docker-gitlab/assets/config/gitlabhq/gitlab.yml

# # # # # # # # # # # # # # # # # #
# GitLab application config file  #
# # # # # # # # # # # # # # # # # #
#
###########################  NOTE  #####################################
# This file should not receive new settings. All configuration options #
# that do not require an application restart are being moved to        #
# ApplicationSetting model!                                            #
# If you change this file in a Merge Request, please also create       #
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests  #
########################################################################
#
#
# How to use:
# 1. Copy file as gitlab.yml
# 2. Update gitlab -> host with your fully qualified domain name
# 3. Update gitlab -> email_from
# 4. If you installed Git from source, change git -> bin_path to /usr/local/bin/git
#    IMPORTANT: If Git was installed in a different location use that instead.
#    You can check with `which git`. If a wrong path of Git is specified, it will
#     result in various issues such as failures of GitLab CI builds.
# 5. Review this configuration file for other settings you may want to adjust

production: &base
  #
  # 1. GitLab app settings
  # ==========================

  ## GitLab settings
  gitlab:
    ## Web server settings (note: host is the FQDN, do not include http://)
    host: "{{GITLAB_HOST}}"
    port: {{GITLAB_PORT}}
    https: {{GITLAB_HTTPS}}

    # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
    # (you'd obviously need to replace ssh.host_example.com with your own host).
    # Otherwise, ssh host will be set to the `host:` value above
    ssh_host: "{{GITLAB_SSH_HOST}}"

    # WARNING: See config/application.rb under "Relative url support" for the list of
    # other files that need to be changed for relative url support
    # relative_url_root: {{GITLAB_RELATIVE_URL_ROOT}}

    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
    # user: git

    ## Date & Time settings
    # Uncomment and customize if you want to change the default time zone of GitLab application.
    # To see all available zones, run `bundle exec rake time:zones:all RAILS_ENV=production`
    time_zone: "{{GITLAB_TIMEZONE}}"

    ## Email settings
    # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
    email_enabled: {{GITLAB_EMAIL_ENABLED}}
    # Email address used in the "From" field in mails sent by GitLab
    email_from: "{{GITLAB_EMAIL}}"
    email_display_name: "{{GITLAB_EMAIL_DISPLAY_NAME}}"
    email_reply_to: "{{GITLAB_EMAIL_REPLY_TO}}"

    # Email server smtp settings are in config/initializers/smtp_settings.rb.sample

    default_can_create_group: {{GITLAB_CREATE_GROUP}}     # default: true
    username_changing_enabled: {{GITLAB_USERNAME_CHANGE}} # default: true - User can change her username/namespace
    ## Default theme ID
    ##   1 - Graphite
    ##   2 - Charcoal
    ##   3 - Green
    ##   4 - Gray
    ##   5 - Violet
    ##   6 - Blue
    # default_theme: 2 # default: 2

    ## Automatic issue closing
    # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
    # This happens when the commit is pushed or merged into the default branch of a project.
    # When not specified the default issue_closing_pattern as specified below will be used.
    # Tip: you can test your closing pattern at http://rubular.com.
    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?#\d+(?:(?:, *| +and +)?))+)'

    ## Default project features settings
    default_projects_features:
      issues: {{GITLAB_PROJECTS_ISSUES}}
      merge_requests: {{GITLAB_PROJECTS_MERGE_REQUESTS}}
      wiki: {{GITLAB_PROJECTS_WIKI}}
      snippets: {{GITLAB_PROJECTS_SNIPPETS}}

    ## Webhook settings
    # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
    webhook_timeout: {{GITLAB_WEBHOOK_TIMEOUT}}

    ## Repository downloads directory
    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
    # The default is 'tmp/repositories' relative to the root of the Rails app.
    # repository_downloads_path: tmp/repositories

  ## Reply by email
  # Allow users to comment on issues and merge requests by replying to notification emails.
  # For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html
  incoming_email:
    enabled: {{GITLAB_INCOMING_EMAIL_ENABLED}}
    address: "{{GITLAB_INCOMING_EMAIL_ADDRESS}}"

  ## Gravatar
  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
  gravatar:
    enabled: {{GITLAB_GRAVATAR_ENABLED}}  # Use user avatar image from Gravatar.com (default: true)
    # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
    plain_url: "{{GITLAB_GRAVATAR_HTTP_URL}}"     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
    ssl_url:   "{{GITLAB_GRAVATAR_HTTPS_URL}}"    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon

  #
  # 2. GitLab CI settings
  # ==========================

  gitlab_ci:
    # Default project notifications settings:
    #
    # Send emails only on broken builds (default: true)
    all_broken_builds: {{GITLAB_NOTIFY_ON_BROKEN_BUILDS}}
    #
    # Add pusher to recipients list (default: false)
    add_pusher: {{GITLAB_NOTIFY_PUSHER}}

    # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
    builds_path: "{{GITLAB_BUILDS_DIR}}"

  #
  # 3. Auth settings
  # ==========================

  ## LDAP settings
  # You can inspect a sample of the LDAP users with login access by running:
  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
  ldap:
    enabled: {{LDAP_ENABLED}}
    servers:
      ##########################################################################
      #
      # Since GitLab 7.4, LDAP servers get ID's (below the ID is 'main'). GitLab
      # Enterprise Edition now supports connecting to multiple LDAP servers.
      #
      # If you are updating from the old (pre-7.4) syntax, you MUST give your
      # old server the ID 'main'.
      #
      ##########################################################################
      main: # 'main' is the GitLab 'provider ID' of this LDAP server
        ## label
        #
        # A human-friendly name for your LDAP server. It is OK to change the label later,
        # for instance if you find out it is too large to fit on the web page.
        #
        # Example: 'Paris' or 'Acme, Ltd.'
        label: "{{LDAP_LABEL}}"

        host: "{{LDAP_HOST}}"
        port: {{LDAP_PORT}}
        uid: "{{LDAP_UID}}"
        method: "{{LDAP_METHOD}}" # "tls" or "ssl" or "plain"
        bind_dn: "{{LDAP_BIND_DN}}"
        password: "{{LDAP_PASS}}"

        # This setting specifies if LDAP server is Active Directory LDAP server.
        # For non AD servers it skips the AD specific queries.
        # If your LDAP server is not AD, set this to false.
        active_directory: {{LDAP_ACTIVE_DIRECTORY}}

        # If allow_username_or_email_login is enabled, GitLab will ignore everything
        # after the first '@' in the LDAP username submitted by the user on login.
        #
        # Example:
        # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
        # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
        #
        # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
        # disable this setting, because the userPrincipalName contains an '@'.
        allow_username_or_email_login: {{LDAP_ALLOW_USERNAME_OR_EMAIL_LOGIN}}

        # To maintain tight control over the number of active users on your GitLab installation,
        # enable this setting to keep new users blocked until they have been cleared by the admin
        # (default: false).
        block_auto_created_users: {{LDAP_BLOCK_AUTO_CREATED_USERS}}

        # Base where we can search for users
        #
        #   Ex. ou=People,dc=gitlab,dc=example
        #
        base: "{{LDAP_BASE}}"

        # Filter LDAP users
        #
        #   Format: RFC 4515 http://tools.ietf.org/search/rfc4515
        #   Ex. (employeeType=developer)
        #
        #   Note: GitLab does not support omniauth-ldap's custom filter syntax.
        #
        user_filter: "{{LDAP_USER_FILTER}}"

        # LDAP attributes that GitLab will use to create an account for the LDAP user.
        # The specified attribute can either be the attribute name as a string (e.g. 'mail'),
        # or an array of attribute names to try in order (e.g. ['mail', 'email']).
        # Note that the user's LDAP login will always be the attribute specified as `uid` above.
        attributes:
          # The username will be used in paths for the user's own projects
          # (like `gitlab.example.com/username/project`) and when mentioning
          # them in issues, merge request and comments (like `@username`).
          # If the attribute specified for `username` contains an email address, 
          # the GitLab username will be the part of the email address before the '@'.
          username: ['uid', 'userid', 'sAMAccountName']
          email:    ['mail', 'email', 'userPrincipalName']

          # If no full name could be found at the attribute specified for `name`,
          # the full name is determined using the attributes specified for 
          # `first_name` and `last_name`.
          name:       'cn'
          first_name: 'givenName'
          last_name:  'sn'

      # GitLab EE only: add more LDAP servers
      # Choose an ID made of a-z and 0-9 . This ID will be stored in the database
      # so that GitLab can remember which LDAP server a user belongs to.
      # uswest2:
      #   label:
      #   host:
      #   ....


  ## OmniAuth settings
  omniauth:
    # Allow login via Twitter, Google, etc. using OmniAuth providers
    enabled: {{OAUTH_ENABLED}}

    # Uncomment this to automatically sign in with a specific omniauth provider's without
    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
    auto_sign_in_with_provider: {{OAUTH_AUTO_SIGN_IN_WITH_PROVIDER}}

    # CAUTION!
    # This allows users to login without having a user account first (default: false).
    # User accounts will be created automatically when authentication was successful.
    allow_single_sign_on: {{OAUTH_ALLOW_SSO}}
    # Locks down those users until they have been cleared by the admin (default: true).
    block_auto_created_users: {{OAUTH_BLOCK_AUTO_CREATED_USERS}}
    # Look up new users in LDAP servers. If a match is found (same uid), automatically
    # link the omniauth identity with the LDAP account. (default: false)
    auto_link_ldap_user: {{OAUTH_AUTO_LINK_LDAP_USER}}

    ## Auth providers
    # Uncomment the following lines and fill in the data of the auth provider you want to use
    # If your favorite auth provider is not listed you can use others:
    # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
    # The 'app_id' and 'app_secret' parameters are always passed as the first two
    # arguments, followed by optional 'args' which can be either a hash or an array.
    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
    providers:
      - { name: 'google_oauth2', label: 'Google', app_id: '{{OAUTH_GOOGLE_API_KEY}}',
          app_secret: '{{OAUTH_GOOGLE_APP_SECRET}}',
          args: { access_type: 'offline', approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}', hd: '{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}' } }
      - { name: 'twitter', app_id: '{{OAUTH_TWITTER_API_KEY}}',
          app_secret: '{{OAUTH_TWITTER_APP_SECRET}}'}
      - { name: 'github', label: 'GitHub', app_id: '{{OAUTH_GITHUB_API_KEY}}',
          app_secret: '{{OAUTH_GITHUB_APP_SECRET}}',
          args: { scope: '{{OAUTH_GITHUB_SCOPE}}' } }
      - { name: 'gitlab', label: 'GitLab.com', app_id: '{{OAUTH_GITLAB_API_KEY}}',
          app_secret: '{{OAUTH_GITLAB_APP_SECRET}}',
          args: { scope: '{{OAUTH_GITLAB_SCOPE}}' } }
      - { name: 'bitbucket', app_id: '{{OAUTH_BITBUCKET_API_KEY}}',
          app_secret: '{{OAUTH_BITBUCKET_APP_SECRET}}'}
      - { name: 'saml',
          label: 'Our SAML Provider',
          args: {
                  assertion_consumer_service_url: '{{OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL}}',
                  idp_cert_fingerprint: '{{OAUTH_SAML_IDP_CERT_FINGERPRINT}}',
                  idp_sso_target_url: '{{OAUTH_SAML_IDP_SSO_TARGET_URL}}',
                  issuer: '{{OAUTH_SAML_ISSUER}}',
                  name_identifier_format: '{{OAUTH_SAML_NAME_IDENTIFIER_FORMAT}}' } }
      # - { name: 'crowd',
      #     args: {
      #       crowd_server_url: 'CROWD SERVER URL',
      #       application_name: 'YOUR_APP_NAME',
      #       application_password: 'YOUR_APP_PASSWORD' } }




  #
  # 4. Advanced settings
  # ==========================

  # GitLab Satellites
  satellites:
    # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
    path: "{{GITLAB_DATA_DIR}}/gitlab-satellites/"
    timeout: {{GITLAB_SATELLITES_TIMEOUT}}

  ## Backup settings
  backup:
    path: "{{GITLAB_BACKUP_DIR}}"   # Relative paths are relative to Rails.root (default: tmp/backups/)
    archive_permissions: {{GITLAB_BACKUP_ARCHIVE_PERMISSIONS}} # Permissions for the resulting backup.tar file (default: 0600)
    keep_time: {{GITLAB_BACKUP_EXPIRY}}   # default: 0 (forever) (in seconds)
    # pg_schema: public     # default: nil, it means that all schemas will be backed up
    upload:
      # Fog storage connection settings, see http://fog.io/storage/ .
      connection:
        provider: AWS
        region: {{AWS_BACKUP_REGION}}
        aws_access_key_id: {{AWS_BACKUP_ACCESS_KEY_ID}}
        aws_secret_access_key: '{{AWS_BACKUP_SECRET_ACCESS_KEY}}'
      # The remote 'directory' to store your backups. For S3, this would be the bucket name.
      remote_directory: '{{AWS_BACKUP_BUCKET}}'
    #   # Use multipart uploads when file size reaches 100MB, see
    #   #  http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
    #   multipart_chunk_size: 104857600

  ## GitLab Shell settings
  gitlab_shell:
    path: "{{GITLAB_SHELL_INSTALL_DIR}}/"

    # REPOS_PATH MUST NOT BE A SYMLINK!!!
    repos_path: "{{GITLAB_REPOS_DIR}}/"
    hooks_path: "{{GITLAB_SHELL_INSTALL_DIR}}/hooks/"

    # File that contains the secret key for verifying access for gitlab-shell.
    # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
    secret_file: "{{GITLAB_INSTALL_DIR}}/.gitlab_shell_secret"

    # Git over HTTP
    upload_pack: true
    receive_pack: true

    # If you use non-standard ssh port you need to specify it
    ssh_port: {{GITLAB_SSH_PORT}}

  ## Git settings
  # CAUTION!
  # Use the default values unless you really know what you are doing
  git:
    bin_path: /usr/bin/git
    # The next value is the maximum memory size grit can use
    # Given in number of bytes per git object (e.g. a commit)
    # This value can be increased if you have very large commits
    max_size: {{GITLAB_MAX_SIZE}} # 20.megabytes
    # Git timeout to read a commit, in seconds
    timeout: {{GITLAB_TIMEOUT}}

  #
  # 5. Extra customization
  # ==========================

  extra:
    ## Google analytics. Uncomment if you want it
    google_analytics_id: '{{GOOGLE_ANALYTICS_ID}}'

    ## Piwik analytics.
    piwik_url: '{{PIWIK_URL}}'
    piwik_site_id: '{{PIWIK_SITE_ID}}'

  rack_attack:
    git_basic_auth:
      # Rack Attack IP banning enabled
      # enabled: true
      #
      # Whitelist requests from 127.0.0.1 for web proxies (NGINX/Apache) with incorrect headers
      # ip_whitelist: ["127.0.0.1"]
      #
      # Limit the number of Git HTTP authentication attempts per IP
      # maxretry: 10
      #
      # Reset the auth attempt counter per IP after 60 seconds
      # findtime: 60
      #
      # Ban an IP for one hour (3600s) after too many auth attempts
      # bantime: 3600

development:
  <<: *base

test:
  <<: *base
  gravatar:
    enabled: true
  gitlab:
    host: localhost
    port: 80

    # When you run tests we clone and setup gitlab-shell
    # In order to setup it correctly you need to specify
    # your system username you use to run GitLab
    # user: YOUR_USERNAME
  satellites:
    path: tmp/tests/gitlab-satellites/
  backup:
    path: tmp/tests/backups
  gitlab_shell:
    path: tmp/tests/gitlab-shell/
    repos_path: tmp/tests/repositories/
    hooks_path: tmp/tests/gitlab-shell/hooks/
  issues_tracker:
    redmine:
      title: "Redmine"
      project_url: "http://redmine/projects/:issues_tracker_id"
      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
  ldap:
    enabled: false
    servers:
      main:
        label: ldap
        host: 127.0.0.1
        port: 3890
        uid: 'uid'
        method: 'plain' # "tls" or "ssl" or "plain"
        base: 'dc=example,dc=com'
        user_filter: ''
        group_base: 'ou=groups,dc=example,dc=com'
        admin_group: ''
        sync_ssh_keys: false

staging:
  <<: *base