init

2022-09-01 10:38:38 +07:00
commit 67dd982da2
8 changed files with 494 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,100 @@
 # Service name
 #
 SERVICE_NAME=gitlab-test
 # Container names
 # Summary container name in docker-compose.yml will be "${SERVICE_NAME}_${CONTAINER_NAME-*}"
 #
 CONTAINER_NAME_GITLAB=server
 CONTAINER_NAME_PGSQL=pgsql
 CONTAINER_NAME_REDIS=redis
 CONTAINER_NAME_REGISTRY=registry
 CONTAINER_NAME_RUNNER=runner
 # Docker images
 #
 DOCKER_IMAGE_GITLAB=sameersbn/gitlab:latest
 DOCKER_IMAGE_PGSQL=sameersbn/postgresql:latest
 DOCKER_IMAGE_REDIS=sameersbn/redis:latest
 DOCKER_IMAGE_REGISTRY=registry:latest
 DOCKER_IMAGE_RUNNER=hub.realmanual.ru/pub/gitlab-runner
 # System
 #
 TZ=UTC
 GITLAB_TIMEZONE=Asia/Novosibirsk
 # Gitlab domain name
 #
 GITLAB_HOST=
 REGISTRY_HOST=
 GITLAB_SSH_PORT=10023
 GITLAB_ROOT_EMAIL=
 GITLAB_ROOT_PASSWORD=
 # LDAP settings
 LDAP_ENABLED=false
 LDAP_LABEL=LDAP
 LDAP_HOST=id1.bildme.ru
 LDAP_PORT=636
 LDAP_UID=uid
 LDAP_METHOD=simple_tls
 LDAP_VERIFY_SSL=true
 LDAP_ACTIVE_DIRECTORY=false
 LDAP_BASE=cn=users,cn=accounts,dc=bildme,dc=ru
 LDAP_USER_FILTER=(&(objectClass=posixaccount)(memberOf=cn=gitlab,cn=groups,cn=accounts,dc=bildme,dc=ru))
 LDAP_BIND_DN=uid=binddn,cn=sysaccounts,cn=etc,dc=bildme,dc=ru
 LDAP_PASS=
 # SMTP settings
 SMTP_ENABLED=true
 SMTP_HOST=smtp-pulse.com
 SMTP_PORT=587
 SMTP_STARTTLS=true
 SMTP_AUTHENTICATION=login
 SMTP_USER=
 SMTP_PASS=
 # Pages
 GITLAB_PAGES_ENABLED=false
 # Storage Minio
 REGISTRY_STORAGE_S3_REGIONENDPOINT=https://s3-nsk.amegahost.ru
 REGISTRY_STORAGE_S3_REGION=ru-nsk
 REGISTRY_STORAGE_S3_BUCKET=gitlab-storage
 REGISTRY_STORAGE_S3_ACCESSKEY=
 REGISTRY_STORAGE_S3_SECRETKEY=
 # DB credentials
 #
 DB_USER=gitlab
 DB_PASS=
 DB_NAME=gitlab_production
 # Container data path on the host
 # Summary container data path will be "${SERVICE_DATA}/${SERVICE_NAME}"
 #
 SERVICE_DATA=./data
 # Gitlab runner token
 #
 RUNNER_TOKEN=
 # Private CI IP
 #
 #CI_SERVER_LOCAL_IP=10.0.0.31
 GITLAB_SECRETS_DB_KEY_BASE=
 GITLAB_SECRETS_SECRET_KEY_BASE=
 GITLAB_SECRETS_OTP_KEY_BASE=
 # Runner on the same host with gitlab
 #
 CI_SERVER_WITH_RUNNER=true
 # Network names
 #
 SERVICE_NETWORK=gitlab-net
 WEBPROXY_NETWORK=webproxy
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
 .env
 data/gitlab-test/gitlab
 data/gitlab-test/postgresql
 data/gitlab-test/redis
--- a/README.md
+++ b/README.md
@@ -0,0 +1,10 @@
 # Твики
 ## проблема 500 между Registry и Gitlab
 при начальном запуске появляется проблема с ключами, которыеми обмениваются компоненты при авторизации юзера в docker.X
 - идем в контейнер гитлаба в папку /certs и выставляем права:
 ```bash
 chown root:www-data *
 chmod 644 *
--- a/data/gitlab-test/certs/privkey.pem
+++ b/data/gitlab-test/certs/privkey.pem
@@ -0,0 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
 MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFXrRPAm1+sACAggA
 MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAn37l6nvgItBIIJSJKnIOxYNAZ5
 FqxWQHMn4SGcwN/EUwXtKS8d3NQhL4XlnXsEYZzMm48Kj5w+kV/xFlGDbbzK8LUq
 cGcpvhD65j4P+MmHBDSGyTV053FGH5RLWPOkVt/hvLNAqktqQufkq6oEOju/MP7/
 G9DuxETVcG2He7InBg+rdthmbUWv1RBFF6dEPpNzJQp48mbcwkjMDeaV3nk5v69J
 642TDloYTWvw1yAL3fd8xTTxZEkcaBBd7w1a+C+g0qxrPIwFMU0HrmCgvE1w7fsu
 3pFH6FF0FnuvWwqUQr+VU8zhv7qyubnENsP6fgsTTaCJdn7hRAjuPKpxVYPeD/Tm
 NrFkpWnE7v57sdMMb6DxmzEYCYgktoRWm9GxfVOSTFP1+EhUs7mrxeMiDT6MZSo/
 cLvEFMCWSl2aA1UH0Q3dlWwP5JKEtM4XocMolLQCOnu//msRZZ++zqago7PZE+Bs
 UwcWG7vkPN2Shr0zdxDo+xVYq+G8LAZxTvYYihP8YuO8eMnTSARflLqe2bcl5zfd
 O63BvvqdlVwb9mIK5OwEpoQyiLRFaF5ESpqW4HCru0imATbxw1XLpshOLbZnn/Q1
 1olm2VV74PTEx3+rgSiAxWDMGICLLq1lM/tFKZZ4JJtYWYRKemccWUWlX4l4AcjJ
 rNV5FyCYNA/HIE1ToK/u3LhjQd9pQwhGr60xjp60ayOearCuB6ZGbQW1kaTSpCVw
 pfUX4puz/CKIyuXD53mHontFpTx9HxMGQ4kmtdTyp+ofM5BITw3NYfccEzEKUZqP
 YY2ccpZ13nJKiGi+OxcUR8+8rcJHKjgov18C/N66yO+CWGKSlt+qkiDBb7KojI8o
 ZO4U/3THxYc1rNeDIcPaZjJSi2wO0MW82a6Iy+tmLsVrUbD0Hw8uSl/C2ZRltLvQ
 sOAU43UqUyDp2P0mFJ3vaNOyvSb2GPcqv2Sb+Txi1iSzbrkvwLXvysALr6+rDMte
 o6cVeJ4zyvHcj9Hb2VPm/ljVqJvgsr2eKnLWxbQue6hfDy25Eu9xS66ljId1yELo
 ouQ4iLBnGN5mMmlyKAw7G3NowpfRD9byF2KOYhH5B0mHVyYh0QTv2ANHGeObk8oM
 cLlgfGRHVooT9jwYFAZpvj1HfLeo378KJQB4iToQlpx3AbNQZsl4AjXIOqDQ36Xc
 eM2jGrVbcbkX7DlXB33XJjaHKBqalbawuEdfVqPIkIx82y6QfEFw4KQOkkqquvpa
 N12MBWFbzxZlOxZfa0MJB+LStRAAic8pt2WUF0AqxwroqPLW01ZASsHkWgIXOPnz
 X5fjhryUOZnOVZshtk8bXgdiOCMFqaTSJYRjLZRcYZe4bOd8O6tiKUlvGgaXzSvi
 NG7XUf0UuRvx8BagJU22koPVZN1ICdmcyVTsiV6ZNWuOTU/DsaOKhKuK1QRgknsy
 AwqzNGfNk+IcClTJ4Y+3SRXTo/KKHlDoc/XPtT3IFfG7/TDzGgQg2TLf0r4rKYfY
 567APQGxk+y1+HEYI1cQ87ZoDAdy3DEWiMetDNPdN5gBQsockBNly6E2iHEZpuga
 yyapvXOjY0MQB7VSp4wYyVQkc29X4Lzr0DY3BRyxYBMjigt3D7pkLeGxxKDwLMGE
 OWGWo3FvWuuHWoKhSknnWUebaiso/Mq9WxQA7uZL/XfttTdQ7qImy5ScBwzfe4Tq
 Jx8wXKBM3RFvta/3+gTlVVRL0dNlRsJnpzGwIFMvOWJP21P1DVn65oKl275COH7p
 qCqAMP3C66jk06F5PIRMCZ2s0DP8Ap/gkTt4jIyNTCvx6Mk9pSKg14phh0f1KT5c
 LOupPtAR9WZwkHTNuqFPMkhglU2M94p33OiMci5LxpFR3woYG29oOkU8ip33GdQf
 ciol1seil0H9EMXT/rxvEIDR5o/Av7ob4GquKCEv+9lxuic+1WAw7JpCFCcBvy4L
 RTKD7n85Ynvos4p/tB9dUvQ/Gls8kGR5R8dvF5iQ6zuntin5kT/wA+8V7oP22rPd
 Cvp/+Gs/ND5WSc+XxUlwJ/x5B28EweR+xT4jFEouPk25UTb7CkrEZVcHs7XyZZTh
 QozDVc4XGr9Urm4Sw+Ju1QkqJQqs5kgneJTh78NINZkzRiOlCRkRw1cIVTFwaxoT
 CjTF7eTtjXZMrBUEXpEBfEZ/ur24h1nUGbVIoEHwPGmjBEZlhM/AmB7ErU/Z8k8w
 K+RSTYjZxaQsVlxfrF1eR9Vhu94DYjuXivkN1pD5jnYMKrSJTsLwsOpYMUJPtbSJ
 JC7r6xnZ6sLW5R97U0WJgzC+WsQgjI8ghbPaJ6uJIJMY004symizYq8YG56CPRT+
 sDmfbzOoIVEhXQdflIJHxfnc+OqzEU8xjPfKCQuqpi+tBivbSG6bhEzMdIr5z/bj
 uUbLuXeIDiqdrAzHP8EQDogQA3MP7r7r5acmPzUr6Z+qQu+0p9Z3p8IknfJGLXwg
 VJGmTRQR+Sr2mhwPTOuS/fC0o2ElKntYBDc/J3isf6lawpl0Hzuf7yrcavAU+1Sd
 YYSs7bh0tftW17zYRRxUEeDIdv6VNi0PbuOmNCmgB6qZdUAauPncetRy0v5a+2Rk
 IZcHyxkohsTL879Iur4qn6wab1q7r1QJ83pBOHsctEfvzic0xjXVW5fcg75c2ccv
 mHTVnCFgeNpb5osfursuTW7Gk+h+Dqg1efKwttZRWE9R5MbW/ZyWVNVMboOXtL74
 i13jBkjPsk8wCrv2oTqEsSBdsmE2Pz4rWC1PZsLMzeyiO2XBkyXGynhEcmjxgIQd
 35gNXr6+2bhmhFZVDyYJwoCwYK3Jt6CkAYY6PA7dx5vm+gyCN3nfv1xbWYmhlRIy
 QK/6sDgp9XxHMtlm/gnyLdqV4IVHJR/F+t7/YwijRZTkflo2u6dO/F/dMyO/UvBg
 78ZpkBOnLolzAljkj2TSe6JuJWzN0bIgUxdczHH/tqLK5HLoX5A0Opkrl11dk6Ns
 U2OW1SGJ1+880G+jvzV09tmb8c7ZbFGEHfgT0EhFKyTcyfe5NJzsiiMAGgbNZhsc
 sTe4ghC+BZGlvUz+PHAUfpWO1/EvqXWxpbFbbi6lC2upMNHSP8kpHGE2Pym2kys4
 7NoblJgiQkmTLZmWEtiUtnTgU+YqqRAIVtnC0NXcs3yayZALskvRu/fTAsODKEsy
 JO3QHEXlWo0WFCdSdnYEjw==
 -----END ENCRYPTED PRIVATE KEY-----
--- a/data/gitlab-test/certs/registry.crt
+++ b/data/gitlab-test/certs/registry.crt
@@ -0,0 +1,29 @@
 -----BEGIN CERTIFICATE-----
 MIIFBjCCAu4CCQCam14CL3StJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
 VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
 cyBQdHkgTHRkMB4XDTE4MDkyMDIwNTI1NVoXDTQ2MDIwNTIwNTI1NVowRTELMAkG
 A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
 IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
 ALjoQSwjO+aSmnuK0kMBZwPn7meKFEnswMoc7vDjgecT8KX7VWD0hzXfbB4Tqo1m
 78ePaJaZIkkIN8rnc5IokBe3Y1a/N9aMV3v5907HBZoi8K46+zdWZT0MSzijmPWg
 FVp64l2errv0dR3KNwvipe5gY1ljo6VVpYxheVl9mLlFysqcqHOC2znYJHqGxhE2
 hhSbTxV5PE2AsW5LVrSn8v1XF0iHamlBSjEKMEzA1eINySepDJ68CWNa4n5YSCKM
 GQ/Ps/B397xYMbS0VZv0/NGqWQUenfHLFPbrd/Ar+yr41GAYOATBQBRclVmVhEL1
 ZfYeDgDusXcYTwSLtXK8fBuSnvKem/YStTeHzW6gYadhmm/zX8Zwg6KejIJde0Cy
 UQcp3z6dhr5UucpXb3bZoKVnEFgVe8qnBrTDgJYt0z8yQJoJ+9fUi2UQUlp7JUro
 CRDN2qmuVZngqKtlp0M54xWcrcmdjCIqXsw8Wp27hpHd78HZeuFQbR6jUaRfBVP6
 ZPPrEmWYv+TK6L7YCuxBrlfmWrTZUWG7hxRp64/1CYg/ppQAtCDZ6q2t2YulByXs
 0BknuXs29s6gzen2YyIbKdZFYD0wS1pfFrR6gqyEiQBr09Bgu1NWgpuPCPc6rDMk
 YITz/z5Wneznn/NLmkFQJWf6yIXqGvtFleWAGokXRjFlAgMBAAEwDQYJKoZIhvcN
 AQELBQADggIBAG5oqeXSB2Fc2KMO5PC6Ja7hp8tpASxNOthQEiA0j1pbL+h2fibT
 8p3l8HF1UZPSkWgwoJnz36KzDaA2WCPkTqYTnphoeVvductV+r8uaOOeTDioAWKm
 ZgQIP4bhfJTw7iyGYvfCUILZTiuemsAG338xPYa97ciiUfj2jejY9wF3Gr4Zcrnx
 FC65GQLPSOpPzlGms09zopOxi2kPlRA8hrJmXi3Eu9jdRtT8S6hZghNY1USJhr3D
 TH2vCCQKXKSsgLxG00XoEhFak/53wY2istuyxRG6Hvb+yxqbemyqEdg8O3e6X7uk
 MnGdzmaP21FIcYLPz8xX9bScZNraZjUlifVdIQxrqX+O52o2y6NzJcwf/MsraAD3
 oW4kdSp/vCf1Ml0GNz9ZaU3EVIEgAdvCPon5gZtVz7+qfGWFpc6+74OFm6iCPbwZ
 GL+BM9j9DmzcUFMQ+ytZ6PkRcCfUoBP7Dv89LWIoUWwj8I2AbAwwZc3RM6L/4Nju
 mDeid92eUNL+/1vwEOQM3a9bl3HXh+0FbrUSs0UgFXwCh/yjmHo/QkTlAeEl2Fpa
 8w31lDpw1u99xWFN+tnA1osAghZrlgryWPA7i+/TqMT/iU11yUMqOTqeeImOQpOB
 QFLZVWwYYOK4Ssq5lsCH9eqOdiW6Oe4AX8jeueuxpgewEU48M8PdaxH4
 -----END CERTIFICATE-----
--- a/data/gitlab-test/certs/registry.csr
+++ b/data/gitlab-test/certs/registry.csr
@@ -0,0 +1,27 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIEijCCAnICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
 ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN
 AQEBBQADggIPADCCAgoCggIBALjoQSwjO+aSmnuK0kMBZwPn7meKFEnswMoc7vDj
 gecT8KX7VWD0hzXfbB4Tqo1m78ePaJaZIkkIN8rnc5IokBe3Y1a/N9aMV3v5907H
 BZoi8K46+zdWZT0MSzijmPWgFVp64l2errv0dR3KNwvipe5gY1ljo6VVpYxheVl9
 mLlFysqcqHOC2znYJHqGxhE2hhSbTxV5PE2AsW5LVrSn8v1XF0iHamlBSjEKMEzA
 1eINySepDJ68CWNa4n5YSCKMGQ/Ps/B397xYMbS0VZv0/NGqWQUenfHLFPbrd/Ar
 +yr41GAYOATBQBRclVmVhEL1ZfYeDgDusXcYTwSLtXK8fBuSnvKem/YStTeHzW6g
 Yadhmm/zX8Zwg6KejIJde0CyUQcp3z6dhr5UucpXb3bZoKVnEFgVe8qnBrTDgJYt
 0z8yQJoJ+9fUi2UQUlp7JUroCRDN2qmuVZngqKtlp0M54xWcrcmdjCIqXsw8Wp27
 hpHd78HZeuFQbR6jUaRfBVP6ZPPrEmWYv+TK6L7YCuxBrlfmWrTZUWG7hxRp64/1
 CYg/ppQAtCDZ6q2t2YulByXs0BknuXs29s6gzen2YyIbKdZFYD0wS1pfFrR6gqyE
 iQBr09Bgu1NWgpuPCPc6rDMkYITz/z5Wneznn/NLmkFQJWf6yIXqGvtFleWAGokX
 RjFlAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAHpOp7CwNBTYvOzP3R+E7HIDa
 n+J0AQ7ujmuzBkMsWZq0B7QT8gVnAWswAE3tBqaH7dy77zF8VZpjh5bTjv+FyT2i
 GRn5FxdFK5MgcRBtp4LM93wRFi0nHGB5pVWr+h3RBBmO4H0cW+Wep7VAp8ikkiCQ
 Z7w4w08x5C3R0medPbckWHT5Qiu7mGlLaQ3hEwz7zmoIxdlL0+UHizjWejyxFyN/
 v0Zoc1mLbs2oh1auHKEXyVAk85libCsT2O4C5eN+GwZ46xCBEpIxiOIYyf5CVvVH
 +N3nPd8WBeON0ZscHpOk+oJZUyQmpkK3XCJg9aDZDV+GVhFUSVvCpM33XbaPBlah
 BCLWKY0Zo9leaZZWTkDFrnhP4uLemgU+P4r9hd1RDxLJluWjXUJ+7HePrr2qwpZd
 l7QhyhdMAqyJoX3OJ/WUOVvwK1dy2z9S3ZSbM7yGl+HL+JoMu0oJtvcvCxPGU9p8
 1KHFwZRH5EN4KzB/9Bv5Rb5oCtezPBKqwxuszq7x/Nfwxr8EnVJvjs0Rmz5iabKd
 En4VyCs0cJF7O/ScrYqY0OXxa8VgY8wDQhDNBnCoZqR+32FVZCK/lZgvrTOF3Yw2
 RN/MuTnZ8IQQx2869N5HcMzsgyk2mWvavL9/5ZHJ278YmEFC0+Ljq4Myrf5lqob+
 c2sKyBcPyyZ4ukQQ39w=
 -----END CERTIFICATE REQUEST-----
--- a/data/gitlab-test/certs/registry.key
+++ b/data/gitlab-test/certs/registry.key
@@ -0,0 +1,51 @@
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKQIBAAKCAgEAuOhBLCM75pKae4rSQwFnA+fuZ4oUSezAyhzu8OOB5xPwpftV
 YPSHNd9sHhOqjWbvx49olpkiSQg3yudzkiiQF7djVr831oxXe/n3TscFmiLwrjr7
 N1ZlPQxLOKOY9aAVWnriXZ6uu/R1Hco3C+Kl7mBjWWOjpVWljGF5WX2YuUXKypyo
 c4LbOdgkeobGETaGFJtPFXk8TYCxbktWtKfy/VcXSIdqaUFKMQowTMDV4g3JJ6kM
 nrwJY1riflhIIowZD8+z8Hf3vFgxtLRVm/T80apZBR6d8csU9ut38Cv7KvjUYBg4
 BMFAFFyVWZWEQvVl9h4OAO6xdxhPBIu1crx8G5Ke8p6b9hK1N4fNbqBhp2Gab/Nf
 xnCDop6Mgl17QLJRBynfPp2GvlS5yldvdtmgpWcQWBV7yqcGtMOAli3TPzJAmgn7
 19SLZRBSWnslSugJEM3aqa5VmeCoq2WnQznjFZytyZ2MIipezDxanbuGkd3vwdl6
 4VBtHqNRpF8FU/pk8+sSZZi/5MrovtgK7EGuV+ZatNlRYbuHFGnrj/UJiD+mlAC0
 INnqra3Zi6UHJezQGSe5ezb2zqDN6fZjIhsp1kVgPTBLWl8WtHqCrISJAGvT0GC7
 U1aCm48I9zqsMyRghPP/Plad7Oef80uaQVAlZ/rIheoa+0WV5YAaiRdGMWUCAwEA
 AQKCAgBk6SuYIOpx3RQ90/cH5l4H/a1YCD0mUvSr2Lp18FNWfsVYcB+aOBkKR5JD
 n8v2O3UkXZlghtX1MWzxaPrjiwuIRecK0nRwvEqKOFLFRUxDYEola77p5lZ9yJXM
 pUu20NSWenXLTexiWvkHdvIvpFOWEjhl8kC+3Ezqnc+SDT8p7XLMvE4aLBHkMZdG
 3wJ9JlpqKJAyUeWdDlzGqor5MKclpz/nry9dneoVdVACs0KGiat734ApqMke1dzB
 wwArCnYq8NlspKwot6D402ndIQhQjDzk1F6yNHiOgNcF1ZrPStjsUItR3P1Rn21K
 ZJS3ziEE/kX6MEndiwCkpHIz2bWIkInu8rvp7N0lCmYydavw3zk27QJJXIn2pwIf
 /mrpC8Fcc35bAgNt4Mljq14sk7aXWnSAQWTlbtZ+OxGfQtRHP8IOKUKnYbub/CvB
 S8KMbkEzu9EP7tayZhhcvwf8DBv0bZvhk3mzqDGrtaltgUA3hIdhiUqYacPVqEUl
 oS9ojMaKZ9PQdPwS/FhUg8frLXjVA0akXeUns5eeCY/vdNNgTPQZ/DkOWXZFIEKF
 v1Hbu0idkMu069alnUPS6PEyPjeBWALKivf2zYBxPknBmTl+/kGvQxKWDKcMSbTm
 DjRfZWMknpl2PcuVz0Odn+TCWPHAggeUT7zwPS8Al7SVOO2MSQKCAQEA6nxt58k8
 2iRTvXGS+96zIDvOk0d/SLS9QXDaWLFV0qaShVKvLPy86lJDvG9tDDWu+4KXSwtV
 rHikl6t+BOuYeNhoD0DsU8VBl5E62IfvkfGO5g8HmncpcvIjzv7C+yriZUa5j+xp
 VAUgO7YHdF2u3hLh+Ey1Pn1gt2jzdVlbkh3uZfYIiOxaSuBnN+yswfROH8zejHRz
 GKyTZwYoC5sz1mys9OJwv2kVn7QUintbQVwaXLbk223M/WMIot666364B2xTk1Io
 xnGLVGQwkf5ZGG4db4cQGMRbl4iAKXMXMPfBt7+2RWSbJ6HtkyLvBEVfkAb8Je0D
 L7kqtqcR3iZNEwKCAQEAyd9Tgf5dtlFm+pepOaUp6jtilkT7XVLRJMHvcrHmeWFc
 QfuOraIvTxFF5SAw10l4tdKIawFkpZvP/74PCahvOUL9jCc12pELlMHFhigzASIh
 JChBNPYX7QcPs9PXAlodws1v4l5LCjglbe6PW9yRBl6rrmre+tDINqSqZZ7Jsf5G
 93z9VHMvZQ2eU+o0hgLT72I4lcYsfLGi8cLMcUqP5yedffKCO9PnDrUIdkujLhd/
 jHx4Nn2Hi0WLcYVwicyXI0+kDpcQbn35eUxHj5KC2iuya+MZ8nOIH+tuNmk9b5rL
 YfCP/SthDAKuyZWcYUpBkK0xltHhDR77ePn6zF2upwKCAQEA2eyCiGRydZpFaU9g
 d0zl1RNATYipNv0i1ur3Qm6tgHTmv5m0zG6ndG64HSzBgBN0aLNZwJjsKrqE3aC4
 IgKDVexp6aNBACnXZ/HFavALKuwBDrbxLhGJKBb6SKpks+GLPuyYELZ6vWd2KYhn
 LTLUDfgmowlHeKg1dr/HZEyD2iyPH5ulGvvufqBHzaXcePWAlfVk78xaG5hn9du2
 4/J+Hs4pf/3jI0Gaoy5N2NYEXZ4nsfsYfwZw+R1NLXEq7yp6BgwbMFOvKZ7lCq2C
 pmxoiVfta3Vu9FWpeg+WbO9VomDgXNGDqMJzoEXR8mkJEkMXKVgUh3ra90Nz+wUS
 ig+2mQKCAQB4x+ijzzfsfFm7tv/l4H7qiOtccxtd484ESxBjtDLsDqdvRv4/vtjF
 WtVR2GfAd1IEn1lFhIjeWRIitmky4xbg0Mb4kwEyqzOdpi3zLZwOoofnpToWYONB
 ysbHVgi/fIFv6xB1BOuqypsCYghd8uLGR+A6M/EDaeVQZEcbE90jZLq7GopLe7sw
 n+xJ0sfoIksBX+fxHKfDV1jhgyZk5jKhH9+n2m+3Mfp9nyzX8jtIuYBz4ojeOU7e
 shZTLn59w+3tj5ndrN6E7VRVEaGDMiqeNCTFThRZLmyUhHzliyPZ4WisSY0s8UZY
 NEa1j5EH2LDPyf/wd9RJ0G6vHAnFOovjAoIBAQDEsaAdeTiOWjD3n4mEJ/mQ3hYv
 eCeGgybgy1RP1TujAaqXGdK1RXsi+P1WRaGUImHF8g41FRM6iOAsAAqBBF/5F36W
 3Z1D0q7LyUkn3tzyTfIDp2V+J33X6jePn+Pd54AShH+qwZRHi+iQyCtaWNf1dWPR
 muD8f+w/WMsYWPcW5NQCt4LPS9jOp7Bro8ssFektw2ug5sSGQI/KnS8lDBU6fQT7
 k+WodT9aGTlTHFL5XbcCQmDdesKncmCXzUzl5hsJ2FG9mbZnbkce5RM2Wl84XBhZ
 WQ+CuPzQtW2mAxA6fpmfxJut98bHkUFiPh7eT3flfin0sqcH0vzgtCTx4hCM
 -----END RSA PRIVATE KEY-----
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,218 @@
 version: '3.9'
 networks:
  gitlab-net:
    name: ${SERVICE_NETWORK}
  webproxy:
    name: ${WEBPROXY_NETWORK}
 services:
  gitlab:
    image: ${DOCKER_IMAGE_GITLAB}
    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB}
    restart: always
    depends_on:
      - postgresql
      - redis
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitlab-learn-server.entrypoints=https"
      - "traefik.http.routers.gitlab-learn-server.rule=Host(`${GITLAB_HOST}`)"
      - "traefik.http.routers.gitlab-learn-server.tls=true"
      - "traefik.http.routers.gitlab-learn-server.tls.certresolver=letsEncrypt"
      - "traefik.http.services.gitlab-learn-server-service.loadbalancer.server.port=80"
      - "traefik.docker.network=webproxy"
    environment:
      - DEBUG=false
      - DB_ADAPTER=postgresql
      - DB_HOST=${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
      - DB_PORT=5432
      - DB_USER
      - DB_PASS
      - DB_NAME
      - REDIS_HOST=${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
      - REDIS_PORT=6379
      - TZ
      - GITLAB_TIMEZONE
      - GITLAB_HTTPS=false
      - SSL_SELF_SIGNED=false
      - GITLAB_HOST
      - GITLAB_PORT=80
      - GITLAB_SSH_PORT
      - GITLAB_RELATIVE_URL_ROOT
      - GITLAB_SECRETS_DB_KEY_BASE
      - GITLAB_SECRETS_SECRET_KEY_BASE
      - GITLAB_SECRETS_OTP_KEY_BASE
      - GITLAB_ROOT_PASSWORD
      - GITLAB_ROOT_EMAIL
      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
      - GITLAB_NOTIFY_PUSHER=false
      - GITLAB_EMAIL
      - GITLAB_EMAIL_REPLY_TO
      # - GITLAB_BACKUP_SCHEDULE=daily
      # - GITLAB_BACKUP_TIME=01:00
      # - GITLAB_BACKUP_EXPIRY=172800
      # - GITLAB_BACKUP_SKIP=registry,builds
      - GITLAB_PAGES_ENABLED
      - SMTP_ENABLED
      - SMTP_DOMAIN
      - SMTP_HOST
      - SMTP_PORT
      - SMTP_USER
      - SMTP_PASS
      - SMTP_STARTTLS
      - SMTP_AUTHENTICATION
      - LDAP_ENABLED
      - LDAP_LABEL
      - LDAP_HOST
      - LDAP_PORT
      - LDAP_UID
      - LDAP_METHOD
      - LDAP_VERIFY_SSL
      - LDAP_ACTIVE_DIRECTORY
      - LDAP_BASE
      - LDAP_USER_FILTER
      - LDAP_BIND_DN
      - LDAP_PASS
      - GITLAB_REGISTRY_ENABLED=true
      - GITLAB_REGISTRY_HOST=${REGISTRY_HOST}
      - GITLAB_REGISTRY_API_URL=http://registry:5000/
      - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key
    healthcheck:
      test: ["CMD", "/usr/local/sbin/healthcheck"]
      interval: 1m
      timeout: 5s
      retries: 5
      start_period: 2m
    ports:
      - "${GITLAB_SSH_PORT}:22"
    expose:
      - 80
    networks:
      - ${WEBPROXY_NETWORK}
      - ${SERVICE_NETWORK}
    volumes:
      - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z
      - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs
  registry:
    image: ${DOCKER_IMAGE_REGISTRY}
    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY}
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitlab-learn-registry.entrypoints=https"
      - "traefik.http.routers.gitlab-learn-registry.rule=Host(`${REGISTRY_HOST}`)"
      - "traefik.http.routers.gitlab-learn-registry.tls=true"
      - "traefik.http.routers.gitlab-learn-registry.tls.certresolver=letsEncrypt"
      - "traefik.http.services.gitlab-learn-registry-service.loadbalancer.server.port=5000"
      - "traefik.docker.network=webproxy"
    environment:
      - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false
      - REGISTRY_LOG_LEVEL=debug
      - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth
      - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
      - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
      - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
      - REGISTRY_STORAGE_DELETE_ENABLED=true
      # - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
      - REGISTRY_STORAGE=s3
      - REGISTRY_STORAGE_S3_ACCESSKEY
      - REGISTRY_STORAGE_S3_SECRETKEY
      - REGISTRY_STORAGE_S3_REGIONENDPOINT
      - REGISTRY_STORAGE_S3_REGION
      - REGISTRY_STORAGE_S3_BUCKET
      - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory
    expose:
      - 5000
    networks:
      - ${WEBPROXY_NETWORK}
      - ${SERVICE_NETWORK}
    volumes:
      - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry
      - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs
  postgresql:
    image: ${DOCKER_IMAGE_PGSQL}
    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
    restart: always
    environment:
      - DB_USER
      - DB_PASS
      - DB_NAME
      - DB_EXTENSION=pg_trgm,btree_gist
    networks:
      - ${SERVICE_NETWORK}
    expose:
      - 5432
    volumes:
      - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z
  redis:
    restart: always
    image: ${DOCKER_IMAGE_REDIS}
    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
    command:
      - --loglevel warning
    networks:
      - ${SERVICE_NETWORK}
    volumes:
      - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z
  # runner_1: &runner
  #   image: ${DOCKER_IMAGE_RUNNER}
  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1
  #   restart: always
  #   depends_on:
  #     - gitlab
  #   command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
  #   environment:
  #     - CI_SERVER_URL=https://${GITLAB_HOST}
  #     - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
  #     - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
  #     - RUNNER_TOKEN=${RUNNER_TOKEN}
  #     - RUNNER_DESCRIPTION=gitab-runner_1
  #     - RUNNER_EXECUTOR=docker
  #     - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
  #   networks:
  #     - ${SERVICE_NETWORK}
  #   volumes:
  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner
  #     - /var/run/docker.sock:/var/run/docker.sock
  # runner_2:
  #   <<: *runner
  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2
  #   environment:
  #     - RUNNER_DESCRIPTION=gitab-runner_2
  #   volumes:
  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner
  # runner_3:
  #   <<: *runner
  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3
  #   environment:
  #     - RUNNER_DESCRIPTION=gitab-runner_3
  #   volumes:
  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner
  # runner_4:
  #   <<: *runner
  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4
  #   environment:
  #     - RUNNER_DESCRIPTION=gitab-runner_4
  #   volumes:
  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner