls. It does not affect the port on which the internal nginx server will be listening on. Defaults to `443` if `GITLAB_HTTPS=true`, else defaults to `80`. diff --git a/assets/setup/install.sh b/assets/build/install.sh similarity index 62% rename from assets/setup/install.sh rename to assets/build/install.sh index 5acf8d3b..21e89629 100755 --- a/assets/setup/install.sh +++ b/assets/build/install.sh @@ -1,21 +1,26 @@ #!/bin/bash set -e -GEM_CACHE_DIR="${SETUP_DIR}/cache.${GITLAB_VERSION}" +GEM_CACHE_DIR="${GITLAB_BUILD_DIR}/cache.${GITLAB_VERSION%.*}" -# add golang1.5 ppa -apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv B0B8B106A0CA2F79FBB616DBA65E2E5D742A38EE -echo "deb http://ppa.launchpad.net/evarlast/golang1.5/ubuntu trusty main" >> /etc/apt/sources.list - -# rebuild apt cache -apt-get update - -# install build dependencies for gem installation -DEBIAN_FRONTEND=noninteractive apt-get install -y gcc g++ make patch pkg-config cmake paxctl \ +BUILD_DEPENDENCIES="gcc g++ make patch pkg-config cmake paxctl \ libc6-dev ruby2.1-dev golang-go \ libmysqlclient-dev libpq-dev zlib1g-dev libyaml-dev libssl-dev \ libgdbm-dev libreadline-dev libncurses5-dev libffi-dev \ - libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev + libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev" + +## Execute a command as GITLAB_USER +exec_as_git() { + sudo -HEu ${GITLAB_USER} "$@" +} + +# ppa for golang1.5 +apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv B0B8B106A0CA2F79FBB616DBA65E2E5D742A38EE +echo "deb http://ppa.launchpad.net/evarlast/golang1.5/ubuntu trusty main" >> /etc/apt/sources.list + +# install build dependencies for gem installation +apt-get update +DEBIAN_FRONTEND=noninteractive apt-get install -y ${BUILD_DEPENDENCIES} # https://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#Node.js paxctl -Cm `which nodejs` @@ -32,107 +37,95 @@ cat >> ${GITLAB_HOME}/.profile </dev/null 2>&1 +exec_as_git bundle exec rake assets:clean assets:precompile >/dev/null 2>&1 -# symlink log -> ${GITLAB_LOG_DIR}/gitlab -rm -rf log -ln -sf ${GITLAB_LOG_DIR}/gitlab log +# remove auto generated ${GITLAB_DATA_DIR}/config/secrets.yml +rm -rf ${GITLAB_DATA_DIR}/config/secrets.yml -# create required tmp directories -sudo -HEu ${GITLAB_USER} mkdir -p tmp/pids/ tmp/sockets/ -chmod -R u+rwX tmp +exec_as_git mkdir -p ${GITLAB_INSTALL_DIR}/tmp/pids/ ${GITLAB_INSTALL_DIR}/tmp/sockets/ +chmod -R u+rwX ${GITLAB_INSTALL_DIR}/tmp -# create symlink to uploads directory -rm -rf public/uploads -sudo -HEu ${GITLAB_USER} ln -s ${GITLAB_DATA_DIR}/uploads public/uploads +# symlink ${GITLAB_HOME}/.ssh -> ${GITLAB_LOG_DIR}/gitlab +rm -rf ${GITLAB_HOME}/.ssh +exec_as_git ln -sf ${GITLAB_DATA_DIR}/.ssh ${GITLAB_HOME}/.ssh -# create symlink to .secret in GITLAB_DATA_DIR -rm -rf .secret -sudo -HEu ${GITLAB_USER} ln -sf ${GITLAB_DATA_DIR}/.secret +# symlink ${GITLAB_INSTALL_DIR}/log -> ${GITLAB_LOG_DIR}/gitlab +rm -rf ${GITLAB_INSTALL_DIR}/log +ln -sf ${GITLAB_LOG_DIR}/gitlab ${GITLAB_INSTALL_DIR}/log -# remove auto generated config/secrets.yml -rm -rf config/secrets.yml +# symlink ${GITLAB_INSTALL_DIR}/public/uploads -> ${GITLAB_DATA_DIR}/uploads +rm -rf ${GITLAB_INSTALL_DIR}/public/uploads +exec_as_git ln -sf ${GITLAB_DATA_DIR}/uploads ${GITLAB_INSTALL_DIR}/public/uploads -# install gitlab bootscript -cp lib/support/init.d/gitlab /etc/init.d/gitlab +# symlink ${GITLAB_INSTALL_DIR}/.secret -> ${GITLAB_DATA_DIR}/.secret +rm -rf ${GITLAB_INSTALL_DIR}/.secret +exec_as_git ln -sf ${GITLAB_DATA_DIR}/.secret ${GITLAB_INSTALL_DIR}/.secret + + +# install gitlab bootscript, to silence gitlab:check warnings +cp ${GITLAB_INSTALL_DIR}/lib/support/init.d/gitlab /etc/init.d/gitlab chmod +x /etc/init.d/gitlab # disable default nginx configuration and enable gitlab's nginx configuration -rm -f /etc/nginx/sites-enabled/default +rm -rf /etc/nginx/sites-enabled/default -# disable pam authentication for sshd -sed 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config -sed 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config +# configure sshd +sed -i 's/^[#]*UsePAM yes/UsePAM no/' /etc/ssh/sshd_config +sed -i 's/^[#]*UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' /etc/ssh/sshd_config +sed -i 's/^[#]*PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config +sed -i 's/^[#]*LogLevel INFO/LogLevel VERBOSE/' /etc/ssh/sshd_config echo "UseDNS no" >> /etc/ssh/sshd_config -# permit password login -sed 's/#PasswordAuthentication yes/PasswordAuthentication no/' -i /etc/ssh/sshd_config - -# configure verbose logging for sshd -sed 's/LogLevel INFO/LogLevel VERBOSE/' -i /etc/ssh/sshd_config - # move supervisord.log file to ${GITLAB_LOG_DIR}/supervisor/ -sed 's|^logfile=.*|logfile='"${GITLAB_LOG_DIR}"'/supervisor/supervisord.log ;|' -i /etc/supervisor/supervisord.conf +sed -i 's|^[#]*logfile=.*|logfile='"${GITLAB_LOG_DIR}"'/supervisor/supervisord.log ;|' /etc/supervisor/supervisord.conf # move nginx logs to ${GITLAB_LOG_DIR}/nginx -sed 's|access_log /var/log/nginx/access.log;|access_log '"${GITLAB_LOG_DIR}"'/nginx/access.log;|' -i /etc/nginx/nginx.conf -sed 's|error_log /var/log/nginx/error.log;|error_log '"${GITLAB_LOG_DIR}"'/nginx/error.log;|' -i /etc/nginx/nginx.conf +sed -i 's|access_log /var/log/nginx/access.log;|access_log '"${GITLAB_LOG_DIR}"'/nginx/access.log;|' /etc/nginx/nginx.conf +sed -i 's|error_log /var/log/nginx/error.log;|error_log '"${GITLAB_LOG_DIR}"'/nginx/error.log;|' /etc/nginx/nginx.conf # configure supervisord log rotation cat > /etc/logrotate.d/supervisord </dev/null 2>&1 + do + timeout=$(expr $timeout - 1) + if [[ $timeout -eq 0 ]]; then + echo + echo "Could not connect to database server. Aborting..." + return 1 + fi + echo -n "." + sleep 1 + done + echo +} + +gitlab_configure_database() { + echo -n "Configuring gitlab::database" + + gitlab_finalize_database_parameters + gitlab_check_database_connection + + exec_as_git sed -i 's/{{DB_HOST}}/'"${DB_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_PORT}}/'"${DB_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_NAME}}/'"${DB_NAME}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_USER}}/'"${DB_USER}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_PASS}}/'"${DB_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_POOL}}/'"${DB_POOL}"'/' ${GITLAB_INSTALL_DIR}/config/database.yml + case ${DB_TYPE} in + postgres) + exec_as_git sed -i 's/{{DB_ADAPTER}}/postgresql/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_ENCODING}}/unicode/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i '/reconnect: /d' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i '/collation: /d' ${GITLAB_INSTALL_DIR}/config/database.yml + ;; + mysql) + exec_as_git sed -i 's/{{DB_ADAPTER}}/mysql2/' ${GITLAB_INSTALL_DIR}/config/database.yml + exec_as_git sed -i 's/{{DB_ENCODING}}/utf8/' ${GITLAB_INSTALL_DIR}/config/database.yml + ;; + esac +} + +gitlab_finalize_redis_parameters() { + # is a redis container linked? + if [[ -n ${REDISIO_PORT_6379_TCP_ADDR} ]]; then + REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}} + REDIS_PORT=${REDIS_PORT:-${REDISIO_PORT_6379_TCP_PORT}} + fi + + # set default redis port if not specified + REDIS_PORT=${REDIS_PORT:-6379} + + if [[ -z ${REDIS_HOST} ]]; then + echo + echo "ERROR: " + echo " Please configure the redis connection." + echo " Refer http://git.io/PMnRSw for more information." + echo " Cannot continue without a redis connection. Aborting..." + echo + return 1 + fi +} + +gitlab_check_redis_connection() { + timeout=60 + while ! redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} ping >/dev/null 2>&1 + do + timeout=$(expr $timeout - 1) + if [[ $timeout -eq 0 ]]; then + echo "" + echo "Could not connect to redis server. Aborting..." + return 1 + fi + echo -n "." + sleep 1 + done + echo +} + +gitlab_configure_redis() { + echo -n "Configuring gitlab::redis" + + gitlab_finalize_redis_parameters + gitlab_check_redis_connection + + exec_as_git sed -i 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/g' ${GITLAB_INSTALL_DIR}/config/resque.yml + exec_as_git sed -i 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/g' ${GITLAB_INSTALL_DIR}/config/resque.yml +} + +gitlab_configure_unicorn() { + echo "Configuring gitlab::unicorn..." + if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then + exec_as_git sed -i 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' ${GITLAB_INSTALL_DIR}/config/unicorn.rb + else + exec_as_git sed -i '/{{GITLAB_RELATIVE_URL_ROOT}}/d' ${GITLAB_INSTALL_DIR}/config/unicorn.rb + fi + + # configure workers + exec_as_git sed -i 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/unicorn.rb + exec_as_git sed -i 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' ${GITLAB_INSTALL_DIR}/config/unicorn.rb + + # configure timeout + exec_as_git sed -i 's/{{UNICORN_TIMEOUT}}/'"${UNICORN_TIMEOUT}"'/' ${GITLAB_INSTALL_DIR}/config/unicorn.rb +} + +gitlab_configure_mail_delivery() { + if [[ ${SMTP_ENABLED} == true ]]; then + echo "Configuring gitlab::smtp_settings..." + + if [[ -n ${SMTP_USER} ]]; then + exec_as_git sed -i 's/{{SMTP_USER}}/'"${SMTP_USER}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + if [[ -n ${SMTP_PASS} ]]; then + exec_as_git sed -i 's/{{SMTP_PASS}}/'"${SMTP_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + else + exec_as_git sed -i '/{{SMTP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + fi + else + exec_as_git sed -i '/{{SMTP_USER}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i '/{{SMTP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + fi + + exec_as_git sed -i 's/{{SMTP_HOST}}/'"${SMTP_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i 's/{{SMTP_PORT}}/'"${SMTP_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i 's/{{SMTP_DOMAIN}}/'"${SMTP_DOMAIN}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i 's/{{SMTP_STARTTLS}}/'"${SMTP_STARTTLS}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i 's/{{SMTP_TLS}}/'"${SMTP_TLS}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i 's/{{SMTP_OPENSSL_VERIFY_MODE}}/'"${SMTP_OPENSSL_VERIFY_MODE}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + + case ${SMTP_AUTHENTICATION} in + "") exec_as_git sed -i '/{{SMTP_AUTHENTICATION}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb ;; + *) exec_as_git sed -i 's/{{SMTP_AUTHENTICATION}}/'"${SMTP_AUTHENTICATION}"'/' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb ;; + esac + + if [[ ${SMTP_CA_ENABLED} == true ]]; then + if [[ -d ${SMTP_CA_PATH} ]]; then + exec_as_git sed -i 's,{{SMTP_CA_PATH}},'"${SMTP_CA_PATH}"',' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + fi + if [[ -f ${SMTP_CA_FILE} ]]; then + exec_as_git sed -i 's,{{SMTP_CA_FILE}},'"${SMTP_CA_FILE}"',' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + fi + else + exec_as_git sed -i '/{{SMTP_CA_PATH}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + exec_as_git sed -i '/{{SMTP_CA_FILE}}/d' ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + fi + fi + + exec_as_git sed -i 's/{{GITLAB_EMAIL_ENABLED}}/'"${GITLAB_EMAIL_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_EMAIL}}/'"${GITLAB_EMAIL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_EMAIL_DISPLAY_NAME}}/'"${GITLAB_EMAIL_DISPLAY_NAME}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_EMAIL_REPLY_TO}}/'"${GITLAB_EMAIL_REPLY_TO}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml +} + +gitlab_configure_mailroom() { + if [[ ${IMAP_ENABLED} == true ]]; then + echo "Configuring gitlab::incoming_email..." + exec_as_git sed -i 's/{{GITLAB_INCOMING_EMAIL_ADDRESS}}/'"${GITLAB_INCOMING_EMAIL_ADDRESS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + + if [[ -n ${IMAP_USER} ]]; then + exec_as_git sed -i 's/{{IMAP_USER}}/'"${IMAP_USER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + if [[ -n ${IMAP_PASS} ]]; then + exec_as_git sed -i 's/{{IMAP_PASS}}/'"${IMAP_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i '/{{IMAP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi + else + exec_as_git sed -i '/{{IMAP_USER}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi + + exec_as_git sed -i 's/{{IMAP_HOST}}/'"${IMAP_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{IMAP_PORT}}/'"${IMAP_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{IMAP_SSL}}/'"${IMAP_SSL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{IMAP_STARTTLS}}/'"${IMAP_STARTTLS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{IMAP_MAILBOX}}/'"${IMAP_MAILBOX}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i '/{{IMAP_USER}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_PASS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_HOST}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_PORT}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_SSL}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_STARTTLS}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i '/{{IMAP_MAILBOX}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi + exec_as_git sed -i 's/{{GITLAB_INCOMING_EMAIL_ENABLED}}/'"${GITLAB_INCOMING_EMAIL_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + + # enable/disable startup of mailroom + echo "mail_room_enabled=${GITLAB_INCOMING_EMAIL_ENABLED}" >> /etc/default/gitlab + sed -i 's/{{GITLAB_INCOMING_EMAIL_ENABLED}}/'"${GITLAB_INCOMING_EMAIL_ENABLED}"'/' /etc/supervisor/conf.d/mail_room.conf +} + +gitlab_configure_ldap() { + echo "Configuring gitlab::ldap..." + exec_as_git sed -i 's/{{LDAP_ENABLED}}/'"${LDAP_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_HOST}}/'"${LDAP_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_PORT}}/'"${LDAP_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_UID}}/'"${LDAP_UID}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_METHOD}}/'"${LDAP_METHOD}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_BIND_DN}}/'"${LDAP_BIND_DN}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_PASS}}/'"${LDAP_PASS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_ACTIVE_DIRECTORY}}/'"${LDAP_ACTIVE_DIRECTORY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}/'"${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_BLOCK_AUTO_CREATED_USERS}}/'"${LDAP_BLOCK_AUTO_CREATED_USERS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_BASE}}/'"${LDAP_BASE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_USER_FILTER}}/'"${LDAP_USER_FILTER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{LDAP_LABEL}}/'"${LDAP_LABEL}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml +} + +gitlab_configure_oauth_google() { + if [[ -n ${OAUTH_GOOGLE_API_KEY} && -n ${OAUTH_GOOGLE_APP_SECRET} ]]; then + echo "Configuring gitlab::oauth::google..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's/{{OAUTH_GOOGLE_API_KEY}}/'"${OAUTH_GOOGLE_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GOOGLE_APP_SECRET}}/'"${OAUTH_GOOGLE_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/'"${OAUTH_GOOGLE_RESTRICT_DOMAIN}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}//' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'google_oauth2'/,/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_facebook() { + if [[ -n ${OAUTH_FACEBOOK_API_KEY} && -n ${OAUTH_FACEBOOK_APP_SECRET} ]]; then + echo "Configuring gitlab::oauth::facebook..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's/{{OAUTH_FACEBOOK_API_KEY}}/'"${OAUTH_FACEBOOK_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_FACEBOOK_APP_SECRET}}/'"${OAUTH_FACEBOOK_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'facebook'/,/{{OAUTH_FACEBOOK_APP_SECRET}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_twitter() { + if [[ -n ${OAUTH_TWITTER_API_KEY} && -n ${OAUTH_TWITTER_APP_SECRET} ]]; then + echo "Configuring gitlab::oauth::twitter..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's/{{OAUTH_TWITTER_API_KEY}}/'"${OAUTH_TWITTER_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_TWITTER_APP_SECRET}}/'"${OAUTH_TWITTER_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'twitter'/,/{{OAUTH_TWITTER_APP_SECRET}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_github() { + if [[ -n ${OAUTH_GITHUB_API_KEY} && -n ${OAUTH_GITHUB_APP_SECRET} ]]; then + echo "Configuring gitlab::oauth::github..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's/{{OAUTH_GITHUB_API_KEY}}/'"${OAUTH_GITHUB_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GITHUB_APP_SECRET}}/'"${OAUTH_GITHUB_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GITHUB_SCOPE}}/user:email/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'github'/,/{{OAUTH_GITHUB_SCOPE}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_gitlab() { + if [[ -n ${OAUTH_GITLAB_API_KEY} && -n ${OAUTH_GITLAB_APP_SECRET} ]]; then + echo "Configuring gitlab::oauth::gitlab..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's/{{OAUTH_GITLAB_API_KEY}}/'"${OAUTH_GITLAB_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GITLAB_APP_SECRET}}/'"${OAUTH_GITLAB_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_GITLAB_SCOPE}}/api/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'gitlab'/,/{{OAUTH_GITLAB_SCOPE}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_bitbucket() { + if [[ -n ${OAUTH_BITBUCKET_API_KEY} && -n ${OAUTH_BITBUCKET_APP_SECRET} ]]; then + echo "Configuring gitlab::oauth::bitbucket..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's/{{OAUTH_BITBUCKET_API_KEY}}/'"${OAUTH_BITBUCKET_API_KEY}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_BITBUCKET_APP_SECRET}}/'"${OAUTH_BITBUCKET_APP_SECRET}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'bitbucket'/,/{{OAUTH_BITBUCKET_APP_SECRET}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_saml() { + if [[ -n ${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL} && \ + -n ${OAUTH_SAML_IDP_CERT_FINGERPRINT} && \ + -n ${OAUTH_SAML_IDP_SSO_TARGET_URL} && \ + -n ${OAUTH_SAML_ISSUER} && \ + -n ${OAUTH_SAML_NAME_IDENTIFIER_FORMAT} ]]; then + echo "Configuring gitlab::oauth::saml..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's,{{OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}},'"${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_SAML_IDP_CERT_FINGERPRINT}}/'"${OAUTH_SAML_IDP_CERT_FINGERPRINT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's,{{OAUTH_SAML_IDP_SSO_TARGET_URL}},'"${OAUTH_SAML_IDP_SSO_TARGET_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's,{{OAUTH_SAML_ISSUER}},'"${OAUTH_SAML_ISSUER}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}/'"${OAUTH_SAML_NAME_IDENTIFIER_FORMAT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'saml'/,/{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth_crowd() { + if [[ -n ${OAUTH_CROWD_SERVER_URL} && \ + -n ${OAUTH_CROWD_APP_NAME} && \ + -n ${OAUTH_CROWD_APP_PASSWORD} ]]; then + echo "Configuring gitlab::oauth::crowd..." + OAUTH_ENABLED=${OAUTH_ENABLED:-true} + exec_as_git sed -i 's,{{OAUTH_CROWD_SERVER_URL}},'"${OAUTH_CROWD_SERVER_URL}"',' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_CROWD_APP_NAME}}/'"${OAUTH_CROWD_APP_NAME}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_CROWD_APP_PASSWORD}}/'"${OAUTH_CROWD_APP_PASSWORD}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + else + exec_as_git sed -i "/name: 'crowd'/,/{{OAUTH_CROWD_APP_PASSWORD}}/d" ${GITLAB_INSTALL_DIR}/config/gitlab.yml + fi +} + +gitlab_configure_oauth() { + echo "Configuring gitlab::oauth..." + + gitlab_configure_oauth_google + gitlab_configure_oauth_facebook + gitlab_configure_oauth_twitter + gitlab_configure_oauth_github + gitlab_configure_oauth_gitlab + gitlab_configure_oauth_bitbucket + gitlab_configure_oauth_saml + gitlab_configure_oauth_crowd + + OAUTH_ENABLED=${OAUTH_ENABLED:-false} + exec_as_git sed -i 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + + exec_as_git sed -i 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{OAUTH_AUTO_LINK_LDAP_USER}}/'"${OAUTH_AUTO_LINK_LDAP_USER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + + case ${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER} in + google_oauth2|facebook|twitter|github|gitlab|bitbucket|saml|crowd) + exec_as_git sed -i 's/{{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}/'"${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + ;; + *) + exec_as_git sed -i '/{{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}/d' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + ;; + esac +} + +gitlab_configure_secrets() { + echo "Configuring gitlab::secrets..." + if [[ -z $GITLAB_SECRETS_DB_KEY_BASE ]]; then + echo "ERROR: " + echo " Please configure the GITLAB_SECRETS_DB_KEY_BASE parameter." + echo " Cannot continue. Aborting..." + return 1 + fi + + exec_as_git sed -i 's/{{GITLAB_SECRETS_DB_KEY_BASE}}/'"${GITLAB_SECRETS_DB_KEY_BASE}"'/' ${GITLAB_INSTALL_DIR}/config/secrets.yml +} + +gitlab_configure_sidekiq() { + echo "Configuring gitlab::sidekiq..." + # configure sidekiq concurrency + sed -i 's/{{SIDEKIQ_CONCURRENCY}}/'"${SIDEKIQ_CONCURRENCY}"'/' /etc/supervisor/conf.d/sidekiq.conf + + # configure sidekiq shutdown timeout + sed -i 's/{{SIDEKIQ_SHUTDOWN_TIMEOUT}}/'"${SIDEKIQ_SHUTDOWN_TIMEOUT}"'/' /etc/supervisor/conf.d/sidekiq.conf + + # enable SidekiqMemoryKiller + ## The MemoryKiller is enabled by gitlab if the `SIDEKIQ_MEMORY_KILLER_MAX_RSS` is + ## defined in the programs environment and has a non-zero value. + ## + ## Simply exporting the variable makes it available in the programs environment and + ## therefore should enable the MemoryKiller. + ## + ## Every other MemoryKiller option specified in the docker env will automatically + ## be exported, so why bother + export SIDEKIQ_MEMORY_KILLER_MAX_RSS +} + +gitlab_configure_backups_cron() { + case ${GITLAB_BACKUPS} in + daily|weekly|monthly) + echo "Configuring gitlab::backups::cron..." + read hour min <<< ${GITLAB_BACKUP_TIME//[:]/ } + day_of_month=* + month=* + day_of_week=* + case ${GITLAB_BACKUPS} in + daily) ;; + weekly) day_of_week=0 ;; + monthly) day_of_month=01 ;; + esac + exec_as_git cat >> /tmp/cron.${GITLAB_USER} </dev/null + fi +} + +initialize_logdir() { + echo "Initializing logdir..." + mkdir -p ${GITLAB_LOG_DIR}/supervisor + chmod -R 0755 ${GITLAB_LOG_DIR}/supervisor + chown -R root:root ${GITLAB_LOG_DIR}/supervisor + + mkdir -p ${GITLAB_LOG_DIR}/nginx + chmod -R 0755 ${GITLAB_LOG_DIR}/nginx + chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/nginx + + mkdir -p ${GITLAB_LOG_DIR}/gitlab + chmod -R 0755 ${GITLAB_LOG_DIR}/gitlab + chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/gitlab + + mkdir -p ${GITLAB_LOG_DIR}/gitlab-shell + chmod -R 0755 ${GITLAB_LOG_DIR}/gitlab-shell + chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/gitlab-shell +} + +initialize_datadir() { + echo "Initializing datadir..." + chmod 755 ${GITLAB_DATA_DIR} + chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR} + + # create the ssh directory for server keys + mkdir -p ${GITLAB_DATA_DIR}/ssh + chown -R root:root ${GITLAB_DATA_DIR}/ssh + + # create the repositories directory and make sure it has the right permissions + mkdir -p ${GITLAB_REPOS_DIR} + chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_REPOS_DIR} + chmod ug+rwX,o-rwx ${GITLAB_REPOS_DIR} + exec_as_git chmod g+s ${GITLAB_REPOS_DIR} + + # create build traces directory + mkdir -p ${GITLAB_BUILDS_DIR} + chmod u+rwX ${GITLAB_BUILDS_DIR} + chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BUILDS_DIR} + + # gitlab:backup:create does not respect the builds_path configuration, so we + # symlink ${GITLAB_INSTALL_DIR}/builds -> ${GITLAB_BUILDS_DIR} + rm -rf ${GITLAB_INSTALL_DIR}/builds + ln -sf ${GITLAB_BUILDS_DIR} ${GITLAB_INSTALL_DIR}/builds + + # create the backups directory + mkdir -p ${GITLAB_BACKUP_DIR} + chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BACKUP_DIR} + + # create the uploads directory + mkdir -p ${GITLAB_DATA_DIR}/uploads + chmod 0750 ${GITLAB_DATA_DIR}/uploads + chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/uploads + + # create the .ssh directory + mkdir -p ${GITLAB_DATA_DIR}/.ssh + touch ${GITLAB_DATA_DIR}/.ssh/authorized_keys + chmod 700 ${GITLAB_DATA_DIR}/.ssh + chmod 600 ${GITLAB_DATA_DIR}/.ssh/authorized_keys + chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/.ssh + + # if relative_url is used the assets are compiled at runtime and placed in the + # data volume for persistence. We set up symbolic links here to achieve this. + if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then + # symlink ${GITLAB_INSTALL_DIR}/tmp/cache -> ${GITLAB_DATA_DIR}/tmp/cache + rm -rf ${GITLAB_INSTALL_DIR}/tmp/cache + exec_as_git ln -s ${GITLAB_DATA_DIR}/tmp/cache ${GITLAB_INSTALL_DIR}/tmp/cache + + # symlink ${GITLAB_INSTALL_DIR}/public/assets -> ${GITLAB_DATA_DIR}/tmp/public/assets + rm -rf ${GITLAB_INSTALL_DIR}/public/assets + exec_as_git ln -s ${GITLAB_DATA_DIR}/tmp/public/assets ${GITLAB_INSTALL_DIR}/public/assets + fi +} + +sanitize_datadir() { + echo "Sanitizing datadir. Please be patient..." + chmod -R ug+rwX,o-rwx ${GITLAB_REPOS_DIR}/ + chmod -R ug-s ${GITLAB_REPOS_DIR}/ + find ${GITLAB_REPOS_DIR}/ -type d -print0 | xargs -0 chmod g+s + chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_REPOS_DIR} + + exec_as_git mkdir -p ${GITLAB_BUILDS_DIR} + chmod -R u+rwX ${GITLAB_BUILDS_DIR} + chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BUILDS_DIR} + + find ${GITLAB_DATA_DIR}/uploads -type f -exec chmod 0644 {} \; + find ${GITLAB_DATA_DIR}/uploads -type d -not -path ${GITLAB_DATA_DIR}/uploads -exec chmod 0755 {} \; + chmod 0750 ${GITLAB_DATA_DIR}/uploads/ + chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/uploads/ + + echo "Creating gitlab-shell hooks..." + exec_as_git ${GITLAB_SHELL_INSTALL_DIR}/bin/create-hooks +} + +generate_ssh_server_keys() { + if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then + # generate server keys and move them to ${GITLAB_DATA_DIR}/ssh/ for persistence + echo "Generating SSH server keys..." + DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server + mv /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub ${GITLAB_DATA_DIR}/ssh/ + fi + # configure sshd to pick up the host keys from ${GITLAB_DATA_DIR}/ssh/ + sed -i 's,HostKey /etc/ssh/,HostKey '"${GITLAB_DATA_DIR}"'/ssh/,g' /etc/ssh/sshd_config + + # ensure ssh server keys have the correct permissions + chmod 0600 ${GITLAB_DATA_DIR}/ssh/*_key + chmod 0644 ${GITLAB_DATA_DIR}/ssh/*.pub +} + +initialize_system() { + map_uidgid + initialize_logdir + initialize_datadir + update_ca_certificates + generate_ssh_server_keys + install_configuration_templates + rm -rf /var/run/supervisor.sock +} + +install_configuration_templates() { + echo "Installing configuration templates..." + install_template ${GITLAB_USER} gitlabhq/gitlab.yml ${GITLAB_INSTALL_DIR}/config/gitlab.yml + install_template ${GITLAB_USER} gitlabhq/database.yml ${GITLAB_INSTALL_DIR}/config/database.yml + install_template ${GITLAB_USER} gitlabhq/unicorn.rb ${GITLAB_INSTALL_DIR}/config/unicorn.rb + install_template ${GITLAB_USER} gitlabhq/resque.yml ${GITLAB_INSTALL_DIR}/config/resque.yml + install_template ${GITLAB_USER} gitlabhq/secrets.yml ${GITLAB_INSTALL_DIR}/config/secrets.yml + install_template ${GITLAB_USER} gitlabhq/rack_attack.rb ${GITLAB_INSTALL_DIR}/config/initializers/rack_attack.rb + install_template ${GITLAB_USER} gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml + + if [[ ${SMTP_ENABLED} == true ]]; then + install_template ${GITLAB_USER} gitlabhq/smtp_settings.rb ${GITLAB_INSTALL_DIR}/config/initializers/smtp_settings.rb + fi + + # custom user specified robots.txt + if [[ -f ${GITLAB_ROBOTS_PATH} ]]; then + exec_as_git ${GITLAB_ROBOTS_PATH} ${GITLAB_INSTALL_DIR}/public/robots.txt + fi + + ## /etc/nginx/sites-enabled/gitlab + if [[ ${GITLAB_HTTPS} == true ]]; then + if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then + install_template root nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab + else + echo "SSL keys and certificates were not found." + echo "Assuming that the container is running behind a HTTPS enabled load balancer." + install_template root nginx/gitlab /etc/nginx/sites-enabled/gitlab + fi + else + install_template root nginx/gitlab /etc/nginx/sites-enabled/gitlab + fi + + if [[ -n $GITLAB_CI_HOST ]]; then + install_template root nginx/gitlab_ci /etc/nginx/sites-enabled/gitlab_ci + fi +} + +configure_gitlab() { + echo "Configuring gitlab..." + exec_as_git sed -i 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',g' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + + exec_as_git sed -i 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_HTTPS}}/'"${GITLAB_HTTPS}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_MAX_SIZE}}/'"${GITLAB_MAX_SIZE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_SSH_HOST}}/'"${GITLAB_SSH_HOST}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_SSH_PORT}}/'"${GITLAB_SSH_PORT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_TIMEZONE}}/'"${GITLAB_TIMEZONE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_USERNAME_CHANGE}}/'"${GITLAB_USERNAME_CHANGE}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_CREATE_GROUP}}/'"${GITLAB_CREATE_GROUP}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + exec_as_git sed -i 's/{{GITLAB_TIMEOUT}}/'"${GITLAB_TIMEOUT}"'/' ${GITLAB_INSTALL_DIR}/config/gitlab.yml + + gitlab_configure_database + gitlab_configure_redis + gitlab_configure_secrets + gitlab_configure_sidekiq + gitlab_configure_unicorn + gitlab_configure_ci + gitlab_configure_project_features + gitlab_configure_mail_delivery + gitlab_configure_mailroom + gitlab_configure_oauth + gitlab_configure_ldap + gitlab_configure_gravatar + gitlab_configure_analytics + gitlab_configure_backups +} + +configure_gitlab_shell() { + echo "Configuring gitlab-shell..." + exec_as_git sed -i 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's,{{GITLAB_HOME}},'"${GITLAB_HOME}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's/{{SSL_SELF_SIGNED}}/'"${SSL_SELF_SIGNED}"'/' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + + exec_as_git sed -i 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/' ${GITLAB_SHELL_INSTALL_DIR}/config.yml + exec_as_git sed -i 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/' ${GITLAB_SHELL_INSTALL_DIR}/config.yml +} + +configure_gitlab_git_http_server() { + echo "Configuring gitlab-git-http-server..." + sed -i 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',' /etc/supervisor/conf.d/gitlab-git-http-server.conf +} + +configure_nginx() { + echo "Configuring nginx..." + sed -i 's/worker_processes .*/worker_processes '"${NGINX_WORKERS}"';/' /etc/nginx/nginx.conf + nginx_configure_gitlab + nginx_configure_gitlab_ci +} + +migrate_database() { + # run the `gitlab:setup` rake task if required + case ${DB_TYPE} in + mysql) + QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = '${DB_NAME}';" + COUNT=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} -ss -e "${QUERY}") + ;; + postgres) + QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = 'public';" + COUNT=$(PGPASSWORD="${DB_PASS}" psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -Atw -c "${QUERY}") + ;; + esac + if [[ -z ${COUNT} || ${COUNT} -eq 0 ]]; then + echo "Setting up GitLab for firstrun. Please be patient, this could take a while..." + exec_as_git force=yes bundle exec rake gitlab:setup ${GITLAB_ROOT_PASSWORD:+GITLAB_ROOT_PASSWORD=$GITLAB_ROOT_PASSWORD} >/dev/null + fi + + # migrate database and compile the assets if the gitlab version or relative_url has changed. + CACHE_VERSION= + [[ -f ${GITLAB_DATA_DIR}/tmp/VERSION ]] && CACHE_VERSION=$(cat ${GITLAB_DATA_DIR}/tmp/VERSION) + [[ -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT ]] && CACHE_GITLAB_RELATIVE_URL_ROOT=$(cat ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT) + if [[ ${GITLAB_VERSION} != ${CACHE_VERSION} || ${GITLAB_RELATIVE_URL_ROOT} != ${CACHE_GITLAB_RELATIVE_URL_ROOT} ]]; then + echo "Migrating database..." + exec_as_git bundle exec rake db:migrate >/dev/null + + # recreate the tmp directory + rm -rf ${GITLAB_DATA_DIR}/tmp + exec_as_git mkdir -p ${GITLAB_DATA_DIR}/tmp/ + + # assets need to be recompiled when GITLAB_RELATIVE_URL_ROOT is used + if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then + # create the tmp/cache and tmp/public/assets directory + exec_as_git mkdir -p ${GITLAB_DATA_DIR}/tmp/cache/ + exec_as_git mkdir -p ${GITLAB_DATA_DIR}/tmp/public/assets/ + + echo "GITLAB_RELATIVE_URL_ROOT in use, recompiling assets, this could take a while..." + exec_as_git bundle exec rake assets:clean assets:precompile cache:clear >/dev/null 2>&1 + else + # clear the cache + exec_as_git bundle exec rake cache:clear >/dev/null 2>&1 + fi + + # update VERSION information + exec_as_git echo "${GITLAB_VERSION}" > ${GITLAB_DATA_DIR}/tmp/VERSION + exec_as_git echo "${GITLAB_RELATIVE_URL_ROOT}" > ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT + fi +} + +execute_raketask() { + if [[ -z ${1} ]]; then + echo "Please specify the rake task to execute. See https://github.com/gitlabhq/gitlabhq/tree/master/doc/raketasks" + return 1 + fi + + if [[ ${1} == gitlab:backup:restore ]]; then + interactive=true + for arg in $@ + do + if [[ $arg == BACKUP=* ]]; then + interactive=false + break + fi + done + + # user needs to select the backup to restore + if [[ $interactive == true ]]; then + nBackups=$(ls ${GITLAB_BACKUP_DIR}/*_gitlab_backup.tar | wc -l) + if [[ $nBackups -eq 0 ]]; then + echo "No backup present. Cannot continue restore process.". + return 1 + fi + + echo + for b in $(ls ${GITLAB_BACKUP_DIR} | grep gitlab_backup | sort -r) + do + echo "‣ $b" + done + echo + + read -p "Select a backup to restore: " file + if [[ ! -f ${GITLAB_BACKUP_DIR}/${file} ]]; then + echo "Specified backup does not exist. Aborting..." + return 1 + fi + BACKUP=$(echo $file | cut -d'_' -f1) + fi + elif [[ ${1} == gitlab:import:repos ]]; then + # sanitize the datadir to avoid permission issues + sanitize_datadir + fi + echo "Running raketask ${1}..." + exec_as_git bundle exec rake $@ ${BACKUP:+BACKUP=$BACKUP} +} diff --git a/entrypoint.sh b/entrypoint.sh index 094d54a7..3c497dab 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,1109 +1,46 @@ #!/bin/bash set -e +source ${GITLAB_RUNTIME_DIR}/functions -[[ -n $DEBUG_ENTRYPOINT ]] && set -x - -SYSCONF_TEMPLATES_DIR="${SETUP_DIR}/config" -USERCONF_TEMPLATES_DIR="${GITLAB_DATA_DIR}/config" - -GITLAB_BACKUP_DIR="${GITLAB_BACKUP_DIR:-$GITLAB_DATA_DIR/backups}" -GITLAB_REPOS_DIR="${GITLAB_REPOS_DIR:-$GITLAB_DATA_DIR/repositories}" -GITLAB_BUILDS_DIR="${GITLAB_BUILDS_DIR:-$GITLAB_DATA_DIR/builds}" -GITLAB_HOST=${GITLAB_HOST:-localhost} -GITLAB_CI_HOST=${GITLAB_CI_HOST:-} -GITLAB_PORT=${GITLAB_PORT:-} -GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST} -GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility -GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22} -GITLAB_HTTPS=${GITLAB_HTTPS:-false} -GITLAB_TIMEZONE=${GITLAB_TIMEZONE:-UTC} -GITLAB_USERNAME_CHANGE=${GITLAB_USERNAME_CHANGE:-true} -GITLAB_CREATE_GROUP=${GITLAB_CREATE_GROUP:-true} -GITLAB_PROJECTS_ISSUES=${GITLAB_PROJECTS_ISSUES:-true} -GITLAB_PROJECTS_MERGE_REQUESTS=${GITLAB_PROJECTS_MERGE_REQUESTS:-true} -GITLAB_PROJECTS_WIKI=${GITLAB_PROJECTS_WIKI:-true} -GITLAB_PROJECTS_SNIPPETS=${GITLAB_PROJECTS_SNIPPETS:-false} -GITLAB_RELATIVE_URL_ROOT=${GITLAB_RELATIVE_URL_ROOT:-} -GITLAB_WEBHOOK_TIMEOUT=${GITLAB_WEBHOOK_TIMEOUT:-10} -GITLAB_TIMEOUT=${GITLAB_TIMEOUT:-10} - -GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE:-} -GITLAB_NOTIFY_ON_BROKEN_BUILDS=${GITLAB_NOTIFY_ON_BROKEN_BUILDS:-true} -GITLAB_NOTIFY_PUSHER=${GITLAB_NOTIFY_PUSHER:-false} - -SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false} -SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt} -SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key} -SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem} -SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off} - -CA_CERTIFICATES_PATH=${CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt} - -GITLAB_BACKUPS=${GITLAB_BACKUPS:-disable} -GITLAB_BACKUP_TIME=${GITLAB_BACKUP_TIME:-04:00} -GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-} -GITLAB_BACKUP_ARCHIVE_PERMISSIONS=${GITLAB_BACKUP_ARCHIVE_PERMISSIONS:-0600} - -AWS_BACKUPS=${AWS_BACKUPS:-false} -AWS_BACKUP_REGION=${AWS_BACKUP_REGION} -AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID} -AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY} -AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET} - -NGINX_WORKERS=${NGINX_WORKERS:-1} -NGINX_ACCEL_BUFFERING=${NGINX_ACCEL_BUFFERING:-no} -NGINX_PROXY_BUFFERING=${NGINX_PROXY_BUFFERING:-off} -NGINX_MAX_UPLOAD_SIZE=${NGINX_MAX_UPLOAD_SIZE:-20m} -GITLAB_MAX_SIZE=$(echo $NGINX_MAX_UPLOAD_SIZE |sed -e "s/^ *\([0-9]*\)[mMkKgG] *$/\1/g" ) -case "$NGINX_MAX_UPLOAD_SIZE" in - *[kK] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1024));; - *[mM] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1048576));; - *[gG] ) GITLAB_MAX_SIZE=$(($GITLAB_MAX_SIZE * 1073741824));; -esac - -REDIS_HOST=${REDIS_HOST:-} -REDIS_PORT=${REDIS_PORT:-} - -UNICORN_WORKERS=${UNICORN_WORKERS:-3} -UNICORN_TIMEOUT=${UNICORN_TIMEOUT:-60} - -SIDEKIQ_SHUTDOWN_TIMEOUT=${SIDEKIQ_SHUTDOWN_TIMEOUT:-4} -SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-25} -SIDEKIQ_MEMORY_KILLER_MAX_RSS=${SIDEKIQ_MEMORY_KILLER_MAX_RSS:-1000000} - -DB_TYPE=${DB_TYPE:-} -DB_HOST=${DB_HOST:-} -DB_PORT=${DB_PORT:-} -DB_NAME=${DB_NAME:-} -DB_USER=${DB_USER:-} -DB_PASS=${DB_PASS:-} -DB_POOL=${DB_POOL:-10} - -SMTP_DOMAIN=${SMTP_DOMAIN:-www.gmail.com} -SMTP_HOST=${SMTP_HOST:-smtp.gmail.com} -SMTP_PORT=${SMTP_PORT:-587} -SMTP_USER=${SMTP_USER:-} -SMTP_PASS=${SMTP_PASS:-} -SMTP_OPENSSL_VERIFY_MODE=${SMTP_OPENSSL_VERIFY_MODE:-none} -SMTP_STARTTLS=${SMTP_STARTTLS:-true} -SMTP_TLS=${SMTP_TLS:-false} -SMTP_CA_ENABLED=${SMTP_CA_ENABLED:-false} -SMTP_CA_PATH=${SMTP_CA_PATH:-$GITLAB_DATA_DIR/certs} -SMTP_CA_FILE=${SMTP_CA_FILE:-$GITLAB_DATA_DIR/certs/ca.crt} -if [[ -n ${SMTP_USER} ]]; then - SMTP_ENABLED=${SMTP_ENABLED:-true} - SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION:-login} -fi -SMTP_ENABLED=${SMTP_ENABLED:-false} -GITLAB_EMAIL_ENABLED=${GITLAB_EMAIL_ENABLED:-${SMTP_ENABLED}} -GITLAB_EMAIL=${GITLAB_EMAIL:-${SMTP_USER}} -GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-${GITLAB_EMAIL}} -GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com} -GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-noreply@example.com} -GITLAB_EMAIL_DISPLAY_NAME=${GITLAB_EMAIL_DISPLAY_NAME:-GitLab} - -IMAP_HOST=${IMAP_HOST:-imap.gmail.com} -IMAP_PORT=${IMAP_PORT:-993} -IMAP_USER=${IMAP_USER:-} -IMAP_PASS=${IMAP_PASS:-} -IMAP_SSL=${IMAP_SSL:-true} -IMAP_STARTTLS=${IMAP_STARTTLS:-false} -IMAP_MAILBOX=${IMAP_MAILBOX:-inbox} -if [[ -n ${IMAP_USER} ]]; then - IMAP_ENABLED=${IMAP_ENABLED:-true} -fi -IMAP_ENABLED=${IMAP_ENABLED:-false} -GITLAB_INCOMING_EMAIL_ENABLED=${GITLAB_INCOMING_EMAIL_ENABLED:-${IMAP_ENABLED}} -GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-${IMAP_USER}} -GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-reply@example.com} -if ! grep -q '+%{key}@' <<< $GITLAB_INCOMING_EMAIL_ADDRESS; then - GITLAB_INCOMING_EMAIL_ADDRESS=$(sed 's/@/+%{key}@/' <<< $GITLAB_INCOMING_EMAIL_ADDRESS) -fi - -LDAP_ENABLED=${LDAP_ENABLED:-false} -LDAP_HOST=${LDAP_HOST:-} -LDAP_PORT=${LDAP_PORT:-389} -LDAP_UID=${LDAP_UID:-sAMAccountName} -LDAP_METHOD=${LDAP_METHOD:-plain} -LDAP_BIND_DN=${LDAP_BIND_DN:-} -LDAP_PASS=${LDAP_PASS:-} -LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true} -LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-} -LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false} -LDAP_BASE=${LDAP_BASE:-} -LDAP_USER_FILTER=${LDAP_USER_FILTER:-} -LDAP_LABEL=${LDAP_LABEL:-LDAP} - -GITLAB_HTTPS_HSTS_ENABLED=${GITLAB_HTTPS_HSTS_ENABLED:-true} -GITLAB_HTTPS_HSTS_MAXAGE=${GITLAB_HTTPS_HSTS_MAXAGE:-31536000} - -GITLAB_GRAVATAR_ENABLED=${GITLAB_GRAVATAR_ENABLED:-true} -GITLAB_GRAVATAR_HTTP_URL=${GITLAB_GRAVATAR_HTTP_URL:-} -GITLAB_GRAVATAR_HTTPS_URL=${GITLAB_GRAVATAR_HTTPS_URL:-} - -OAUTH_ENABLED=${OAUTH_ENABLED:-} -OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER:-} -OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-false} -OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true} -OAUTH_AUTO_LINK_LDAP_USER=${OAUTH_AUTO_LINK_LDAP_USER:-false} - -OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-} -OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-} - -OAUTH_FACEBOOK_API_KEY=${OAUTH_FACEBOOK_API_KEY:-} -OAUTH_FACEBOOK_APP_SECRET=${OAUTH_FACEBOOK_APP_SECRET:-} - -OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-} -OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-} - -OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-} -OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-} - -OAUTH_GITLAB_API_KEY=${OAUTH_GITLAB_API_KEY:-} -OAUTH_GITLAB_APP_SECRET=${OAUTH_GITLAB_APP_SECRET:-} - -OAUTH_BITBUCKET_API_KEY=${OAUTH_BITBUCKET_API_KEY:-} -OAUTH_BITBUCKET_APP_SECRET=${OAUTH_BITBUCKET_APP_SECRET:-} - -OAUTH_CROWD_SERVER_URL=${OAUTH_CROWD_SERVER_URL:-} -OAUTH_CROWD_APP_NAME=${OAUTH_CROWD_APP_NAME:-} -OAUTH_CROWD_APP_PASSWORD=${OAUTH_CROWD_APP_PASSWORD:-} - -case $GITLAB_HTTPS in - true) - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-https://${GITLAB_HOST}/users/auth/saml/callback} - OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-https://${GITLAB_HOST}} - ;; - false) - OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-http://${GITLAB_HOST}/users/auth/saml/callback} - OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-http://${GITLAB_HOST}} - ;; -esac -OAUTH_SAML_IDP_CERT_FINGERPRINT=${OAUTH_SAML_IDP_CERT_FINGERPRINT:-} -OAUTH_SAML_IDP_SSO_TARGET_URL=${OAUTH_SAML_IDP_SSO_TARGET_URL:-} -OAUTH_SAML_NAME_IDENTIFIER_FORMAT=${OAUTH_SAML_NAME_IDENTIFIER_FORMAT:-urn:oasis:names:tc:SAML:2.0:nameid-format:transient} - -GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-} - -PIWIK_URL=${PIWIK_URL:-} -PIWIK_SITE_ID=${PIWIK_SITE_ID:-} - -GITLAB_ROBOTS_PATH=${GITLAB_ROBOTS_PATH:-${USERCONF_TEMPLATES_DIR}/gitlabhq/robots.txt} - -# is a mysql or postgresql database linked? -# requires that the mysql or postgresql containers have exposed -# port 3306 and 5432 respectively. -if [[ -n ${MYSQL_PORT_3306_TCP_ADDR} ]]; then - DB_TYPE=${DB_TYPE:-mysql} - DB_HOST=${DB_HOST:-${MYSQL_PORT_3306_TCP_ADDR}} - DB_PORT=${DB_PORT:-${MYSQL_PORT_3306_TCP_PORT}} - - # support for linked sameersbn/mysql image - DB_USER=${DB_USER:-${MYSQL_ENV_DB_USER}} - DB_PASS=${DB_PASS:-${MYSQL_ENV_DB_PASS}} - DB_NAME=${DB_NAME:-${MYSQL_ENV_DB_NAME}} - - # support for linked orchardup/mysql and enturylink/mysql image - # also supports official mysql image - DB_USER=${DB_USER:-${MYSQL_ENV_MYSQL_USER}} - DB_PASS=${DB_PASS:-${MYSQL_ENV_MYSQL_PASSWORD}} - DB_NAME=${DB_NAME:-${MYSQL_ENV_MYSQL_DATABASE}} -elif [[ -n ${POSTGRESQL_PORT_5432_TCP_ADDR} ]]; then - DB_TYPE=${DB_TYPE:-postgres} - DB_HOST=${DB_HOST:-${POSTGRESQL_PORT_5432_TCP_ADDR}} - DB_PORT=${DB_PORT:-${POSTGRESQL_PORT_5432_TCP_PORT}} - - # support for linked official postgres image - DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRES_USER}} - DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRES_PASSWORD}} - DB_NAME=${DB_NAME:-${DB_USER}} - - # support for linked sameersbn/postgresql image - DB_USER=${DB_USER:-${POSTGRESQL_ENV_DB_USER}} - DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_DB_PASS}} - DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB_NAME}} - - # support for linked orchardup/postgresql image - DB_USER=${DB_USER:-${POSTGRESQL_ENV_POSTGRESQL_USER}} - DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_POSTGRESQL_PASS}} - DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_POSTGRESQL_DB}} - - # support for linked paintedfox/postgresql image - DB_USER=${DB_USER:-${POSTGRESQL_ENV_USER}} - DB_PASS=${DB_PASS:-${POSTGRESQL_ENV_PASS}} - DB_NAME=${DB_NAME:-${POSTGRESQL_ENV_DB}} -fi - -if [[ -z ${DB_HOST} ]]; then - echo "ERROR: " - echo " Please configure the database connection." - echo " Refer http://git.io/wkYhyA for more information." - echo " Cannot continue without a database. Aborting..." - exit 1 -fi - -# DB_TYPE defaults to postgres -DB_TYPE=${DB_TYPE:-postgres} - -# use default port number if it is still not set -case ${DB_TYPE} in - mysql) DB_PORT=${DB_PORT:-3306} ;; - postgres) DB_PORT=${DB_PORT:-5432} ;; - *) - echo "ERROR: " - echo " Please specify the database type in use via the DB_TYPE configuration option." - echo " Accepted values are \"postgres\" or \"mysql\". Aborting..." - exit 1 - ;; -esac - -# set default user and database -DB_USER=${DB_USER:-root} -DB_NAME=${DB_NAME:-gitlabhq_production} - -# is a redis container linked? -if [[ -n ${REDISIO_PORT_6379_TCP_ADDR} ]]; then - REDIS_HOST=${REDIS_HOST:-${REDISIO_PORT_6379_TCP_ADDR}} - REDIS_PORT=${REDIS_PORT:-${REDISIO_PORT_6379_TCP_PORT}} -fi - -# fallback to default redis port -REDIS_PORT=${REDIS_PORT:-6379} - -if [[ -z ${REDIS_HOST} ]]; then - echo "ERROR: " - echo " Please configure the redis connection." - echo " Refer http://git.io/PMnRSw for more information." - echo " Cannot continue without a redis connection. Aborting..." - exit 1 -fi - -if [[ -z $GITLAB_SECRETS_DB_KEY_BASE ]]; then - echo "ERROR: " - echo " Please configure the GITLAB_SECRETS_DB_KEY_BASE parameter." - echo " Cannot continue. Aborting..." - exit 1 -fi - -case ${GITLAB_HTTPS} in - true) - GITLAB_PORT=${GITLAB_PORT:-443} - NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https} - ;; - *) - GITLAB_PORT=${GITLAB_PORT:-80} - NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme} - ;; -esac - -case ${GITLAB_BACKUPS} in - daily|weekly|monthly) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-604800} ;; - disable|*) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-0} ;; -esac - -case ${LDAP_UID} in - userPrincipalName) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-false} ;; - *) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-true} -esac - -## Adapt uid and gid for ${GITLAB_USER}:${GITLAB_USER} -USERMAP_ORIG_UID=$(id -u ${GITLAB_USER}) -USERMAP_ORIG_GID=$(id -g ${GITLAB_USER}) -USERMAP_GID=${USERMAP_GID:-${USERMAP_UID:-$USERMAP_ORIG_GID}} -USERMAP_UID=${USERMAP_UID:-$USERMAP_ORIG_UID} -if [[ ${USERMAP_UID} != ${USERMAP_ORIG_UID} ]] || [[ ${USERMAP_GID} != ${USERMAP_ORIG_GID} ]]; then - echo "Adapting uid and gid for ${GITLAB_USER}:${GITLAB_USER} to $USERMAP_UID:$USERMAP_GID" - groupmod -g ${USERMAP_GID} ${GITLAB_USER} - sed -i -e "s/:${USERMAP_ORIG_UID}:${USERMAP_GID}:/:${USERMAP_UID}:${USERMAP_GID}:/" /etc/passwd - find ${GITLAB_HOME} -path ${GITLAB_DATA_DIR}/\* -prune -o -print0 | xargs -0 chown -h ${GITLAB_USER}:${GITLAB_USER} -fi - -if [[ ! -e ${GITLAB_DATA_DIR}/ssh/ssh_host_rsa_key ]]; then - # create ssh host keys and move them to the data store. - dpkg-reconfigure -f noninteractive openssh-server - mkdir -p ${GITLAB_DATA_DIR}/ssh/ - mv /etc/ssh/ssh_host_*_key /etc/ssh/ssh_host_*_key.pub ${GITLAB_DATA_DIR}/ssh/ -fi - -## fix permissions of ssh key files -chmod 0600 ${GITLAB_DATA_DIR}/ssh/*_key -chmod 0644 ${GITLAB_DATA_DIR}/ssh/*.pub -chown -R root:root ${GITLAB_DATA_DIR}/ssh - -# configure sshd to pick up the host keys from ${GITLAB_DATA_DIR}/ssh/ -sed -i 's,HostKey /etc/ssh/,HostKey '"${GITLAB_DATA_DIR}"'/ssh/,g' -i /etc/ssh/sshd_config - -# populate ${GITLAB_LOG_DIR} -mkdir -m 0755 -p ${GITLAB_LOG_DIR}/supervisor && chown -R root:root ${GITLAB_LOG_DIR}/supervisor -mkdir -m 0755 -p ${GITLAB_LOG_DIR}/nginx && chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/nginx -mkdir -m 0755 -p ${GITLAB_LOG_DIR}/gitlab && chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/gitlab -mkdir -m 0755 -p ${GITLAB_LOG_DIR}/gitlab-shell && chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_LOG_DIR}/gitlab-shell - -cd ${GITLAB_INSTALL_DIR} - -# copy configuration templates -case ${GITLAB_HTTPS} in - true) - if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then - cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab - else - echo "SSL keys and certificates were not found." - echo "Assuming that the container is running behind a HTTPS enabled load balancer." - cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab - fi - ;; - *) cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab ;; -esac -[[ -n $GITLAB_CI_HOST ]] && cp ${SYSCONF_TEMPLATES_DIR}/nginx/gitlab_ci /etc/nginx/sites-enabled/gitlab_ci - -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml config/gitlab.yml -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/secrets.yml config/secrets.yml -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/resque.yml config/resque.yml -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/database.yml config/database.yml -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/unicorn.rb config/unicorn.rb -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/rack_attack.rb config/initializers/rack_attack.rb -[[ ${SMTP_ENABLED} == true ]] && \ -sudo -HEu ${GITLAB_USER} cp ${SYSCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb config/initializers/smtp_settings.rb - -# override default configuration templates with user templates -case ${GITLAB_HTTPS} in - true) - if [[ -f ${SSL_CERTIFICATE_PATH} && -f ${SSL_KEY_PATH} && -f ${SSL_DHPARAM_PATH} ]]; then - [[ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab-ssl ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab-ssl /etc/nginx/sites-enabled/gitlab - else - [[ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab - fi - ;; - *) [[ -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab /etc/nginx/sites-enabled/gitlab ;; -esac -[[ -n $GITLAB_CI_HOST && -f ${USERCONF_TEMPLATES_DIR}/nginx/gitlab_ci ]] && cp ${USERCONF_TEMPLATES_DIR}/nginx/gitlab_ci /etc/nginx/sites-enabled/gitlab_ci - -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlab-shell/config.yml ${GITLAB_SHELL_INSTALL_DIR}/config.yml -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/gitlab.yml config/gitlab.yml -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/secrets.yml ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/secrets.yml config/secrets.yml -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/resque.yml ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/resque.yml config/resque.yml -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/database.yml ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/database.yml config/database.yml -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/unicorn.rb ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/unicorn.rb config/unicorn.rb -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/rack_attack.rb ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/rack_attack.rb config/initializers/rack_attack.rb -[[ ${SMTP_ENABLED} == true ]] && \ -[[ -f ${USERCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb ]] && sudo -HEu ${GITLAB_USER} cp ${USERCONF_TEMPLATES_DIR}/gitlabhq/smtp_settings.rb config/initializers/smtp_settings.rb - -# override robots.txt if a user configuration exists -[[ -f ${GITLAB_ROBOTS_PATH} ]] && sudo -HEu ${GITLAB_USER} cp ${GITLAB_ROBOTS_PATH} public/robots.txt - -if [[ -f ${SSL_CERTIFICATE_PATH} || -f ${CA_CERTIFICATES_PATH} ]]; then - echo "Updating CA certificates..." - [[ -f ${SSL_CERTIFICATE_PATH} ]] && cp "${SSL_CERTIFICATE_PATH}" /usr/local/share/ca-certificates/gitlab.crt - [[ -f ${CA_CERTIFICATES_PATH} ]] && cp "${CA_CERTIFICATES_PATH}" /usr/local/share/ca-certificates/ca.crt - update-ca-certificates --fresh >/dev/null -fi - -# configure application paths -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',g' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_BUILDS_DIR}},'"${GITLAB_BUILDS_DIR}"',g' -i config/gitlab.yml - -# configure gitlab-git-http-server -sed 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',' -i /etc/supervisor/conf.d/gitlab-git-http-server.conf - -# configure gitlab -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_HTTPS}}/'"${GITLAB_HTTPS}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_EMAIL}}/'"${GITLAB_EMAIL}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_EMAIL_DISPLAY_NAME}}/'"${GITLAB_EMAIL_DISPLAY_NAME}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_EMAIL_REPLY_TO}}/'"${GITLAB_EMAIL_REPLY_TO}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_BACKUP_EXPIRY}}/'"${GITLAB_BACKUP_EXPIRY}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_BACKUP_ARCHIVE_PERMISSIONS}}/'"${GITLAB_BACKUP_ARCHIVE_PERMISSIONS}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_MAX_SIZE}}/'"${GITLAB_MAX_SIZE}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_SSH_HOST}}/'"${GITLAB_SSH_HOST}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_SSH_PORT}}/'"${GITLAB_SSH_PORT}"'/' -i config/gitlab.yml - -# configure ci parameters -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}/'"${GITLAB_NOTIFY_ON_BROKEN_BUILDS}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_NOTIFY_PUSHER}}/'"${GITLAB_NOTIFY_PUSHER}"'/' -i config/gitlab.yml - -# configure secrets -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_SECRETS_DB_KEY_BASE}}/'"${GITLAB_SECRETS_DB_KEY_BASE}"'/' -i config/secrets.yml - -# configure default timezone -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_TIMEZONE}}/'"${GITLAB_TIMEZONE}"'/' -i config/gitlab.yml - -# configure gitlab username_changing_enabled -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_USERNAME_CHANGE}}/'"${GITLAB_USERNAME_CHANGE}"'/' -i config/gitlab.yml - -# configure gitlab default_can_create_group -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_CREATE_GROUP}}/'"${GITLAB_CREATE_GROUP}"'/' -i config/gitlab.yml - -# configure gitlab default project feature: issues -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_PROJECTS_ISSUES}}/'"${GITLAB_PROJECTS_ISSUES}"'/' -i config/gitlab.yml - -# configure gitlab default project feature: merge_requests -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_PROJECTS_MERGE_REQUESTS}}/'"${GITLAB_PROJECTS_MERGE_REQUESTS}"'/' -i config/gitlab.yml - -# configure gitlab default project feature: wiki -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_PROJECTS_WIKI}}/'"${GITLAB_PROJECTS_WIKI}"'/' -i config/gitlab.yml - -# configure gitlab default project feature: snippets -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_PROJECTS_SNIPPETS}}/'"${GITLAB_PROJECTS_SNIPPETS}"'/' -i config/gitlab.yml - -# configure gitlab webhook timeout -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_WEBHOOK_TIMEOUT}}/'"${GITLAB_WEBHOOK_TIMEOUT}"'/' -i config/gitlab.yml - -# configure git timeout -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_TIMEOUT}}/'"${GITLAB_TIMEOUT}"'/' -i config/gitlab.yml - -# configure database -if [[ ${DB_TYPE} == postgres ]]; then - sudo -HEu ${GITLAB_USER} sed 's/{{DB_ADAPTER}}/postgresql/' -i config/database.yml - sudo -HEu ${GITLAB_USER} sed 's/{{DB_ENCODING}}/unicode/' -i config/database.yml - sudo -HEu ${GITLAB_USER} sed '/reconnect: /d' -i config/database.yml - sudo -HEu ${GITLAB_USER} sed '/collation: /d' -i config/database.yml -elif [[ ${DB_TYPE} == mysql ]]; then - sudo -HEu ${GITLAB_USER} sed 's/{{DB_ADAPTER}}/mysql2/' -i config/database.yml - sudo -HEu ${GITLAB_USER} sed 's/{{DB_ENCODING}}/utf8/' -i config/database.yml -else - echo "Invalid database type: '$DB_TYPE'. Supported choices: [mysql, postgres]." -fi - -# configure database connection -sudo -HEu ${GITLAB_USER} sed 's/{{DB_HOST}}/'"${DB_HOST}"'/' -i config/database.yml -sudo -HEu ${GITLAB_USER} sed 's/{{DB_PORT}}/'"${DB_PORT}"'/' -i config/database.yml -sudo -HEu ${GITLAB_USER} sed 's/{{DB_NAME}}/'"${DB_NAME}"'/' -i config/database.yml -sudo -HEu ${GITLAB_USER} sed 's/{{DB_USER}}/'"${DB_USER}"'/' -i config/database.yml -sudo -HEu ${GITLAB_USER} sed 's/{{DB_PASS}}/'"${DB_PASS}"'/' -i config/database.yml -sudo -HEu ${GITLAB_USER} sed 's/{{DB_POOL}}/'"${DB_POOL}"'/' -i config/database.yml - -# configure sidekiq concurrency -sed 's/{{SIDEKIQ_CONCURRENCY}}/'"${SIDEKIQ_CONCURRENCY}"'/' -i /etc/supervisor/conf.d/sidekiq.conf - -# configure sidekiq shutdown timeout -sed 's/{{SIDEKIQ_SHUTDOWN_TIMEOUT}}/'"${SIDEKIQ_SHUTDOWN_TIMEOUT}"'/' -i /etc/supervisor/conf.d/sidekiq.conf - -# enable SidekiqMemoryKiller -## The MemoryKiller is enabled by gitlab if the `SIDEKIQ_MEMORY_KILLER_MAX_RSS` is -## defined in the programs environment and has a non-zero value. -## -## Simply exporting the variable makes it available in the programs environment and -## therefore should enable the MemoryKiller. -## -## Every other MemoryKiller option specified in the docker env will automatically -## be exported, so why bother -export SIDEKIQ_MEMORY_KILLER_MAX_RSS - -# configure redis -sudo -HEu ${GITLAB_USER} sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/g' -i config/resque.yml -sudo -HEu ${GITLAB_USER} sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/g' -i config/resque.yml - -# configure gitlab-shell -sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_HOME}},'"${GITLAB_HOME}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_DATA_DIR}},'"${GITLAB_DATA_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_BACKUP_DIR}},'"${GITLAB_BACKUP_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_REPOS_DIR}},'"${GITLAB_REPOS_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_SHELL_INSTALL_DIR}},'"${GITLAB_SHELL_INSTALL_DIR}"',g' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's/{{SSL_SELF_SIGNED}}/'"${SSL_SELF_SIGNED}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's/{{REDIS_HOST}}/'"${REDIS_HOST}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml -sudo -HEu ${GITLAB_USER} sed 's/{{REDIS_PORT}}/'"${REDIS_PORT}"'/' -i ${GITLAB_SHELL_INSTALL_DIR}/config.yml - -# configure unicorn workers -sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i config/unicorn.rb -sudo -HEu ${GITLAB_USER} sed 's/{{UNICORN_WORKERS}}/'"${UNICORN_WORKERS}"'/' -i config/unicorn.rb - -# configure unicorn timeout -sudo -HEu ${GITLAB_USER} sed 's/{{UNICORN_TIMEOUT}}/'"${UNICORN_TIMEOUT}"'/' -i config/unicorn.rb - -# configure mail delivery -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_EMAIL_ENABLED}}/'"${GITLAB_EMAIL_ENABLED}"'/' -i config/gitlab.yml -if [[ ${SMTP_ENABLED} == true ]]; then - sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_HOST}}/'"${SMTP_HOST}"'/' -i config/initializers/smtp_settings.rb - sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_PORT}}/'"${SMTP_PORT}"'/' -i config/initializers/smtp_settings.rb - - case ${SMTP_USER} in - "") sudo -HEu ${GITLAB_USER} sed '/{{SMTP_USER}}/d' -i config/initializers/smtp_settings.rb ;; - *) sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_USER}}/'"${SMTP_USER}"'/' -i config/initializers/smtp_settings.rb ;; - esac - - case ${SMTP_PASS} in - "") sudo -HEu ${GITLAB_USER} sed '/{{SMTP_PASS}}/d' -i config/initializers/smtp_settings.rb ;; - *) sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_PASS}}/'"${SMTP_PASS}"'/' -i config/initializers/smtp_settings.rb ;; - esac - - sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_DOMAIN}}/'"${SMTP_DOMAIN}"'/' -i config/initializers/smtp_settings.rb - sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_STARTTLS}}/'"${SMTP_STARTTLS}"'/' -i config/initializers/smtp_settings.rb - sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_TLS}}/'"${SMTP_TLS}"'/' -i config/initializers/smtp_settings.rb - sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_OPENSSL_VERIFY_MODE}}/'"${SMTP_OPENSSL_VERIFY_MODE}"'/' -i config/initializers/smtp_settings.rb - - case ${SMTP_AUTHENTICATION} in - "") sudo -HEu ${GITLAB_USER} sed '/{{SMTP_AUTHENTICATION}}/d' -i config/initializers/smtp_settings.rb ;; - *) sudo -HEu ${GITLAB_USER} sed 's/{{SMTP_AUTHENTICATION}}/'"${SMTP_AUTHENTICATION}"'/' -i config/initializers/smtp_settings.rb ;; - esac - - if [[ ${SMTP_CA_ENABLED} == true ]]; then - if [[ -d ${SMTP_CA_PATH} ]]; then - sudo -HEu ${GITLAB_USER} sed 's,{{SMTP_CA_PATH}},'"${SMTP_CA_PATH}"',' -i config/initializers/smtp_settings.rb - fi - - if [[ -f ${SMTP_CA_FILE} ]]; then - sudo -HEu ${GITLAB_USER} sed 's,{{SMTP_CA_FILE}},'"${SMTP_CA_FILE}"',' -i config/initializers/smtp_settings.rb - fi - else - sudo -HEu ${GITLAB_USER} sed '/{{SMTP_CA_PATH}}/d' -i config/initializers/smtp_settings.rb - sudo -HEu ${GITLAB_USER} sed '/{{SMTP_CA_FILE}}/d' -i config/initializers/smtp_settings.rb - fi -fi - -# configure mail_room IMAP settings -echo "mail_room_enabled=${GITLAB_INCOMING_EMAIL_ENABLED}" >> /etc/default/gitlab -sed 's/{{GITLAB_INCOMING_EMAIL_ENABLED}}/'"${GITLAB_INCOMING_EMAIL_ENABLED}"'/' -i /etc/supervisor/conf.d/mail_room.conf -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_INCOMING_EMAIL_ENABLED}}/'"${GITLAB_INCOMING_EMAIL_ENABLED}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_INCOMING_EMAIL_ADDRESS}}/'"${GITLAB_INCOMING_EMAIL_ADDRESS}"'/' -i config/gitlab.yml -if [[ ${IMAP_ENABLED} == true ]]; then - case ${IMAP_USER} in - "") sudo -HEu ${GITLAB_USER} sed '/{{IMAP_USER}}/d' -i config/gitlab.yml ;; - *) sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_USER}}/'"${IMAP_USER}"'/' -i config/gitlab.yml ;; - esac - - case ${IMAP_PASS} in - "") sudo -HEu ${GITLAB_USER} sed '/{{IMAP_PASS}}/d' -i config/gitlab.yml ;; - *) sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_PASS}}/'"${IMAP_PASS}"'/' -i config/gitlab.yml ;; - esac - sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_HOST}}/'"${IMAP_HOST}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_PORT}}/'"${IMAP_PORT}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_SSL}}/'"${IMAP_SSL}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_STARTTLS}}/'"${IMAP_STARTTLS}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{IMAP_MAILBOX}}/'"${IMAP_MAILBOX}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_USER}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_PASS}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_HOST}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_PORT}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_SSL}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_STARTTLS}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{IMAP_MAILBOX}}/d' -i config/gitlab.yml -fi - -# apply LDAP configuration -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_ENABLED}}/'"${LDAP_ENABLED}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_HOST}}/'"${LDAP_HOST}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_PORT}}/'"${LDAP_PORT}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_UID}}/'"${LDAP_UID}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_METHOD}}/'"${LDAP_METHOD}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_BIND_DN}}/'"${LDAP_BIND_DN}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_PASS}}/'"${LDAP_PASS}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_ACTIVE_DIRECTORY}}/'"${LDAP_ACTIVE_DIRECTORY}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}/'"${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_BLOCK_AUTO_CREATED_USERS}}/'"${LDAP_BLOCK_AUTO_CREATED_USERS}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_BASE}}/'"${LDAP_BASE}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_USER_FILTER}}/'"${LDAP_USER_FILTER}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{LDAP_LABEL}}/'"${LDAP_LABEL}"'/' -i config/gitlab.yml - -# apply aws s3 backup configuration -case ${AWS_BACKUPS} in - true) - if [[ -z ${AWS_BACKUP_REGION} || -z ${AWS_BACKUP_ACCESS_KEY_ID} || -z ${AWS_BACKUP_SECRET_ACCESS_KEY} || -z ${AWS_BACKUP_BUCKET} ]]; then - printf "\nMissing AWS options. Aborting...\n" - exit 1 - fi - sudo -HEu ${GITLAB_USER} sed 's/{{AWS_BACKUP_REGION}}/'"${AWS_BACKUP_REGION}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{AWS_BACKUP_ACCESS_KEY_ID}}/'"${AWS_BACKUP_ACCESS_KEY_ID}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's,{{AWS_BACKUP_SECRET_ACCESS_KEY}},'"${AWS_BACKUP_SECRET_ACCESS_KEY}"',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{AWS_BACKUP_BUCKET}}/'"${AWS_BACKUP_BUCKET}"'/' -i config/gitlab.yml - ;; - *) - # remove backup configuration lines - sudo -HEu ${GITLAB_USER} sed '/upload:/,/remote_directory:/d' -i config/gitlab.yml - ;; -esac - -# apply gravatar configuration -sudo -HEu ${GITLAB_USER} sed 's/{{GITLAB_GRAVATAR_ENABLED}}/'"${GITLAB_GRAVATAR_ENABLED}"'/' -i config/gitlab.yml -if [[ -n ${GITLAB_GRAVATAR_HTTP_URL} ]]; then - GITLAB_GRAVATAR_HTTP_URL=$(echo "${GITLAB_GRAVATAR_HTTP_URL}" | sed 's/&/\\&/') # escape ampersand for sed - sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_GRAVATAR_HTTP_URL}},'"${GITLAB_GRAVATAR_HTTP_URL}"',g' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed '/{{GITLAB_GRAVATAR_HTTP_URL}}/d' -i config/gitlab.yml -fi -if [[ -n ${GITLAB_GRAVATAR_HTTPS_URL} ]]; then - GITLAB_GRAVATAR_HTTPS_URL=$(echo "${GITLAB_GRAVATAR_HTTPS_URL}" | sed 's/&/\\&/') # escape ampersand for sed - sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_GRAVATAR_HTTPS_URL}},'"${GITLAB_GRAVATAR_HTTPS_URL}"',g' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed '/{{GITLAB_GRAVATAR_HTTPS_URL}}/d' -i config/gitlab.yml -fi - -# apply oauth configuration - -# google -if [[ -n ${OAUTH_GOOGLE_API_KEY} && -n ${OAUTH_GOOGLE_APP_SECRET} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GOOGLE_API_KEY}}/'"${OAUTH_GOOGLE_API_KEY}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GOOGLE_APP_SECRET}}/'"${OAUTH_GOOGLE_APP_SECRET}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/'"${OAUTH_GOOGLE_RESTRICT_DOMAIN}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GOOGLE_APPROVAL_PROMPT}}//' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'google_oauth2'/,/{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}/d" -i config/gitlab.yml -fi - -# facebook -if [[ -n ${OAUTH_FACEBOOK_API_KEY} && -n ${OAUTH_FACEBOOK_APP_SECRET} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_FACEBOOK_API_KEY}}/'"${OAUTH_FACEBOOK_API_KEY}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_FACEBOOK_APP_SECRET}}/'"${OAUTH_FACEBOOK_APP_SECRET}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'facebook'/,/{{OAUTH_FACEBOOK_APP_SECRET}}/d" -i config/gitlab.yml -fi - -# twitter -if [[ -n ${OAUTH_TWITTER_API_KEY} && -n ${OAUTH_TWITTER_APP_SECRET} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_TWITTER_API_KEY}}/'"${OAUTH_TWITTER_API_KEY}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_TWITTER_APP_SECRET}}/'"${OAUTH_TWITTER_APP_SECRET}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'twitter'/,/{{OAUTH_TWITTER_APP_SECRET}}/d" -i config/gitlab.yml -fi - -# github -if [[ -n ${OAUTH_GITHUB_API_KEY} && -n ${OAUTH_GITHUB_APP_SECRET} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GITHUB_API_KEY}}/'"${OAUTH_GITHUB_API_KEY}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GITHUB_APP_SECRET}}/'"${OAUTH_GITHUB_APP_SECRET}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GITHUB_SCOPE}}/user:email/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'github'/,/{{OAUTH_GITHUB_SCOPE}}/d" -i config/gitlab.yml -fi - -# gitlab -if [[ -n ${OAUTH_GITLAB_API_KEY} && -n ${OAUTH_GITLAB_APP_SECRET} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GITLAB_API_KEY}}/'"${OAUTH_GITLAB_API_KEY}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GITLAB_APP_SECRET}}/'"${OAUTH_GITLAB_APP_SECRET}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_GITLAB_SCOPE}}/api/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'gitlab'/,/{{OAUTH_GITLAB_SCOPE}}/d" -i config/gitlab.yml -fi - -# bitbucket -if [[ -n ${OAUTH_BITBUCKET_API_KEY} && -n ${OAUTH_BITBUCKET_APP_SECRET} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_BITBUCKET_API_KEY}}/'"${OAUTH_BITBUCKET_API_KEY}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_BITBUCKET_APP_SECRET}}/'"${OAUTH_BITBUCKET_APP_SECRET}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'bitbucket'/,/{{OAUTH_BITBUCKET_APP_SECRET}}/d" -i config/gitlab.yml -fi - -# saml -if [[ -n ${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL} && \ - -n ${OAUTH_SAML_IDP_CERT_FINGERPRINT} && \ - -n ${OAUTH_SAML_IDP_SSO_TARGET_URL} && \ - -n ${OAUTH_SAML_ISSUER} && \ - -n ${OAUTH_SAML_NAME_IDENTIFIER_FORMAT} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's,{{OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}},'"${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}"',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_SAML_IDP_CERT_FINGERPRINT}}/'"${OAUTH_SAML_IDP_CERT_FINGERPRINT}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's,{{OAUTH_SAML_IDP_SSO_TARGET_URL}},'"${OAUTH_SAML_IDP_SSO_TARGET_URL}"',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's,{{OAUTH_SAML_ISSUER}},'"${OAUTH_SAML_ISSUER}"',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}/'"${OAUTH_SAML_NAME_IDENTIFIER_FORMAT}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'saml'/,/{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}/d" -i config/gitlab.yml -fi - -# crowd -if [[ -n ${OAUTH_CROWD_SERVER_URL} && \ - -n ${OAUTH_CROWD_APP_NAME} && \ - -n ${OAUTH_CROWD_APP_PASSWORD} ]]; then - OAUTH_ENABLED=${OAUTH_ENABLED:-true} - sudo -HEu ${GITLAB_USER} sed 's,{{OAUTH_CROWD_SERVER_URL}},'"${OAUTH_CROWD_SERVER_URL}"',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_CROWD_APP_NAME}}/'"${OAUTH_CROWD_APP_NAME}"'/' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_CROWD_APP_PASSWORD}}/'"${OAUTH_CROWD_APP_PASSWORD}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed "/name: 'crowd'/,/{{OAUTH_CROWD_APP_PASSWORD}}/d" -i config/gitlab.yml -fi - -# google analytics -if [[ -n ${GOOGLE_ANALYTICS_ID} ]]; then - sudo -HEu ${GITLAB_USER} sed 's/{{GOOGLE_ANALYTICS_ID}}/'"${GOOGLE_ANALYTICS_ID}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed '/{{GOOGLE_ANALYTICS_ID}}/d' -i config/gitlab.yml -fi - -# piwik -if [[ -n ${PIWIK_URL} && -n ${PIWIK_SITE_ID} ]]; then - sudo -HEu ${GITLAB_USER} sed 's,{{PIWIK_URL}},'"${PIWIK_URL}"',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's/{{PIWIK_SITE_ID}}/'"${PIWIK_SITE_ID}"'/' -i config/gitlab.yml -else - sudo -HEu ${GITLAB_USER} sed '/{{PIWIK_URL}}/d' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed '/{{PIWIK_SITE_ID}}/d' -i config/gitlab.yml -fi - -OAUTH_ENABLED=${OAUTH_ENABLED:-false} -sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_ENABLED}}/'"${OAUTH_ENABLED}"'/' -i config/gitlab.yml - -case $OAUTH_AUTO_SIGN_IN_WITH_PROVIDER in - google_oauth2|twitter|github|gitlab|bitbucket|saml) - sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}/'"${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}"'/' -i config/gitlab.yml - ;; - *) - sudo -HEu ${GITLAB_USER} sed '/{{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}/d' -i config/gitlab.yml - ;; -esac - -sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_ALLOW_SSO}}/'"${OAUTH_ALLOW_SSO}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_BLOCK_AUTO_CREATED_USERS}}/'"${OAUTH_BLOCK_AUTO_CREATED_USERS}"'/' -i config/gitlab.yml -sudo -HEu ${GITLAB_USER} sed 's/{{OAUTH_AUTO_LINK_LDAP_USER}}/'"${OAUTH_AUTO_LINK_LDAP_USER}"'/' -i config/gitlab.yml - -# configure nginx vhost -sed 's,{{GITLAB_INSTALL_DIR}},'"${GITLAB_INSTALL_DIR}"',g' -i /etc/nginx/sites-enabled/gitlab -sed 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' -i /etc/nginx/sites-enabled/gitlab -sed 's/{{YOUR_SERVER_FQDN}}/'"${GITLAB_HOST}"'/' -i /etc/nginx/sites-enabled/gitlab -sed 's/{{GITLAB_PORT}}/'"${GITLAB_PORT}"'/' -i /etc/nginx/sites-enabled/gitlab -sed 's,{{SSL_CERTIFICATE_PATH}},'"${SSL_CERTIFICATE_PATH}"',' -i /etc/nginx/sites-enabled/gitlab -sed 's,{{SSL_KEY_PATH}},'"${SSL_KEY_PATH}"',' -i /etc/nginx/sites-enabled/gitlab -sed 's,{{SSL_DHPARAM_PATH}},'"${SSL_DHPARAM_PATH}"',' -i /etc/nginx/sites-enabled/gitlab -sed 's/{{SSL_VERIFY_CLIENT}}/'"${SSL_VERIFY_CLIENT}"'/' -i /etc/nginx/sites-enabled/gitlab -if [[ -f ${CA_CERTIFICATES_PATH} ]]; then - sed 's,{{CA_CERTIFICATES_PATH}},'"${CA_CERTIFICATES_PATH}"',' -i /etc/nginx/sites-enabled/gitlab -else - sed '/{{CA_CERTIFICATES_PATH}}/d' -i /etc/nginx/sites-enabled/gitlab -fi - -# configure ci redirection -if [[ -f /etc/nginx/sites-enabled/gitlab_ci ]]; then - sed 's,{{GITLAB_LOG_DIR}},'"${GITLAB_LOG_DIR}"',g' -i /etc/nginx/sites-enabled/gitlab_ci - sed 's/{{GITLAB_HOST}}/'"${GITLAB_HOST}"'/g' -i /etc/nginx/sites-enabled/gitlab_ci - sed 's/{{GITLAB_CI_HOST}}/'"${GITLAB_CI_HOST}"'/' -i /etc/nginx/sites-enabled/gitlab_ci - - DNS_RESOLVERS=$(cat /etc/resolv.conf | grep '^\s*nameserver' | awk '{print $2}' ORS=' ') - sed 's/{{DNS_RESOLVERS}}/'"${DNS_RESOLVERS}"'/' -i /etc/nginx/sites-enabled/gitlab_ci -fi - -sed 's/worker_processes .*/worker_processes '"${NGINX_WORKERS}"';/' -i /etc/nginx/nginx.conf -sed 's/{{NGINX_PROXY_BUFFERING}}/'"${NGINX_PROXY_BUFFERING}"'/g' -i /etc/nginx/sites-enabled/gitlab -sed 's/{{NGINX_ACCEL_BUFFERING}}/'"${NGINX_ACCEL_BUFFERING}"'/g' -i /etc/nginx/sites-enabled/gitlab -sed 's/{{NGINX_MAX_UPLOAD_SIZE}}/'"${NGINX_MAX_UPLOAD_SIZE}"'/' -i /etc/nginx/sites-enabled/gitlab -sed 's/{{NGINX_X_FORWARDED_PROTO}}/'"${NGINX_X_FORWARDED_PROTO}"'/g' -i /etc/nginx/sites-enabled/gitlab - -if [[ ${GITLAB_HTTPS_HSTS_ENABLED} == true ]]; then - sed 's/{{GITLAB_HTTPS_HSTS_MAXAGE}}/'"${GITLAB_HTTPS_HSTS_MAXAGE}"'/' -i /etc/nginx/sites-enabled/gitlab -else - sed '/{{GITLAB_HTTPS_HSTS_MAXAGE}}/d' -i /etc/nginx/sites-enabled/gitlab -fi - -# configure relative_url_root -if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then - # create symlink to assets in tmp/cache - rm -rf tmp/cache - sudo -HEu ${GITLAB_USER} ln -s ${GITLAB_DATA_DIR}/tmp/cache tmp/cache - - # create symlink to assets in public/assets - rm -rf public/assets - sudo -HEu ${GITLAB_USER} ln -s ${GITLAB_DATA_DIR}/tmp/public/assets public/assets - - sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',g' -i /etc/nginx/sites-enabled/gitlab - sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},'"${GITLAB_RELATIVE_URL_ROOT}/"',g' -i /etc/nginx/sites-enabled/gitlab - sed 's,# alias '"${GITLAB_INSTALL_DIR}"'/public,alias '"${GITLAB_INSTALL_DIR}"'/public,' -i /etc/nginx/sites-enabled/gitlab - - sudo -HEu ${GITLAB_USER} sed 's,# config.relative_url_root = "/gitlab",config.relative_url_root = "'${GITLAB_RELATIVE_URL_ROOT}'",' -i config/application.rb - sudo -HEu ${GITLAB_USER} sed 's,# relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}},relative_url_root: '${GITLAB_RELATIVE_URL_ROOT}',' -i config/gitlab.yml - sudo -HEu ${GITLAB_USER} sed 's,{{GITLAB_RELATIVE_URL_ROOT}},'"${GITLAB_RELATIVE_URL_ROOT}"',' -i config/unicorn.rb -else - sed 's,{{GITLAB_RELATIVE_URL_ROOT}},/,' -i /etc/nginx/sites-enabled/gitlab - sed 's,{{GITLAB_RELATIVE_URL_ROOT__with_trailing_slash}},/,g' -i /etc/nginx/sites-enabled/gitlab - sudo -HEu ${GITLAB_USER} sed '/{{GITLAB_RELATIVE_URL_ROOT}}/d' -i config/unicorn.rb -fi - -# disable ipv6 support -if [[ ! -f /proc/net/if_inet6 ]]; then - sed -e '/listen \[::\]:80/ s/^#*/#/' -i /etc/nginx/sites-enabled/gitlab - sed -e '/listen \[::\]:443/ s/^#*/#/' -i /etc/nginx/sites-enabled/gitlab -fi - -# fix permissions of secrets.yml -chmod 0600 config/secrets.yml - -# fix permission and ownership of ${GITLAB_DATA_DIR} -chmod 755 ${GITLAB_DATA_DIR} -chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR} - -# set executable flags on ${GITLAB_DATA_DIR} (needed if mounted from a data-only -# container using --volumes-from) -chmod +x ${GITLAB_DATA_DIR} - -# create the repositories directory and make sure it has the right permissions -mkdir -p ${GITLAB_REPOS_DIR}/ -chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_REPOS_DIR}/ -chmod ug+rwX,o-rwx ${GITLAB_REPOS_DIR}/ -sudo -HEu ${GITLAB_USER} chmod g+s ${GITLAB_REPOS_DIR}/ - -# create build traces directory -mkdir -p ${GITLAB_BUILDS_DIR} -chmod u+rwX ${GITLAB_BUILDS_DIR} -chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BUILDS_DIR} - -# symlink builds/ -> ${GITLAB_BUILDS_DIR} -rm -rf builds -ln -sf ${GITLAB_BUILDS_DIR} builds - -# create the backups directory -mkdir -p ${GITLAB_BACKUP_DIR} -chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_BACKUP_DIR} - -# create the uploads directory -mkdir -p ${GITLAB_DATA_DIR}/uploads/ -chmod 0750 ${GITLAB_DATA_DIR}/uploads/ -chown ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/uploads/ - -# create the .ssh directory -mkdir -p ${GITLAB_DATA_DIR}/.ssh/ -touch ${GITLAB_DATA_DIR}/.ssh/authorized_keys -chmod 700 ${GITLAB_DATA_DIR}/.ssh -chmod 600 ${GITLAB_DATA_DIR}/.ssh/authorized_keys -chown -R ${GITLAB_USER}:${GITLAB_USER} ${GITLAB_DATA_DIR}/.ssh - -appInit () { - # due to the nature of docker and its use cases, we allow some time - # for the database server to come online. - case ${DB_TYPE} in - mysql) - prog="mysqladmin -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} status" - ;; - postgres) - prog=$(find /usr/lib/postgresql/ -name pg_isready) - prog="${prog} -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -t 1" - ;; - esac - timeout=60 - echo -n "Waiting for database server to accept connections" - while ! ${prog} >/dev/null 2>&1 - do - timeout=$(expr $timeout - 1) - if [[ $timeout -eq 0 ]]; then - echo - echo "Could not connect to database server. Aborting..." - exit 1 - fi - echo -n "." - sleep 1 - done - echo - - timeout=60 - echo -n "Waiting for redis server to accept connections" - while ! redis-cli -h ${REDIS_HOST} -p ${REDIS_PORT} ping >/dev/null 2>&1 - do - timeout=$(expr $timeout - 1) - if [[ $timeout -eq 0 ]]; then - echo "" - echo "Could not connect to redis server. Aborting..." - exit 1 - fi - echo -n "." - sleep 1 - done - echo - - # run the `gitlab:setup` rake task if required - case ${DB_TYPE} in - mysql) - QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = '${DB_NAME}';" - COUNT=$(mysql -h ${DB_HOST} -P ${DB_PORT} -u ${DB_USER} ${DB_PASS:+-p$DB_PASS} -ss -e "${QUERY}") - ;; - postgres) - QUERY="SELECT count(*) FROM information_schema.tables WHERE table_schema = 'public';" - COUNT=$(PGPASSWORD="${DB_PASS}" psql -h ${DB_HOST} -p ${DB_PORT} -U ${DB_USER} -d ${DB_NAME} -Atw -c "${QUERY}") - ;; - esac - if [[ -z ${COUNT} || ${COUNT} -eq 0 ]]; then - echo "Setting up GitLab for firstrun. Please be patient, this could take a while..." - sudo -HEu ${GITLAB_USER} force=yes bundle exec rake gitlab:setup ${GITLAB_ROOT_PASSWORD:+GITLAB_ROOT_PASSWORD=$GITLAB_ROOT_PASSWORD} >/dev/null - fi - - # migrate database and compile the assets if the gitlab version or relative_url has changed. - CACHE_VERSION= - [[ -f ${GITLAB_DATA_DIR}/tmp/VERSION ]] && CACHE_VERSION=$(cat ${GITLAB_DATA_DIR}/tmp/VERSION) - [[ -f ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT ]] && CACHE_GITLAB_RELATIVE_URL_ROOT=$(cat ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT) - if [[ ${GITLAB_VERSION} != ${CACHE_VERSION} || ${GITLAB_RELATIVE_URL_ROOT} != ${CACHE_GITLAB_RELATIVE_URL_ROOT} ]]; then - echo "Migrating database..." - sudo -HEu ${GITLAB_USER} bundle exec rake db:migrate >/dev/null - - # recreate the tmp directory - rm -rf ${GITLAB_DATA_DIR}/tmp - sudo -HEu ${GITLAB_USER} mkdir -p ${GITLAB_DATA_DIR}/tmp/ - - # assets need to be recompiled when GITLAB_RELATIVE_URL_ROOT is used - if [[ -n ${GITLAB_RELATIVE_URL_ROOT} ]]; then - # create the tmp/cache and tmp/public/assets directory - sudo -HEu ${GITLAB_USER} mkdir -p ${GITLAB_DATA_DIR}/tmp/cache/ - sudo -HEu ${GITLAB_USER} mkdir -p ${GITLAB_DATA_DIR}/tmp/public/assets/ - - echo "GITLAB_RELATIVE_URL_ROOT in use, recompiling assets, this could take a while..." - sudo -HEu ${GITLAB_USER} bundle exec rake assets:clean assets:precompile cache:clear >/dev/null 2>&1 - else - # clear the cache - sudo -HEu ${GITLAB_USER} bundle exec rake cache:clear >/dev/null 2>&1 - fi - - # update VERSION information - sudo -HEu ${GITLAB_USER} echo "${GITLAB_VERSION}" > ${GITLAB_DATA_DIR}/tmp/VERSION - sudo -HEu ${GITLAB_USER} echo "${GITLAB_RELATIVE_URL_ROOT}" > ${GITLAB_DATA_DIR}/tmp/GITLAB_RELATIVE_URL_ROOT - fi - - # remove stale unicorn and sidekiq pid's if they exist. - rm -rf tmp/pids/unicorn.pid - rm -rf tmp/pids/sidekiq.pid - - # remove state unicorn socket if it exists - rm -rf tmp/sockets/gitlab.socket - - # setup cron job for automatic backups - case ${GITLAB_BACKUPS} in - daily|weekly|monthly) - read hour min <<< ${GITLAB_BACKUP_TIME//[:]/ } - case ${GITLAB_BACKUPS} in - daily) - sudo -HEu ${GITLAB_USER} cat >> /tmp/cron.${GITLAB_USER} <> /tmp/cron.${GITLAB_USER} <> /tmp/cron.${GITLAB_USER} < - Execute a rake task." - echo " app:help - Displays the help" - echo " [command] - Execute the specified linux command eg. bash." -} +[[ -n $DEBUG ]] && set -x case ${1} in - app:start) - appStart - ;; - app:init) - appInit - ;; - app:sanitize) - appSanitize - ;; - app:rake) - shift 1 - appRake $@ + app:init|app:start|app:sanitize|app:rake) + + initialize_system + configure_gitlab + configure_gitlab_shell + configure_gitlab_git_http_server + configure_nginx + + case ${1} in + app:start) + migrate_database + exec /usr/bin/supervisord -nc /etc/supervisor/supervisord.conf + ;; + app:init) + migrate_database + ;; + app:sanitize) + sanitize_datadir + ;; + app:rake) + shift 1 + execute_raketask $@ + ;; + esac ;; app:help) - appHelp + echo "Available options:" + echo " app:start - Starts the gitlab server (default)" + echo " app:init - Initialize the gitlab server (e.g. create databases, compile assets), but don't start it." + echo " app:sanitize - Fix repository/builds directory permissions." + echo " app:rake - Execute a rake task." + echo " app:help - Displays the help" + echo " [command] - Execute the specified command, eg. bash." ;; *) - if [[ -x $1 ]]; then - $1 - else - prog=$(which $1) - if [[ -n ${prog} ]] ; then - shift 1 - $prog $@ - else - appHelp - fi - fi + exec "$@" ;; esac