forked from arnisoph/gitlab-formula
-
Notifications
You must be signed in to change notification settings - Fork 1
/
pillar.example.sls
85 lines (73 loc) · 2.59 KB
/
pillar.example.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
gitlab:
db:
host: postgreshost.domain.local
password: myultracryptopassword42
gravatar:
enabled: False
domain: gitlabhost.domain.local
https: true
shell:
ca_file: /etc/ssl/certs/gitlabhost.domain.local.ca.pem
ca_path: /etc/ssl/certs/
# PostgreSQL DB backend with https://github.com/bechtoldt/postgresql-formula
postgresql:
lookup:
server:
config:
pg_hba:
config:
- name: allow access from gitlab system to gitlab db
type: host
database: gitlab
user: gitlab
address: {{ salt['dig.A']('gitlabhost.domain.local')[0] }}/32
auth_method: md5
users:
- name: gitlab
password: myultracryptopassword42
databases:
- name: gitlab
encoding: SQL_ASCII
lc_collate: C
lc_ctype: C
template: template1
# nginx webserver with https://github.com/bechtoldt/nginx-formula
nginx:
vhosts:
gitlab:
plain: |
upstream gitlab {
## Uncomment if you have set up unicorn to listen on a unix socket (recommended).
server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
## Uncomment if unicorn is configured to listen on a tcp port.
## Check the port number in /home/git/gitlab/config/unicorn.rb
# server 127.0.0.1:8080;
}
## This is a normal HTTP host which redirects all traffic to the HTTPS host.
server {
listen *:80;
## Replace git.example.com with your FQDN.
server_name git.example.com;
server_tokens off;
## root doesn't have to be a valid path since we are redirecting
root /nowhere;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
## Replace git.example.com with your FQDN.
server_name git.example.com;
server_tokens off;
root /home/git/gitlab/public;
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size 20m;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl on;
ssl_certificate /etc/ssl/certs/gitlab.domain.local.crt.pem;
ssl_certificate_key /etc/ssl/private/gitlab.domain.local.key.pem;
ssl_ciphers 'ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:HIGH:!MD5:!aNULL:!EDH:!RC4';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
...