init

2022-09-01 10:38:38 +07:00
commit 67dd982da2
8 changed files with 494 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,100 @@
+# Service name
+#
+SERVICE_NAME=gitlab-test
+
+# Container names
+# Summary container name in docker-compose.yml will be "${SERVICE_NAME}_${CONTAINER_NAME-*}"
+#
+CONTAINER_NAME_GITLAB=server
+CONTAINER_NAME_PGSQL=pgsql
+CONTAINER_NAME_REDIS=redis
+CONTAINER_NAME_REGISTRY=registry
+CONTAINER_NAME_RUNNER=runner
+
+# Docker images
+#
+DOCKER_IMAGE_GITLAB=sameersbn/gitlab:latest
+DOCKER_IMAGE_PGSQL=sameersbn/postgresql:latest
+DOCKER_IMAGE_REDIS=sameersbn/redis:latest
+DOCKER_IMAGE_REGISTRY=registry:latest
+DOCKER_IMAGE_RUNNER=hub.realmanual.ru/pub/gitlab-runner
+
+# System
+#
+TZ=UTC
+GITLAB_TIMEZONE=Asia/Novosibirsk
+
+# Gitlab domain name
+#
+GITLAB_HOST=
+REGISTRY_HOST=
+
+GITLAB_SSH_PORT=10023
+
+GITLAB_ROOT_EMAIL=
+GITLAB_ROOT_PASSWORD=
+
+# LDAP settings
+LDAP_ENABLED=false
+LDAP_LABEL=LDAP
+LDAP_HOST=id1.bildme.ru
+LDAP_PORT=636
+LDAP_UID=uid
+LDAP_METHOD=simple_tls
+LDAP_VERIFY_SSL=true
+LDAP_ACTIVE_DIRECTORY=false
+LDAP_BASE=cn=users,cn=accounts,dc=bildme,dc=ru
+LDAP_USER_FILTER=(&(objectClass=posixaccount)(memberOf=cn=gitlab,cn=groups,cn=accounts,dc=bildme,dc=ru))
+LDAP_BIND_DN=uid=binddn,cn=sysaccounts,cn=etc,dc=bildme,dc=ru
+LDAP_PASS=
+
+# SMTP settings
+SMTP_ENABLED=true
+SMTP_HOST=smtp-pulse.com
+SMTP_PORT=587
+SMTP_STARTTLS=true
+SMTP_AUTHENTICATION=login
+SMTP_USER=
+SMTP_PASS=
+
+# Pages
+GITLAB_PAGES_ENABLED=false
+
+# Storage Minio
+REGISTRY_STORAGE_S3_REGIONENDPOINT=https://s3-nsk.amegahost.ru
+REGISTRY_STORAGE_S3_REGION=ru-nsk
+REGISTRY_STORAGE_S3_BUCKET=gitlab-storage
+REGISTRY_STORAGE_S3_ACCESSKEY=
+REGISTRY_STORAGE_S3_SECRETKEY=
+
+# DB credentials
+#
+DB_USER=gitlab
+DB_PASS=
+DB_NAME=gitlab_production
+
+# Container data path on the host
+# Summary container data path will be "${SERVICE_DATA}/${SERVICE_NAME}"
+#
+SERVICE_DATA=./data
+
+# Gitlab runner token
+#
+RUNNER_TOKEN=
+
+# Private CI IP
+#
+#CI_SERVER_LOCAL_IP=10.0.0.31
+
+GITLAB_SECRETS_DB_KEY_BASE=
+GITLAB_SECRETS_SECRET_KEY_BASE=
+GITLAB_SECRETS_OTP_KEY_BASE=
+
+# Runner on the same host with gitlab
+#
+CI_SERVER_WITH_RUNNER=true
+
+# Network names
+#
+SERVICE_NETWORK=gitlab-net
+WEBPROXY_NETWORK=webproxy
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,5 @@
+.env
+
+data/gitlab-test/gitlab
+data/gitlab-test/postgresql
+data/gitlab-test/redis
--- a/README.md
+++ b/README.md
@@ -0,0 +1,10 @@
+# Твики
+
+## проблема 500 между Registry и Gitlab
+при начальном запуске появляется проблема с ключами, которыеми обмениваются компоненты при авторизации юзера в docker.X
+
+- идем в контейнер гитлаба в папку /certs и выставляем права:
+
+```bash
+chown root:www-data *
+chmod 644 *
--- a/data/gitlab-test/certs/privkey.pem
+++ b/data/gitlab-test/certs/privkey.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIFXrRPAm1+sACAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAn37l6nvgItBIIJSJKnIOxYNAZ5
+FqxWQHMn4SGcwN/EUwXtKS8d3NQhL4XlnXsEYZzMm48Kj5w+kV/xFlGDbbzK8LUq
+cGcpvhD65j4P+MmHBDSGyTV053FGH5RLWPOkVt/hvLNAqktqQufkq6oEOju/MP7/
+G9DuxETVcG2He7InBg+rdthmbUWv1RBFF6dEPpNzJQp48mbcwkjMDeaV3nk5v69J
+642TDloYTWvw1yAL3fd8xTTxZEkcaBBd7w1a+C+g0qxrPIwFMU0HrmCgvE1w7fsu
+3pFH6FF0FnuvWwqUQr+VU8zhv7qyubnENsP6fgsTTaCJdn7hRAjuPKpxVYPeD/Tm
+NrFkpWnE7v57sdMMb6DxmzEYCYgktoRWm9GxfVOSTFP1+EhUs7mrxeMiDT6MZSo/
+cLvEFMCWSl2aA1UH0Q3dlWwP5JKEtM4XocMolLQCOnu//msRZZ++zqago7PZE+Bs
+UwcWG7vkPN2Shr0zdxDo+xVYq+G8LAZxTvYYihP8YuO8eMnTSARflLqe2bcl5zfd
+O63BvvqdlVwb9mIK5OwEpoQyiLRFaF5ESpqW4HCru0imATbxw1XLpshOLbZnn/Q1
+1olm2VV74PTEx3+rgSiAxWDMGICLLq1lM/tFKZZ4JJtYWYRKemccWUWlX4l4AcjJ
+rNV5FyCYNA/HIE1ToK/u3LhjQd9pQwhGr60xjp60ayOearCuB6ZGbQW1kaTSpCVw
+pfUX4puz/CKIyuXD53mHontFpTx9HxMGQ4kmtdTyp+ofM5BITw3NYfccEzEKUZqP
+YY2ccpZ13nJKiGi+OxcUR8+8rcJHKjgov18C/N66yO+CWGKSlt+qkiDBb7KojI8o
+ZO4U/3THxYc1rNeDIcPaZjJSi2wO0MW82a6Iy+tmLsVrUbD0Hw8uSl/C2ZRltLvQ
+sOAU43UqUyDp2P0mFJ3vaNOyvSb2GPcqv2Sb+Txi1iSzbrkvwLXvysALr6+rDMte
+o6cVeJ4zyvHcj9Hb2VPm/ljVqJvgsr2eKnLWxbQue6hfDy25Eu9xS66ljId1yELo
+ouQ4iLBnGN5mMmlyKAw7G3NowpfRD9byF2KOYhH5B0mHVyYh0QTv2ANHGeObk8oM
+cLlgfGRHVooT9jwYFAZpvj1HfLeo378KJQB4iToQlpx3AbNQZsl4AjXIOqDQ36Xc
+eM2jGrVbcbkX7DlXB33XJjaHKBqalbawuEdfVqPIkIx82y6QfEFw4KQOkkqquvpa
+N12MBWFbzxZlOxZfa0MJB+LStRAAic8pt2WUF0AqxwroqPLW01ZASsHkWgIXOPnz
+X5fjhryUOZnOVZshtk8bXgdiOCMFqaTSJYRjLZRcYZe4bOd8O6tiKUlvGgaXzSvi
+NG7XUf0UuRvx8BagJU22koPVZN1ICdmcyVTsiV6ZNWuOTU/DsaOKhKuK1QRgknsy
+AwqzNGfNk+IcClTJ4Y+3SRXTo/KKHlDoc/XPtT3IFfG7/TDzGgQg2TLf0r4rKYfY
+567APQGxk+y1+HEYI1cQ87ZoDAdy3DEWiMetDNPdN5gBQsockBNly6E2iHEZpuga
+yyapvXOjY0MQB7VSp4wYyVQkc29X4Lzr0DY3BRyxYBMjigt3D7pkLeGxxKDwLMGE
+OWGWo3FvWuuHWoKhSknnWUebaiso/Mq9WxQA7uZL/XfttTdQ7qImy5ScBwzfe4Tq
+Jx8wXKBM3RFvta/3+gTlVVRL0dNlRsJnpzGwIFMvOWJP21P1DVn65oKl275COH7p
+qCqAMP3C66jk06F5PIRMCZ2s0DP8Ap/gkTt4jIyNTCvx6Mk9pSKg14phh0f1KT5c
+LOupPtAR9WZwkHTNuqFPMkhglU2M94p33OiMci5LxpFR3woYG29oOkU8ip33GdQf
+ciol1seil0H9EMXT/rxvEIDR5o/Av7ob4GquKCEv+9lxuic+1WAw7JpCFCcBvy4L
+RTKD7n85Ynvos4p/tB9dUvQ/Gls8kGR5R8dvF5iQ6zuntin5kT/wA+8V7oP22rPd
+Cvp/+Gs/ND5WSc+XxUlwJ/x5B28EweR+xT4jFEouPk25UTb7CkrEZVcHs7XyZZTh
+QozDVc4XGr9Urm4Sw+Ju1QkqJQqs5kgneJTh78NINZkzRiOlCRkRw1cIVTFwaxoT
+CjTF7eTtjXZMrBUEXpEBfEZ/ur24h1nUGbVIoEHwPGmjBEZlhM/AmB7ErU/Z8k8w
+K+RSTYjZxaQsVlxfrF1eR9Vhu94DYjuXivkN1pD5jnYMKrSJTsLwsOpYMUJPtbSJ
+JC7r6xnZ6sLW5R97U0WJgzC+WsQgjI8ghbPaJ6uJIJMY004symizYq8YG56CPRT+
+sDmfbzOoIVEhXQdflIJHxfnc+OqzEU8xjPfKCQuqpi+tBivbSG6bhEzMdIr5z/bj
+uUbLuXeIDiqdrAzHP8EQDogQA3MP7r7r5acmPzUr6Z+qQu+0p9Z3p8IknfJGLXwg
+VJGmTRQR+Sr2mhwPTOuS/fC0o2ElKntYBDc/J3isf6lawpl0Hzuf7yrcavAU+1Sd
+YYSs7bh0tftW17zYRRxUEeDIdv6VNi0PbuOmNCmgB6qZdUAauPncetRy0v5a+2Rk
+IZcHyxkohsTL879Iur4qn6wab1q7r1QJ83pBOHsctEfvzic0xjXVW5fcg75c2ccv
+mHTVnCFgeNpb5osfursuTW7Gk+h+Dqg1efKwttZRWE9R5MbW/ZyWVNVMboOXtL74
+i13jBkjPsk8wCrv2oTqEsSBdsmE2Pz4rWC1PZsLMzeyiO2XBkyXGynhEcmjxgIQd
+35gNXr6+2bhmhFZVDyYJwoCwYK3Jt6CkAYY6PA7dx5vm+gyCN3nfv1xbWYmhlRIy
+QK/6sDgp9XxHMtlm/gnyLdqV4IVHJR/F+t7/YwijRZTkflo2u6dO/F/dMyO/UvBg
+78ZpkBOnLolzAljkj2TSe6JuJWzN0bIgUxdczHH/tqLK5HLoX5A0Opkrl11dk6Ns
+U2OW1SGJ1+880G+jvzV09tmb8c7ZbFGEHfgT0EhFKyTcyfe5NJzsiiMAGgbNZhsc
+sTe4ghC+BZGlvUz+PHAUfpWO1/EvqXWxpbFbbi6lC2upMNHSP8kpHGE2Pym2kys4
+7NoblJgiQkmTLZmWEtiUtnTgU+YqqRAIVtnC0NXcs3yayZALskvRu/fTAsODKEsy
+JO3QHEXlWo0WFCdSdnYEjw==
+-----END ENCRYPTED PRIVATE KEY-----
--- a/data/gitlab-test/certs/registry.crt
+++ b/data/gitlab-test/certs/registry.crt
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCAu4CCQCam14CL3StJzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJB
+VTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE4MDkyMDIwNTI1NVoXDTQ2MDIwNTIwNTI1NVowRTELMAkG
+A1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+ALjoQSwjO+aSmnuK0kMBZwPn7meKFEnswMoc7vDjgecT8KX7VWD0hzXfbB4Tqo1m
+78ePaJaZIkkIN8rnc5IokBe3Y1a/N9aMV3v5907HBZoi8K46+zdWZT0MSzijmPWg
+FVp64l2errv0dR3KNwvipe5gY1ljo6VVpYxheVl9mLlFysqcqHOC2znYJHqGxhE2
+hhSbTxV5PE2AsW5LVrSn8v1XF0iHamlBSjEKMEzA1eINySepDJ68CWNa4n5YSCKM
+GQ/Ps/B397xYMbS0VZv0/NGqWQUenfHLFPbrd/Ar+yr41GAYOATBQBRclVmVhEL1
+ZfYeDgDusXcYTwSLtXK8fBuSnvKem/YStTeHzW6gYadhmm/zX8Zwg6KejIJde0Cy
+UQcp3z6dhr5UucpXb3bZoKVnEFgVe8qnBrTDgJYt0z8yQJoJ+9fUi2UQUlp7JUro
+CRDN2qmuVZngqKtlp0M54xWcrcmdjCIqXsw8Wp27hpHd78HZeuFQbR6jUaRfBVP6
+ZPPrEmWYv+TK6L7YCuxBrlfmWrTZUWG7hxRp64/1CYg/ppQAtCDZ6q2t2YulByXs
+0BknuXs29s6gzen2YyIbKdZFYD0wS1pfFrR6gqyEiQBr09Bgu1NWgpuPCPc6rDMk
+YITz/z5Wneznn/NLmkFQJWf6yIXqGvtFleWAGokXRjFlAgMBAAEwDQYJKoZIhvcN
+AQELBQADggIBAG5oqeXSB2Fc2KMO5PC6Ja7hp8tpASxNOthQEiA0j1pbL+h2fibT
+8p3l8HF1UZPSkWgwoJnz36KzDaA2WCPkTqYTnphoeVvductV+r8uaOOeTDioAWKm
+ZgQIP4bhfJTw7iyGYvfCUILZTiuemsAG338xPYa97ciiUfj2jejY9wF3Gr4Zcrnx
+FC65GQLPSOpPzlGms09zopOxi2kPlRA8hrJmXi3Eu9jdRtT8S6hZghNY1USJhr3D
+TH2vCCQKXKSsgLxG00XoEhFak/53wY2istuyxRG6Hvb+yxqbemyqEdg8O3e6X7uk
+MnGdzmaP21FIcYLPz8xX9bScZNraZjUlifVdIQxrqX+O52o2y6NzJcwf/MsraAD3
+oW4kdSp/vCf1Ml0GNz9ZaU3EVIEgAdvCPon5gZtVz7+qfGWFpc6+74OFm6iCPbwZ
+GL+BM9j9DmzcUFMQ+ytZ6PkRcCfUoBP7Dv89LWIoUWwj8I2AbAwwZc3RM6L/4Nju
+mDeid92eUNL+/1vwEOQM3a9bl3HXh+0FbrUSs0UgFXwCh/yjmHo/QkTlAeEl2Fpa
+8w31lDpw1u99xWFN+tnA1osAghZrlgryWPA7i+/TqMT/iU11yUMqOTqeeImOQpOB
+QFLZVWwYYOK4Ssq5lsCH9eqOdiW6Oe4AX8jeueuxpgewEU48M8PdaxH4
+-----END CERTIFICATE-----
--- a/data/gitlab-test/certs/registry.csr
+++ b/data/gitlab-test/certs/registry.csr
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEijCCAnICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBALjoQSwjO+aSmnuK0kMBZwPn7meKFEnswMoc7vDj
+gecT8KX7VWD0hzXfbB4Tqo1m78ePaJaZIkkIN8rnc5IokBe3Y1a/N9aMV3v5907H
+BZoi8K46+zdWZT0MSzijmPWgFVp64l2errv0dR3KNwvipe5gY1ljo6VVpYxheVl9
+mLlFysqcqHOC2znYJHqGxhE2hhSbTxV5PE2AsW5LVrSn8v1XF0iHamlBSjEKMEzA
+1eINySepDJ68CWNa4n5YSCKMGQ/Ps/B397xYMbS0VZv0/NGqWQUenfHLFPbrd/Ar
+yr41GAYOATBQBRclVmVhEL1ZfYeDgDusXcYTwSLtXK8fBuSnvKem/YStTeHzW6g
+Yadhmm/zX8Zwg6KejIJde0CyUQcp3z6dhr5UucpXb3bZoKVnEFgVe8qnBrTDgJYt
+0z8yQJoJ+9fUi2UQUlp7JUroCRDN2qmuVZngqKtlp0M54xWcrcmdjCIqXsw8Wp27
+hpHd78HZeuFQbR6jUaRfBVP6ZPPrEmWYv+TK6L7YCuxBrlfmWrTZUWG7hxRp64/1
+CYg/ppQAtCDZ6q2t2YulByXs0BknuXs29s6gzen2YyIbKdZFYD0wS1pfFrR6gqyE
+iQBr09Bgu1NWgpuPCPc6rDMkYITz/z5Wneznn/NLmkFQJWf6yIXqGvtFleWAGokX
+RjFlAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAHpOp7CwNBTYvOzP3R+E7HIDa
+n+J0AQ7ujmuzBkMsWZq0B7QT8gVnAWswAE3tBqaH7dy77zF8VZpjh5bTjv+FyT2i
+GRn5FxdFK5MgcRBtp4LM93wRFi0nHGB5pVWr+h3RBBmO4H0cW+Wep7VAp8ikkiCQ
+Z7w4w08x5C3R0medPbckWHT5Qiu7mGlLaQ3hEwz7zmoIxdlL0+UHizjWejyxFyN/
+v0Zoc1mLbs2oh1auHKEXyVAk85libCsT2O4C5eN+GwZ46xCBEpIxiOIYyf5CVvVH
+N3nPd8WBeON0ZscHpOk+oJZUyQmpkK3XCJg9aDZDV+GVhFUSVvCpM33XbaPBlah
+BCLWKY0Zo9leaZZWTkDFrnhP4uLemgU+P4r9hd1RDxLJluWjXUJ+7HePrr2qwpZd
+l7QhyhdMAqyJoX3OJ/WUOVvwK1dy2z9S3ZSbM7yGl+HL+JoMu0oJtvcvCxPGU9p8
+1KHFwZRH5EN4KzB/9Bv5Rb5oCtezPBKqwxuszq7x/Nfwxr8EnVJvjs0Rmz5iabKd
+En4VyCs0cJF7O/ScrYqY0OXxa8VgY8wDQhDNBnCoZqR+32FVZCK/lZgvrTOF3Yw2
+RN/MuTnZ8IQQx2869N5HcMzsgyk2mWvavL9/5ZHJ278YmEFC0+Ljq4Myrf5lqob+
+c2sKyBcPyyZ4ukQQ39w=
+-----END CERTIFICATE REQUEST-----
--- a/data/gitlab-test/certs/registry.key
+++ b/data/gitlab-test/certs/registry.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAuOhBLCM75pKae4rSQwFnA+fuZ4oUSezAyhzu8OOB5xPwpftV
+YPSHNd9sHhOqjWbvx49olpkiSQg3yudzkiiQF7djVr831oxXe/n3TscFmiLwrjr7
+N1ZlPQxLOKOY9aAVWnriXZ6uu/R1Hco3C+Kl7mBjWWOjpVWljGF5WX2YuUXKypyo
+c4LbOdgkeobGETaGFJtPFXk8TYCxbktWtKfy/VcXSIdqaUFKMQowTMDV4g3JJ6kM
+nrwJY1riflhIIowZD8+z8Hf3vFgxtLRVm/T80apZBR6d8csU9ut38Cv7KvjUYBg4
+BMFAFFyVWZWEQvVl9h4OAO6xdxhPBIu1crx8G5Ke8p6b9hK1N4fNbqBhp2Gab/Nf
+xnCDop6Mgl17QLJRBynfPp2GvlS5yldvdtmgpWcQWBV7yqcGtMOAli3TPzJAmgn7
+19SLZRBSWnslSugJEM3aqa5VmeCoq2WnQznjFZytyZ2MIipezDxanbuGkd3vwdl6
+4VBtHqNRpF8FU/pk8+sSZZi/5MrovtgK7EGuV+ZatNlRYbuHFGnrj/UJiD+mlAC0
+INnqra3Zi6UHJezQGSe5ezb2zqDN6fZjIhsp1kVgPTBLWl8WtHqCrISJAGvT0GC7
+U1aCm48I9zqsMyRghPP/Plad7Oef80uaQVAlZ/rIheoa+0WV5YAaiRdGMWUCAwEA
+AQKCAgBk6SuYIOpx3RQ90/cH5l4H/a1YCD0mUvSr2Lp18FNWfsVYcB+aOBkKR5JD
+n8v2O3UkXZlghtX1MWzxaPrjiwuIRecK0nRwvEqKOFLFRUxDYEola77p5lZ9yJXM
+pUu20NSWenXLTexiWvkHdvIvpFOWEjhl8kC+3Ezqnc+SDT8p7XLMvE4aLBHkMZdG
+3wJ9JlpqKJAyUeWdDlzGqor5MKclpz/nry9dneoVdVACs0KGiat734ApqMke1dzB
+wwArCnYq8NlspKwot6D402ndIQhQjDzk1F6yNHiOgNcF1ZrPStjsUItR3P1Rn21K
+ZJS3ziEE/kX6MEndiwCkpHIz2bWIkInu8rvp7N0lCmYydavw3zk27QJJXIn2pwIf
+/mrpC8Fcc35bAgNt4Mljq14sk7aXWnSAQWTlbtZ+OxGfQtRHP8IOKUKnYbub/CvB
+S8KMbkEzu9EP7tayZhhcvwf8DBv0bZvhk3mzqDGrtaltgUA3hIdhiUqYacPVqEUl
+oS9ojMaKZ9PQdPwS/FhUg8frLXjVA0akXeUns5eeCY/vdNNgTPQZ/DkOWXZFIEKF
+v1Hbu0idkMu069alnUPS6PEyPjeBWALKivf2zYBxPknBmTl+/kGvQxKWDKcMSbTm
+DjRfZWMknpl2PcuVz0Odn+TCWPHAggeUT7zwPS8Al7SVOO2MSQKCAQEA6nxt58k8
+2iRTvXGS+96zIDvOk0d/SLS9QXDaWLFV0qaShVKvLPy86lJDvG9tDDWu+4KXSwtV
+rHikl6t+BOuYeNhoD0DsU8VBl5E62IfvkfGO5g8HmncpcvIjzv7C+yriZUa5j+xp
+VAUgO7YHdF2u3hLh+Ey1Pn1gt2jzdVlbkh3uZfYIiOxaSuBnN+yswfROH8zejHRz
+GKyTZwYoC5sz1mys9OJwv2kVn7QUintbQVwaXLbk223M/WMIot666364B2xTk1Io
+xnGLVGQwkf5ZGG4db4cQGMRbl4iAKXMXMPfBt7+2RWSbJ6HtkyLvBEVfkAb8Je0D
+L7kqtqcR3iZNEwKCAQEAyd9Tgf5dtlFm+pepOaUp6jtilkT7XVLRJMHvcrHmeWFc
+QfuOraIvTxFF5SAw10l4tdKIawFkpZvP/74PCahvOUL9jCc12pELlMHFhigzASIh
+JChBNPYX7QcPs9PXAlodws1v4l5LCjglbe6PW9yRBl6rrmre+tDINqSqZZ7Jsf5G
+93z9VHMvZQ2eU+o0hgLT72I4lcYsfLGi8cLMcUqP5yedffKCO9PnDrUIdkujLhd/
+jHx4Nn2Hi0WLcYVwicyXI0+kDpcQbn35eUxHj5KC2iuya+MZ8nOIH+tuNmk9b5rL
+YfCP/SthDAKuyZWcYUpBkK0xltHhDR77ePn6zF2upwKCAQEA2eyCiGRydZpFaU9g
+d0zl1RNATYipNv0i1ur3Qm6tgHTmv5m0zG6ndG64HSzBgBN0aLNZwJjsKrqE3aC4
+IgKDVexp6aNBACnXZ/HFavALKuwBDrbxLhGJKBb6SKpks+GLPuyYELZ6vWd2KYhn
+LTLUDfgmowlHeKg1dr/HZEyD2iyPH5ulGvvufqBHzaXcePWAlfVk78xaG5hn9du2
+4/J+Hs4pf/3jI0Gaoy5N2NYEXZ4nsfsYfwZw+R1NLXEq7yp6BgwbMFOvKZ7lCq2C
+pmxoiVfta3Vu9FWpeg+WbO9VomDgXNGDqMJzoEXR8mkJEkMXKVgUh3ra90Nz+wUS
+ig+2mQKCAQB4x+ijzzfsfFm7tv/l4H7qiOtccxtd484ESxBjtDLsDqdvRv4/vtjF
+WtVR2GfAd1IEn1lFhIjeWRIitmky4xbg0Mb4kwEyqzOdpi3zLZwOoofnpToWYONB
+ysbHVgi/fIFv6xB1BOuqypsCYghd8uLGR+A6M/EDaeVQZEcbE90jZLq7GopLe7sw
+n+xJ0sfoIksBX+fxHKfDV1jhgyZk5jKhH9+n2m+3Mfp9nyzX8jtIuYBz4ojeOU7e
+shZTLn59w+3tj5ndrN6E7VRVEaGDMiqeNCTFThRZLmyUhHzliyPZ4WisSY0s8UZY
+NEa1j5EH2LDPyf/wd9RJ0G6vHAnFOovjAoIBAQDEsaAdeTiOWjD3n4mEJ/mQ3hYv
+eCeGgybgy1RP1TujAaqXGdK1RXsi+P1WRaGUImHF8g41FRM6iOAsAAqBBF/5F36W
+3Z1D0q7LyUkn3tzyTfIDp2V+J33X6jePn+Pd54AShH+qwZRHi+iQyCtaWNf1dWPR
+muD8f+w/WMsYWPcW5NQCt4LPS9jOp7Bro8ssFektw2ug5sSGQI/KnS8lDBU6fQT7
+k+WodT9aGTlTHFL5XbcCQmDdesKncmCXzUzl5hsJ2FG9mbZnbkce5RM2Wl84XBhZ
+WQ+CuPzQtW2mAxA6fpmfxJut98bHkUFiPh7eT3flfin0sqcH0vzgtCTx4hCM
+-----END RSA PRIVATE KEY-----
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,218 @@
+version: '3.9'
+
+networks:
+  gitlab-net:
+    name: ${SERVICE_NETWORK}
+  webproxy:
+    name: ${WEBPROXY_NETWORK}
+
+services:
+  gitlab:
+    image: ${DOCKER_IMAGE_GITLAB}
+    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_GITLAB}
+    restart: always
+    depends_on:
+      - postgresql
+      - redis
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitlab-learn-server.entrypoints=https"
+      - "traefik.http.routers.gitlab-learn-server.rule=Host(`${GITLAB_HOST}`)"
+      - "traefik.http.routers.gitlab-learn-server.tls=true"
+      - "traefik.http.routers.gitlab-learn-server.tls.certresolver=letsEncrypt"
+      - "traefik.http.services.gitlab-learn-server-service.loadbalancer.server.port=80"
+      - "traefik.docker.network=webproxy"
+    environment:
+      - DEBUG=false
+
+      - DB_ADAPTER=postgresql
+      - DB_HOST=${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
+      - DB_PORT=5432
+      - DB_USER
+      - DB_PASS
+      - DB_NAME
+
+      - REDIS_HOST=${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
+      - REDIS_PORT=6379
+
+      - TZ
+      - GITLAB_TIMEZONE
+
+      - GITLAB_HTTPS=false
+      - SSL_SELF_SIGNED=false
+
+      - GITLAB_HOST
+      - GITLAB_PORT=80
+      - GITLAB_SSH_PORT
+      - GITLAB_RELATIVE_URL_ROOT
+      - GITLAB_SECRETS_DB_KEY_BASE
+      - GITLAB_SECRETS_SECRET_KEY_BASE
+      - GITLAB_SECRETS_OTP_KEY_BASE
+
+      - GITLAB_ROOT_PASSWORD
+      - GITLAB_ROOT_EMAIL
+
+      - GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
+      - GITLAB_NOTIFY_PUSHER=false
+
+      - GITLAB_EMAIL
+      - GITLAB_EMAIL_REPLY_TO
+
+      # - GITLAB_BACKUP_SCHEDULE=daily
+      # - GITLAB_BACKUP_TIME=01:00
+      # - GITLAB_BACKUP_EXPIRY=172800
+      # - GITLAB_BACKUP_SKIP=registry,builds
+
+      - GITLAB_PAGES_ENABLED
+
+      - SMTP_ENABLED
+      - SMTP_DOMAIN
+      - SMTP_HOST
+      - SMTP_PORT
+      - SMTP_USER
+      - SMTP_PASS
+      - SMTP_STARTTLS
+      - SMTP_AUTHENTICATION
+
+      - LDAP_ENABLED
+      - LDAP_LABEL
+      - LDAP_HOST
+      - LDAP_PORT
+      - LDAP_UID
+      - LDAP_METHOD
+      - LDAP_VERIFY_SSL
+      - LDAP_ACTIVE_DIRECTORY
+      - LDAP_BASE
+      - LDAP_USER_FILTER
+      - LDAP_BIND_DN
+      - LDAP_PASS
+
+      - GITLAB_REGISTRY_ENABLED=true
+      - GITLAB_REGISTRY_HOST=${REGISTRY_HOST}
+      - GITLAB_REGISTRY_API_URL=http://registry:5000/
+      - GITLAB_REGISTRY_KEY_PATH=/certs/registry.key
+    healthcheck:
+      test: ["CMD", "/usr/local/sbin/healthcheck"]
+      interval: 1m
+      timeout: 5s
+      retries: 5
+      start_period: 2m
+    ports:
+      - "${GITLAB_SSH_PORT}:22"
+    expose:
+      - 80
+    networks:
+      - ${WEBPROXY_NETWORK}
+      - ${SERVICE_NETWORK}
+    volumes:
+      - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab:/home/git/data:Z
+      - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs
+
+  registry:
+    image: ${DOCKER_IMAGE_REGISTRY}
+    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REGISTRY}
+    restart: always
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitlab-learn-registry.entrypoints=https"
+      - "traefik.http.routers.gitlab-learn-registry.rule=Host(`${REGISTRY_HOST}`)"
+      - "traefik.http.routers.gitlab-learn-registry.tls=true"
+      - "traefik.http.routers.gitlab-learn-registry.tls.certresolver=letsEncrypt"
+      - "traefik.http.services.gitlab-learn-registry-service.loadbalancer.server.port=5000"
+      - "traefik.docker.network=webproxy"
+    environment:
+      - REGISTRY_AUTH_TOKEN_AUTOREDIRECT=false
+      - REGISTRY_LOG_LEVEL=debug
+      - REGISTRY_AUTH_TOKEN_REALM=https://${GITLAB_HOST}/jwt/auth
+      - REGISTRY_AUTH_TOKEN_SERVICE=container_registry
+      - REGISTRY_AUTH_TOKEN_ISSUER=gitlab-issuer
+      - REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE=/certs/registry.crt
+      - REGISTRY_STORAGE_DELETE_ENABLED=true
+      # - REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry
+      - REGISTRY_STORAGE=s3
+      - REGISTRY_STORAGE_S3_ACCESSKEY
+      - REGISTRY_STORAGE_S3_SECRETKEY
+      - REGISTRY_STORAGE_S3_REGIONENDPOINT
+      - REGISTRY_STORAGE_S3_REGION
+      - REGISTRY_STORAGE_S3_BUCKET
+      - REGISTRY_STORAGE_CACHE_BLOBDESCRIPTOR=inmemory
+    expose:
+      - 5000
+    networks:
+      - ${WEBPROXY_NETWORK}
+      - ${SERVICE_NETWORK}
+    volumes:
+      - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab/shared/registry:/registry
+      - ${SERVICE_DATA}/${SERVICE_NAME}/certs:/certs
+
+  postgresql:
+    image: ${DOCKER_IMAGE_PGSQL}
+    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_PGSQL}
+    restart: always
+    environment:
+      - DB_USER
+      - DB_PASS
+      - DB_NAME
+      - DB_EXTENSION=pg_trgm,btree_gist
+    networks:
+      - ${SERVICE_NETWORK}
+    expose:
+      - 5432
+    volumes:
+      - ${SERVICE_DATA}/${SERVICE_NAME}/postgresql:/var/lib/postgresql:Z
+
+  redis:
+    restart: always
+    image: ${DOCKER_IMAGE_REDIS}
+    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_REDIS}
+    command:
+      - --loglevel warning
+    networks:
+      - ${SERVICE_NETWORK}
+    volumes:
+      - ${SERVICE_DATA}/${SERVICE_NAME}/redis:/var/lib/redis:Z
+
+  # runner_1: &runner
+  #   image: ${DOCKER_IMAGE_RUNNER}
+  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_1
+  #   restart: always
+  #   depends_on:
+  #     - gitlab
+  #   command: --debug run --user=gitlab-runner --working-directory=/home/gitlab-runner
+  #   environment:
+  #     - CI_SERVER_URL=https://${GITLAB_HOST}
+  #     - CI_SERVER_LOCAL_IP=${CI_SERVER_LOCAL_IP}
+  #     - CI_SERVER_WITH_RUNNER=${CI_SERVER_WITH_RUNNER}
+  #     - RUNNER_TOKEN=${RUNNER_TOKEN}
+  #     - RUNNER_DESCRIPTION=gitab-runner_1
+  #     - RUNNER_EXECUTOR=docker
+  #     - DOCKER_IMAGE=gitlab/gitlab-runner-helper:x86_64-latest
+  #   networks:
+  #     - ${SERVICE_NETWORK}
+  #   volumes:
+  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_1:/etc/gitlab-runner
+  #     - /var/run/docker.sock:/var/run/docker.sock
+
+  # runner_2:
+  #   <<: *runner
+  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_2
+  #   environment:
+  #     - RUNNER_DESCRIPTION=gitab-runner_2
+  #   volumes:
+  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_2:/etc/gitlab-runner
+
+  # runner_3:
+  #   <<: *runner
+  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_3
+  #   environment:
+  #     - RUNNER_DESCRIPTION=gitab-runner_3
+  #   volumes:
+  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_3:/etc/gitlab-runner
+
+  # runner_4:
+  #   <<: *runner
+  #   container_name: ${SERVICE_NAME}_${CONTAINER_NAME_RUNNER}_4
+  #   environment:
+  #     - RUNNER_DESCRIPTION=gitab-runner_4
+  #   volumes:
+  #     - ${SERVICE_DATA}/${SERVICE_NAME}/gitlab-runner_4:/etc/gitlab-runner