diff --git a/homelab/fighter/config/gitlab/.env b/homelab/fighter/config/gitlab/.env deleted file mode 100644 index 7792fb40..00000000 --- a/homelab/fighter/config/gitlab/.env +++ /dev/null @@ -1,2 +0,0 @@ -DOCKER_DATA=/home/admin/data/gitlab -DOCKER_CONFIG=/home/admin/docker_config/gitlab diff --git a/homelab/fighter/config/gitlab/README.md b/homelab/fighter/config/gitlab/README.md deleted file mode 100644 index 133a8824..00000000 --- a/homelab/fighter/config/gitlab/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Updating GitLab configuration -This gitlab instance is using the omnibus package. -See [GitLab Omnibus Reconfigure](https://docs.gitlab.com/ee/administration/restart_gitlab.html#omnibus-gitlab-reconfigure) for official docs on reconfiguration. -Here are the basic steps: -1. Update the `GITLAB_OMNIBUS_CONFIG` environment variable in `docker-compose.yml`. Add the desired omnibus configuration lines. -2. Run `docker exec -it gitlab_gitlab vi /etc/gitlab/gitlab.rb` to begin editing the omnibus config file. Make the necessary changes (`i` to enter insert mode), then save (`esc`, then `:wq`, enter). -3. Run `docker exec gitlab_gitlab gitlab-ctl diff-config` to compare the new config file with the *default* config file (not previous). The lines with `+` are from the default config, and the lines with `-` are the config to be applied. -4. Run `docker exec gitlab_gitlab gitlab-ctl reconfigure` to apply the changes. -5. Confirm the value set in step 1 is still correct. - -# View current GitLab configuration -To get the current Gitlab config, run `docker exec gitlab_gitlab cat /etc/gitlab/gitlab.rb`. -You can also pipe this into `grep` to find the lines referring to a particular topic. For example: `docker exec gitlab_gitlab cat /etc/gitlab/gitlab.rb | grep registry` \ No newline at end of file diff --git a/homelab/fighter/config/gitlab/docker-compose.yml b/homelab/fighter/config/gitlab/docker-compose.yml deleted file mode 100644 index 5d9692ac..00000000 --- a/homelab/fighter/config/gitlab/docker-compose.yml +++ /dev/null @@ -1,114 +0,0 @@ -version: '3.3' -services: - gitlab: - image: 'gitlab/gitlab-ee:16.6.0-ee.0' - container_name: gitlab_gitlab - deploy: - resources: - limits: - memory: 8G - restart: "no" - hostname: 'gitlab.jafner.net' - networks: - - web - - gitlab - environment: - GITLAB_SKIP_UNMIGRATED_DATA_CHECK: "false" - GITLAB_OMNIBUS_CONFIG: | - external_url 'https://gitlab.jafner.net' - gitlab_rails['gitlab_shell_ssh_port'] = 2229 - nginx['listen_https'] = false - nginx['listen_port'] = 80 - nginx['proxy_set_headers'] = { - "X-Forwarded-Proto" => "https", - "X-Forwarded-Ssl" => "on" - } - letsencrypt['enable'] = false - gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.1.0/24'] - registry_external_url 'https://registry.gitlab.jafner.net' - gitlab_rails['registry_enabled'] = true - gitlab_rails['registry_host'] = "registry.gitlab.jafner.net" - gitlab_rails['api_url'] = 'https://registry.gitlab.jafner.net' - registry_nginx['enable'] = false - registry['registry_http_addr'] = "0.0.0.0:5000" - gitlab_rails['omniauth_enabled'] = true - gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect'] - gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect' - gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect'] - gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] - gitlab_rails['omniauth_block_auto_created_users'] = false - gitlab_rails['omniauth_auto_link_saml_user'] = true - gitlab_rails['omniauth_providers'] = [ - { - name: "openid_connect", - label: "Keycloak", - icon: 'https://keycloak.jafner.net/resources/9tuqi/admin/keycloak.v2/favicon.svg', - args: { - name: "openid_connect", - scope: ["openid","profile","email"], - response_type: "code", - issuer: "https://keycloak.jafner.net/realms/Jafner.net", - discovery: true, - client_auth_method: "query", - uid_field: "email", - send_scope_to_token_endpoint: "false", - client_options: { - identifier: "gitlab.jafner.net", - secret: "***REMOVED***", - redirect_uri: "https://gitlab.jafner.net/users/auth/openid_connect/callback" - } - } - } - ] - - ports: - - '2229:22' - volumes: - - '${DOCKER_DATA}/config:/etc/gitlab' - - '${DOCKER_DATA}/logs:/var/log/gitlab' - - '${DOCKER_DATA}/data:/var/opt/gitlab' - shm_size: '256m' - labels: - - traefik.http.routers.gitlab.rule=Host(`gitlab.jafner.net`) - - traefik.http.routers.gitlab.tls.certresolver=lets-encrypt - - traefik.http.routers.gitlab.tls.options=tls12@file - - traefik.http.routers.gitlab.middlewares=securityheaders@file - - traefik.http.routers.gitlab.service=gitlab - - traefik.http.services.gitlab.loadbalancer.server.port=80 - - traefik.http.routers.gitlab-registry.rule=Host(`registry.gitlab.jafner.net`) - - traefik.http.routers.gitlab-registry.tls.certresolver=lets-encrypt - - traefik.http.routers.gitlab-registry.service=gitlab-registry - - traefik.http.services.gitlab-registry.loadbalancer.server.port=5000 - - gitlab-runner-0: - image: 'gitlab/gitlab-runner:latest' - container_name: gitlab_runner_0 - restart: "no" - networks: - - gitlab - env_file: - - runner.env - volumes: - - ${DOCKER_DATA}/runner-config:/etc/gitlab-runner - - /var/run/docker.sock:/var/run/docker.sock - labels: - - traefik.enable=false - - gitlab-runner-1: - image: 'gitlab/gitlab-runner:latest' - container_name: gitlab_runner_1 - restart: "no" - networks: - - gitlab - env_file: - - runner.env - volumes: - - ${DOCKER_DATA}/runner-config:/etc/gitlab-runner - - /var/run/docker.sock:/var/run/docker.sock - labels: - - traefik.enable=false - -networks: - web: - external: true - gitlab: diff --git a/homelab/fighter/config/gitlab/runner.env b/homelab/fighter/config/gitlab/runner.env deleted file mode 100644 index b3d0e431..00000000 --- a/homelab/fighter/config/gitlab/runner.env +++ /dev/null @@ -1 +0,0 @@ -GODEBUG="x509ignoreCN=0" \ No newline at end of file diff --git a/homelab/fighter/config/keycloak/README.md b/homelab/fighter/config/keycloak/README.md index 6a071219..1c48b71b 100644 --- a/homelab/fighter/config/keycloak/README.md +++ b/homelab/fighter/config/keycloak/README.md @@ -22,10 +22,14 @@ We'll assume the new service is hosted at `https://web.jafner.net`. [Docs on Keycloak.org](https://www.keycloak.org/server/importExport) ## Export Realms -With the docker container offline, run: `docker-compose run --entrypoint="/opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/export --users realm_file" keycloak` +With the docker container offline, run: `docker-compose run --rm --entrypoint="/opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/import --users realm_file" keycloak` -This will export the contents of each realm to a `json` file in the `export/` directory. `/opt/keycloak/data` should be the directory that is mounted to the host. +This will export the contents of each realm to a `json` file in the `import/` directory. `/opt/keycloak/data` should be the directory that is mounted to the host. ## Import Realms To import realms at startup, replace the startup command with `start --import-realm` -Additionally, you'll need to map the directory containing the files to import (e.g. `$KEYCLOAK_DATA/import`) to the `/opt/keycloak/data/import` inside the container. \ No newline at end of file +Additionally, you'll need to map the directory containing the files to import (e.g. `$KEYCLOAK_DATA/import`) to the `/opt/keycloak/data/import` inside the container. + +For each realm to import, run `docker-compose run --entrypoint="/opt/keycloak/bin/kc.sh import --file /opt/keycloak/data/import/{REALM_NAME}.json" keycloak` (replace `{REALM_NAME}` with the name of the realm.) + +https://howtodoinjava.com/devops/keycloak-script-upload-is-disabled/ \ No newline at end of file