diff --git a/.env.sample b/.env.sample
index 3bab3b574e07b2b26313fb0b56030b5050f0b934..ceee932b4fe4939cc3be54b80cd11f712c4bc759 100644
--- a/.env.sample
+++ b/.env.sample
@@ -1,2 +1,21 @@
-HOST=gitlab.societe-informatique-de-france.fr
+COMPOSE_FILE=docker-compose.yml:traefik.yml
+
+HOST=gitlab.DOMAINE.FR
TZ=Europe/Paris
+
+
+GITLAB_SHELL_SSH_PORT=2222
+
+# EMAIL
+GITLAB_MAIL=gitlab@DOMAINE.FR
+SMTP_ADRESS=ADRESS_OF_SMTP #ssl0.ovh.net FOR ovh
+# You need a alpha numeric password without specialchar
+SMTP_PASS=GITLAB_MAIL_SECRET_PASSWORD
+SMTP_DOMAINE=DOMAINE.FR
+
+SMTP_AUTH=login
+SMTP_ENABLE_STARTTLS_AUTO=FALSE
+SMTP_TLS=true
+
+# TRAEFIK
+TRAEFIK_IP=172.19.0.2
diff --git a/.gitignore b/.gitignore
index 53331a9ebafc14280c2ac4580ca019edb6abdcc7..46a29bde352cbf0e89f11ffa048741faf9bd313e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,2 @@
-/docker-compose.yml
.env
runner/.env
diff --git a/Readme.md b/Readme.md
index 6c88ceab4bcc3974aea9b241d82df889c4195ec9..2e8c4287fac8aa2e6b9b6647122f7408ad5ef702 100644
--- a/Readme.md
+++ b/Readme.md
@@ -5,14 +5,11 @@ Le `docker-compose.yml` contenant des mots de passes n'est pas inclus dans ce d
## Installation
```
-cp docker-compose.yml.sample docker-compose.yml
+cp .env.sample .env
```
-Puis éditer ce fichier et changer :
-
-+ Toutes les variables en .FQDN
-+ Les informations d'envoi de mail
-+ L'IP de traefik
+Puis éditer ce fichier et changer toutes les variables
+Pour changer les variable, vous pouvez suivre la [documentation gitlab](https://docs.gitlab.com/omnibus/settings/smtp.html#ovh)
Puis faire `docker-compose up`
diff --git a/docker-compose.yml.sample b/docker-compose.yml
similarity index 75%
rename from docker-compose.yml.sample
rename to docker-compose.yml
index 56d8a6b7234347341ed95bfc7190fae56a41548f..8737c8e89b52839a03fb72dc3893c76f94414d34 100644
--- a/docker-compose.yml.sample
+++ b/docker-compose.yml
@@ -4,15 +4,14 @@ services:
gitlab:
image: 'gitlab/gitlab-ce:16.8.1-ce.0'
restart: always
- hostname: 'gitlab.FQDN'
+ hostname: '${HOST}'
networks:
- - ldap
- traefik
environment:
TZ:
GITLAB_OMNIBUS_CONFIG: |
- gitlab_rails['gitlab_shell_ssh_port'] = 2222
- external_url = 'https://gitlab.FQDN'
+ gitlab_rails['gitlab_shell_ssh_port'] = ${GITLAB_SHELL_SSH_PORT}
+ external_url = 'https://${HOST}'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
@@ -21,10 +20,10 @@ services:
}
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
- gitlab_rails['allowed_hosts'] = ['gitlab.FQDN', 'localhost', '127.0.0.1', 'gitlab']
+ gitlab_rails['allowed_hosts'] = ['${HOST}', 'localhost', '127.0.0.1', 'gitlab']
# Each address is added to the the NGINX config as 'set_real_ip_from <address>;'
# TODO replace the 172.19.0.6 ip by traefik's one
- nginx['real_ip_trusted_addresses'] = [ '172.19.0.2' ]
+ nginx['real_ip_trusted_addresses'] = [ '${TRAEFIK_IP}' ]
# other real_ip config options
nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_recursive'] = 'on'
@@ -34,57 +33,57 @@ services:
gitlab_rails['rack_attack_git_basic_auth'] = {
'enabled' => true,
# TODO replace the 172.19.0.6 ip by traefik's one
- 'ip_whitelist' => ["127.0.0.1", '172.19.0.2'],
+ 'ip_whitelist' => ["127.0.0.1", '${TRAEFIK_IP}'],
'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP
'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds
'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts
}
# Mail
gitlab_rails['smtp_enable'] = true
- gitlab_rails['smtp_address'] = "changeme"
+ gitlab_rails['smtp_address'] = "${SMTP_ADRESS}"
gitlab_rails['smtp_port'] = 465
- gitlab_rails['smtp_user_name'] = "changeme@FQDN"
- gitlab_rails['smtp_password'] = "changeme"
- gitlab_rails['smtp_domain'] = "changeme"
- gitlab_rails['smtp_authentication'] = "login"
- gitlab_rails['smtp_enable_starttls_auto'] = false
- gitlab_rails['smtp_tls'] = true
+ gitlab_rails['smtp_user_name'] = "${GITLAB_MAIL}"
+ gitlab_rails['smtp_password'] = "${SMTP_PASS}"
+ gitlab_rails['smtp_domain'] = "${SMTP_DOMAINE}"
+ gitlab_rails['smtp_authentication'] = "${SMTP_AUTH}"
+ gitlab_rails['smtp_enable_starttls_auto'] = ${SMTP_ENABLE_STARTTLS_AUTO}
+ gitlab_rails['smtp_tls'] = ${SMTP_TLS}
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
# If your SMTP server does not like the default 'From: gitlab@localhost' you
# # can change the 'From' with this setting.
- gitlab_rails['gitlab_email_from'] = 'changeme@FQDN'
+ gitlab_rails['gitlab_email_from'] = '${GITLAB_MAIL}'
# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
gitlab_rails['incoming_email_enabled'] = true
# The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
# The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
- gitlab_rails['incoming_email_address'] = "changeme+%{key}@FQDN"
-
+ gitlab_rails['incoming_email_address'] = "${GITLAB_MAIL}"
+
# Email account username
# With third party providers, this is usually the full email address.
# With self-hosted email servers, this is usually the user part of the email address.
- gitlab_rails['incoming_email_email'] = "changeme@FDQN"
+ gitlab_rails['incoming_email_email'] = "${GITLAB_MAIL}"
# Email account password
- gitlab_rails['incoming_email_password'] = "changeme"
-
+ gitlab_rails['incoming_email_password'] = "${SMTP_PASS}"
+
# IMAP server host
- gitlab_rails['incoming_email_host'] = "changeme"
+ gitlab_rails['incoming_email_host'] = "${SMTP_ADRESS}"
# IMAP server port
gitlab_rails['incoming_email_port'] = 993
# Whether the IMAP server uses SSL
gitlab_rails['incoming_email_ssl'] = true
# Whether the IMAP server uses StartTLS
gitlab_rails['incoming_email_start_tls'] = false
-
+
# The mailbox where incoming mail will end up. Usually "inbox".
gitlab_rails['incoming_email_mailbox_name'] = "inbox"
# The IDLE command timeout.
gitlab_rails['incoming_email_idle_timeout'] = 60
-
+
# Whether to expunge (permanently remove) messages from the mailbox when they are deleted after delivery
gitlab_rails['incoming_email_expunge_deleted'] = true
-
+
# Add any other gitlab.rb configuration here, each on its own line
ports:
- '2222:22'