update gitlab.yml.example
This commit is contained in:
parent
369acfbadf
commit
efab522bee
1 changed files with 376 additions and 71 deletions
447
debian/conf/gitlab.yml.example
vendored
447
debian/conf/gitlab.yml.example
vendored
|
@ -4,8 +4,8 @@
|
||||||
#
|
#
|
||||||
########################### NOTE #####################################
|
########################### NOTE #####################################
|
||||||
# This file should not receive new settings. All configuration options #
|
# This file should not receive new settings. All configuration options #
|
||||||
# that do not require an application restart are being moved to #
|
# * are being moved to ApplicationSetting model! #
|
||||||
# ApplicationSetting model! #
|
# If a setting requires an application restart say so in that screen. #
|
||||||
# If you change this file in a Merge Request, please also create #
|
# If you change this file in a Merge Request, please also create #
|
||||||
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests #
|
# a MR on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests #
|
||||||
########################################################################
|
########################################################################
|
||||||
|
@ -31,7 +31,6 @@ production: &base
|
||||||
## GitLab settings
|
## GitLab settings
|
||||||
gitlab:
|
gitlab:
|
||||||
## Web server settings (note: host is the FQDN, do not include http://)
|
## Web server settings (note: host is the FQDN, do not include http://)
|
||||||
# Using environmental variables from /etc/gitlab/gitlab-debian.conf
|
|
||||||
#host: localhost
|
#host: localhost
|
||||||
#port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
|
#port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
|
||||||
https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
|
https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
|
||||||
|
@ -41,12 +40,25 @@ production: &base
|
||||||
# Otherwise, ssh host will be set to the `host:` value above
|
# Otherwise, ssh host will be set to the `host:` value above
|
||||||
# ssh_host: ssh.host_example.com
|
# ssh_host: ssh.host_example.com
|
||||||
|
|
||||||
# WARNING: See config/application.rb under "Relative url support" for the list of
|
# Relative URL support
|
||||||
# other files that need to be changed for relative url support
|
# WARNING: We recommend using an FQDN to host GitLab in a root path instead
|
||||||
|
# of using a relative URL.
|
||||||
|
# Documentation: http://doc.gitlab.com/ce/install/relative_url.html
|
||||||
|
# Uncomment and customize the following line to run in a non-root path
|
||||||
|
#
|
||||||
# relative_url_root: /gitlab
|
# relative_url_root: /gitlab
|
||||||
|
|
||||||
|
# Trusted Proxies
|
||||||
|
# Customize if you have GitLab behind a reverse proxy which is running on a different machine.
|
||||||
|
# Add the IP address for your reverse proxy to the list, otherwise users will appear signed in from that address.
|
||||||
|
trusted_proxies:
|
||||||
|
# Examples:
|
||||||
|
#- 192.168.1.0/24
|
||||||
|
#- 192.168.2.1
|
||||||
|
#- 2001:0db8::/32
|
||||||
|
|
||||||
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
|
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
|
||||||
user: GITLAB_USER #gitlab_user (DON'T REMOVE THIS COMMENT)
|
user: git #gitlab_user (DON'T REMOVE THIS COMMENT)
|
||||||
user_home: /var/lib/gitlab
|
user_home: /var/lib/gitlab
|
||||||
|
|
||||||
## Date & Time settings
|
## Date & Time settings
|
||||||
|
@ -62,33 +74,28 @@ production: &base
|
||||||
# email_from: example@example.com
|
# email_from: example@example.com
|
||||||
# email_display_name: GitLab
|
# email_display_name: GitLab
|
||||||
# email_reply_to: noreply@example.com
|
# email_reply_to: noreply@example.com
|
||||||
|
# email_subject_suffix: ''
|
||||||
|
|
||||||
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample
|
# Email server smtp settings are in config/initializers/smtp_settings.rb.sample
|
||||||
|
|
||||||
# default_can_create_group: false # default: true
|
# default_can_create_group: false # default: true
|
||||||
# username_changing_enabled: false # default: true - User can change her username/namespace
|
# username_changing_enabled: false # default: true - User can change her username/namespace
|
||||||
## Default theme ID
|
|
||||||
## 1 - Graphite
|
|
||||||
## 2 - Charcoal
|
|
||||||
## 3 - Green
|
|
||||||
## 4 - Gray
|
|
||||||
## 5 - Violet
|
|
||||||
## 6 - Blue
|
|
||||||
# default_theme: 2 # default: 2
|
|
||||||
|
|
||||||
## Automatic issue closing
|
## Automatic issue closing
|
||||||
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
|
# If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
|
||||||
# This happens when the commit is pushed or merged into the default branch of a project.
|
# This happens when the commit is pushed or merged into the default branch of a project.
|
||||||
# When not specified the default issue_closing_pattern as specified below will be used.
|
# When not specified the default issue_closing_pattern as specified below will be used.
|
||||||
# Tip: you can test your closing pattern at http://rubular.com.
|
# Tip: you can test your closing pattern at http://rubular.com.
|
||||||
# issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?) +(?:(?:issues? +)?#\d+(?:(?:, *| +and +)?))+)'
|
# issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
|
||||||
|
|
||||||
## Default project features settings
|
## Default project features settings
|
||||||
default_projects_features:
|
default_projects_features:
|
||||||
issues: true
|
issues: true
|
||||||
merge_requests: true
|
merge_requests: true
|
||||||
wiki: true
|
wiki: true
|
||||||
snippets: false
|
snippets: true
|
||||||
|
builds: true
|
||||||
|
container_registry: true
|
||||||
|
|
||||||
## Webhook settings
|
## Webhook settings
|
||||||
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
|
# Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
|
||||||
|
@ -96,24 +103,114 @@ production: &base
|
||||||
|
|
||||||
## Repository downloads directory
|
## Repository downloads directory
|
||||||
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
|
# When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
|
||||||
# The default is 'tmp/repositories' relative to the root of the Rails app.
|
# The default is 'shared/cache/archive/' relative to the root of the Rails app.
|
||||||
# repository_downloads_path: tmp/repositories
|
# repository_downloads_path: shared/cache/archive/
|
||||||
|
|
||||||
## Reply by email
|
## Reply by email
|
||||||
# Allow users to comment on issues and merge requests by replying to notification emails.
|
# Allow users to comment on issues and merge requests by replying to notification emails.
|
||||||
# For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html
|
# For documentation on how to set this up, see http://doc.gitlab.com/ce/administration/reply_by_email.html
|
||||||
incoming_email:
|
incoming_email:
|
||||||
enabled: false
|
enabled: false
|
||||||
address: "incoming+%{key}@gitlab.example.com"
|
|
||||||
|
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
|
||||||
|
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
|
||||||
|
address: "gitlab-incoming+%{key}@gmail.com"
|
||||||
|
|
||||||
|
# Email account username
|
||||||
|
# With third party providers, this is usually the full email address.
|
||||||
|
# With self-hosted email servers, this is usually the user part of the email address.
|
||||||
|
user: "gitlab-incoming@gmail.com"
|
||||||
|
# Email account password
|
||||||
|
password: "[REDACTED]"
|
||||||
|
|
||||||
|
# IMAP server host
|
||||||
|
host: "imap.gmail.com"
|
||||||
|
# IMAP server port
|
||||||
|
port: 993
|
||||||
|
# Whether the IMAP server uses SSL
|
||||||
|
ssl: true
|
||||||
|
# Whether the IMAP server uses StartTLS
|
||||||
|
start_tls: false
|
||||||
|
|
||||||
|
# The mailbox where incoming mail will end up. Usually "inbox".
|
||||||
|
mailbox: "inbox"
|
||||||
|
# The IDLE command timeout.
|
||||||
|
idle_timeout: 60
|
||||||
|
|
||||||
|
## Build Artifacts
|
||||||
|
artifacts:
|
||||||
|
enabled: true
|
||||||
|
# The location where build artifacts are stored (default: shared/artifacts).
|
||||||
|
# path: shared/artifacts
|
||||||
|
|
||||||
|
## Git LFS
|
||||||
|
lfs:
|
||||||
|
enabled: true
|
||||||
|
# The location where LFS objects are stored (default: shared/lfs-objects).
|
||||||
|
# storage_path: shared/lfs-objects
|
||||||
|
|
||||||
|
## GitLab Pages
|
||||||
|
pages:
|
||||||
|
enabled: false
|
||||||
|
# The location where pages are stored (default: shared/pages).
|
||||||
|
# path: shared/pages
|
||||||
|
|
||||||
|
# The domain under which the pages are served:
|
||||||
|
# http://group.example.com/project
|
||||||
|
# or project path can be a group page: group.example.com
|
||||||
|
host: example.com
|
||||||
|
port: 80 # Set to 443 if you serve the pages with HTTPS
|
||||||
|
https: false # Set to true if you serve the pages with HTTPS
|
||||||
|
# external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
|
||||||
|
# external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
|
||||||
|
|
||||||
|
## Mattermost
|
||||||
|
## For enabling Add to Mattermost button
|
||||||
|
mattermost:
|
||||||
|
enabled: false
|
||||||
|
host: 'https://mattermost.example.com'
|
||||||
|
|
||||||
## Gravatar
|
## Gravatar
|
||||||
## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
|
## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
|
||||||
gravatar:
|
gravatar:
|
||||||
enabled: true # Use user avatar image from Gravatar.com (default: true)
|
# gravatar urls: possible placeholders: %{hash} %{size} %{email} %{username}
|
||||||
# gravatar urls: possible placeholders: %{hash} %{size} %{email}
|
|
||||||
# plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
|
# plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
|
||||||
# ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
|
# ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
|
||||||
|
|
||||||
|
## Auxiliary jobs
|
||||||
|
# Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
|
||||||
|
# Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
|
||||||
|
cron_jobs:
|
||||||
|
# Flag stuck CI jobs as failed
|
||||||
|
stuck_ci_jobs_worker:
|
||||||
|
cron: "0 * * * *"
|
||||||
|
# Execute scheduled triggers
|
||||||
|
pipeline_schedule_worker:
|
||||||
|
cron: "19 * * * *"
|
||||||
|
# Remove expired build artifacts
|
||||||
|
expire_build_artifacts_worker:
|
||||||
|
cron: "50 * * * *"
|
||||||
|
# Periodically run 'git fsck' on all repositories. If started more than
|
||||||
|
# once per hour you will have concurrent 'git fsck' jobs.
|
||||||
|
repository_check_worker:
|
||||||
|
cron: "20 * * * *"
|
||||||
|
# Send admin emails once a week
|
||||||
|
admin_email_worker:
|
||||||
|
cron: "0 0 * * 0"
|
||||||
|
|
||||||
|
# Remove outdated repository archives
|
||||||
|
repository_archive_cache_worker:
|
||||||
|
cron: "0 * * * *"
|
||||||
|
|
||||||
|
registry:
|
||||||
|
# enabled: true
|
||||||
|
# host: registry.example.com
|
||||||
|
# port: 5005
|
||||||
|
# api_url: http://localhost:5000/ # internal address to the registry, will be used by GitLab to directly communicate with API
|
||||||
|
# key: config/registry.key
|
||||||
|
# path: shared/registry
|
||||||
|
# issuer: gitlab-issuer
|
||||||
|
|
||||||
#
|
#
|
||||||
# 2. GitLab CI settings
|
# 2. GitLab CI settings
|
||||||
# ==========================
|
# ==========================
|
||||||
|
@ -135,7 +232,8 @@ production: &base
|
||||||
# ==========================
|
# ==========================
|
||||||
|
|
||||||
## LDAP settings
|
## LDAP settings
|
||||||
# You can inspect a sample of the LDAP users with login access by running:
|
# You can test connections and inspect a sample of the LDAP users with login
|
||||||
|
# access by running:
|
||||||
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
|
# bundle exec rake gitlab:ldap:check RAILS_ENV=production
|
||||||
ldap:
|
ldap:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -158,13 +256,50 @@ production: &base
|
||||||
# Example: 'Paris' or 'Acme, Ltd.'
|
# Example: 'Paris' or 'Acme, Ltd.'
|
||||||
label: 'LDAP'
|
label: 'LDAP'
|
||||||
|
|
||||||
|
# Example: 'ldap.mydomain.com'
|
||||||
host: '_your_ldap_server'
|
host: '_your_ldap_server'
|
||||||
port: 389
|
# This port is an example, it is sometimes different but it is always an integer and not a string
|
||||||
uid: 'sAMAccountName'
|
port: 389 # usually 636 for SSL
|
||||||
method: 'plain' # "tls" or "ssl" or "plain"
|
uid: 'sAMAccountName' # This should be the attribute, not the value that maps to uid.
|
||||||
|
|
||||||
|
# Examples: 'america\\momo' or 'CN=Gitlab Git,CN=Users,DC=mydomain,DC=com'
|
||||||
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
|
||||||
password: '_the_password_of_the_bind_user'
|
password: '_the_password_of_the_bind_user'
|
||||||
|
|
||||||
|
# Encryption method. The "method" key is deprecated in favor of
|
||||||
|
# "encryption".
|
||||||
|
#
|
||||||
|
# Examples: "start_tls" or "simple_tls" or "plain"
|
||||||
|
#
|
||||||
|
# Deprecated values: "tls" was replaced with "start_tls" and "ssl" was
|
||||||
|
# replaced with "simple_tls".
|
||||||
|
#
|
||||||
|
encryption: 'plain'
|
||||||
|
|
||||||
|
# Enables SSL certificate verification if encryption method is
|
||||||
|
# "start_tls" or "simple_tls". (Defaults to false for backward-
|
||||||
|
# compatibility)
|
||||||
|
verify_certificates: false
|
||||||
|
|
||||||
|
# Specifies the path to a file containing a PEM-format CA certificate,
|
||||||
|
# e.g. if you need to use an internal CA.
|
||||||
|
#
|
||||||
|
# Example: '/etc/ca.pem'
|
||||||
|
#
|
||||||
|
ca_file: ''
|
||||||
|
|
||||||
|
# Specifies the SSL version for OpenSSL to use, if the OpenSSL default
|
||||||
|
# is not appropriate.
|
||||||
|
#
|
||||||
|
# Example: 'TLSv1_1'
|
||||||
|
#
|
||||||
|
ssl_version: ''
|
||||||
|
|
||||||
|
# Set a timeout, in seconds, for LDAP queries. This helps avoid blocking
|
||||||
|
# a request if the LDAP server becomes unresponsive.
|
||||||
|
# A value of 0 means there is no timeout.
|
||||||
|
timeout: 10
|
||||||
|
|
||||||
# This setting specifies if LDAP server is Active Directory LDAP server.
|
# This setting specifies if LDAP server is Active Directory LDAP server.
|
||||||
# For non AD servers it skips the AD specific queries.
|
# For non AD servers it skips the AD specific queries.
|
||||||
# If your LDAP server is not AD, set this to false.
|
# If your LDAP server is not AD, set this to false.
|
||||||
|
@ -188,17 +323,20 @@ production: &base
|
||||||
|
|
||||||
# Base where we can search for users
|
# Base where we can search for users
|
||||||
#
|
#
|
||||||
# Ex. ou=People,dc=gitlab,dc=example
|
# Ex. 'ou=People,dc=gitlab,dc=example' or 'DC=mydomain,DC=com'
|
||||||
#
|
#
|
||||||
base: ''
|
base: ''
|
||||||
|
|
||||||
# Filter LDAP users
|
# Filter LDAP users
|
||||||
#
|
#
|
||||||
# Format: RFC 4515 http://tools.ietf.org/search/rfc4515
|
# Format: RFC 4515 https://tools.ietf.org/search/rfc4515
|
||||||
# Ex. (employeeType=developer)
|
# Ex. (employeeType=developer)
|
||||||
#
|
#
|
||||||
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
|
# Note: GitLab does not support omniauth-ldap's custom filter syntax.
|
||||||
#
|
#
|
||||||
|
# Example for getting only specific users:
|
||||||
|
# '(&(objectclass=user)(|(samaccountname=momo)(samaccountname=toto)))'
|
||||||
|
#
|
||||||
user_filter: ''
|
user_filter: ''
|
||||||
|
|
||||||
# LDAP attributes that GitLab will use to create an account for the LDAP user.
|
# LDAP attributes that GitLab will use to create an account for the LDAP user.
|
||||||
|
@ -209,13 +347,13 @@ production: &base
|
||||||
# The username will be used in paths for the user's own projects
|
# The username will be used in paths for the user's own projects
|
||||||
# (like `gitlab.example.com/username/project`) and when mentioning
|
# (like `gitlab.example.com/username/project`) and when mentioning
|
||||||
# them in issues, merge request and comments (like `@username`).
|
# them in issues, merge request and comments (like `@username`).
|
||||||
# If the attribute specified for `username` contains an email address,
|
# If the attribute specified for `username` contains an email address,
|
||||||
# the GitLab username will be the part of the email address before the '@'.
|
# the GitLab username will be the part of the email address before the '@'.
|
||||||
username: ['uid', 'userid', 'sAMAccountName']
|
username: ['uid', 'userid', 'sAMAccountName']
|
||||||
email: ['mail', 'email', 'userPrincipalName']
|
email: ['mail', 'email', 'userPrincipalName']
|
||||||
|
|
||||||
# If no full name could be found at the attribute specified for `name`,
|
# If no full name could be found at the attribute specified for `name`,
|
||||||
# the full name is determined using the attributes specified for
|
# the full name is determined using the attributes specified for
|
||||||
# `first_name` and `last_name`.
|
# `first_name` and `last_name`.
|
||||||
name: 'cn'
|
name: 'cn'
|
||||||
first_name: 'givenName'
|
first_name: 'givenName'
|
||||||
|
@ -239,16 +377,34 @@ production: &base
|
||||||
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
|
# showing GitLab's sign-in page (default: show the GitLab sign-in page)
|
||||||
# auto_sign_in_with_provider: saml
|
# auto_sign_in_with_provider: saml
|
||||||
|
|
||||||
|
# Sync user's email address from the specified Omniauth provider every time the user logs
|
||||||
|
# in (default: nil). And consequently make this field read-only.
|
||||||
|
# sync_email_from_provider: cas3
|
||||||
|
|
||||||
# CAUTION!
|
# CAUTION!
|
||||||
# This allows users to login without having a user account first (default: false).
|
# This allows users to login without having a user account first. Define the allowed providers
|
||||||
|
# using an array, e.g. ["saml", "twitter"], or as true/false to allow all providers or none.
|
||||||
# User accounts will be created automatically when authentication was successful.
|
# User accounts will be created automatically when authentication was successful.
|
||||||
allow_single_sign_on: false
|
allow_single_sign_on: ["saml"]
|
||||||
|
|
||||||
# Locks down those users until they have been cleared by the admin (default: true).
|
# Locks down those users until they have been cleared by the admin (default: true).
|
||||||
block_auto_created_users: true
|
block_auto_created_users: true
|
||||||
# Look up new users in LDAP servers. If a match is found (same uid), automatically
|
# Look up new users in LDAP servers. If a match is found (same uid), automatically
|
||||||
# link the omniauth identity with the LDAP account. (default: false)
|
# link the omniauth identity with the LDAP account. (default: false)
|
||||||
auto_link_ldap_user: false
|
auto_link_ldap_user: false
|
||||||
|
|
||||||
|
# Allow users with existing accounts to login and auto link their account via SAML
|
||||||
|
# login, without having to do a manual login first and manually add SAML
|
||||||
|
# (default: false)
|
||||||
|
auto_link_saml_user: false
|
||||||
|
|
||||||
|
# Set different Omniauth providers as external so that all users creating accounts
|
||||||
|
# via these providers will not be able to have access to internal projects. You
|
||||||
|
# will need to use the full name of the provider, like `google_oauth2` for Google.
|
||||||
|
# Refer to the examples below for the full names of the supported providers.
|
||||||
|
# (default: [])
|
||||||
|
external_providers: []
|
||||||
|
|
||||||
## Auth providers
|
## Auth providers
|
||||||
# Uncomment the following lines and fill in the data of the auth provider you want to use
|
# Uncomment the following lines and fill in the data of the auth provider you want to use
|
||||||
# If your favorite auth provider is not listed you can use others:
|
# If your favorite auth provider is not listed you can use others:
|
||||||
|
@ -257,29 +413,53 @@ production: &base
|
||||||
# arguments, followed by optional 'args' which can be either a hash or an array.
|
# arguments, followed by optional 'args' which can be either a hash or an array.
|
||||||
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
|
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
|
||||||
providers:
|
providers:
|
||||||
# - { name: 'google_oauth2',
|
# See omniauth-cas3 for more configuration details
|
||||||
# label: 'Google',
|
# - { name: 'cas3',
|
||||||
# app_id: 'YOUR_APP_ID',
|
# label: 'cas3',
|
||||||
# app_secret: 'YOUR_APP_SECRET',
|
# args: {
|
||||||
# args: { access_type: 'offline', approval_prompt: '' } }
|
# url: 'https://sso.example.com',
|
||||||
# - { name: 'twitter',
|
# disable_ssl_verification: false,
|
||||||
# app_id: 'YOUR_APP_ID',
|
# login_url: '/cas/login',
|
||||||
# app_secret: 'YOUR_APP_SECRET' }
|
# service_validate_url: '/cas/p3/serviceValidate',
|
||||||
# - { name: 'github',
|
# logout_url: '/cas/logout'} }
|
||||||
# label: 'GitHub',
|
# - { name: 'authentiq',
|
||||||
# app_id: 'YOUR_APP_ID',
|
# # for client credentials (client ID and secret), go to https://www.authentiq.com/developers
|
||||||
|
# app_id: 'YOUR_CLIENT_ID',
|
||||||
|
# app_secret: 'YOUR_CLIENT_SECRET',
|
||||||
|
# args: {
|
||||||
|
# scope: 'aq:name email~rs address aq:push'
|
||||||
|
# # callback_url parameter is optional except when 'gitlab.host' in this file is set to 'localhost'
|
||||||
|
# # callback_url: 'YOUR_CALLBACK_URL'
|
||||||
|
# }
|
||||||
|
# }
|
||||||
|
# - { name: 'github',
|
||||||
|
# app_id: 'YOUR_APP_ID',
|
||||||
# app_secret: 'YOUR_APP_SECRET',
|
# app_secret: 'YOUR_APP_SECRET',
|
||||||
|
# url: "https://github.com/",
|
||||||
|
# verify_ssl: true,
|
||||||
# args: { scope: 'user:email' } }
|
# args: { scope: 'user:email' } }
|
||||||
# - { name: 'gitlab',
|
# - { name: 'bitbucket',
|
||||||
# label: 'GitLab.com',
|
# app_id: 'YOUR_APP_ID',
|
||||||
# app_id: 'YOUR_APP_ID',
|
# app_secret: 'YOUR_APP_SECRET' }
|
||||||
|
# - { name: 'gitlab',
|
||||||
|
# app_id: 'YOUR_APP_ID',
|
||||||
# app_secret: 'YOUR_APP_SECRET',
|
# app_secret: 'YOUR_APP_SECRET',
|
||||||
# args: { scope: 'api' } }
|
# args: { scope: 'api' } }
|
||||||
# - { name: 'bitbucket',
|
# - { name: 'google_oauth2',
|
||||||
# app_id: 'YOUR_APP_ID',
|
# app_id: 'YOUR_APP_ID',
|
||||||
|
# app_secret: 'YOUR_APP_SECRET',
|
||||||
|
# args: { access_type: 'offline', approval_prompt: '' } }
|
||||||
|
# - { name: 'facebook',
|
||||||
|
# app_id: 'YOUR_APP_ID',
|
||||||
# app_secret: 'YOUR_APP_SECRET' }
|
# app_secret: 'YOUR_APP_SECRET' }
|
||||||
# - { name: 'saml',
|
# - { name: 'twitter',
|
||||||
|
# app_id: 'YOUR_APP_ID',
|
||||||
|
# app_secret: 'YOUR_APP_SECRET' }
|
||||||
|
#
|
||||||
|
# - { name: 'saml',
|
||||||
# label: 'Our SAML Provider',
|
# label: 'Our SAML Provider',
|
||||||
|
# groups_attribute: 'Groups',
|
||||||
|
# external_groups: ['Contractors', 'Freelancers'],
|
||||||
# args: {
|
# args: {
|
||||||
# assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
|
# assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
|
||||||
# idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
|
# idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
|
||||||
|
@ -287,24 +467,54 @@ production: &base
|
||||||
# issuer: 'https://gitlab.example.com',
|
# issuer: 'https://gitlab.example.com',
|
||||||
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
|
||||||
# } }
|
# } }
|
||||||
|
#
|
||||||
# - { name: 'crowd',
|
# - { name: 'crowd',
|
||||||
# args: {
|
# args: {
|
||||||
# crowd_server_url: 'CROWD SERVER URL',
|
# crowd_server_url: 'CROWD SERVER URL',
|
||||||
# application_name: 'YOUR_APP_NAME',
|
# application_name: 'YOUR_APP_NAME',
|
||||||
# application_password: 'YOUR_APP_PASSWORD' } }
|
# application_password: 'YOUR_APP_PASSWORD' } }
|
||||||
|
#
|
||||||
|
# - { name: 'auth0',
|
||||||
|
# args: {
|
||||||
|
# client_id: 'YOUR_AUTH0_CLIENT_ID',
|
||||||
|
# client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
|
||||||
|
# namespace: 'YOUR_AUTH0_DOMAIN' } }
|
||||||
|
|
||||||
|
# SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
|
||||||
|
# cas3:
|
||||||
|
# session_duration: 28800
|
||||||
|
|
||||||
|
# Shared file storage settings
|
||||||
|
shared:
|
||||||
|
# path: /mnt/gitlab # Default: shared
|
||||||
|
|
||||||
|
# Gitaly settings
|
||||||
|
gitaly:
|
||||||
|
# Default Gitaly authentication token. Can be overriden per storage. Can
|
||||||
|
# be left blank when Gitaly is running locally on a Unix socket, which
|
||||||
|
# is the normal way to deploy Gitaly.
|
||||||
|
token:
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4. Advanced settings
|
# 4. Advanced settings
|
||||||
# ==========================
|
# ==========================
|
||||||
|
|
||||||
# GitLab Satellites
|
## Repositories settings
|
||||||
satellites:
|
repositories:
|
||||||
# Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
|
# Paths where repositories can be stored. Give the canonicalized absolute pathname.
|
||||||
path: /home/git/gitlab-satellites/
|
# IMPORTANT: None of the path components may be symlink, because
|
||||||
timeout: 30
|
# gitlab-shell invokes Dir.pwd inside the repository path and that results
|
||||||
|
# real path not the symlink.
|
||||||
|
storages: # You must have at least a `default` storage path.
|
||||||
|
default:
|
||||||
|
path: /var/lib/gitlab/repositories/
|
||||||
|
gitaly_address: unix:/var/lib/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port)
|
||||||
|
# gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.
|
||||||
|
failure_count_threshold: 10 # number of failures before stopping attempts
|
||||||
|
failure_wait_time: 30 # Seconds after an access failure before allowing access again
|
||||||
|
failure_reset_time: 1800 # Time in seconds to expire failures
|
||||||
|
storage_timeout: 5 # Time in seconds to wait before aborting a storage access attempt
|
||||||
|
|
||||||
|
|
||||||
## Backup settings
|
## Backup settings
|
||||||
backup:
|
backup:
|
||||||
|
@ -324,26 +534,35 @@ production: &base
|
||||||
# # Use multipart uploads when file size reaches 100MB, see
|
# # Use multipart uploads when file size reaches 100MB, see
|
||||||
# # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
|
# # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
|
||||||
# multipart_chunk_size: 104857600
|
# multipart_chunk_size: 104857600
|
||||||
|
# # Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
|
||||||
|
# # encryption: 'AES256'
|
||||||
|
# # Specifies Amazon S3 storage class to use for backups, this is optional
|
||||||
|
# # storage_class: 'STANDARD'
|
||||||
|
|
||||||
## GitLab Shell settings
|
## GitLab Shell settings
|
||||||
gitlab_shell:
|
gitlab_shell:
|
||||||
path: /usr/share/gitlab-shell/
|
path: /usr/share/gitlab-shell/
|
||||||
|
|
||||||
# REPOS_PATH MUST NOT BE A SYMLINK!!!
|
|
||||||
repos_path: /var/lib/gitlab/repositories/
|
|
||||||
hooks_path: /usr/share/gitlab-shell/hooks/
|
hooks_path: /usr/share/gitlab-shell/hooks/
|
||||||
|
|
||||||
# File that contains the secret key for verifying access for gitlab-shell.
|
# File that contains the secret key for verifying access for gitlab-shell.
|
||||||
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
|
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
|
||||||
secret_file: /var/lib/gitlab/.gitlab_shell_secret
|
# secret_file: /var/lib/gitlab/.gitlab_shell_secret
|
||||||
|
|
||||||
# Git over HTTP
|
# Git over HTTP
|
||||||
upload_pack: true
|
upload_pack: true
|
||||||
receive_pack: true
|
receive_pack: true
|
||||||
|
|
||||||
|
# Git import/fetch timeout
|
||||||
|
# git_timeout: 800
|
||||||
|
|
||||||
# If you use non-standard ssh port you need to specify it
|
# If you use non-standard ssh port you need to specify it
|
||||||
# ssh_port: 22
|
# ssh_port: 22
|
||||||
|
|
||||||
|
workhorse:
|
||||||
|
# File that contains the secret key for verifying access for gitlab-workhorse.
|
||||||
|
# Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
|
||||||
|
# secret_file: /var/lib/gitlab/.gitlab_workhorse_secret
|
||||||
|
|
||||||
## Git settings
|
## Git settings
|
||||||
# CAUTION!
|
# CAUTION!
|
||||||
# Use the default values unless you really know what you are doing
|
# Use the default values unless you really know what you are doing
|
||||||
|
@ -356,6 +575,31 @@ production: &base
|
||||||
# Git timeout to read a commit, in seconds
|
# Git timeout to read a commit, in seconds
|
||||||
timeout: 10
|
timeout: 10
|
||||||
|
|
||||||
|
## Webpack settings
|
||||||
|
# If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
|
||||||
|
# on a given port instead of serving directly from /assets/webpack. This is only indended for use
|
||||||
|
# in development.
|
||||||
|
webpack:
|
||||||
|
# dev_server:
|
||||||
|
# enabled: true
|
||||||
|
# host: localhost
|
||||||
|
# port: 3808
|
||||||
|
|
||||||
|
## Monitoring
|
||||||
|
# Built in monitoring settings
|
||||||
|
monitoring:
|
||||||
|
# Time between sampling of unicorn socket metrics, in seconds
|
||||||
|
# unicorn_sampler_interval: 10
|
||||||
|
# IP whitelist to access monitoring endpoints
|
||||||
|
ip_whitelist:
|
||||||
|
- 127.0.0.0/8
|
||||||
|
|
||||||
|
# Sidekiq exporter is webserver built in to Sidekiq to expose Prometheus metrics
|
||||||
|
sidekiq_exporter:
|
||||||
|
# enabled: true
|
||||||
|
# address: localhost
|
||||||
|
# port: 3807
|
||||||
|
|
||||||
#
|
#
|
||||||
# 5. Extra customization
|
# 5. Extra customization
|
||||||
# ==========================
|
# ==========================
|
||||||
|
@ -392,6 +636,8 @@ test:
|
||||||
<<: *base
|
<<: *base
|
||||||
gravatar:
|
gravatar:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
lfs:
|
||||||
|
enabled: false
|
||||||
gitlab:
|
gitlab:
|
||||||
host: localhost
|
host: localhost
|
||||||
port: 80
|
port: 80
|
||||||
|
@ -399,25 +645,85 @@ test:
|
||||||
# When you run tests we clone and setup gitlab-shell
|
# When you run tests we clone and setup gitlab-shell
|
||||||
# In order to setup it correctly you need to specify
|
# In order to setup it correctly you need to specify
|
||||||
# your system username you use to run GitLab
|
# your system username you use to run GitLab
|
||||||
user: gitlab
|
# user: YOUR_USERNAME
|
||||||
email_from: example@example.com
|
pages:
|
||||||
email_display_name: GitLab
|
path: tmp/tests/pages
|
||||||
email_reply_to: noreply@example.com
|
repositories:
|
||||||
satellites:
|
storages:
|
||||||
path: tmp/tests/gitlab-satellites/
|
default:
|
||||||
|
path: tmp/tests/repositories/
|
||||||
|
gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
|
||||||
|
failure_count_threshold: 999999
|
||||||
|
failure_wait_time: 0
|
||||||
|
storage_timeout: 30
|
||||||
|
broken:
|
||||||
|
path: tmp/tests/non-existent-repositories
|
||||||
|
gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
|
||||||
|
|
||||||
|
gitaly:
|
||||||
|
enabled: true
|
||||||
|
token: secret
|
||||||
backup:
|
backup:
|
||||||
path: tmp/tests/backups
|
path: tmp/tests/backups
|
||||||
gitlab_shell:
|
gitlab_shell:
|
||||||
path: /usr/share/gitlab-shell/
|
path: tmp/tests/gitlab-shell/
|
||||||
repos_path: tmp/tests/repositories/
|
hooks_path: tmp/tests/gitlab-shell/hooks/
|
||||||
hooks_path: /usr/share/gitlab-shell/hooks/
|
|
||||||
secret_file: tmp/tests/gitlab-shell/.gitlab_shell_secret
|
|
||||||
issues_tracker:
|
issues_tracker:
|
||||||
redmine:
|
redmine:
|
||||||
title: "Redmine"
|
title: "Redmine"
|
||||||
project_url: "http://redmine/projects/:issues_tracker_id"
|
project_url: "http://redmine/projects/:issues_tracker_id"
|
||||||
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
|
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
|
||||||
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
|
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
|
||||||
|
jira:
|
||||||
|
title: "JIRA"
|
||||||
|
url: https://sample_company.atlassian.net
|
||||||
|
project_key: PROJECT
|
||||||
|
|
||||||
|
omniauth:
|
||||||
|
enabled: true
|
||||||
|
allow_single_sign_on: true
|
||||||
|
external_providers: []
|
||||||
|
|
||||||
|
providers:
|
||||||
|
- { name: 'cas3',
|
||||||
|
label: 'cas3',
|
||||||
|
args: { url: 'https://sso.example.com',
|
||||||
|
disable_ssl_verification: false,
|
||||||
|
login_url: '/cas/login',
|
||||||
|
service_validate_url: '/cas/p3/serviceValidate',
|
||||||
|
logout_url: '/cas/logout'} }
|
||||||
|
- { name: 'github',
|
||||||
|
app_id: 'YOUR_APP_ID',
|
||||||
|
app_secret: 'YOUR_APP_SECRET',
|
||||||
|
url: "https://github.com/",
|
||||||
|
verify_ssl: false,
|
||||||
|
args: { scope: 'user:email' } }
|
||||||
|
- { name: 'bitbucket',
|
||||||
|
app_id: 'YOUR_APP_ID',
|
||||||
|
app_secret: 'YOUR_APP_SECRET' }
|
||||||
|
- { name: 'gitlab',
|
||||||
|
app_id: 'YOUR_APP_ID',
|
||||||
|
app_secret: 'YOUR_APP_SECRET',
|
||||||
|
args: { scope: 'api' } }
|
||||||
|
- { name: 'google_oauth2',
|
||||||
|
app_id: 'YOUR_APP_ID',
|
||||||
|
app_secret: 'YOUR_APP_SECRET',
|
||||||
|
args: { access_type: 'offline', approval_prompt: '' } }
|
||||||
|
- { name: 'facebook',
|
||||||
|
app_id: 'YOUR_APP_ID',
|
||||||
|
app_secret: 'YOUR_APP_SECRET' }
|
||||||
|
- { name: 'twitter',
|
||||||
|
app_id: 'YOUR_APP_ID',
|
||||||
|
app_secret: 'YOUR_APP_SECRET' }
|
||||||
|
- { name: 'auth0',
|
||||||
|
args: {
|
||||||
|
client_id: 'YOUR_AUTH0_CLIENT_ID',
|
||||||
|
client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
|
||||||
|
namespace: 'YOUR_AUTH0_DOMAIN' } }
|
||||||
|
- { name: 'authentiq',
|
||||||
|
app_id: 'YOUR_CLIENT_ID',
|
||||||
|
app_secret: 'YOUR_CLIENT_SECRET',
|
||||||
|
args: { scope: 'aq:name email~rs address aq:push' } }
|
||||||
ldap:
|
ldap:
|
||||||
enabled: false
|
enabled: false
|
||||||
servers:
|
servers:
|
||||||
|
@ -426,12 +732,11 @@ test:
|
||||||
host: 127.0.0.1
|
host: 127.0.0.1
|
||||||
port: 3890
|
port: 3890
|
||||||
uid: 'uid'
|
uid: 'uid'
|
||||||
method: 'plain' # "tls" or "ssl" or "plain"
|
encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
|
||||||
base: 'dc=example,dc=com'
|
base: 'dc=example,dc=com'
|
||||||
user_filter: ''
|
user_filter: ''
|
||||||
group_base: 'ou=groups,dc=example,dc=com'
|
group_base: 'ou=groups,dc=example,dc=com'
|
||||||
admin_group: ''
|
admin_group: ''
|
||||||
sync_ssh_keys: false
|
|
||||||
|
|
||||||
staging:
|
staging:
|
||||||
<<: *base
|
<<: *base
|
||||||
|
|
Loading…
Reference in a new issue