155 lines
5.9 KiB
YAML
155 lines
5.9 KiB
YAML
version: '3.3'
|
|
services:
|
|
gitlab:
|
|
image: 'gitlab/gitlab-ee:latest'
|
|
container_name: gitlab_gitlab
|
|
logging:
|
|
driver: loki
|
|
options:
|
|
loki-url: http://localhost:3100/loki/api/v1/push
|
|
loki-batch-size: "50"
|
|
loki-retries: "1"
|
|
loki-timeout: "2s"
|
|
keep-file: "true"
|
|
restart: "no"
|
|
hostname: 'gitlab.jafner.net'
|
|
networks:
|
|
- web
|
|
environment:
|
|
GITLAB_OMNIBUS_CONFIG: |
|
|
external_url 'https://gitlab.jafner.net'
|
|
gitlab_rails['gitlab_shell_ssh_port'] = 2229
|
|
nginx['listen_https'] = false
|
|
nginx['listen_port'] = 80
|
|
nginx['proxy_set_headers'] = {
|
|
"X-Forwarded-Proto" => "https",
|
|
"X-Forwarded-Ssl" => "on"
|
|
}
|
|
letsencrypt['enable'] = false
|
|
gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '192.168.1.0/24']
|
|
gitlab_rails['smtp_enable'] = true
|
|
gitlab_rails['smtp_address'] = "smtp.gmail.com"
|
|
gitlab_rails['smtp_port'] = 465
|
|
gitlab_rails['smtp_user_name'] = "noreply@jafner.net"
|
|
gitlab_rails['smtp_password'] = "kvdunrhjsqbslson"
|
|
gitlab_rails['smtp_domain'] = "jafner.net"
|
|
gitlab_rails['smtp_authentication'] = "login"
|
|
gitlab_rails['smtp_enable_starttls_auto'] = true
|
|
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
|
|
gitlab_rails['gitlab_email_from'] = 'gitlab@jafner.net'
|
|
gitlab_rails['gitlab_email_reply_to'] = 'noreply@jafner.net'
|
|
registry_external_url 'https://registry.gitlab.jafner.net'
|
|
gitlab_rails['registry_enabled'] = true
|
|
gitlab_rails['registry_host'] = "registry.gitlab.jafner.net"
|
|
gitlab_rails['api_url'] = 'https://registry.gitlab.jafner.net'
|
|
registry_nginx['enable'] = false
|
|
registry['registry_http_addr'] = "0.0.0.0:5000"
|
|
gitlab_rails['omniauth_enabled'] = true
|
|
gitlab_rails['omniauth_allow_single_sign_on'] = ['saml','openid_connect']
|
|
gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
|
|
gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml','openid_connect']
|
|
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
|
|
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
|
|
gitlab_rails['omniauth_block_auto_created_users'] = false
|
|
gitlab_rails['omniauth_auto_link_saml_user'] = true
|
|
gitlab_rails['omniauth_providers'] = [
|
|
{
|
|
name: 'saml',
|
|
args: {
|
|
assertion_consumer_service_url: 'https://gitlab.jafner.net/users/auth/saml/callback',
|
|
# Shown when navigating to certificates in authentik
|
|
idp_cert_fingerprint: 'db:b6:b1:08:e7:de:ea:07:4d:39:a6:19:db:f3:51:e1:7e:8f:69:22',
|
|
idp_sso_target_url: 'https://authentik.jafner.net/application/saml/gitlab/sso/binding/redirect/',
|
|
issuer: 'https://gitlab.jafner.net',
|
|
name_identifier_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
|
attribute_statements: {
|
|
email: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'],
|
|
first_name: ['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'],
|
|
nickname: ['http://schemas.goauthentik.io/2021/02/saml/username']
|
|
}
|
|
},
|
|
label: 'authentik'
|
|
},
|
|
{
|
|
name: "openid_connect",
|
|
label: "Keycloak",
|
|
args: {
|
|
name: "openid_connect",
|
|
scope: ["openid","profile","email"],
|
|
response_type: "code",
|
|
issuer: "https://keycloak.jafner.net/realms/Jafner.net",
|
|
discovery: true,
|
|
client_auth_method: "query",
|
|
uid_field: "email",
|
|
send_scope_to_token_endpoint: "false",
|
|
client_options: {
|
|
identifier: "gitlab.jafner.net",
|
|
secret: "zUgdh61hSJkhz9cNGtRHczlWL90BF7ZR",
|
|
redirect_uri: "https://gitlab.jafner.net/users/auth/openid_connect/callback"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
|
|
|
|
ports:
|
|
- '2229:22'
|
|
volumes:
|
|
- '${DOCKER_DATA}/config:/etc/gitlab'
|
|
- '${DOCKER_DATA}/logs:/var/log/gitlab'
|
|
- '${DOCKER_DATA}/data:/var/opt/gitlab'
|
|
shm_size: '256m'
|
|
labels:
|
|
- traefik.http.routers.gitlab.rule=Host(`gitlab.jafner.net`)
|
|
- traefik.http.routers.gitlab.tls.certresolver=lets-encrypt
|
|
- traefik.http.routers.gitlab.service=gitlab
|
|
- traefik.http.services.gitlab.loadbalancer.server.port=80
|
|
- traefik.http.routers.gitlab-registry.rule=Host(`registry.gitlab.jafner.net`)
|
|
- traefik.http.routers.gitlab-registry.tls.certresolver=lets-encrypt
|
|
- traefik.http.routers.gitlab-registry.service=gitlab-registry
|
|
- traefik.http.services.gitlab-registry.loadbalancer.server.port=5000
|
|
|
|
gitlab-runner-0:
|
|
image: 'gitlab/gitlab-runner:latest'
|
|
container_name: gitlab_runner_0
|
|
logging:
|
|
driver: loki
|
|
options:
|
|
loki-url: http://localhost:3100/loki/api/v1/push
|
|
loki-batch-size: "50"
|
|
loki-retries: "1"
|
|
loki-timeout: "2s"
|
|
keep-file: "true"
|
|
restart: "no"
|
|
environment:
|
|
- GODEBUG="x509ignoreCN=0"
|
|
volumes:
|
|
- ${DOCKER_DATA}/runner-config:/etc/gitlab-runner
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
labels:
|
|
- traefik.enable=false
|
|
|
|
gitlab-runner-1:
|
|
image: 'gitlab/gitlab-runner:latest'
|
|
container_name: gitlab_runner_1
|
|
logging:
|
|
driver: loki
|
|
options:
|
|
loki-url: http://localhost:3100/loki/api/v1/push
|
|
loki-batch-size: "50"
|
|
loki-retries: "1"
|
|
loki-timeout: "2s"
|
|
keep-file: "true"
|
|
restart: "no"
|
|
environment:
|
|
- GODEBUG="x509ignoreCN=0"
|
|
volumes:
|
|
- ${DOCKER_DATA}/runner-config:/etc/gitlab-runner
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
labels:
|
|
- traefik.enable=false
|
|
|
|
networks:
|
|
web:
|
|
external: true
|