version: '3.3' services: gitlab: image: 'gitlab/gitlab-ee:latest' container_name: gitlab_gitlab logging: driver: loki options: loki-url: http://localhost:3100/loki/api/v1/push loki-batch-size: "50" loki-retries: "1" loki-timeout: "2s" keep-file: "true" restart: "no" hostname: 'gitlab.jafner.net' networks: - web environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.jafner.net' gitlab_rails['gitlab_shell_ssh_port'] = 2229 nginx['listen_https'] = false nginx['listen_port'] = 80 nginx['proxy_set_headers'] = { "X-Forwarded-Proto" => "https", "X-Forwarded-Ssl" => "on" } letsencrypt['enable'] = false gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.1.0/24'] gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "smtp.gmail.com" gitlab_rails['smtp_port'] = 465 gitlab_rails['smtp_user_name'] = "noreply@jafner.net" gitlab_rails['smtp_password'] = "kvdunrhjsqbslson" gitlab_rails['smtp_domain'] = "jafner.net" gitlab_rails['smtp_authentication'] = "login" gitlab_rails['smtp_enable_starttls_auto'] = true gitlab_rails['smtp_openssl_verify_mode'] = 'peer' gitlab_rails['gitlab_email_from'] = 'gitlab@jafner.net' gitlab_rails['gitlab_email_reply_to'] = 'noreply@jafner.net' registry_external_url 'https://registry.gitlab.jafner.net' gitlab_rails['registry_enabled'] = true gitlab_rails['registry_host'] = "registry.gitlab.jafner.net" gitlab_rails['api_url'] = 'https://registry.gitlab.jafner.net' registry_nginx['enable'] = false registry['registry_http_addr'] = "0.0.0.0:5000" gitlab_rails['omniauth_enabled'] = true gitlab_rails['omniauth_allow_single_sign_on'] = ['saml','openid_connect'] gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect' gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml','openid_connect'] gitlab_rails['omniauth_sync_profile_attributes'] = ['email'] gitlab_rails['omniauth_block_auto_created_users'] = false gitlab_rails['omniauth_auto_link_saml_user'] = true gitlab_rails['omniauth_providers'] = [ { name: 'saml', icon: 'https://authentik.jafner.net/static/dist/assets/icons/icon.png', args: { assertion_consumer_service_url: 'https://gitlab.jafner.net/users/auth/saml/callback', # Shown when navigating to certificates in authentik idp_cert_fingerprint: 'db:b6:b1:08:e7:de:ea:07:4d:39:a6:19:db:f3:51:e1:7e:8f:69:22', idp_sso_target_url: 'https://authentik.jafner.net/application/saml/gitlab/sso/binding/redirect/', issuer: 'https://gitlab.jafner.net', name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', attribute_statements: { email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'], first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'], nickname: ['http://schemas.goauthentik.io/2021/02/saml/username'] } }, label: 'Authentik' }, { name: "openid_connect", label: "Keycloak", icon: 'https://keycloak.jafner.net/resources/9tuqi/admin/keycloak.v2/favicon.svg', args: { name: "openid_connect", scope: ["openid","profile","email"], response_type: "code", issuer: "https://keycloak.jafner.net/realms/Jafner.net", discovery: true, client_auth_method: "query", uid_field: "email", send_scope_to_token_endpoint: "false", client_options: { identifier: "gitlab.jafner.net", secret: "zUgdh61hSJkhz9cNGtRHczlWL90BF7ZR", redirect_uri: "https://gitlab.jafner.net/users/auth/openid_connect/callback" } } } ] ports: - '2229:22' volumes: - '${DOCKER_DATA}/config:/etc/gitlab' - '${DOCKER_DATA}/logs:/var/log/gitlab' - '${DOCKER_DATA}/data:/var/opt/gitlab' shm_size: '256m' labels: - traefik.http.routers.gitlab.rule=Host(`gitlab.jafner.net`) - traefik.http.routers.gitlab.tls.certresolver=lets-encrypt - traefik.http.routers.gitlab.service=gitlab - traefik.http.services.gitlab.loadbalancer.server.port=80 - traefik.http.routers.gitlab-registry.rule=Host(`registry.gitlab.jafner.net`) - traefik.http.routers.gitlab-registry.tls.certresolver=lets-encrypt - traefik.http.routers.gitlab-registry.service=gitlab-registry - traefik.http.services.gitlab-registry.loadbalancer.server.port=5000 gitlab-runner-0: image: 'gitlab/gitlab-runner:latest' container_name: gitlab_runner_0 logging: driver: loki options: loki-url: http://localhost:3100/loki/api/v1/push loki-batch-size: "50" loki-retries: "1" loki-timeout: "2s" keep-file: "true" restart: "no" environment: - GODEBUG="x509ignoreCN=0" volumes: - ${DOCKER_DATA}/runner-config:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock labels: - traefik.enable=false gitlab-runner-1: image: 'gitlab/gitlab-runner:latest' container_name: gitlab_runner_1 logging: driver: loki options: loki-url: http://localhost:3100/loki/api/v1/push loki-batch-size: "50" loki-retries: "1" loki-timeout: "2s" keep-file: "true" restart: "no" environment: - GODEBUG="x509ignoreCN=0" volumes: - ${DOCKER_DATA}/runner-config:/etc/gitlab-runner - /var/run/docker.sock:/var/run/docker.sock labels: - traefik.enable=false networks: web: external: true