ansible playbook and roles

ansible/roles/gitlab_server/defaults/main.yml

@@ -0,0 +1,16 @@
+---
+gitlab_image_tag: latest
+gitlab_server_name:
+gitlab_pages_server_name:
+gitlab_services: []
+gitlab_base_dir: /opt/gitlab
+gitlab_data_dir: '{{ gitlab_base_dir }}/data'
+gitlab_backup_dir: '{{ gitlab_data_dir }}/backups'
+gitlab_logs_dir: '{{ gitlab_base_dir }}/logs'
+gitlab_conf_dir: '{{ gitlab_base_dir }}/conf'
+gitlab_bin_dir: '{{ gitlab_base_dir }}/bin'
+traefik_network: docker.local.fr
+
+# --- puma dir ---
+puma_conf_dir: /opt/gitlab/var/puma
+puma_conf_pid: '{{ puma_conf_dir}}/puma.pid'

ansible/roles/gitlab_server/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart gitlab
+  command: docker exec gitlab gitlab-ctl restart
+
+- name: reconfigure gitlab
+  command: docker exec gitlab gitlab-ctl reconfigure

ansible/roles/gitlab_server/tasks/main.yml

@@ -0,0 +1,75 @@
+---
+- name: Install packages
+  ansible.builtin.apt:
+    name:
+      - jq
+    state: present
+
+- name: Create directories
+  ansible.builtin.file:
+    path: '{{ item.path }}'
+    owner: '{{ item.owner | default("root") }}'
+    group: '{{ item.group | default("root") }}'
+    mode: '{{ item.mode  | default("0755") }}'
+    state: directory
+  loop:
+    - path: '{{ gitlab_base_dir }}'
+      mode: '0700'
+    - path: '{{ gitlab_data_dir }}'
+    - path: '{{ gitlab_conf_dir }}'
+      mode: '0775'
+    - path: '{{ gitlab_logs_dir }}'
+    - path: '{{ gitlab_bin_dir }}'
+
+- name: Gitlab - Container up
+  community.docker.docker_container:
+    name: gitlab
+    image: 'gitlab/gitlab-ce:{{ gitlab_image_tag }}'
+    state: started
+    restart_policy: unless-stopped
+    volumes:
+      - '{{ gitlab_conf_dir }}:/etc/gitlab'
+      - '{{ gitlab_logs_dir }}:/var/log/gitlab'
+      - '{{ gitlab_data_dir }}:/var/opt/gitlab'
+    network_mode: '{{ traefik_network }}'
+    networks:
+      - name: '{{ traefik_network }}'
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.gitlab.rule: 'Host(`gitlab.local.fr`)'
+      traefik.http.routers.gitlab.entrypoints: 'websecure'
+      traefik.http.services.gitlab.loadbalancer.server.port: '80'
+      traefik.http.routers.gitlab.tls: 'true'
+
+- name: Deploy gitlab config file
+  ansible.builtin.template:
+    src: gitlab.rb.j2
+    dest: '{{ gitlab_conf_dir }}/gitlab.rb'
+    owner: root
+    group: root
+    mode: '0400'
+  notify: reconfigure gitlab
+
+- name: Modify sysctl values
+  ansible.builtin.sysctl:
+    name: '{{ item.name }}'
+    value: '{{ item.value }}'
+    state: present
+  loop:
+    - name: net.core.somaxconn
+      value: 1024
+    - name: net.ipv4.tcp_max_syn_backlog
+      value: 1024
+    - name: vm.overcommit_memory
+      value: 1
+
+- name: Get initial root password for gitlab authent
+  ansible.builtin.command: docker exec -it gitlab grep 'Password:' /etc/gitlab/initial_root_password
+  register: _password
+  until: "_password is not failed"
+  retries: 3
+  delay: 10
+
+- name: Print password
+  ansible.builtin.debug:
+    msg: "{{ _password.stdout }}"

ansible/roles/gitlab_server/templates/gitlab.rb.j2

@@ -0,0 +1,47 @@
+{{ ansible_managed | comment }}
+
+external_url 'https://gitlab.local.fr'
+nginx['listen_port'] = 80
+nginx['listen_https'] = false
+nginx['redirect_http_to_https'] = false
+nginx['http2_enabled'] = false
+nginx['proxy_set_headers'] = {
+  "Host" => "$http_host",
+  "X-Real-IP" => "$remote_addr",
+  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
+  "X-Forwarded-Proto" => "https",
+  "X-Forwarded-Ssl" => "on"
+}
+nginx['real_ip_trusted_addresses'] = ['172.18.0.0/16']
+nginx['real_ip_header'] = 'X-Real-IP'
+nginx['real_ip_recursive'] = 'on'
+nginx['custom_gitlab_server_config'] = "\nlocation =/robots.txt { alias /etc/gitlab/robots.txt; }\n"
+
+letsencrypt['enable'] = false
+prometheus_monitoring['enable'] = false
+
+gitlab_rails['smtp_enable'] = false
+
+# gitlab_rails['gitlab_shell_ssh_port'] = 22222
+
+
+
+# --- Misc ---
+grafana['enable'] = false
+
+# --- Puma ---
+puma['enable'] = true
+puma['worker_processes'] = 2 # Nb core-1
+puma['worker_timeout'] = 60
+
+# Valeur par défaut conseiller 4
+puma['min_threads'] = 4 
+puma['max_threads'] = 4
+
+puma['per_worker_max_memory_mb'] = 1024
+
+puma['pidfile'] = '{{ puma_conf_pid }}'
+gitlab_rails['env'] = {
+   'GITLAB_RAILS_RACK_TIMEOUT' => 600
+ }
+

ansible/roles/gitlab_server/templates/robots.txt.j2

@@ -0,0 +1,2 @@
+User-Agent: *
+Disallow: /