[gitlab] smtp server and https push

ansible.cfg

@@ -17,6 +17,9 @@ inventory = ./hosts
 # Custom header in templates
 # ansible_managed = Ansible managed, see https://gitlab.crans.org/nounous/ansible
 
+# Maximum size of files to be considered for diff display
+max_diff_size = 1000000
+
 # Do not use cows (with cowsay)
 nocows = 1
 

group_vars/git.yml

@@ -1,20 +1,23 @@
 ---
-
 glob_gitlab:
   url: 'https://gitlab.crans.org'
   time_zone: 'Europe/Paris'
   email: 'gitlab@crans.org'
   email_display_name: 'Crans GitLab'
-  ldap_label: 'Crans'
+  ldap:
-  ldap_host: '172.16.10.147'
+    label: 'Crans'
-  ldap_port: 389
+    host: "{{ query('ldap', 'ip', 're2o-ldap', 'adm') | first }}"
-  ldap_uid: 'uid'
+    port: 389
-  ldap_bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org'
+    uid: 'uid'
-  ldap_base: 'cn=Utilisateurs,dc=crans,dc=org'
+    bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org'
-  ldap_user_filter: '(&(!(shadowExpire=0))(uid=*))'
+    base: 'cn=Utilisateurs,dc=crans,dc=org'
+    user_filter: '(&(!(shadowExpire=0))(uid=*))'
   cas_name: 'cas3'
   cas_label: 'CAS Cr@ns'
   cas_url: 'https://cas.crans.org'
+  smtp:
+    address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
+    port: 25
 
 glob_nginx:
   service_name: gitlab-omnibus-ssl-nginx

host_vars/gitzly.adm.crans.org.yml

@@ -19,4 +19,5 @@ loc_certbot:
     domains: "*.adm.crans.org"
 
 loc_gitlab:
-  ldap_bind_password: "{{ vault_gitlab_ldap_password }}"
+  ldap:
+    bind_password: "{{ vault_gitlab_ldap_password }}"

plays/gitlab.yml

@@ -10,7 +10,7 @@
 - hosts: git
   vars:
     certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
-    gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({})) }}'
+    gitlab: '{{ glob_gitlab | default({}) | combine(loc_gitlab | default({}), recursive=True) }}'
   roles:
     - certbot
     - gitlab

roles/gitlab/handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Reconfigure Gitlab
+  command: gitlab-ctl reconfigure

roles/gitlab/tasks/main.yml

@@ -24,6 +24,4 @@
     mode: 0600
     owner: root
     group: root
-
+  notify: Reconfigure Gitlab
-- name: Reconfigure Gitlab
-  command: gitlab-ctl reconfigure

roles/gitlab/templates/gitlab.rb.j2

@@ -79,15 +79,20 @@ gitlab_rails['time_zone'] = '{{ gitlab.time_zone }}'
 ###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
 ###! **Use smtp instead of sendmail/postfix.**
 
-# gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_enable'] = true
-# gitlab_rails['smtp_address'] = "smtp.server"
+gitlab_rails['smtp_address'] = "{{ gitlab.smtp.address }}"
-# gitlab_rails['smtp_port'] = 465
+gitlab_rails['smtp_port'] = {{ gitlab.smtp.port }}
 # gitlab_rails['smtp_user_name'] = "smtp user"
 # gitlab_rails['smtp_password'] = "smtp password"
 # gitlab_rails['smtp_domain'] = "example.com"
 # gitlab_rails['smtp_authentication'] = "login"
 # gitlab_rails['smtp_enable_starttls_auto'] = true
 # gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+gitlab_rails['smtp_enable_starttls_auto'] = false
+gitlab_rails['smtp_ssl'] = false
+gitlab_rails['smtp_force_ssl'] = false
 
 ###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
 ###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
@@ -443,24 +448,25 @@ gitlab_rails['ldap_enabled'] = true
 ###! **remember to close this block with 'EOS' below**
 gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
   main: # 'main' is the GitLab 'provider ID' of this LDAP server
-    label: '{{ gitlab.ldap_label }}'
+    label: '{{ gitlab.ldap.label }}'
-    host: '{{ gitlab.ldap_host }}'
+    host: '{{ gitlab.ldap.host }}'
-    port: {{ gitlab.ldap_port }}
+    port: {{ gitlab.ldap.port }}
-    uid: '{{ gitlab.ldap_uid }}'
+    uid: '{{ gitlab.ldap.uid }}'
-    bind_dn: '{{ gitlab.ldap_bind_dn }}'
+    bind_dn: '{{ gitlab.ldap.bind_dn }}'
-    password: '{{ gitlab.ldap_bind_password }}'
+    password: '{{ gitlab.ldap.bind_password }}'
-#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+    encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-#     verify_certificates: true
+    verify_certificates: true
 #     smartcard_auth: false
 #     active_directory: true
     allow_username_or_email_login: true
 #     lowercase_usernames: false
 #     block_auto_created_users: false
-    base: '{{ gitlab.ldap_base }}'
+    base: '{{ gitlab.ldap.base }}'
-    user_filter: '{{ gitlab.ldap_user_filter }}'
+    user_filter: '{{ gitlab.ldap.user_filter }}'
     attributes:
       username: ['uid',]
       email:    ['mail',]
+EOS
 #     ## EE only
 #     group_base: ''
 #     admin_group: ''