#!/bin/bash

# CONTAINER
DEBUG=${DEBUG:-$DEBUG_ENTRYPOINT}
TIMEZONE=${TZ:-UTC}

## GITLAB CORE
GITLAB_TEMP_DIR="${GITLAB_DATA_DIR}/tmp"
GITLAB_BACKUP_DIR="${GITLAB_BACKUP_DIR:-$GITLAB_DATA_DIR/backups}"
GITLAB_BACKUP_DIR_CHOWN=${GITLAB_BACKUP_DIR_CHOWN:-true}
GITLAB_BACKUP_DIR_GROUP=${GITLAB_BACKUP_DIR_GROUP:-}
GITLAB_REPOS_DIR="${GITLAB_REPOS_DIR:-$GITLAB_DATA_DIR/repositories}"
GITLAB_BUILDS_DIR="${GITLAB_BUILDS_DIR:-$GITLAB_DATA_DIR/builds}"
GITLAB_DOWNLOADS_DIR="${GITLAB_DOWNLOADS_DIR:-$GITLAB_TEMP_DIR/downloads}"
GITLAB_SHARED_DIR="${GITLAB_SHARED_DIR:-$GITLAB_DATA_DIR/shared}"
GITLAB_DEFAULT_THEME=${GITLAB_DEFAULT_THEME:-2}
GITLAB_HTTPS=${GITLAB_HTTPS:-false}
GITLAB_HOST=${GITLAB_HOST:-localhost}
GITLAB_CI_HOST=${GITLAB_CI_HOST:-}
GITLAB_PORT=${GITLAB_PORT:-}
GITLAB_IMPERSONATION_ENABLED=${GITLAB_IMPERSONATION_ENABLED:-true}
if [[ $GITLAB_HTTPS == true ]]; then
  GITLAB_PORT=${GITLAB_PORT:-443}
else
  GITLAB_PORT=${GITLAB_PORT:-80}
fi

## SSH
GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST}
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
GITLAB_SSH_LISTEN_PORT=${GITLAB_SSH_LISTEN_PORT:-22}
GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SSH_LISTEN_PORT}
GITLAB_SSH_MAXSTARTUPS=${GITLAB_SSH_MAXSTARTUPS:-10:30:60}

NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-$GITLAB_HTTPS_HSTS_ENABLED} # backward compatibility
NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-true}

NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-$GITLAB_HTTPS_HSTS_MAXAGE} # backward compatibility
NGINX_HSTS_MAXAGE=${NGINX_HSTS_MAXAGE:-31536000}

## DATABASE
DB_ADAPTER=${DB_ADAPTER:-postgresql}
DB_ENCODING=${DB_ENCODING:-}
DB_HOST=${DB_HOST:-}
DB_PORT=${DB_PORT:-}
DB_NAME=${DB_NAME:-}
DB_USER=${DB_USER:-}
DB_PASS=${DB_PASS:-}
DB_POOL=${DB_POOL:-10}
DB_PREPARED_STATEMENTS=${DB_PREPARED_STATEMENTS:-true}

# backward compatibility
case ${DB_TYPE} in
  postgres) DB_ADAPTER=${DB_ADAPTER:-postgresql} ;;
esac

## REDIS
REDIS_HOST=${REDIS_HOST:-}
REDIS_PORT=${REDIS_PORT:-}
REDIS_DB_NUMBER=${REDIS_DB_NUMBER:-0}

## SIDEKIQ
SIDEKIQ_SHUTDOWN_TIMEOUT=${SIDEKIQ_SHUTDOWN_TIMEOUT:-4}
SIDEKIQ_CONCURRENCY=${SIDEKIQ_CONCURRENCY:-25}
SIDEKIQ_MEMORY_KILLER_MAX_RSS=${SIDEKIQ_MEMORY_KILLER_MAX_RSS:-1000000}
GITLAB_SIDEKIQ_LOG_FORMAT=${GITLAB_SIDEKIQ_LOG_FORMAT:-json}

## PUMA
PUMA_THREADS_MIN=${PUMA_THREADS_MIN:-1}
PUMA_THREADS_MAX=${PUMA_THREADS_MAX:-16}
PUMA_WORKERS=${PUMA_WORKERS:-3}
PUMA_TIMEOUT=${PUMA_TIMEOUT:-60}
PUMA_PER_WORKER_MAX_MEMORY_MB=${PUMA_PER_WORKER_MAX_MEMORY_MB:-1024}
PUMA_MASTER_MAX_MEMORY_MB=${PUMA_MASTER_MAX_MEMORY_MB:-800}

# Set Default values according to the documentation
# https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer
GITLAB_UNICORN_MEMORY_MIN=${GITLAB_UNICORN_MEMORY_MIN:-1073741824}
GITLAB_UNICORN_MEMORY_MAX=${GITLAB_UNICORN_MEMORY_MAX:-1342177280}


##
GITLAB_TIMEZONE=${GITLAB_TIMEZONE:-UTC}
GITLAB_SIGNUP_ENABLED=${GITLAB_SIGNUP_ENABLED:-true}
GITLAB_ISSUE_CLOSING_PATTERN=${GITLAB_ISSUE_CLOSING_PATTERN:-'\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'}
GITLAB_PROJECTS_LIMIT=${GITLAB_PROJECTS_LIMIT:-100}
GITLAB_USERNAME_CHANGE=${GITLAB_USERNAME_CHANGE:-true}
GITLAB_CREATE_GROUP=${GITLAB_CREATE_GROUP:-true}
GITLAB_PROJECTS_ISSUES=${GITLAB_PROJECTS_ISSUES:-true}
GITLAB_PROJECTS_MERGE_REQUESTS=${GITLAB_PROJECTS_MERGE_REQUESTS:-true}
GITLAB_PROJECTS_WIKI=${GITLAB_PROJECTS_WIKI:-true}
GITLAB_PROJECTS_SNIPPETS=${GITLAB_PROJECTS_SNIPPETS:-true}
GITLAB_PROJECTS_BUILDS=${GITLAB_PROJECTS_BUILDS:-true}
GITLAB_PROJECTS_CONTAINER_REGISTRY=${GITLAB_PROJECTS_CONTAINER_REGISTRY:-true}
GITLAB_RELATIVE_URL_ROOT=${GITLAB_RELATIVE_URL_ROOT:-}
GITLAB_TRUSTED_PROXIES=${GITLAB_TRUSTED_PROXIES:-}
if [[ -z ${GITLAB_RELATIVE_URL_ROOT} || ${GITLAB_RELATIVE_URL_ROOT} == / ]]; then # should not be set to `/`
  GITLAB_RELATIVE_URL_ROOT=
fi

GITLAB_WEBHOOK_TIMEOUT=${GITLAB_WEBHOOK_TIMEOUT:-10}

GITLAB_WORKHORSE_TIMEOUT=${GITLAB_WORKHORSE_TIMEOUT:-5m0s}

# OBJECTSTORE
GITLAB_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_OBJECT_STORE_CONNECTION_PROVIDER:-AWS}

#-- AWS
AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-AWS_SECRET_ACCESS_KEY}
AWS_REGION=${AWS_REGION:-us-east-1}
AWS_HOST=${AWS_HOST:-s3.amazonaws.com}
AWS_ENDPOINT=${AWS_ENDPOINT:-nil}
AWS_PATH_STYLE=${AWS_PATH_STYLE:-true}
AWS_SIGNATURE_VERSION=${AWS_SIGNATURE_VERSION:-4}

#-- Google
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-"/gcs/key.json"}

## ARTIFACTS
GITLAB_ARTIFACTS_ENABLED=${GITLAB_ARTIFACTS_ENABLED:-true}
GITLAB_ARTIFACTS_DIR="${GITLAB_ARTIFACTS_DIR:-$GITLAB_SHARED_DIR/artifacts}"


GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED=${GITLAB_ARTIFACTS_OBJECT_STORE_ENABLED:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_ARTIFACTS_OBJECT_STORE_REMOTE_DIRECTORY:-artifacts}
GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_ARTIFACTS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}

# ARTIFACTS:AWS
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}

# ARTIFACTS:Google
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_ARTIFACTS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}

## PACKAGES
GITLAB_PACKAGES_ENABLED=${GITLAB_PACKAGES_ENABLED:-true}
GITLAB_PACKAGES_DIR="${GITLAB_PACKAGES_DIR:-$GITLAB_SHARED_DIR/packages}"


GITLAB_PACKAGES_OBJECT_STORE_ENABLED=${GITLAB_PACKAGES_OBJECT_STORE_ENABLED:-false}
GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY:-packages}
GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_PACKAGES_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_PACKAGES_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_PACKAGES_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}

# PACKAGES:AWS
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}

# PACKAGES:Google
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}

## TERRAFORM STATE
GITLAB_TERRAFORM_STATE_ENABLED=${GITLAB_TERRAFORM_STATE_ENABLED:-true}
GITLAB_TERRAFORM_STATE_STORAGE_PATH="${GITLAB_TERRAFORM_STATE_STORAGE_PATH:-$GITLAB_SHARED_DIR/terraform_state}"

GITLAB_TERRAFORM_STATE_OBJECT_STORE_ENABLED=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_ENABLED:-false}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_PACKAGES_OBJECT_STORE_REMOTE_DIRECTORY:-terraform_state}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}

# TERRAFORM STATE:AWS
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}

# TERRAFORM STATE:Google
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_TERRAFORM_STATE_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}

## Cron Jobs
GITLAB_PIPELINE_SCHEDULE_WORKER_CRON=${GITLAB_PIPELINE_SCHEDULE_WORKER_CRON:-"19 * * * *"}

## LFS
GITLAB_LFS_ENABLED=${GITLAB_LFS_ENABLED:-true}
GITLAB_LFS_OBJECTS_DIR="${GITLAB_LFS_OBJECTS_DIR:-$GITLAB_SHARED_DIR/lfs-objects}"

GITLAB_LFS_OBJECT_STORE_ENABLED=${GITLAB_LFS_OBJECT_STORE_ENABLED:-false}
GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_LFS_OBJECT_STORE_REMOTE_DIRECTORY:-lfs-objects}
GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_LFS_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_LFS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_LFS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_LFS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}

# LFS:AWS
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}

# LFS:Google
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_LFS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}

## Uploads
GITLAB_UPLOADS_STORAGE_PATH="${GITLAB_UPLOADS_STORAGE_PATH:-$GITLAB_INSTALL_DIR/public}"
GITLAB_UPLOADS_BASE_DIR="${GITLAB_UPLOADS_BASE_DIR:-uploads/-/system}"

GITLAB_UPLOADS_OBJECT_STORE_ENABLED=${GITLAB_UPLOADS_OBJECT_STORE_ENABLED:-false}
GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY=${GITLAB_UPLOADS_OBJECT_STORE_REMOTE_DIRECTORY:-uploads}
GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_DIRECT_UPLOAD:-false}
GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD=${GITLAB_UPLOADS_OBJECT_STORE_BACKGROUND_UPLOAD:-false}
GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD=${GITLAB_UPLOADS_OBJECT_STORE_PROXY_DOWNLOAD:-false}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_PROVIDER:-$GITLAB_OBJECT_STORE_CONNECTION_PROVIDER}

# Uploads:AWS
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_REGION:-$AWS_REGION}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_HOST:-$AWS_HOST}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_ENDPOINT:-$AWS_ENDPOINT}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_PATH_STYLE:-$AWS_PATH_STYLE}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_AWS_SIGNATURE_VERSION:-$AWS_SIGNATURE_VERSION}

# Uploads:Google
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_PROJECT}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_CLIENT_EMAIL}
GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION=${GITLAB_UPLOADS_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION:-$GITLAB_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}


## Mattermost
GITLAB_MATTERMOST_ENABLED=${GITLAB_MATTERMOST_ENABLED:-false}
GITLAB_MATTERMOST_URL=${GITLAB_MATTERMOST_URL:-https://mattermost.example.com}

GITLAB_SECRETS_DB_KEY_BASE=${GITLAB_SECRETS_DB_KEY_BASE:-}
GITLAB_SECRETS_SECRET_KEY_BASE=${GITLAB_SECRETS_SECRET_KEY_BASE:-}
GITLAB_SECRETS_OTP_KEY_BASE=${GITLAB_SECRETS_OTP_KEY_BASE:-}
GITLAB_NOTIFY_ON_BROKEN_BUILDS=${GITLAB_NOTIFY_ON_BROKEN_BUILDS:-true}
GITLAB_NOTIFY_PUSHER=${GITLAB_NOTIFY_PUSHER:-false}

GITLAB_ROBOTS_PATH=${GITLAB_ROBOTS_PATH:-${USERCONF_TEMPLATES_DIR}/gitlabhq/robots.txt}

## REGISTRY
GITLAB_REGISTRY_ENABLED=${GITLAB_REGISTRY_ENABLED:-false}
GITLAB_REGISTRY_DIR="${GITLAB_REGISTRY_DIR:-$GITLAB_SHARED_DIR/registry}"
GITLAB_REGISTRY_HOST=${GITLAB_REGISTRY_HOST:-registry.example.com}
GITLAB_REGISTRY_PORT=${GITLAB_REGISTRY_PORT:-443}
GITLAB_REGISTRY_API_URL=${GITLAB_REGISTRY_API_URL:-http://localhost:5000/}
GITLAB_REGISTRY_KEY_PATH=${GITLAB_REGISTRY_KEY_PATH:-config/registry.key}
GITLAB_REGISTRY_ISSUER=${GITLAB_REGISTRY_ISSUER:-gitlab-issuer}
GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES=${GITLAB_REGISTRY_GENERATE_INTERNAL_CERTIFICATES:-false}

## SSL
SSL_SELF_SIGNED=${SSL_SELF_SIGNED:-false}
SSL_CERTIFICATE_PATH=${SSL_CERTIFICATE_PATH:-$GITLAB_DATA_DIR/certs/gitlab.crt}
SSL_KEY_PATH=${SSL_KEY_PATH:-$GITLAB_DATA_DIR/certs/gitlab.key}
SSL_DHPARAM_PATH=${SSL_DHPARAM_PATH:-$GITLAB_DATA_DIR/certs/dhparam.pem}
SSL_VERIFY_CLIENT=${SSL_VERIFY_CLIENT:-off}
SSL_CIPHERS=${SSL_CIPHERS:-'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4'}
SSL_PROTOCOLS=${SSL_PROTOCOLS:-'TLSv1 TLSv1.1 TLSv1.2 TLSv1.3'}

SSL_REGISTRY_KEY_PATH=${SSL_REGISTRY_KEY_PATH:-$GITLAB_REGISTRY_KEY_PATH}
SSL_REGISTRY_KEY_PATH=${SSL_REGISTRY_KEY_PATH:-$GITLAB_DATA_DIR/certs/registry.key}
SSL_REGISTRY_CERT_PATH=${SSL_REGISTRY_CERT_PATH:-$GITLAB_REGISTRY_CERT_PATH}
SSL_REGISTRY_CERT_PATH=${SSL_REGISTRY_CERT_PATH:-$GITLAB_DATA_DIR/certs/registry.crt}
SSL_REGISTRY_CIPHERS=${SSL_REGISTRY_CIPHERS:-$SSL_CIPHERS}
SSL_REGISTRY_PROTOCOLS=${SSL_REGISTRY_PROTOCOLS:-$SSL_PROTOCOLS}

SSL_PAGES_KEY_PATH=${SSL_PAGES_KEY_PATH:-$GITLAB_DATA_DIR/certs/pages.key}
SSL_PAGES_CERT_PATH=${SSL_PAGES_CERT_PATH:-$GITLAB_DATA_DIR/certs/pages.crt}
SSL_PAGES_CIPHERS=${SSL_PAGES_CIPHERS:-$SSL_CIPHERS}
SSL_PAGES_PROTOCOLS=${SSL_PAGES_PROTOCOLS:-$SSL_PROTOCOLS}

SSL_CA_CERTIFICATES_PATH=${SSL_CA_CERTIFICATES_PATH:-$CA_CERTIFICATES_PATH} # backward compatibility
SSL_CA_CERTIFICATES_PATH=${SSL_CA_CERTIFICATES_PATH:-$GITLAB_DATA_DIR/certs/ca.crt}

## BACKUPS
GITLAB_BACKUP_SCHEDULE=${GITLAB_BACKUP_SCHEDULE:-$GITLAB_BACKUPS} # backward compatibility
GITLAB_BACKUP_SCHEDULE=${GITLAB_BACKUP_SCHEDULE:-disable}
GITLAB_BACKUP_TIME=${GITLAB_BACKUP_TIME:-04:00}
GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-}
GITLAB_BACKUP_PG_SCHEMA=${GITLAB_BACKUP_PG_SCHEMA:-}
GITLAB_BACKUP_ARCHIVE_PERMISSIONS=${GITLAB_BACKUP_ARCHIVE_PERMISSIONS:-0600}
case ${GITLAB_BACKUP_SCHEDULE} in
  daily|weekly|monthly) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-604800} ;;
  disable|*) GITLAB_BACKUP_EXPIRY=${GITLAB_BACKUP_EXPIRY:-0} ;;
esac

### AWS BACKUPS
AWS_BACKUPS=${AWS_BACKUPS:-false}
AWS_BACKUP_REGION=${AWS_BACKUP_REGION}
AWS_BACKUP_ENDPOINT=${AWS_BACKUP_ENDPOINT}
AWS_BACKUP_PATH_STYLE=${AWS_BACKUP_PATH_STYLE:-false}
AWS_BACKUP_ACCESS_KEY_ID=${AWS_BACKUP_ACCESS_KEY_ID}
AWS_BACKUP_SECRET_ACCESS_KEY=${AWS_BACKUP_SECRET_ACCESS_KEY}
AWS_BACKUP_BUCKET=${AWS_BACKUP_BUCKET}
AWS_BACKUP_MULTIPART_CHUNK_SIZE=${AWS_BACKUP_MULTIPART_CHUNK_SIZE}
AWS_BACKUP_ENCRYPTION=${AWS_BACKUP_ENCRYPTION}
AWS_BACKUP_STORAGE_CLASS=${AWS_BACKUP_STORAGE_CLASS:-STANDARD}
AWS_BACKUP_SIGNATURE_VERSION=${AWS_BACKUP_SIGNATURE_VERSION:-4}

### GCS BACKUPS
GCS_BACKUPS=${GCS_BACKUPS:-false}
GCS_BACKUP_ACCESS_KEY_ID=${GCS_BACKUP_ACCESS_KEY_ID}
GCS_BACKUP_SECRET_ACCESS_KEY=${GCS_BACKUP_SECRET_ACCESS_KEY}
GCS_BACKUP_BUCKET=${GCS_BACKUP_BUCKET}

## NGINX
NGINX_SERVER_NAMES_HASH_BUCKET_SIZE=${NGINX_SERVER_NAMES_HASH_BUCKET_SIZE:-32};
NGINX_WORKERS=${NGINX_WORKERS:-1}
NGINX_ACCEL_BUFFERING=${NGINX_ACCEL_BUFFERING:-no}
NGINX_PROXY_BUFFERING=${NGINX_PROXY_BUFFERING:-off}
NGINX_REAL_IP_RECURSIVE=${NGINX_REAL_IP_RECURSIVE:-off}
NGINX_REAL_IP_TRUSTED_ADDRESSES=${NGINX_REAL_IP_TRUSTED_ADDRESSES:-}
case ${GITLAB_HTTPS} in
  true) NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-https} ;;
  *)    NGINX_X_FORWARDED_PROTO=${NGINX_X_FORWARDED_PROTO:-\$scheme} ;;
esac
NGINX_CUSTOM_GITLAB_SERVER_CONFIG=${NGINX_CUSTOM_GITLAB_SERVER_CONFIG:-}

## MAIL DELIVERY
SMTP_DOMAIN=${SMTP_DOMAIN:-www.gmail.com}
SMTP_HOST=${SMTP_HOST:-smtp.gmail.com}
SMTP_PORT=${SMTP_PORT:-587}
SMTP_USER=${SMTP_USER:-}
SMTP_PASS=${SMTP_PASS:-}
SMTP_OPENSSL_VERIFY_MODE=${SMTP_OPENSSL_VERIFY_MODE:-none}
SMTP_STARTTLS=${SMTP_STARTTLS:-true}
SMTP_TLS=${SMTP_TLS:-false}
SMTP_CA_ENABLED=${SMTP_CA_ENABLED:-false}
SMTP_CA_PATH=${SMTP_CA_PATH:-$GITLAB_DATA_DIR/certs}
SMTP_CA_FILE=${SMTP_CA_FILE:-$GITLAB_DATA_DIR/certs/ca.crt}
if [[ -n ${SMTP_USER} ]]; then
  SMTP_ENABLED=${SMTP_ENABLED:-true}
  SMTP_AUTHENTICATION=${SMTP_AUTHENTICATION:-login}
fi
SMTP_ENABLED=${SMTP_ENABLED:-false}
GITLAB_EMAIL_ENABLED=${GITLAB_EMAIL_ENABLED:-${SMTP_ENABLED}}
GITLAB_EMAIL=${GITLAB_EMAIL:-${SMTP_USER}}
GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-${GITLAB_EMAIL}}
GITLAB_EMAIL_SUBJECT_SUFFIX=${GITLAB_EMAIL_SUBJECT_SUFFIX:-}
GITLAB_EMAIL=${GITLAB_EMAIL:-example@example.com}
GITLAB_EMAIL_REPLY_TO=${GITLAB_EMAIL_REPLY_TO:-noreply@example.com}
GITLAB_EMAIL_DISPLAY_NAME=${GITLAB_EMAIL_DISPLAY_NAME:-GitLab}
GITLAB_EMAIL_SMIME_ENABLE=${GITLAB_EMAIL_SMIME_ENABLE:-false}
GITLAB_EMAIL_SMIME_KEY_FILE=${GITLAB_EMAIL_SMIME_KEY_FILE:-}
GITLAB_EMAIL_SMIME_CERT_FILE=${GITLAB_EMAIL_SMIME_CERT_FILE:-}

## INCOMING MAIL
IMAP_HOST=${IMAP_HOST:-imap.gmail.com}
IMAP_PORT=${IMAP_PORT:-993}
IMAP_USER=${IMAP_USER:-}
IMAP_PASS=${IMAP_PASS:-}
IMAP_SSL=${IMAP_SSL:-true}
IMAP_STARTTLS=${IMAP_STARTTLS:-false}
IMAP_MAILBOX=${IMAP_MAILBOX:-inbox}
IMAP_TIMEOUT=${IMAP_TIMEOUT:-60}

if [[ -n ${IMAP_USER} ]]; then
  IMAP_ENABLED=${IMAP_ENABLED:-true}
fi
IMAP_ENABLED=${IMAP_ENABLED:-false}
GITLAB_INCOMING_EMAIL_ENABLED=${GITLAB_INCOMING_EMAIL_ENABLED:-${IMAP_ENABLED}}
GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-${IMAP_USER}}
GITLAB_INCOMING_EMAIL_ADDRESS=${GITLAB_INCOMING_EMAIL_ADDRESS:-reply@example.com}

## LDAP
LDAP_ENABLED=${LDAP_ENABLED:-false}
LDAP_HOST=${LDAP_HOST:-}
LDAP_PORT=${LDAP_PORT:-389}
LDAP_UID=${LDAP_UID:-sAMAccountName}
LDAP_METHOD=${LDAP_METHOD:-plain}
LDAP_VERIFY_SSL=${LDAP_VERIFY_SSL:-true}
LDAP_CA_FILE=${LDAP_CA_FILE:-}
LDAP_SSL_VERSION=${LDAP_SSL_VERSION:-}
LDAP_BIND_DN=${LDAP_BIND_DN:-}
LDAP_PASS=${LDAP_PASS:-}
LDAP_TIMEOUT=${LDAP_TIMEOUT:-10}
LDAP_ACTIVE_DIRECTORY=${LDAP_ACTIVE_DIRECTORY:-true}
LDAP_BLOCK_AUTO_CREATED_USERS=${LDAP_BLOCK_AUTO_CREATED_USERS:-false}
LDAP_BASE=${LDAP_BASE:-}
LDAP_USER_FILTER=${LDAP_USER_FILTER:-}
LDAP_USER_ATTRIBUTE_USERNAME=${LDAP_USER_ATTRIBUTE_USERNAME:-['uid', 'userid', 'sAMAccountName']}
LDAP_USER_ATTRIBUTE_MAIL=${LDAP_USER_ATTRIBUTE_MAIL:-['mail', 'email', 'userPrincipalName']}
LDAP_USER_ATTRIBUTE_NAME=${LDAP_USER_ATTRIBUTE_NAME:-cn}
LDAP_USER_ATTRIBUTE_FIRSTNAME=${LDAP_USER_ATTRIBUTE_FIRSTNAME:-givenName}
LDAP_USER_ATTRIBUTE_LASTNAME=${LDAP_USER_ATTRIBUTE_LASTNAME:-sn}
LDAP_LOWERCASE_USERNAMES="${LDAP_LOWERCASE_USERNAMES:-false}"
LDAP_LABEL=${LDAP_LABEL:-LDAP}
LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-}
LDAP_PREVENT_LDAP_SIGN_IN=${LDAP_PREVENT_LDAP_SIGN_IN:-false}
case ${LDAP_UID} in
  userPrincipalName) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-false} ;;
  *) LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN=${LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN:-true}
esac

## GRAVATAR
GITLAB_GRAVATAR_ENABLED=${GITLAB_GRAVATAR_ENABLED:-true}
GITLAB_GRAVATAR_HTTP_URL=${GITLAB_GRAVATAR_HTTP_URL:-}
GITLAB_GRAVATAR_HTTPS_URL=${GITLAB_GRAVATAR_HTTPS_URL:-}

## OAUTH
OAUTH_ENABLED=${OAUTH_ENABLED:-}
OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=${OAUTH_AUTO_SIGN_IN_WITH_PROVIDER:-}
OAUTH_ALLOW_SSO=${OAUTH_ALLOW_SSO:-}
OAUTH_BLOCK_AUTO_CREATED_USERS=${OAUTH_BLOCK_AUTO_CREATED_USERS:-true}
OAUTH_AUTO_LINK_LDAP_USER=${OAUTH_AUTO_LINK_LDAP_USER:-false}
OAUTH_AUTO_LINK_SAML_USER=${OAUTH_AUTO_LINK_SAML_USER:-false}
OAUTH_EXTERNAL_PROVIDERS=${OAUTH_EXTERNAL_PROVIDERS:-}

### GOOGLE
OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-}
OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-}
OAUTH_GOOGLE_APPROVAL_PROMPT=${OAUTH_GOOGLE_APPROVAL_PROMPT:-}
OAUTH_GOOGLE_RESTRICT_DOMAIN=${OAUTH_GOOGLE_RESTRICT_DOMAIN:-}
if [[ -n ${OAUTH_GOOGLE_RESTRICT_DOMAIN} ]]; then # backward compatibility
  if [[ ${OAUTH_GOOGLE_RESTRICT_DOMAIN} != "'"* ]]; then
    OAUTH_GOOGLE_RESTRICT_DOMAIN="'${OAUTH_GOOGLE_RESTRICT_DOMAIN}'"
  fi
fi

### FACEBOOK
OAUTH_FACEBOOK_API_KEY=${OAUTH_FACEBOOK_API_KEY:-}
OAUTH_FACEBOOK_APP_SECRET=${OAUTH_FACEBOOK_APP_SECRET:-}

### TWITTER
OAUTH_TWITTER_API_KEY=${OAUTH_TWITTER_API_KEY:-}
OAUTH_TWITTER_APP_SECRET=${OAUTH_TWITTER_APP_SECRET:-}

## Authentiq
OAUTH_AUTHENTIQ_CLIENT_ID=${OAUTH_AUTHENTIQ_CLIENT_ID:-}
OAUTH_AUTHENTIQ_CLIENT_SECRET=${OAUTH_AUTHENTIQ_CLIENT_SECRET:-}
OAUTH_AUTHENTIQ_SCOPE=${OAUTH_AUTHENTIQ_SCOPE:-'aq:name email~rs address aq:push'}
OAUTH_AUTHENTIQ_REDIRECT_URI=${OAUTH_AUTHENTIQ_REDIRECT_URI:-}

### GITHUB
OAUTH_GITHUB_API_KEY=${OAUTH_GITHUB_API_KEY:-}
OAUTH_GITHUB_APP_SECRET=${OAUTH_GITHUB_APP_SECRET:-}
OAUTH_GITHUB_URL=${OAUTH_GITHUB_URL:-https://github.com/}
OAUTH_GITHUB_VERIFY_SSL=${OAUTH_GITHUB_VERIFY_SSL:-true}
OAUTH_GITHUB_SCOPE=${OAUTH_GITHUB_SCOPE:-user:email}

### GITLAB
OAUTH_GITLAB_API_KEY=${OAUTH_GITLAB_API_KEY:-}
OAUTH_GITLAB_APP_SECRET=${OAUTH_GITLAB_APP_SECRET:-}
OAUTH_GITLAB_SCOPE=${OAUTH_GITLAB_SCOPE:-api}

### BITBUCKET
OAUTH_BITBUCKET_API_KEY=${OAUTH_BITBUCKET_API_KEY:-}
OAUTH_BITBUCKET_APP_SECRET=${OAUTH_BITBUCKET_APP_SECRET:-}
OAUTH_BITBUCKET_URL=${OAUTH_BITBUCKET_URL:-https://bitbucket.org/}

### CROWD
OAUTH_CROWD_SERVER_URL=${OAUTH_CROWD_SERVER_URL:-}
OAUTH_CROWD_APP_NAME=${OAUTH_CROWD_APP_NAME:-}
OAUTH_CROWD_APP_PASSWORD=${OAUTH_CROWD_APP_PASSWORD:-}

## AZURE
OAUTH_AZURE_API_KEY=${OAUTH_AZURE_API_KEY:-}
OAUTH_AZURE_API_SECRET=${OAUTH_AZURE_API_SECRET:-}
OAUTH_AZURE_TENANT_ID=${OAUTH_AZURE_TENANT_ID:-}

### SAML
case $GITLAB_HTTPS in
  true)
    OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-https://${GITLAB_HOST}/users/auth/saml/callback}
    OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-https://${GITLAB_HOST}}
    ;;
  false)
    OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=${OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL:-http://${GITLAB_HOST}/users/auth/saml/callback}
    OAUTH_SAML_ISSUER=${OAUTH_SAML_ISSUER:-http://${GITLAB_HOST}}
    ;;
esac
OAUTH_SAML_LABEL=${OAUTH_SAML_LABEL:-'Our SAML Provider'}
OAUTH_SAML_IDP_CERT_FINGERPRINT=${OAUTH_SAML_IDP_CERT_FINGERPRINT:-}
OAUTH_SAML_IDP_SSO_TARGET_URL=${OAUTH_SAML_IDP_SSO_TARGET_URL:-}
OAUTH_SAML_NAME_IDENTIFIER_FORMAT=${OAUTH_SAML_NAME_IDENTIFIER_FORMAT:-urn:oasis:names:tc:SAML:2.0:nameid-format:transient}
OAUTH_SAML_GROUPS_ATTRIBUTE=${OAUTH_SAML_GROUPS_ATTRIBUTE:-}
OAUTH_SAML_EXTERNAL_GROUPS=${OAUTH_SAML_EXTERNAL_GROUPS:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME:-}
OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=${OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME:-}

### CAS3
OAUTH_CAS3_LABEL=${OAUTH_CAS3_LABEL:-cas3}
OAUTH_CAS3_SERVER=${OAUTH_CAS3_SERVER:-}
OAUTH_CAS3_DISABLE_SSL_VERIFICATION=${OAUTH_CAS3_DISABLE_SSL_VERIFICATION:-false}
OAUTH_CAS3_LOGIN_URL=${OAUTH_CAS3_LOGIN_URL:-/cas/login}
OAUTH_CAS3_VALIDATE_URL=${OAUTH_CAS3_VALIDATE_URL:-/cas/p3/serviceValidate}
OAUTH_CAS3_LOGOUT_URL=${OAUTH_CAS3_LOGOUT_URL:-/cas/logout}

### AUTH0
OAUTH_AUTH0_SCOPE=${OAUTH_AUTH0_SCOPE:-openid profile email}

## OAUTH2 GENERIC
OAUTH2_GENERIC_APP_ID=${OAUTH2_GENERIC_APP_ID:-}
OAUTH2_GENERIC_APP_SECRET=${OAUTH2_GENERIC_APP_SECRET:-}
OAUTH2_GENERIC_CLIENT_SITE=${OAUTH2_GENERIC_CLIENT_SITE:-}
OAUTH2_GENERIC_CLIENT_USER_INFO_URL=${OAUTH2_GENERIC_CLIENT_USER_INFO_URL:-}
OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL=${OAUTH2_GENERIC_CLIENT_AUTHORIZE_URL:-}
OAUTH2_GENERIC_CLIENT_TOKEN_URL=${OAUTH2_GENERIC_CLIENT_TOKEN_URL:-}
OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT=${OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT:-}
OAUTH2_GENERIC_ID_PATH=${OAUTH2_GENERIC_ID_PATH:-}
OAUTH2_GENERIC_USER_UID=${OAUTH2_GENERIC_USER_UID:-}
OAUTH2_GENERIC_USER_NAME=${OAUTH2_GENERIC_USER_NAME:-}
OAUTH2_GENERIC_USER_EMAIL=${OAUTH2_GENERIC_USER_EMAIL:-}
OAUTH2_GENERIC_NAME=${OAUTH2_GENERIC_NAME:-}

## ANALYTICS

### GOOGLE
GOOGLE_ANALYTICS_ID=${GOOGLE_ANALYTICS_ID:-}

### PIWIK
PIWIK_URL=${PIWIK_URL:-}
PIWIK_SITE_ID=${PIWIK_SITE_ID:-}

## RACK ATTACK
RACK_ATTACK_ENABLED=${RACK_ATTACK_ENABLED:-true}
RACK_ATTACK_WHITELIST=${RACK_ATTACK_WHITELIST:-"127.0.0.1"}
RACK_ATTACK_MAXRETRY=${RACK_ATTACK_MAXRETRY:-10}
RACK_ATTACK_FINDTIME=${RACK_ATTACK_FINDTIME:-60}
RACK_ATTACK_BANTIME=${RACK_ATTACK_BANTIME:-3600}


## GitLab Pages
GITLAB_PAGES_ENABLED=${GITLAB_PAGES_ENABLED:-false}
GITLAB_PAGES_DOMAIN=${GITLAB_PAGES_DOMAIN:-"example.com"}
GITLAB_PAGES_DIR="${GITLAB_PAGES_DIR:-$GITLAB_SHARED_DIR/pages}"
GITLAB_PAGES_PORT=${GITLAB_PAGES_PORT:-80}
GITLAB_PAGES_ARTIFACTS_SERVER=${GITLAB_PAGES_ARTIFACTS_SERVER:-true}
GITLAB_PAGES_ARTIFACTS_SERVER_URL=${GITLAB_PAGES_ARTIFACTS_SERVER_URL:-}
GITLAB_PAGES_HTTPS=${GITLAB_PAGES_HTTPS:-false}
GITLAB_PAGES_EXTERNAL_HTTP=${GITLAB_PAGES_EXTERNAL_HTTP:-}
GITLAB_PAGES_EXTERNAL_HTTPS=${GITLAB_PAGES_EXTERNAL_HTTPS:-}
GITLAB_PAGES_ACCESS_CONTROL=${GITLAB_PAGES_ACCESS_CONTROL:-false}
GITLAB_PAGES_ACCESS_CONTROL_SERVER=${GITLAB_PAGES_ACCESS_CONTROL_SERVER:-}
GITLAB_PAGES_ACCESS_SECRET=${GITLAB_PAGES_ACCESS_SECRET:-}
GITLAB_PAGES_ACCESS_CLIENT_ID=${GITLAB_PAGES_ACCESS_CLIENT_ID:-}
GITLAB_PAGES_ACCESS_CLIENT_SECRET=${GITLAB_PAGES_ACCESS_CLIENT_SECRET:-}
GITLAB_PAGES_ACCESS_REDIRECT_URI=${GITLAB_PAGES_ACCESS_REDIRECT_URI:-}
GITLAB_PAGES_NGINX_PROXY=${GITLAB_PAGES_NGINX_PROXY:-true}

## Gitaly
GITALY_CLIENT_PATH=${GITALY_CLIENT_PATH:-$GITLAB_GITALY_INSTALL_DIR}
GITALY_TOKEN=${GITALY_TOKEN:-}
GITALY_SOCKET_PATH=${GITLAB_INSTALL_DIR}/tmp/sockets/private/gitaly.socket
GITALY_ADDRESS=${GITALY_ADDRESS:-unix:$GITALY_SOCKET_PATH}

## GitLab Shell
GITLAB_SHELL_CUSTOM_HOOKS_DIR=${GITLAB_SHELL_CUSTOM_HOOKS_DIR:-"$GITLAB_SHELL_INSTALL_DIR/hooks"}

## MONITORING
GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL=${GITLAB_MONITORING_UNICORN_SAMPLER_INTERVAL:-10}
GITLAB_MONITORING_IP_WHITELIST=${GITLAB_MONITORING_IP_WHITELIST:-"0.0.0.0/8"}
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ENABLED:-true}
GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_ADDRESS:-"0.0.0.0"}
GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT=${GITLAB_MONITORING_SIDEKIQ_EXPORTER_PORT:-3807}

## Sentry
SENTRY_ENABLED=${SENTRY_ENABLED:-false}
SENTRY_DSN=${SENTRY_DSN:-}
SENTRY_CLIENTSIDE_DSN=${SENTRY_CLIENTSIDE_DSN:-}
SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT:-production}

## Content Security Policy
# See https://guides.rubyonrails.org/security.html#content-security-policy
GITLAB_CONTENT_SECURITY_POLICY_ENABLED=${GITLAB_CONTENT_SECURITY_POLICY_ENABLED:-true}
GITLAB_CONTENT_SECURITY_POLICY_REPORT_ONLY=${GITLAB_CONTENT_SECURITY_POLICY_REPORT_ONLY:-false}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_BASE_URI=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_BASE_URI:-}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CHILD_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CHILD_SRC:-}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CONNECT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_CONNECT_SRC:-"'self' http://localhost:* ws://localhost:* wss://localhost:*"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_DEFAULT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_DEFAULT_SRC:-"'self'"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FONT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FONT_SRC:-}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FORM_ACTION=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FORM_ACTION:-}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_ANCESTORS=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_ANCESTORS:-"'self'"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_FRAME_SRC:-"'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://content.googleapis.com https://content-compute.googleapis.com https://content-cloudbilling.googleapis.com https://content-cloudresourcemanager.googleapis.com"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_IMG_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_IMG_SRC:-"* data: blob:"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MANIFEST_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MANIFEST_SRC:-}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MEDIA_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_MEDIA_SRC:-}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_OBJECT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_OBJECT_SRC:-"'none'"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_SCRIPT_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_SCRIPT_SRC:-"'self' 'unsafe-eval' http://localhost:* https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://apis.google.com"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_STYLE_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_STYLE_SRC:-"'self' 'unsafe-inline'"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_WORKER_SRC=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_WORKER_SRC:-"'self' blob:"}
GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_REPORT_URI=${GITLAB_CONTENT_SECURITY_POLICY_DIRECTIVES_REPORT_URI:-}