Merge branch 'separate-all-variable' into 'main'

Separate all variable

See merge request !1

.env.sample

-HOST=gitlab.societe-informatique-de-france.fr
+COMPOSE_FILE=docker-compose.yml:traefik.yml
+
+HOST=gitlab.DOMAINE.FR
 TZ=Europe/Paris
+
+
+GITLAB_SHELL_SSH_PORT=2222
+
+# EMAIL
+GITLAB_MAIL=gitlab@DOMAINE.FR
+SMTP_ADRESS=ADRESS_OF_SMTP #ssl0.ovh.net FOR ovh
+# You need a alpha numeric password without specialchar
+SMTP_PASS=GITLAB_MAIL_SECRET_PASSWORD
+SMTP_DOMAINE=DOMAINE.FR
+
+SMTP_AUTH=login
+SMTP_ENABLE_STARTTLS_AUTO=FALSE
+SMTP_TLS=true
+
+# TRAEFIK
+TRAEFIK_IP=172.19.0.2

.gitignore

-/docker-compose.yml
 .env
 runner/.env

Readme.md

@@ -5,14 +5,11 @@ Le `docker-compose.yml` contenant des mots de passes n'est pas inclus dans ce d
 ## Installation
 
 ```
-cp docker-compose.yml.sample docker-compose.yml
+cp .env.sample .env
 ```
 
-Puis éditer ce fichier et changer :
-
-+ Toutes les variables en .FQDN
-+ Les informations d'envoi de mail
-+ L'IP de traefik
+Puis éditer ce fichier et changer toutes les variables
+Pour changer les variable, vous pouvez suivre la [documentation gitlab](https://docs.gitlab.com/omnibus/settings/smtp.html#ovh)
 
 Puis faire `docker-compose up`
 

docker-compose.yml.sample → docker-compose.yml

@@ -4,15 +4,14 @@ services:
   gitlab:
     image: 'gitlab/gitlab-ce:16.8.1-ce.0'
     restart: always
-    hostname: 'gitlab.FQDN'
+    hostname: '${HOST}'
     networks:
-      - ldap
       - traefik
     environment:
       TZ:
       GITLAB_OMNIBUS_CONFIG: |
-        gitlab_rails['gitlab_shell_ssh_port'] = 2222
-        external_url = 'https://gitlab.FQDN'
+        gitlab_rails['gitlab_shell_ssh_port'] = ${GITLAB_SHELL_SSH_PORT}
+        external_url = 'https://${HOST}'
         nginx['listen_port'] = 80
         nginx['listen_https'] = false
         nginx['proxy_set_headers'] = {
@@ -21,10 +20,10 @@ services:
         }
         nginx['redirect_http_to_https'] = true
         nginx['redirect_http_to_https_port'] = 80
-        gitlab_rails['allowed_hosts'] = ['gitlab.FQDN', 'localhost', '127.0.0.1', 'gitlab']
+        gitlab_rails['allowed_hosts'] = ['${HOST}', 'localhost', '127.0.0.1', 'gitlab']
         # Each address is added to the the NGINX config as 'set_real_ip_from <address>;'
         # TODO replace the 172.19.0.6 ip by traefik's one
-        nginx['real_ip_trusted_addresses'] = [ '172.19.0.2' ]
+        nginx['real_ip_trusted_addresses'] = [ '${TRAEFIK_IP}' ]
         # other real_ip config options
         nginx['real_ip_header'] = 'X-Forwarded-For'
         nginx['real_ip_recursive'] = 'on'
@@ -34,42 +33,42 @@ services:
         gitlab_rails['rack_attack_git_basic_auth'] = {
             'enabled' => true,
             # TODO replace the 172.19.0.6 ip by traefik's one
-            'ip_whitelist' => ["127.0.0.1", '172.19.0.2'],
+            'ip_whitelist' => ["127.0.0.1", '${TRAEFIK_IP}'],
             'maxretry' => 10, # Limit the number of Git HTTP authentication attempts per IP
             'findtime' => 60, # Reset the auth attempt counter per IP after 60 seconds
             'bantime' => 3600 # Ban an IP for one hour (3600s) after too many auth attempts
         }
         # Mail
         gitlab_rails['smtp_enable'] = true
-        gitlab_rails['smtp_address'] = "changeme"
+        gitlab_rails['smtp_address'] = "${SMTP_ADRESS}"
         gitlab_rails['smtp_port'] = 465
-        gitlab_rails['smtp_user_name'] = "changeme@FQDN"
-        gitlab_rails['smtp_password'] = "changeme"
-        gitlab_rails['smtp_domain'] = "changeme"
-        gitlab_rails['smtp_authentication'] = "login"
-        gitlab_rails['smtp_enable_starttls_auto'] = false
-        gitlab_rails['smtp_tls'] = true
+        gitlab_rails['smtp_user_name'] = "${GITLAB_MAIL}"
+        gitlab_rails['smtp_password'] = "${SMTP_PASS}"
+        gitlab_rails['smtp_domain'] = "${SMTP_DOMAINE}"
+        gitlab_rails['smtp_authentication'] = "${SMTP_AUTH}"
+        gitlab_rails['smtp_enable_starttls_auto'] = ${SMTP_ENABLE_STARTTLS_AUTO}
+        gitlab_rails['smtp_tls'] = ${SMTP_TLS}
         gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
         # If your SMTP server does not like the default 'From: gitlab@localhost' you
         # # can change the 'From' with this setting.
-        gitlab_rails['gitlab_email_from'] = 'changeme@FQDN'
+        gitlab_rails['gitlab_email_from'] = '${GITLAB_MAIL}'
         # gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
 
         gitlab_rails['incoming_email_enabled'] = true
 
         # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
         # The placeholder can be omitted but if present, it must appear in the "user" part of the address (before the `@`).
-        gitlab_rails['incoming_email_address'] = "changeme+%{key}@FQDN"
+        gitlab_rails['incoming_email_address'] = "${GITLAB_MAIL}"
 
         # Email account username
         # With third party providers, this is usually the full email address.
         # With self-hosted email servers, this is usually the user part of the email address.
-        gitlab_rails['incoming_email_email'] = "changeme@FDQN"
+        gitlab_rails['incoming_email_email'] = "${GITLAB_MAIL}"
         # Email account password
-        gitlab_rails['incoming_email_password'] = "changeme"
+        gitlab_rails['incoming_email_password'] = "${SMTP_PASS}"
 
         # IMAP server host
-        gitlab_rails['incoming_email_host'] = "changeme"
+        gitlab_rails['incoming_email_host'] = "${SMTP_ADRESS}"
         # IMAP server port
         gitlab_rails['incoming_email_port'] = 993
         # Whether the IMAP server uses SSL