commit 67dd982da2ad1ff6400a48ee5617f08e4e6db091 Author: Vassiliy Yegorov Date: Thu Sep 1 10:38:38 2022 +0700 init diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..271a4dd --- /dev/null +++ b/.env.example @@ -0,0 +1,100 @@ +# Service name +# +SERVICE_NAME=gitlab-test + +# Container names +# Summary container name in docker-compose.yml will be "${SERVICE_NAME}_${CONTAINER_NAME-*}" +# +CONTAINER_NAME_GITLAB=server +CONTAINER_NAME_PGSQL=pgsql +CONTAINER_NAME_REDIS=redis +CONTAINER_NAME_REGISTRY=registry +CONTAINER_NAME_RUNNER=runner + +# Docker images +# +DOCKER_IMAGE_GITLAB=sameersbn/gitlab:latest +DOCKER_IMAGE_PGSQL=sameersbn/postgresql:latest +DOCKER_IMAGE_REDIS=sameersbn/redis:latest +DOCKER_IMAGE_REGISTRY=registry:latest +DOCKER_IMAGE_RUNNER=hub.realmanual.ru/pub/gitlab-runner + +# System +# +TZ=UTC +GITLAB_TIMEZONE=Asia/Novosibirsk + +# Gitlab domain name +# +GITLAB_HOST= +REGISTRY_HOST= + +GITLAB_SSH_PORT=10023 + +GITLAB_ROOT_EMAIL= +GITLAB_ROOT_PASSWORD= + +# LDAP settings +LDAP_ENABLED=false +LDAP_LABEL=LDAP +LDAP_HOST=id1.bildme.ru +LDAP_PORT=636 +LDAP_UID=uid +LDAP_METHOD=simple_tls +LDAP_VERIFY_SSL=true +LDAP_ACTIVE_DIRECTORY=false +LDAP_BASE=cn=users,cn=accounts,dc=bildme,dc=ru +LDAP_USER_FILTER=(&(objectClass=posixaccount)(memberOf=cn=gitlab,cn=groups,cn=accounts,dc=bildme,dc=ru)) +LDAP_BIND_DN=uid=binddn,cn=sysaccounts,cn=etc,dc=bildme,dc=ru +LDAP_PASS= + +# SMTP settings +SMTP_ENABLED=true +SMTP_HOST=smtp-pulse.com +SMTP_PORT=587 +SMTP_STARTTLS=true +SMTP_AUTHENTICATION=login +SMTP_USER= +SMTP_PASS= + +# Pages +GITLAB_PAGES_ENABLED=false + +# Storage Minio +REGISTRY_STORAGE_S3_REGIONENDPOINT=https://s3-nsk.amegahost.ru +REGISTRY_STORAGE_S3_REGION=ru-nsk +REGISTRY_STORAGE_S3_BUCKET=gitlab-storage +REGISTRY_STORAGE_S3_ACCESSKEY= +REGISTRY_STORAGE_S3_SECRETKEY= + +# DB credentials +# +DB_USER=gitlab +DB_PASS= +DB_NAME=gitlab_production + +# Container data path on the host +# Summary container data path will be "${SERVICE_DATA}/${SERVICE_NAME}" +# +SERVICE_DATA=./data + +# Gitlab runner token +# +RUNNER_TOKEN= + +# Private CI IP +# +#CI_SERVER_LOCAL_IP=10.0.0.31 + +GITLAB_SECRETS_DB_KEY_BASE= +GITLAB_SECRETS_SECRET_KEY_BASE= +GITLAB_SECRETS_OTP_KEY_BASE= + +# Runner on the same host with gitlab +# +CI_SERVER_WITH_RUNNER=true + +# Network names +# +SERVICE_NETWORK=gitlab-net +WEBPROXY_NETWORK=webproxy diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8b86ae7 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.env + +data/gitlab-test/gitlab +data/gitlab-test/postgresql +data/gitlab-test/redis diff --git a/README.md b/README.md new file mode 100644 index 0000000..204abd4 --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +# Твики + +## проблема 500 между Registry и Gitlab +при начальном запуске появляется проблема с ключами, которыеми обмениваются компоненты при авторизации юзера в docker.X + +- идем в контейнер гитлаба в папку /certs и выставляем права: + +```bash +chown root:www-data * +chmod 644 * diff --git a/data/gitlab-test/certs/privkey.pem b/data/gitlab-test/certs/privkey.pem new file mode 100644 index 0000000..c097b91 --- /dev/null +++ b/data/gitlab-test/certs/privkey.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFXrRPAm1+sACAggA +MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAn37l6nvgItBIIJSJKnIOxYNAZ5 +FqxWQHMn4SGcwN/EUwXtKS8d3NQhL4XlnXsEYZzMm48Kj5w+kV/xFlGDbbzK8LUq +cGcpvhD65j4P+MmHBDSGyTV053FGH5RLWPOkVt/hvLNAqktqQufkq6oEOju/MP7/ +G9DuxETVcG2He7InBg+rdthmbUWv1RBFF6dEPpNzJQp48mbcwkjMDeaV3nk5v69J +642TDloYTWvw1yAL3fd8xTTxZEkcaBBd7w1a+C+g0qxrPIwFMU0HrmCgvE1w7fsu +3pFH6FF0FnuvWwqUQr+VU8zhv7qyubnENsP6fgsTTaCJdn7hRAjuPKpxVYPeD/Tm +NrFkpWnE7v57sdMMb6DxmzEYCYgktoRWm9GxfVOSTFP1+EhUs7mrxeMiDT6MZSo/ +cLvEFMCWSl2aA1UH0Q3dlWwP5JKEtM4XocMolLQCOnu//msRZZ++zqago7PZE+Bs +UwcWG7vkPN2Shr0zdxDo+xVYq+G8LAZxTvYYihP8YuO8eMnTSARflLqe2bcl5zfd +O63BvvqdlVwb9mIK5OwEpoQyiLRFaF5ESpqW4HCru0imATbxw1XLpshOLbZnn/Q1 +1olm2VV74PTEx3+rgSiAxWDMGICLLq1lM/tFKZZ4JJtYWYRKemccWUWlX4l4AcjJ +rNV5FyCYNA/HIE1ToK/u3LhjQd9pQwhGr60xjp60ayOearCuB6ZGbQW1kaTSpCVw +pfUX4puz/CKIyuXD53mHontFpTx9HxMGQ4kmtdTyp+ofM5BITw3NYfccEzEKUZqP +YY2ccpZ13nJKiGi+OxcUR8+8rcJHKjgov18C/N66yO+CWGKSlt+qkiDBb7KojI8o +ZO4U/3THxYc1rNeDIcPaZjJSi2wO0MW82a6Iy+tmLsVrUbD0Hw8uSl/C2ZRltLvQ +sOAU43UqUyDp2P0mFJ3vaNOyvSb2GPcqv2Sb+Txi1iSzbrkvwLXvysALr6+rDMte +o6cVeJ4zyvHcj9Hb2VPm/ljVqJvgsr2eKnLWxbQue6hfDy25Eu9xS66ljId1yELo +ouQ4iLBnGN5mMmlyKAw7G3NowpfRD9byF2KOYhH5B0mHVyYh0QTv2ANHGeObk8oM +cLlgfGRHVooT9jwYFAZpvj1HfLeo378KJQB4iToQlpx3AbNQZsl4AjXIOqDQ36Xc +eM2jGrVbcbkX7DlXB33XJjaHKBqalbawuEdfVqPIkIx82y6QfEFw4KQOkkqquvpa +N12MBWFbzxZlOxZfa0MJB+LStRAAic8pt2WUF0AqxwroqPLW01ZASsHkWgIXOPnz +X5fjhryUOZnOVZshtk8bXgdiOCMFqaTSJYRjLZRcYZe4bOd8O6tiKUlvGgaXzSvi +NG7XUf0UuRvx8BagJU22koPVZN1ICdmcyVTsiV6ZNWuOTU/DsaOKhKuK1QRgknsy +AwqzNGfNk+IcClTJ4Y+3SRXTo/KKHlDoc/XPtT3IFfG7/TDzGgQg2TLf0r4rKYfY +567APQGxk+y1+HEYI1cQ87ZoDAdy3DEWiMetDNPdN5gBQsockBNly6E2iHEZpuga +yyapvXOjY0MQB7VSp4wYyVQkc29X4Lzr0DY3BRyxYBMjigt3D7pkLeGxxKDwLMGE +OWGWo3FvWuuHWoKhSknnWUebaiso/Mq9WxQA7uZL/XfttTdQ7qImy5ScBwzfe4Tq +Jx8wXKBM3RFvta/3+gTlVVRL0dNlRsJnpzGwIFMvOWJP21P1DVn65oKl275COH7p +qCqAMP3C66jk06F5PIRMCZ2s0DP8Ap/gkTt4jIyNTCvx6Mk9pSKg14phh0f1KT5c +LOupPtAR9WZwkHTNuqFPMkhglU2M94p33OiMci5LxpFR3woYG29oOkU8ip33GdQf +ciol1seil0H9EMXT/rxvEIDR5o/Av7ob4GquKCEv+9lxuic+1WAw7JpCFCcBvy4L +RTKD7n85Ynvos4p/tB9dUvQ/Gls8kGR5R8dvF5iQ6zuntin5kT/wA+8V7oP22rPd +Cvp/+Gs/ND5WSc+XxUlwJ/x5B28EweR+xT4jFEouPk25UTb7CkrEZVcHs7XyZZTh +QozDVc4XGr9Urm4Sw+Ju1QkqJQqs5kgneJTh78NINZkzRiOlCRkRw1cIVTFwaxoT +CjTF7eTtjXZMrBUEXpEBfEZ/ur24h1nUGbVIoEHwPGmjBEZlhM/AmB7ErU/Z8k8w +K+RSTYjZxaQsVlxfrF1eR9Vhu94DYjuXivkN1pD5jnYMKrSJTsLwsOpYMUJPtbSJ +JC7r6xnZ6sLW5R97U0WJgzC+WsQgjI8ghbPaJ6uJIJMY004symizYq8YG56CPRT+ +sDmfbzOoIVEhXQdflIJHxfnc+OqzEU8xjPfKCQuqpi+tBivbSG6bhEzMdIr5z/bj +uUbLuXeIDiqdrAzHP8EQDogQA3MP7r7r5acmPzUr6Z+qQu+0p9Z3p8IknfJGLXwg +VJGmTRQR+Sr2mhwPTOuS/fC0o2ElKntYBDc/J3isf6lawpl0Hzuf7yrcavAU+1Sd +YYSs7bh0tftW17zYRRxUEeDIdv6VNi0PbuOmNCmgB6qZdUAauPncetRy0v5a+2Rk +IZcHyxkohsTL879Iur4qn6wab1q7r1QJ83pBOHsctEfvzic0xjXVW5fcg75c2ccv +mHTVnCFgeNpb5osfursuTW7Gk+h+Dqg1efKwttZRWE9R5MbW/ZyWVNVMboOXtL74 +i13jBkjPsk8wCrv2oTqEsSBdsmE2Pz4rWC1PZsLMzeyiO2XBkyXGynhEcmjxgIQd +35gNXr6+2bhmhFZVDyYJwoCwYK3Jt6CkAYY6PA7dx5vm+gyCN3nfv1xbWYmhlRIy +QK/6sDgp9XxHMtlm/gnyLdqV4IVHJR/F+t7/YwijRZTkflo2u6dO/F/dMyO/UvBg +78ZpkBOnLolzAljkj2TSe6JuJWzN0bIgUxdczHH/tqLK5HLoX5A0Opkrl11dk6Ns +U2OW1SGJ1+880G+jvzV09tmb8c7ZbFGEHfgT0EhFKyTcyfe5NJzsiiMAGgbNZhsc +sTe4ghC+BZGlvUz+PHAUfpWO1/EvqXWxpbFbbi6lC2upMNHSP8kpHGE2Pym2kys4 +7NoblJgiQkmTLZmWEtiUtnTgU+YqqRAIVtnC0NXcs3yayZALskvRu/fTAsODKEsy +JO3QHEXlWo0WFCdSdnYEjw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/data/gitlab-test/certs/registry.crt b/data/gitlab-test/certs/registry.crt new file mode 100644 index 0000000..fc4f530 --- /dev/null +++ b/data/gitlab-test/certs/registry.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCAu4CCQCam14CL3StJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB +VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0 +cyBQdHkgTHRkMB4XDTE4MDkyMDIwNTI1NVoXDTQ2MDIwNTIwNTI1NVowRTELMAkG +A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0 +IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ALjoQSwjO+aSmnuK0kMBZwPn7meKFEnswMoc7vDjgecT8KX7VWD0hzXfbB4Tqo1m +78ePaJaZIkkIN8rnc5IokBe3Y1a/N9aMV3v5907HBZoi8K46+zdWZT0MSzijmPWg +FVp64l2errv0dR3KNwvipe5gY1ljo6VVpYxheVl9mLlFysqcqHOC2znYJHqGxhE2 +hhSbTxV5PE2AsW5LVrSn8v1XF0iHamlBSjEKMEzA1eINySepDJ68CWNa4n5YSCKM +GQ/Ps/B397xYMbS0VZv0/NGqWQUenfHLFPbrd/Ar+yr41GAYOATBQBRclVmVhEL1 +ZfYeDgDusXcYTwSLtXK8fBuSnvKem/YStTeHzW6gYadhmm/zX8Zwg6KejIJde0Cy +UQcp3z6dhr5UucpXb3bZoKVnEFgVe8qnBrTDgJYt0z8yQJoJ+9fUi2UQUlp7JUro +CRDN2qmuVZngqKtlp0M54xWcrcmdjCIqXsw8Wp27hpHd78HZeuFQbR6jUaRfBVP6 +ZPPrEmWYv+TK6L7YCuxBrlfmWrTZUWG7hxRp64/1CYg/ppQAtCDZ6q2t2YulByXs +0BknuXs29s6gzen2YyIbKdZFYD0wS1pfFrR6gqyEiQBr09Bgu1NWgpuPCPc6rDMk +YITz/z5Wneznn/NLmkFQJWf6yIXqGvtFleWAGokXRjFlAgMBAAEwDQYJKoZIhvcN +AQELBQADggIBAG5oqeXSB2Fc2KMO5PC6Ja7hp8tpASxNOthQEiA0j1pbL+h2fibT +8p3l8HF1UZPSkWgwoJnz36KzDaA2WCPkTqYTnphoeVvductV+r8uaOOeTDioAWKm +ZgQIP4bhfJTw7iyGYvfCUILZTiuemsAG338xPYa97ciiUfj2jejY9wF3Gr4Zcrnx +FC65GQLPSOpPzlGms09zopOxi2kPlRA8hrJmXi3Eu9jdRtT8S6hZghNY1USJhr3D +TH2vCCQKXKSsgLxG00XoEhFak/53wY2istuyxRG6Hvb+yxqbemyqEdg8O3e6X7uk +MnGdzmaP21FIcYLPz8xX9bScZNraZjUlifVdIQxrqX+O52o2y6NzJcwf/MsraAD3 +oW4kdSp/vCf1Ml0GNz9ZaU3EVIEgAdvCPon5gZtVz7+qfGWFpc6+74OFm6iCPbwZ +GL+BM9j9DmzcUFMQ+ytZ6PkRcCfUoBP7Dv89LWIoUWwj8I2AbAwwZc3RM6L/4Nju +mDeid92eUNL+/1vwEOQM3a9bl3HXh+0FbrUSs0UgFXwCh/yjmHo/QkTlAeEl2Fpa +8w31lDpw1u99xWFN+tnA1osAghZrlgryWPA7i+/TqMT/iU11yUMqOTqeeImOQpOB +QFLZVWwYYOK4Ssq5lsCH9eqOdiW6Oe4AX8jeueuxpgewEU48M8PdaxH4 +-----END CERTIFICATE----- diff --git a/data/gitlab-test/certs/registry.csr b/data/gitlab-test/certs/registry.csr new file mode 100644 index 0000000..c2adb0e --- /dev/null +++ b/data/gitlab-test/certs/registry.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEijCCAnICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBALjoQSwjO+aSmnuK0kMBZwPn7meKFEnswMoc7vDj +gecT8KX7VWD0hzXfbB4Tqo1m78ePaJaZIkkIN8rnc5IokBe3Y1a/N9aMV3v5907H +BZoi8K46+zdWZT0MSzijmPWgFVp64l2errv0dR3KNwvipe5gY1ljo6VVpYxheVl9 +mLlFysqcqHOC2znYJHqGxhE2hhSbTxV5PE2AsW5LVrSn8v1XF0iHamlBSjEKMEzA +1eINySepDJ68CWNa4n5YSCKMGQ/Ps/B397xYMbS0VZv0/NGqWQUenfHLFPbrd/Ar ++yr41GAYOATBQBRclVmVhEL1ZfYeDgDusXcYTwSLtXK8fBuSnvKem/YStTeHzW6g +Yadhmm/zX8Zwg6KejIJde0CyUQcp3z6dhr5UucpXb3bZoKVnEFgVe8qnBrTDgJYt +0z8yQJoJ+9fUi2UQUlp7JUroCRDN2qmuVZngqKtlp0M54xWcrcmdjCIqXsw8Wp27 +hpHd78HZeuFQbR6jUaRfBVP6ZPPrEmWYv+TK6L7YCuxBrlfmWrTZUWG7hxRp64/1 +CYg/ppQAtCDZ6q2t2YulByXs0BknuXs29s6gzen2YyIbKdZFYD0wS1pfFrR6gqyE +iQBr09Bgu1NWgpuPCPc6rDMkYITz/z5Wneznn/NLmkFQJWf6yIXqGvtFleWAGokX +RjFlAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAHpOp7CwNBTYvOzP3R+E7HIDa +n+J0AQ7ujmuzBkMsWZq0B7QT8gVnAWswAE3tBqaH7dy77zF8VZpjh5bTjv+FyT2i +GRn5FxdFK5MgcRBtp4LM93wRFi0nHGB5pVWr+h3RBBmO4H0cW+Wep7VAp8ikkiCQ +Z7w4w08x5C3R0medPbckWHT5Qiu7mGlLaQ3hEwz7zmoIxdlL0+UHizjWejyxFyN/ +v0Zoc1mLbs2oh1auHKEXyVAk85libCsT2O4C5eN+GwZ46xCBEpIxiOIYyf5CVvVH ++N3nPd8WBeON0ZscHpOk+oJZUyQmpkK3XCJg9aDZDV+GVhFUSVvCpM33XbaPBlah +BCLWKY0Zo9leaZZWTkDFrnhP4uLemgU+P4r9hd1RDxLJluWjXUJ+7HePrr2qwpZd +l7QhyhdMAqyJoX3OJ/WUOVvwK1dy2z9S3ZSbM7yGl+HL+JoMu0oJtvcvCxPGU9p8 +1KHFwZRH5EN4KzB/9Bv5Rb5oCtezPBKqwxuszq7x/Nfwxr8EnVJvjs0Rmz5iabKd +En4VyCs0cJF7O/ScrYqY0OXxa8VgY8wDQhDNBnCoZqR+32FVZCK/lZgvrTOF3Yw2 +RN/MuTnZ8IQQx2869N5HcMzsgyk2mWvavL9/5ZHJ278YmEFC0+Ljq4Myrf5lqob+ +c2sKyBcPyyZ4ukQQ39w= +-----END CERTIFICATE REQUEST----- diff --git a/data/gitlab-test/certs/registry.key b/data/gitlab-test/certs/registry.key new file mode 100644 index 0000000..2c53a3b --- /dev/null +++ b/data/gitlab-test/certs/registry.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKQIBAAKCAgEAuOhBLCM75pKae4rSQwFnA+fuZ4oUSezAyhzu8OOB5xPwpftV +YPSHNd9sHhOqjWbvx49olpkiSQg3yudzkiiQF7djVr831oxXe/n3TscFmiLwrjr7 +N1ZlPQxLOKOY9aAVWnriXZ6uu/R1Hco3C+Kl7mBjWWOjpVWljGF5WX2YuUXKypyo +c4LbOdgkeobGETaGFJtPFXk8TYCxbktWtKfy/VcXSIdqaUFKMQowTMDV4g3JJ6kM +nrwJY1riflhIIowZD8+z8Hf3vFgxtLRVm/T80apZBR6d8csU9ut38Cv7KvjUYBg4 +BMFAFFyVWZWEQvVl9h4OAO6xdxhPBIu1crx8G5Ke8p6b9hK1N4fNbqBhp2Gab/Nf +xnCDop6Mgl17QLJRBynfPp2GvlS5yldvdtmgpWcQWBV7yqcGtMOAli3TPzJAmgn7 +19SLZRBSWnslSugJEM3aqa5VmeCoq2WnQznjFZytyZ2MIipezDxanbuGkd3vwdl6 +4VBtHqNRpF8FU/pk8+sSZZi/5MrovtgK7EGuV+ZatNlRYbuHFGnrj/UJiD+mlAC0 +INnqra3Zi6UHJezQGSe5ezb2zqDN6fZjIhsp1kVgPTBLWl8WtHqCrISJAGvT0GC7 +U1aCm48I9zqsMyRghPP/Plad7Oef80uaQVAlZ/rIheoa+0WV5YAaiRdGMWUCAwEA +AQKCAgBk6SuYIOpx3RQ90/cH5l4H/a1YCD0mUvSr2Lp18FNWfsVYcB+aOBkKR5JD +n8v2O3UkXZlghtX1MWzxaPrjiwuIRecK0nRwvEqKOFLFRUxDYEola77p5lZ9yJXM +pUu20NSWenXLTexiWvkHdvIvpFOWEjhl8kC+3Ezqnc+SDT8p7XLMvE4aLBHkMZdG +3wJ9JlpqKJAyUeWdDlzGqor5MKclpz/nry9dneoVdVACs0KGiat734ApqMke1dzB +wwArCnYq8NlspKwot6D402ndIQhQjDzk1F6yNHiOgNcF1ZrPStjsUItR3P1Rn21K +ZJS3ziEE/kX6MEndiwCkpHIz2bWIkInu8rvp7N0lCmYydavw3zk27QJJXIn2pwIf +/mrpC8Fcc35bAgNt4Mljq14sk7aXWnSAQWTlbtZ+OxGfQtRHP8IOKUKnYbub/CvB +S8KMbkEzu9EP7tayZhhcvwf8DBv0bZvhk3mzqDGrtaltgUA3hIdhiUqYacPVqEUl +oS9ojMaKZ9PQdPwS/FhUg8frLXjVA0akXeUns5eeCY/vdNNgTPQZ/DkOWXZFIEKF +v1Hbu0idkMu069alnUPS6PEyPjeBWALKivf2zYBxPknBmTl+/kGvQxKWDKcMSbTm +DjRfZWMknpl2PcuVz0Odn+TCWPHAggeUT7zwPS8Al7SVOO2MSQKCAQEA6nxt58k8 +2iRTvXGS+96zIDvOk0d/SLS9QXDaWLFV0qaShVKvLPy86lJDvG9tDDWu+4KXSwtV +rHikl6t+BOuYeNhoD0DsU8VBl5E62IfvkfGO5g8HmncpcvIjzv7C+yriZUa5j+xp +VAUgO7YHdF2u3hLh+Ey1Pn1gt2jzdVlbkh3uZfYIiOxaSuBnN+yswfROH8zejHRz +GKyTZwYoC5sz1mys9OJwv2kVn7QUintbQVwaXLbk223M/WMIot666364B2xTk1Io +xnGLVGQwkf5ZGG4db4cQGMRbl4iAKXMXMPfBt7+2RWSbJ6HtkyLvBEVfkAb8Je0D +L7kqtqcR3iZNEwKCAQEAyd9Tgf5dtlFm+pepOaUp6jtilkT7XVLRJMHvcrHmeWFc +QfuOraIvTxFF5SAw10l4tdKIawFkpZvP/74PCahvOUL9jCc12pELlMHFhigzASIh +JChBNPYX7QcPs9PXAlodws1v4l5LCjglbe6PW9yRBl6rrmre+tDINqSqZZ7Jsf5G +93z9VHMvZQ2eU+o0hgLT72I4lcYsfLGi8cLMcUqP5yedffKCO9PnDrUIdkujLhd/ +jHx4Nn2Hi0WLcYVwicyXI0+kDpcQbn35eUxHj5KC2iuya+MZ8nOIH+tuNmk9b5rL +YfCP/SthDAKuyZWcYUpBkK0xltHhDR77ePn6zF2upwKCAQEA2eyCiGRydZpFaU9g +d0zl1RNATYipNv0i1ur3Qm6tgHTmv5m0zG6ndG64HSzBgBN0aLNZwJjsKrqE3aC4 +IgKDVexp6aNBACnXZ/HFavALKuwBDrbxLhGJKBb6SKpks+GLPuyYELZ6vWd2KYhn +LTLUDfgmowlHeKg1dr/HZEyD2iyPH5ulGvvufqBHzaXcePWAlfVk78xaG5hn9du2 +4/J+Hs4pf/3jI0Gaoy5N2NYEXZ4nsfsYfwZw+R1NLXEq7yp6BgwbMFOvKZ7lCq2C +pmxoiVfta3Vu9FWpeg+WbO9VomDgXNGDqMJzoEXR8mkJEkMXKVgUh3ra90Nz+wUS +ig+2mQKCAQB4x+ijzzfsfFm7tv/l4H7qiOtccxtd484ESxBjtDLsDqdvRv4/vtjF +WtVR2GfAd1IEn1lFhIjeWRIitmky4xbg0Mb4kwEyqzOdpi3zLZwOoofnpToWYONB +ysbHVgi/fIFv6xB1BOuqypsCYghd8uLGR+A6M/EDaeVQZEcbE90jZLq7GopLe7sw +n+xJ0sfoIksBX+fxHKfDV1jhgyZk5jKhH9+n2m+3Mfp9nyzX8jtIuYBz4ojeOU7e +shZTLn59w+3tj5ndrN6E7VRVEaGDMiqeNCTFThRZLmyUhHzliyPZ4WisSY0s8UZY +NEa1j5EH2LDPyf/wd9RJ0G6vHAnFOovjAoIBAQDEsaAdeTiOWjD3n4mEJ/mQ3hYv +eCeGgybgy1RP1TujAaqXGdK1RXsi+P1WRaGUImHF8g41FRM6iOAsAAqBBF/5F36W +3Z1D0q7LyUkn3tzyTfIDp2V+J33X6jePn+Pd54AShH+qwZRHi+iQyCtaWNf1dWPR +muD8f+w/WMsYWPcW5NQCt4LPS9jOp7Bro8ssFektw2ug5sSGQI/KnS8lDBU6fQT7 +k+WodT9aGTlTHFL5XbcCQmDdesKncmCXzUzl5hsJ2FG9mbZnbkce5RM2Wl84XBhZ +WQ+CuPzQtW2mAxA6fpmfxJut98bHkUFiPh7eT3flfin0sqcH0vzgtCTx4hCM +-----END RSA PRIVATE KEY----- diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..7ec472f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,218 @@ +version: '3.9' + +networks: + gitlab-net: + name: ${SERVICE_NETWORK} + webproxy: + name: ${WEBPROXY_NETWORK} + +services: + gitlab: + image: ${DOCKER_IMAGE_GITLAB} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB} + restart: always + depends_on: + - postgresql + - redis + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-learn-server.entrypoints=https" + - "traefik.http.routers.gitlab-learn-server.rule=Host(`${GITLAB_HOST}`)" + - "traefik.http.routers.gitlab-learn-server.tls=true" + - "traefik.http.routers.gitlab-learn-server.tls.certresolver=letsEncrypt" + - "traefik.http.services.gitlab-learn-server-service.loadbalancer.server.port=80" + - "traefik.docker.network=webproxy" + environment: + - DEBUG=false + + - DB_ADAPTER=postgresql + - DB_HOST=${SERVICE_NAME}_${CONTAINER_NAME_PGSQL} + - DB_PORT=5432 + - DB_USER + - DB_PASS + - DB_NAME + + - REDIS_HOST=${SERVICE_NAME}_${CONTAINER_NAME_REDIS} + - REDIS_PORT=6379 + + - TZ + - GITLAB_TIMEZONE + + - GITLAB_HTTPS=false + - SSL_SELF_SIGNED=false + + - GITLAB_HOST + - GITLAB_PORT=80 + - GITLAB_SSH_PORT + - GITLAB_RELATIVE_URL_ROOT + - GITLAB_SECRETS_DB_KEY_BASE + - GITLAB_SECRETS_SECRET_KEY_BASE + - GITLAB_SECRETS_OTP_KEY_BASE + + - GITLAB_ROOT_PASSWORD + - GITLAB_ROOT_EMAIL + + - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true + - GITLAB_NOTIFY_PUSHER=false + + - GITLAB_EMAIL + - GITLAB_EMAIL_REPLY_TO + + # - GITLAB_BACKUP_SCHEDULE=daily + # - GITLAB_BACKUP_TIME=01:00 + # - GITLAB_BACKUP_EXPIRY=172800 + # - GITLAB_BACKUP_SKIP=registry,builds + + - GITLAB_PAGES_ENABLED + + - SMTP_ENABLED + - SMTP_DOMAIN + - SMTP_HOST + - SMTP_PORT + - SMTP_USER + - SMTP_PASS + - SMTP_STARTTLS + - SMTP_AUTHENTICATION + + - LDAP_ENABLED + - LDAP_LABEL + - LDAP_HOST + - LDAP_PORT + - LDAP_UID + - LDAP_METHOD + - LDAP_VERIFY_SSL + - LDAP_ACTIVE_DIRECTORY + - LDAP_BASE + - LDAP_USER_FILTER + - LDAP_BIND_DN + - LDAP_PASS + + - GITLAB_REGISTRY_ENABLED=true + - GITLAB_REGISTRY_HOST=${REGISTRY_HOST} + - GITLAB_REGISTRY_API_URL=http://registry:5000/ + - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key + healthcheck: + test: ["CMD", "/usr/local/sbin/healthcheck"] + interval: 1m + timeout: 5s + retries: 5 + start_period: 2m + ports: + - "${GITLAB_SSH_PORT}:22" + expose: + - 80 + networks: + - ${WEBPROXY_NETWORK} + - ${SERVICE_NETWORK} + volumes: + - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z + - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs + + registry: + image: ${DOCKER_IMAGE_REGISTRY} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY} + restart: always + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitlab-learn-registry.entrypoints=https" + - "traefik.http.routers.gitlab-learn-registry.rule=Host(`${REGISTRY_HOST}`)" + - "traefik.http.routers.gitlab-learn-registry.tls=true" + - "traefik.http.routers.gitlab-learn-registry.tls.certresolver=letsEncrypt" + - "traefik.http.services.gitlab-learn-registry-service.loadbalancer.server.port=5000" + - "traefik.docker.network=webproxy" + environment: + - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false + - REGISTRY_LOG_LEVEL=debug + - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth + - REGISTRY_AUTH_TOKEN_SERVICE=container_registry + - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer + - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt + - REGISTRY_STORAGE_DELETE_ENABLED=true + # - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry + - REGISTRY_STORAGE=s3 + - REGISTRY_STORAGE_S3_ACCESSKEY + - REGISTRY_STORAGE_S3_SECRETKEY + - REGISTRY_STORAGE_S3_REGIONENDPOINT + - REGISTRY_STORAGE_S3_REGION + - REGISTRY_STORAGE_S3_BUCKET + - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory + expose: + - 5000 + networks: + - ${WEBPROXY_NETWORK} + - ${SERVICE_NETWORK} + volumes: + - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry + - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs + + postgresql: + image: ${DOCKER_IMAGE_PGSQL} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_PGSQL} + restart: always + environment: + - DB_USER + - DB_PASS + - DB_NAME + - DB_EXTENSION=pg_trgm,btree_gist + networks: + - ${SERVICE_NETWORK} + expose: + - 5432 + volumes: + - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z + + redis: + restart: always + image: ${DOCKER_IMAGE_REDIS} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REDIS} + command: + - --loglevel warning + networks: + - ${SERVICE_NETWORK} + volumes: + - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z + + # runner_1: &runner + # image: ${DOCKER_IMAGE_RUNNER} + # container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1 + # restart: always + # depends_on: + # - gitlab + # command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner + # environment: + # - CI_SERVER_URL=https://${GITLAB_HOST} + # - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP} + # - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER} + # - RUNNER_TOKEN=${RUNNER_TOKEN} + # - RUNNER_DESCRIPTION=gitab-runner_1 + # - RUNNER_EXECUTOR=docker + # - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest + # networks: + # - ${SERVICE_NETWORK} + # volumes: + # - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner + # - /var/run/docker.sock:/var/run/docker.sock + + # runner_2: + # <<: *runner + # container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2 + # environment: + # - RUNNER_DESCRIPTION=gitab-runner_2 + # volumes: + # - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner + + # runner_3: + # <<: *runner + # container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3 + # environment: + # - RUNNER_DESCRIPTION=gitab-runner_3 + # volumes: + # - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner + + # runner_4: + # <<: *runner + # container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4 + # environment: + # - RUNNER_DESCRIPTION=gitab-runner_4 + # volumes: + # - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner