From 5fa716d470a46d47ea8db87f251e30c641e7d9a4 Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 26 Apr 2020 04:33:35 -0500 Subject: [PATCH] More configs, give in to GitLab's directory heirarchy It's hardcoded in SO MANY FUCKING PLACES --- roles/gitlab/files/gitlab.yml | 22 ++++++++++---------- roles/gitlab/tasks/main.yml | 39 +++++++++++++++++++++++++++++++---- 2 files changed, 46 insertions(+), 15 deletions(-) diff --git a/roles/gitlab/files/gitlab.yml b/roles/gitlab/files/gitlab.yml index 177d683..0edd835 100644 --- a/roles/gitlab/files/gitlab.yml +++ b/roles/gitlab/files/gitlab.yml @@ -103,10 +103,10 @@ production: &base # enabled: false # S/MIME private key file in PEM format, unencrypted # Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app). - # key_file: /var/gitlab/gitlab/.gitlab_smime_key + # key_file: /home/git/gitlab/.gitlab_smime_key # S/MIME public certificate key in PEM format, will be attached to signed messages # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app). - # cert_file: /var/gitlab/gitlab/.gitlab_smime_cert + # cert_file: /home/git/gitlab/.gitlab_smime_cert # Email server smtp settings are in config/initializers/smtp_settings.rb.sample @@ -357,7 +357,7 @@ production: &base # File that contains the shared secret key for verifying access for gitlab-pages. # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /var/gitlab/gitlab/.gitlab_pages_secret + # secret_file: /home/git/gitlab/.gitlab_pages_secret ## Mattermost ## For enabling Add to Mattermost button @@ -960,7 +960,7 @@ production: &base # Gitaly settings gitaly: # Path to the directory containing Gitaly client executables. - client_path: /var/gitlab/gitaly + client_path: /home/git/gitaly # Default Gitaly authentication token. Can be overridden per storage. Can # be left blank when Gitaly is running locally on a Unix socket, which # is the normal way to deploy Gitaly. @@ -978,8 +978,8 @@ production: &base # real path not the symlink. storages: # You must have at least a `default` storage path. default: - path: /var/gitlab/repositories/ - gitaly_address: unix:/var/gitlab/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). + path: /home/git/repositories/ + gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port). # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage. ## Backup settings @@ -1025,12 +1025,12 @@ production: &base ## GitLab Shell settings gitlab_shell: - path: /var/gitlab/gitlab-shell/ - authorized_keys_file: /var/gitlab/.ssh/authorized_keys + path: /home/git/gitlab-shell/ + authorized_keys_file: /home/git/.ssh/authorized_keys # File that contains the secret key for verifying access for gitlab-shell. # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /var/gitlab/gitlab/.gitlab_shell_secret + # secret_file: /home/git/gitlab/.gitlab_shell_secret # Git over HTTP upload_pack: true @@ -1045,11 +1045,11 @@ production: &base workhorse: # File that contains the secret key for verifying access for gitlab-workhorse. # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app). - # secret_file: /var/gitlab/gitlab/.gitlab_workhorse_secret + # secret_file: /home/git/gitlab/.gitlab_workhorse_secret ## GitLab Elasticsearch settings elasticsearch: - indexer_path: /var/gitlab/gitlab-elasticsearch-indexer/ + indexer_path: /home/git/gitlab-elasticsearch-indexer/ ## Git settings # CAUTION! diff --git a/roles/gitlab/tasks/main.yml b/roles/gitlab/tasks/main.yml index 3b628b9..667e1f6 100644 --- a/roles/gitlab/tasks/main.yml +++ b/roles/gitlab/tasks/main.yml @@ -55,7 +55,7 @@ - name: Add gitlab user user: name: git - home: "/var/gitlab" + home: "/home/git" groups: - "redis" comment: "GitLab" @@ -81,22 +81,53 @@ - name: Clone GitLab git: depth: 1 - dest: "/var/gitlab/gitlab-foss" + dest: "/home/git/gitlab" force: yes repo: "https://gitlab.com/gitlab-org/gitlab-foss.git" version: 12-10-stable + - name: Copy secrets + copy: + src: "/home/git/gitlab/config/secrets.yml.example" + dest: "/home/git/gitlab/config/secrets.yml" + remote_src: yes - name: Copy configs around copy: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - - { src: "gitlab.yml", dest: "/var/gitlab/gitlab-foss/config/gitlab.yml" } + - { src: "gitlab.yml", dest: "/home/git/gitlab/config/gitlab.yml" } + - { src: "pumba.rb", dest: "/home/git/gitlab/config/puma.rb" } + - name: Change permissions + file: + path: "{{ item.src }}" + state: touch + mode: "{{ item.mode }}" + loop: + - { src: "/home/git/gitlab/log", mode: "u+rwX,go-w" } + - { src: "/home/git/gitlab/tmp", mode: "u+rwX" } + - { src: "/home/git/gitlab/tmp/pids", mode: "u+rwX" } + - { src: "/home/git/gitlab/tmp/sockets", mode: "u+rwX" } + - { src: "/home/git/gitlab/builds", mode: "u+rwX" } + - { src: "/home/git/gitlab/shared/artifacts", mode: "u+rwX" } + - { src: "/home/git/gitlab/shared/pages", mode: "u+rwX" } + - name: Create public directory + file: + path: "/home/git/public" + mode: "0755" + state: directory + - name: Create uploads directory + file: + path: "/home/git/public/uploads" + mode: "0700" + state: directory + become: yes + become_user: git - name: Set up Apache block: - name: Create webroot file: path: "{{ gitlab_webroot }}" - src: "/var/gitlab/public" + src: "/home/git/public" mode: "0755" state: link - name: Copy over virtual host configs