More configs, give in to GitLab's directory heirarchy

It's hardcoded in SO MANY FUCKING PLACES

roles/gitlab/files/gitlab.yml

@@ -103,10 +103,10 @@ production: &base
       # enabled: false
       # S/MIME private key file in PEM format, unencrypted
       # Default is '.gitlab_smime_key' relative to Rails.root (i.e. root of the GitLab app).
-      # key_file: /var/gitlab/gitlab/.gitlab_smime_key
+      # key_file: /home/git/gitlab/.gitlab_smime_key
       # S/MIME public certificate key in PEM format, will be attached to signed messages
       # Default is '.gitlab_smime_cert' relative to Rails.root (i.e. root of the GitLab app).
-      # cert_file: /var/gitlab/gitlab/.gitlab_smime_cert
+      # cert_file: /home/git/gitlab/.gitlab_smime_cert
 
     # Email server smtp settings are in config/initializers/smtp_settings.rb.sample
 
@@ -357,7 +357,7 @@ production: &base
 
     # File that contains the shared secret key for verifying access for gitlab-pages.
     # Default is '.gitlab_pages_secret' relative to Rails.root (i.e. root of the GitLab app).
-    # secret_file: /var/gitlab/gitlab/.gitlab_pages_secret
+    # secret_file: /home/git/gitlab/.gitlab_pages_secret
 
   ## Mattermost
   ## For enabling Add to Mattermost button
@@ -960,7 +960,7 @@ production: &base
   # Gitaly settings
   gitaly:
     # Path to the directory containing Gitaly client executables.
-    client_path: /var/gitlab/gitaly
+    client_path: /home/git/gitaly
     # Default Gitaly authentication token. Can be overridden per storage. Can
     # be left blank when Gitaly is running locally on a Unix socket, which
     # is the normal way to deploy Gitaly.
@@ -978,8 +978,8 @@ production: &base
     # real path not the symlink.
     storages: # You must have at least a `default` storage path.
       default:
-        path: /var/gitlab/repositories/
+        path: /home/git/repositories/
-        gitaly_address: unix:/var/gitlab/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port).
+        gitaly_address: unix:/home/git/gitlab/tmp/sockets/private/gitaly.socket # TCP connections are supported too (e.g. tcp://host:port). TLS connections are also supported using the system certificate pool (eg: tls://host:port).
         # gitaly_token: 'special token' # Optional: override global gitaly.token for this storage.
 
   ## Backup settings
@@ -1025,12 +1025,12 @@ production: &base
 
   ## GitLab Shell settings
   gitlab_shell:
-    path: /var/gitlab/gitlab-shell/
+    path: /home/git/gitlab-shell/
-    authorized_keys_file: /var/gitlab/.ssh/authorized_keys
+    authorized_keys_file: /home/git/.ssh/authorized_keys
 
     # File that contains the secret key for verifying access for gitlab-shell.
     # Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
-    # secret_file: /var/gitlab/gitlab/.gitlab_shell_secret
+    # secret_file: /home/git/gitlab/.gitlab_shell_secret
 
     # Git over HTTP
     upload_pack: true
@@ -1045,11 +1045,11 @@ production: &base
   workhorse:
     # File that contains the secret key for verifying access for gitlab-workhorse.
     # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
-    # secret_file: /var/gitlab/gitlab/.gitlab_workhorse_secret
+    # secret_file: /home/git/gitlab/.gitlab_workhorse_secret
 
   ## GitLab Elasticsearch settings
   elasticsearch:
-    indexer_path: /var/gitlab/gitlab-elasticsearch-indexer/
+    indexer_path: /home/git/gitlab-elasticsearch-indexer/
 
   ## Git settings
   # CAUTION!

roles/gitlab/tasks/main.yml

@@ -55,7 +55,7 @@
     - name: Add gitlab user
       user:
         name: git
-        home: "/var/gitlab"
+        home: "/home/git"
         groups:
           - "redis"
         comment: "GitLab"
@@ -81,22 +81,53 @@
         - name: Clone GitLab
           git:
             depth: 1
-            dest: "/var/gitlab/gitlab-foss"
+            dest: "/home/git/gitlab"
             force: yes
             repo: "https://gitlab.com/gitlab-org/gitlab-foss.git"
             version: 12-10-stable
+        - name: Copy secrets
+          copy:
+            src: "/home/git/gitlab/config/secrets.yml.example"
+            dest: "/home/git/gitlab/config/secrets.yml"
+            remote_src: yes
         - name: Copy configs around
           copy:
             src: "{{ item.src }}"
             dest: "{{ item.dest }}"
           loop:
-            - { src: "gitlab.yml", dest: "/var/gitlab/gitlab-foss/config/gitlab.yml" }
+            - { src: "gitlab.yml", dest: "/home/git/gitlab/config/gitlab.yml" }
+            - { src: "pumba.rb", dest: "/home/git/gitlab/config/puma.rb" }
+        - name: Change permissions
+          file:
+            path: "{{ item.src }}"
+            state: touch
+            mode: "{{ item.mode }}"
+          loop:
+            - { src: "/home/git/gitlab/log", mode: "u+rwX,go-w" }
+            - { src: "/home/git/gitlab/tmp", mode: "u+rwX" }
+            - { src: "/home/git/gitlab/tmp/pids", mode: "u+rwX" }
+            - { src: "/home/git/gitlab/tmp/sockets", mode: "u+rwX" }
+            - { src: "/home/git/gitlab/builds", mode: "u+rwX" }
+            - { src: "/home/git/gitlab/shared/artifacts", mode: "u+rwX" }
+            - { src: "/home/git/gitlab/shared/pages", mode: "u+rwX" }
+        - name: Create public directory
+          file:
+            path: "/home/git/public"
+            mode: "0755"
+            state: directory
+        - name: Create uploads directory
+          file:
+            path: "/home/git/public/uploads"
+            mode: "0700"
+            state: directory
+      become: yes
+      become_user: git
     - name: Set up Apache
       block:
         - name: Create webroot
           file:
             path: "{{ gitlab_webroot }}"
-            src: "/var/gitlab/public"
+            src: "/home/git/public"
             mode: "0755"
             state: link
         - name: Copy over virtual host configs