diff --git a/group_vars/all b/group_vars/all
index 17f388f860d59db39c3db89845d50b099cd01709..c18974a26736db64a95ca09a7fe0c83fc029a8e5 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -5,21 +5,4 @@ ansible_python_interpreter: /usr/bin/python3
 # Globale Variablen für alle Server
 
 # Letsencrypt notification mail 
-letsencrypt_mail: verwaltung@warpzone.ms
-
-
-
-# Zentrale InfluxDb für Systemmonitoring  
-influxdb_sysmon:
-  url: "http://192.168.0.201:18086"
-  db: "influx"
-  user: "influx" 
-  password: "influx" 
-
-# Zentrale InfluxDb für Snmp Daten   
-influxdb_snmp:
-  url: "http://192.168.0.201:28086"
-  db: "influx"
-  user: "influx" 
-  password: "influx" 
-
+letsencrypt_mail: verwaltung@warpzone.ms
\ No newline at end of file
diff --git a/group_vars/test b/group_vars/test
index a8e9915c10004e98755d5fb3130f8d8d56d8101d..619f3b5801e25aa106e82c6f9435c066cd50ae92 100644
--- a/group_vars/test
+++ b/group_vars/test
@@ -1,9 +1,42 @@
-# Globale Variablen für alle produktiven Server
-
-
 # SMTP Settings 
-smtp_domain: enteentelos.com
-smtp_host: mailserver.enteentelos.com
+smtp_domain: test-warpzone.de
+smtp_host: mailserver.test-warpzone.de
 smtp_port: 587 
-noreply_email_user: noreply@enteentelos.com
+noreply_email_user: noreply@test-warpzone.de
+
+# Globale Domains
+global_domains:
+  warpzonems:
+    domain: test-warpzone.de
+
+# Globale Mail konfiguration 
+mail_domains:
+  warpzonems:
+    maildomain: "test-warpzone.de" 
+    mxserver: "mailserver.test-warpzone.de"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.test-warpzone.de ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dmarc: "v=DMARC1; p=none;"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNnNZElbWq9EonFULbr8vWWykKmZEylRwjo4lYx/lXsGDFWBuNh2s6gFF10OuHWtavokjvh/7sFidNaRYQkn3uwHmylBWFn7Jr2lPWY8PBEoIeAZZx5qHaDWxJVgzE7maFyXAswDGXcR/DRTn2xR6osNXOovjGeYXq/atR/45iwfgkhqAaXaV1uP/K9y\" \"y2sZ2dRtGEwCKsWbP26cOZ6MUcADszgUTEp59iKey79m0uwi0IpA8WjEKVwbMcf/6fBw1ejIEjVUX+bami2fQ6RPl4uEyloco4paV3w/vww2hh4VchCFLYAEKMkZOZs/eTDGsjaMguwHbPeVJjkpX2T6WQIDAQAB" }
+  member_warpzonems:
+    maildomain: "member.test-warpzone.de" 
+    mxserver: "mailserver.test-warpzone.de"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.test-warpzone.de ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu334a+uJ5b7D8UTz3Up6A8EjZhEnXaIpiIcKAGPXXD2ZBGmkWfUNcwDcfMoDErH6ntXzf0uH2VMvaajB/wdKLyly1irDKoyjLA3hJb5wnF9Gh0anL1qxY6UA189vWsw+2JlZJWyQ3IcaQ720SM3OrrK4AL3gRItieSEQ+23m5aW0P6sgUuMXTmmKLbd4\" \"DzZ14Emw293TD2p4gJtgxW/6EfIfcUU+/jP1NNm9gksyzynH1pJXPwVruo9u4QujEQiPqtVsVtrtUm1kbnW+pexj3eKOLLEHGZ+p5AZ/jtALk9pJfNumm/XHFK5PTZDBIipXOYvuG8RdwsaCQRezGKy04QIDAQAB" }
+  lists_warpzonems:
+    maildomain: "lists.test-warpzone.de" 
+    mxserver: "mailserver.test-warpzone.de"
+    mxhostname: "webserver"
+    spf: "v=spf1 mx a:mailserver.test-warpzone.de ip4:{{ hostvars['webserver'].ext_ip4 }} ip6:{{ hostvars['webserver'].ext_ip6 }} -all"
+    dkim:
+      - { selector: "dkim", value: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoO7SXkUkM17Y1Vi/cvO48IJmlReGWSaYHY+wEldLHt80TiXP0AGZ8nG+DshXi1J2D5xjn8cJu4VqgDrLFnsRJyGYKmi7yVukANVg6gjYlET4y5+UU7Vk2W3xhN2U/8F0rcyynALzQa8i4Y/wEI0qkgHyE6+lITmglJvlj6tgp4YYK2TBH3Zo//PukOmU\" \"6gG/qu0+6p+CepvqzfGT2l1duov5a2+DJJzlJTULJ5D5Blsmg/0GeC81gZ4QDC3S8aaM5Pw3I3lQCSJT4Q4Ge6Ues4ccagNrdnZhtHNaVFGdL1mR1k+G784gpMZphPj5MylNEpA3V4bD7/Ygf4GuAvHdMwIDAQAB" }
 
+# Monitoring 
+monitoring:
+  external_dns_servers:
+    - { ip: "1.1.1.1", name: "Cloudflare" }
+    - { ip: "8.8.8.8", name: "Google" }
+    - { ip: "9.9.9.9", name: "Quad9" }
diff --git a/host_vars/test-warpzone-de b/host_vars/test-warpzone-de
new file mode 100644
index 0000000000000000000000000000000000000000..a00479198185e8e4f897e1021a95d1a46b2c1642
--- /dev/null
+++ b/host_vars/test-warpzone-de
@@ -0,0 +1,196 @@
+
+# Host spezifische Variablen 
+
+motd_lines: 
+  - "Testserver"
+  - "Öffentliche IPs: {{ansible_eth0.ipv4.address}} / {{ansible_eth0.ipv6[0].address}}"
+
+debian_sources: 
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
+
+debian_keys_id:
+
+debian_keys_url:
+  - "https://download.docker.com/linux/debian/gpg"
+
+
+# Primäre IP Adressen des Hosts 
+ext_ip4: 159.69.57.56
+ext_ip6: 2a01:4f8:231:8a1:159:69:57:56
+int_ip4: 127.0.0.1
+
+# Art des Hosts: physical, vm, docker 
+host_type: "lxc"
+
+# SSL aktivieren 
+webserver_ssl: true
+
+# Liste der gehosteten Domänen
+webserver_domains: 
+  - "test-warpzone.de"
+#  - "api.test-warpzone.de"
+#  - "auth.test-warpzone.de"
+  - "gitlab.test-warpzone.de"
+#  - "matrix.test-warpzone.de"
+#  - "mailserver.test-warpzone.de"
+#  - "ldap.test-warpzone.de"
+#  - "keycloak.test-warpzone.de"
+#  - "md.test-warpzone.de"
+#  - "turn.test-warpzone.de"
+  - "wiki.test-warpzone.de"
+  - "www.test-warpzone.de"
+#  - "workadventure.test-warpzone.de"
+#  - "play.workadventure.test-warpzone.de"
+#  - "pusher.workadventure.test-warpzone.de"
+#  - "api.workadventure.test-warpzone.de"
+#  - "icon.workadventure.test-warpzone.de"
+
+
+# #OpenVPN Konfigurationen 
+# openvpn_server:
+#   - "server-zone"
+#   - "server-verwaltung"
+
+administratorenteam:
+  - "void"
+  - "sandhome"
+  - "jabertwo"
+
+# Docker konfigurationen 
+docker:
+  # Interne Docker-Netzwerke 
+  internal_networks:
+    - web
+    
+# Monitoring aktivieren 
+alert:  
+  load: 
+    warn: 5
+    crit: 10
+  containers:
+    #- { name: "coturn_coturn_1" }
+    - { name: "dockerstats-app-1" }
+    #- { name: "dokuwiki_app_1" }
+    - { name: "gitlab-app-1" }
+    - { name: "gitlab-dind-1" }
+    - { name: "gitlab-runner-1" }
+    #- { name: "hackmd_app_1" }
+    #- { name: "hackmd_db_1" }
+    #- { name: "icinga_app_1" }
+    #- { name: "icinga_db_1" }
+    #- { name: "icinga_graphite_1" }
+    #- { name: "keycloak_app_1" }
+    #- { name: "keycloak_db_1" }
+    #- { name: "keycloak_sync-group-active_1" }
+    #- { name: "ldap_openldap_1" }
+    #- { name: "ldap_phpldapadmin_1" }
+    #- { name: "mail_admin_1" }
+    #- { name: "mail_antispam_1" }
+    #- { name: "mail_certdumper_1" }
+    #- { name: "mail_db_1" }
+    #- { name: "mail_front_1" }
+    #- { name: "mail_imap_1" }
+    #- { name: "mail_oletools_1" }
+    #- { name: "mail_redis_1" }
+    #- { name: "mail_resolver_1" }
+    #- { name: "mail_smtp_1" }
+    #- { name: "mail_webmail_1" }
+    #- { name: "mail_mailman-core_1" }
+    #- { name: "mail_mailman-web_1" }
+    #- { name: "mail_mailman-nginx_1" }
+    #- { name: "matrix_ma1sd_1" }
+    #- { name: "matrix_db_1" }
+    #- { name: "matrix_purgemediacache_1" }
+    #- { name: "matrix_synapse_1" }
+    #- { name: "matterbridge_cw_1" }
+    #- { name: "matterbridge_wz_1" }
+    #- { name: "matterbridge_web_1" }
+    #- { name: "matterbridge_restarter_1" }
+    - { name: "traefik-app-1" }
+    #- { name: "vpnserver_app_1" }
+    #- { name: "warpapi_app_1" }
+    #- { name: "watchtower_app_1" }
+    - { name: "wordpress-app-1" }
+    - { name: "wordpress-db-1" }
+    #- { name: "workadventure_back_1" }
+    #- { name: "workadventure_front_1" }
+    #- { name: "workadventure_icon_1" }
+    #- { name: "workadventure_pusher_1" }
+    #- { name: "workadventure_redis_1" }
+  disks: 
+    - { mountpoint: "/", warn: "5 GB", crit: "1 GB" }
+    - { mountpoint: "/srv", warn: "5 GB", crit: "1 GB" }
+  
+
+# # Definition von Borgbackup Repositories 
+# borgbackup_repos:
+
+#   # warpsrvint: 
+
+#   #   # URL des Repos   
+#   #   repo: "ssh://warpzone@192.168.0.201:22/data/warpzone/webserver"
+    
+#   #   # Repo-spezifische Optionen zum Aufruf von Borgbackup
+#   #   # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
+#   #   options: ""
+
+#   #   # Compression Options, z,b. "zlib,5, "zstd,5"
+#   #   compression: "zlib,5"
+
+#   #   # Prune Optionen 
+#   #   prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
+    
+#   #   # Backup Schedule 
+#   #   weekday: "*"
+#   #   hour: "6"
+#   #   minute: "0"
+
+#   #   #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
+#   #   # directories:
+
+#   #   # Monitoring
+#   #   alert: true
+#   #   warning_age: 26 
+#   #   critical_age: 50
+#   #   warning_count: 10
+#   #   critical_count: 5
+
+#   borgbase: 
+
+#     # URL des Repos   
+#     repo: "ani9ve0q@ani9ve0q.repo.borgbase.com:repo"
+    
+#     # Repo-spezifische Optionen zum Aufruf von Borgbackup
+#     # z.B. bei Sicherungen zu rsync.net ist --remote-path=borg1 erforderlich
+#     options: ""
+
+#     # Compression Options, z,b. "zlib,5, "zstd,5"
+#     compression: "zlib,5"
+
+#     # Prune Optionen 
+#     prune: "--keep-within=2d --keep-daily=7 --keep-weekly=4 --keep-monthly=6"
+    
+#     # Backup Schedule 
+#     weekday: "*"
+#     hour: "4"
+#     minute: "10"
+
+#     #  Zusätzliche Verzeichnisse, die nur in diesem Backup gesichtert werden sollen 
+#     # directories:
+
+#     # Monitoring
+#     alert: true
+#     warning_age: 26 
+#     critical_age: 50
+#     warning_count: 10
+#     critical_count: 5
+
+
+# # Definition der Verzeichnisse, die in allen Borgbackup Repos gesichert werden sollen 
+# borgbackup_directories:
+#   - "/etc/"
+#   - "/srv/"
+
diff --git a/hosts.yml b/hosts.yml
index f9fe361e7f7d478037623cf673926e179214e142..61673c1ba4f4d5a41f4ef8e88069ec5181bdbe6e 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -70,4 +70,12 @@ event:
         # Wichtige Optionen: Nesting = Yes, keyctl = enabled
         hix:
           ansible_ssh_host: 10.111.10.101
+          ansible_user: root
+
+test:
+  children:
+    vms:
+      hosts:
+        test-warpzone-de:
+          ansible_ssh_host: 2a01:4f8:231:8a1:159:69:57:56
           ansible_user: root
\ No newline at end of file
diff --git a/site.yml b/site.yml
index 813938bfa5262a43307896c3c1918445e0499c30..28d6a3824733c04de964ada6eee8bba6393285d5 100644
--- a/site.yml
+++ b/site.yml
@@ -14,6 +14,44 @@
 # Test Server
 ##################################################
 
+- hosts: test-warpzone-de
+  remote_user: root
+  roles:
+    - { role: common/cronapt, tags: cronapt }
+    - { role: common/docker, tags: docker }
+    # - { 
+    #     role: testserver/docker_dockerstats, tags: dockerstats, 
+    #     servicename: dockerstats, 
+    #     basedir: /srv/dockerstats 
+    #   }
+    - { 
+        role: testserver/docker_traefik, tags: traefik,
+        servicename: traefik,
+        basedir: /srv/traefik,
+        domain: "test-warpzone.de",
+        domain_default: "www.test-warpzone.de",
+      }    
+    - { 
+        role: testserver/docker_dokuwiki, tags: dokuwiki,
+        servicename: "dokuwiki",
+        domain: "wiki.test-warpzone.de",
+        basedir: /srv/dokuwiki,
+        # healthchecks_url: "https://hc-ping.com/038adcfe-05bf-45b4-919b-88b69aab8844"
+      }
+    - { 
+        role: testserver/docker_gitlab, tags: gitlab,
+        servicename: "gitlab",
+        domain: "gitlab.test-warpzone.de",
+        domain_registry: "gitlab-registry.test-warpzone.de"
+      }
+    - { 
+        role: testserver/docker_wordpress, tags: wordpress,
+        servicename: "wordpress",
+        basedir: /srv/wordpress, 
+        domain: "www.test-warpzone.de"
+      }
+
+
 ##################################################
 # Produktive Server
 ##################################################
diff --git a/testserver/docker_dockerstats/tasks/main.yml b/testserver/docker_dockerstats/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..673605687d98f958504626d9aa673af1a70d1e21
--- /dev/null
+++ b/testserver/docker_dockerstats/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: "create folder struct for {{ servicename }}"
+  file: 
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+
+
+- name: Konfig-Dateien erstellen
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - Dockerfile
+    - docker-compose.yml
+  register: config
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
diff --git a/testserver/docker_dockerstats/templates/Dockerfile b/testserver/docker_dockerstats/templates/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..793b7781f16e3c35b0213babc1185e883d014aba
--- /dev/null
+++ b/testserver/docker_dockerstats/templates/Dockerfile
@@ -0,0 +1,19 @@
+FROM node:21-alpine
+
+RUN apk update \
+ && apk upgrade \
+ && apk add --no-cache git
+
+RUN mkdir -p /usr/src/app \
+  && cd /usr/src/app \
+  && git clone https://github.com/elberfeld/docker_stats_exporter.git \
+  && cd /usr/src/app/docker_stats_exporter \
+  && git checkout 2020.07.30.1 \
+  && npm install
+
+WORKDIR /usr/src/app/docker_stats_exporter
+
+EXPOSE 9487
+ENV DOCKERSTATS_PORT=9487 DOCKERSTATS_INTERVAL=15 DEBUG=0
+
+ENTRYPOINT [ "npm", "start" ]
diff --git a/testserver/docker_dockerstats/templates/docker-compose.yml b/testserver/docker_dockerstats/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..248d813dc7baedae29c85d340edd83749fa77712
--- /dev/null
+++ b/testserver/docker_dockerstats/templates/docker-compose.yml
@@ -0,0 +1,14 @@
+version: "3"
+
+services:
+
+  app:
+
+    build: .
+    restart: always
+    ports:
+      - "{{ int_ip4 }}:9487:9487" 
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - /usr/bin/docker:/usr/bin/docker
+
diff --git a/testserver/docker_dokuwiki/tasks/main.yml b/testserver/docker_dokuwiki/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bff9f952efb8c7fa85cb98508d7066c8b49fd9ac
--- /dev/null
+++ b/testserver/docker_dokuwiki/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/shared/noreply_email_pass,  length: -1 }
+
+- name: create folder struct for dokuwiki
+  file:
+    path: "{{item}}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+    - "{{ basedir }}/data"
+    - "{{ basedir }}/pdftemplate"
+
+- name: Docker Compose Konfig-Datei erstellen
+  template:
+    src: "{{item}}"
+    dest: "{{ basedir }}/{{item}}"
+  with_items:
+    - docker-compose.yml
+    - Dockerfile
+  register: config
+
+# - name: Cronjob für Mailversand Plenumsmail
+#   cron: 
+#     name: "sendmail_plenum" 
+#     weekday: "0" 
+#     hour: "20" 
+#     minute: "0" 
+#     job: "/usr/bin/python3 {{ basedir }}/sendmail_plenum.py"
+#     disabled: false
+
+- name: "stop {{ servicename}} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config.changed
+
+- name: "start {{ servicename}} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
diff --git a/testserver/docker_dokuwiki/templates/Dockerfile b/testserver/docker_dokuwiki/templates/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..fd13f5c69738aaa9f9c00df667d5a02a633bf085
--- /dev/null
+++ b/testserver/docker_dokuwiki/templates/Dockerfile
@@ -0,0 +1,32 @@
+FROM php:8.3.2-apache-bookworm
+
+# php-gd modul für dw2pdf plugin
+RUN apt-get update && apt-get install -y \
+        libfreetype6-dev \
+        libjpeg62-turbo-dev \
+        libpng-dev \
+    && docker-php-ext-configure gd --with-freetype --with-jpeg \
+    && docker-php-ext-install -j$(nproc) gd
+
+
+# Upload-Limits hoch setzen (Edit by Parad0x)
+RUN touch /usr/local/etc/php/conf.d/uploads.ini \
+    && echo "upload_max_filesize = 10M;" >> /usr/local/etc/php/conf.d/uploads.ini \
+    && echo "post_max_size = 10M;" >> /usr/local/etc/php/conf.d/uploads.ini
+
+
+# Configure LDAP.
+RUN apt-get update \
+ && apt-get install libldap2-dev -y \
+ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
+ && docker-php-ext-install ldap
+
+
+# Change apache settings
+RUN a2enmod rewrite
+
+# Expose ports
+EXPOSE 80
+
+# startup
+CMD ["apache2-foreground"]
diff --git a/testserver/docker_dokuwiki/templates/docker-compose.yml b/testserver/docker_dokuwiki/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..5cef278a9f4c605e335f12b1948fd30ebd3df9f9
--- /dev/null
+++ b/testserver/docker_dokuwiki/templates/docker-compose.yml
@@ -0,0 +1,24 @@
+version: "3"
+
+services:
+
+  app:
+    # values set in configuration: noreply_email_user - noreply_email_pass - smtp_host - smtp_port 
+    build: .
+    image: "dokuwiki--{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}"
+    restart: always
+    volumes:
+      - /srv/dokuwiki/data/:/var/www/html
+      - /srv/dokuwiki/pdftemplate/:/var/www/html/lib/plugins/dw2pdf/tpl/warpzone/
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80      
+    networks:
+      - default      
+      - web  
+    
+networks:
+  web:
+    external: true    
diff --git a/testserver/docker_gitlab/tasks/main.yml b/testserver/docker_gitlab/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..36dbab8ee61499229f7655c0705cd10408984979
--- /dev/null
+++ b/testserver/docker_gitlab/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/shared/noreply_email_pass,  length: -1 }
+   - { path: /srv/ldap/secret/ldap_readonly_pass,  length: -1 }
+   - { path: /srv/gitlab/runner_registration_token,  length: -1 }
+
+# Benötigte Verzeichnisstrukturen erstellen
+
+- name: create folder structur for gitlab
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+  with_items:
+    - "/srv/gitlab/"
+    - "/srv/gitlab/conf/"
+    - "/srv/gitlab/data/"
+    - "/srv/gitlab/log"
+    - "/srv/gitlab/runner"
+
+# Konfigurationsdateien erstellen
+
+- name: Konfig-Datei Gitlab
+  template:
+    src: "{{ item }}"
+    dest: "/srv/gitlab/{{ item }}"
+  with_items:
+    - "conf/gitlab.rb"
+    - "docker-compose.yml"
+  register: configs
+
+
+- name: stop gitlab docker
+  community.docker.docker_compose_v2:
+    project_src: /srv/gitlab/
+    state: absent
+  when: configs.changed
+
+- name: start gitlab docker
+  community.docker.docker_compose_v2:
+    project_src: /srv/gitlab/
+    state: present
diff --git a/testserver/docker_gitlab/templates/conf/gitlab.rb b/testserver/docker_gitlab/templates/conf/gitlab.rb
new file mode 100644
index 0000000000000000000000000000000000000000..d893132b7e40b1b6d1d19676ffb80a6c440a2661
--- /dev/null
+++ b/testserver/docker_gitlab/templates/conf/gitlab.rb
@@ -0,0 +1,2716 @@
+## GitLab configuration settings
+##! This file is generated during initial installation and **is not** modified
+##! during upgrades.
+##! Check out the latest version of this file to know about the different
+##! settings that can be configured, when they were introduced and why:
+##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template
+
+##! Locally, the complete template corresponding to the installed version can be found at:
+##! /opt/gitlab/etc/gitlab.rb.template
+
+##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
+##! the gitlab.rb.template from the currently running version.
+
+##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
+##! running `gitlab-ctl reconfigure`
+
+##! In general, the values specified here should reflect what the default value of the attribute will be.
+##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
+##! or connecting to third party services.
+##! In those instances, we endeavour to provide an example configuration.
+
+## GitLab URL
+##! URL on which GitLab will be reachable.
+##! For more details on configuring external_url see:
+##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
+##!
+##! Note: During installation/upgrades, the value of the environment variable
+##! EXTERNAL_URL will be used to populate/replace this value.
+##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
+##! address from AWS. For more details, see:
+##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
+external_url 'https://{{ domain }}/'
+
+## Roles for multi-instance GitLab
+##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
+##! Options:
+##!   redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
+##!   postgres_role consul_role application_role monitoring_role
+##! For more details on each role, see:
+##! https://docs.gitlab.com/omnibus/roles/README.html#roles
+##!
+# roles ['redis_sentinel_role', 'redis_master_role']
+
+## Legend
+##! The following notations at the beginning of each line may be used to
+##! differentiate between components of this file and to easily select them using
+##! a regex.
+##! ## Titles, subtitles etc
+##! ##! More information - Description, Docs, Links, Issues etc.
+##! Configuration settings have a single # followed by a single space at the
+##! beginning; Remove them to enable the setting.
+
+##! **Configuration settings below are optional.**
+
+
+################################################################################
+################################################################################
+##                Configuration Settings for GitLab CE and EE                 ##
+################################################################################
+################################################################################
+
+################################################################################
+## gitlab.yml configuration
+##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
+################################################################################
+# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
+# gitlab_rails['gitlab_ssh_user'] = ''
+# gitlab_rails['time_zone'] = 'UTC'
+gitlab_rails['gitlab_ssh_host'] = 'gitlab.warpzone.ms'
+gitlab_rails['time_zone'] = 'Europe/Berlin'
+
+### Request duration
+###! Tells the rails application how long it has to complete a request
+###! This value needs to be lower than the worker timeout set in unicorn/puma.
+###! By default, we'll allow 95% of the the worker timeout
+# gitlab_rails['max_request_duration_seconds'] = 57
+
+### GitLab email server settings
+###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
+###! **Use smtp instead of sendmail/postfix.**
+
+# gitlab_rails['smtp_enable'] = true
+# gitlab_rails['smtp_address'] = "smtp.server"
+# gitlab_rails['smtp_port'] = 465
+# gitlab_rails['smtp_user_name'] = "smtp user"
+# gitlab_rails['smtp_password'] = "smtp password"
+# gitlab_rails['smtp_domain'] = "example.com"
+# gitlab_rails['smtp_authentication'] = "login"
+# gitlab_rails['smtp_enable_starttls_auto'] = true
+# gitlab_rails['smtp_tls'] = false
+gitlab_rails['smtp_enable'] = true
+gitlab_rails['smtp_address'] = "{{ smtp_host }}"
+gitlab_rails['smtp_port'] = {{ smtp_port }}
+gitlab_rails['smtp_user_name'] = "{{ noreply_email_user }}"
+gitlab_rails['smtp_password'] = "{{ noreply_email_pass }}"
+gitlab_rails['smtp_domain'] = "{{ smtp_domain }}"
+gitlab_rails['smtp_authentication'] = "plain"
+gitlab_rails['smtp_enable_starttls_auto'] = true
+# gitlab_rails['smtp_tls'] = false
+# TODO: Update with new mail server
+gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+
+
+### Email Settings
+
+# gitlab_rails['gitlab_email_enabled'] = true
+gitlab_rails['gitlab_email_enabled'] = true
+
+##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
+##! can change the 'From' with this setting.
+# gitlab_rails['gitlab_email_from'] = 'example@example.com'
+# gitlab_rails['gitlab_email_display_name'] = 'Example'
+# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
+# gitlab_rails['gitlab_email_subject_suffix'] = ''
+# gitlab_rails['gitlab_email_smime_enabled'] = false
+# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
+# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
+# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'
+gitlab_rails['gitlab_email_from'] = 'gitlab@{{ smtp_domain }}'
+gitlab_rails['gitlab_email_display_name'] = 'Warpzone Gitlab'
+gitlab_rails['gitlab_email_reply_to'] = '{{ noreply_email_user }}'
+
+### GitLab user privileges
+# gitlab_rails['gitlab_username_changing_enabled'] = true
+gitlab_rails['gitlab_username_changing_enabled'] = false
+
+### Default Theme
+### Available values:
+##! `1`  for Indigo
+##! `2`  for Dark
+##! `3`  for Light
+##! `4`  for Blue
+##! `5`  for Green
+##! `6`  for Light Indigo
+##! `7`  for Light Blue
+##! `8`  for Light Green
+##! `9`  for Red
+##! `10` for Light Red
+# gitlab_rails['gitlab_default_theme'] = 2
+
+### Default project feature settings
+# gitlab_rails['gitlab_default_projects_features_issues'] = true
+# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
+# gitlab_rails['gitlab_default_projects_features_wiki'] = true
+# gitlab_rails['gitlab_default_projects_features_snippets'] = true
+# gitlab_rails['gitlab_default_projects_features_builds'] = true
+# gitlab_rails['gitlab_default_projects_features_container_registry'] = true
+
+gitlab_rails['gitlab_default_projects_features_issues'] = false
+gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
+gitlab_rails['gitlab_default_projects_features_wiki'] = false
+gitlab_rails['gitlab_default_projects_features_snippets'] = false
+gitlab_rails['gitlab_default_projects_features_builds'] = false
+gitlab_rails['gitlab_default_projects_features_container_registry'] = false
+
+### Automatic issue closing
+###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
+###! information about this pattern.
+# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"
+
+### Download location
+###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
+###! is created in the following directory.
+###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
+# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'
+
+### Gravatar Settings
+# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
+# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
+
+### Auxiliary jobs
+###! Periodically executed jobs, to self-heal Gitlab, do external
+###! synchronizations, etc.
+###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
+###!       https://docs.gitlab.com/ee/ci/yaml/README.html#artifactsexpire_in
+# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
+# gitlab_rails['expire_build_artifacts_worker_cron'] = "50 * * * *"
+# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
+# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
+# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
+# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
+# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
+# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
+# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
+# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
+# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
+# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
+# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
+# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
+# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
+# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
+# gitlab_rails['analytics_instance_statistics_count_job_trigger_worker_cron'] = "50 23 */1 * *"
+# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
+
+### Webhook Settings
+###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
+###! request (default: 10)
+# gitlab_rails['webhook_timeout'] = 10
+
+### GraphQL Settings
+###! Tells the rails application how long it has to complete a GraphQL request.
+###! We suggest this value to be higher than the database timeout value
+###! and lower than the worker timeout set in unicorn/puma. (default: 30)
+# gitlab_rails['graphql_timeout'] = 30
+
+### Trusted proxies
+###! Customize if you have GitLab behind a reverse proxy which is running on a
+###! different machine.
+###! **Add the IP address for your reverse proxy to the list, otherwise users
+###!   will appear signed in from that address.**
+# gitlab_rails['trusted_proxies'] = []
+
+### Content Security Policy
+####! Customize if you want to enable the Content-Security-Policy header, which
+####! can help thwart JavaScript cross-site scripting (XSS) attacks.
+####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+# gitlab_rails['content_security_policy'] = {
+#  'enabled' => false,
+#  'report_only' => false,
+#  # Each directive is a String (e.g. "'self'").
+#  'directives' => {
+#    'base_uri' => nil,
+#    'child_src' => nil,
+#    'connect_src' => nil,
+#    'default_src' => nil,
+#    'font_src' => nil,
+#    'form_action' => nil,
+#    'frame_ancestors' => nil,
+#    'frame_src' => nil,
+#    'img_src' => nil,
+#    'manifest_src' => nil,
+#    'media_src' => nil,
+#    'object_src' => nil,
+#    'script_src' => nil,
+#    'style_src' => nil,
+#    'worker_src' => nil,
+#    'report_uri' => nil,
+#  }
+# }
+
+### Monitoring settings
+###! IP whitelist controlling access to monitoring endpoints
+# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']
+###! Time between sampling of unicorn socket metrics, in seconds
+# gitlab_rails['monitoring_unicorn_sampler_interval'] = 10
+
+### Shutdown settings
+###! Defines an interval to block healthcheck,
+###! but continue accepting application requests.
+# gitlab_rails['shutdown_blackout_seconds'] = 10
+
+### Reply by email
+###! Allow users to comment on issues and merge requests by replying to
+###! notification emails.
+###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
+# gitlab_rails['incoming_email_enabled'] = true
+
+#### Incoming Email Address
+####! The email address including the `%{key}` placeholder that will be replaced
+####! to reference the item being replied to.
+####! **The placeholder can be omitted but if present, it must appear in the
+####!   "user" part of the address (before the `@`).**
+# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"
+
+#### Email account username
+####! **With third party providers, this is usually the full email address.**
+####! **With self-hosted email servers, this is usually the user part of the
+####!   email address.**
+# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"
+
+#### Email account password
+# gitlab_rails['incoming_email_password'] = "[REDACTED]"
+
+#### IMAP Settings
+# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
+# gitlab_rails['incoming_email_port'] = 993
+# gitlab_rails['incoming_email_ssl'] = true
+# gitlab_rails['incoming_email_start_tls'] = false
+
+#### Incoming Mailbox Settings (via `mail_room`)
+####! The mailbox where incoming mail will end up. Usually "inbox".
+# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
+####! The IDLE command timeout.
+# gitlab_rails['incoming_email_idle_timeout'] = 60
+####! The file name for internal `mail_room` JSON logfile
+# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
+####! Permanently remove messages from the mailbox when they are deleted after delivery
+# gitlab_rails['incoming_email_expunge_deleted'] = false
+
+####! The format of mail_room crash logs
+# mailroom['exit_log_format'] = "plain"
+
+### Consolidated (simplified) object storage configuration
+###! This uses a single credential for object storage with multiple buckets.
+###! It also enables Workhorse to upload files directly with its own S3 client
+###! instead of using pre-signed URLs.
+###!
+###! This configuration will only take effect if the object_store
+###! sections are not defined within the types. For example, enabling
+###! gitlab_rails['artifacts_object_store_enabled'] or
+###! gitlab_rails['lfs_object_store_enabled'] will prevent the
+###! consolidated settings from being used.
+###!
+###! Be sure to use different buckets for each type of object.
+###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
+gitlab_rails['object_store']['enabled'] = false
+gitlab_rails['object_store']['connection'] = {}
+gitlab_rails['object_store']['storage_options'] = {}
+gitlab_rails['object_store']['proxy_download'] = false
+gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
+gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
+gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
+gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
+gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
+gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
+gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
+gitlab_rails['object_store']['objects']['pages']['bucket'] = nil
+
+### Job Artifacts
+# gitlab_rails['artifacts_enabled'] = true
+# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
+####! Job artifacts Object Store
+####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
+# gitlab_rails['artifacts_object_store_enabled'] = false
+# gitlab_rails['artifacts_object_store_direct_upload'] = false
+# gitlab_rails['artifacts_object_store_background_upload'] = true
+# gitlab_rails['artifacts_object_store_proxy_download'] = false
+# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
+# gitlab_rails['artifacts_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'host' => 's3.amazonaws.com',
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+### External merge request diffs
+# gitlab_rails['external_diffs_enabled'] = false
+# gitlab_rails['external_diffs_when'] = nil
+# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
+# gitlab_rails['external_diffs_object_store_enabled'] = false
+# gitlab_rails['external_diffs_object_store_direct_upload'] = false
+# gitlab_rails['external_diffs_object_store_background_upload'] = false
+# gitlab_rails['external_diffs_object_store_proxy_download'] = false
+# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
+# gitlab_rails['external_diffs_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'host' => 's3.amazonaws.com',
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+### Git LFS
+# gitlab_rails['lfs_enabled'] = true
+# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
+# gitlab_rails['lfs_object_store_enabled'] = false
+# gitlab_rails['lfs_object_store_direct_upload'] = false
+# gitlab_rails['lfs_object_store_background_upload'] = true
+# gitlab_rails['lfs_object_store_proxy_download'] = false
+# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
+# gitlab_rails['lfs_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'host' => 's3.amazonaws.com',
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+### GitLab uploads
+###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
+# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
+# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
+# gitlab_rails['uploads_object_store_enabled'] = false
+# gitlab_rails['uploads_object_store_direct_upload'] = false
+# gitlab_rails['uploads_object_store_background_upload'] = true
+# gitlab_rails['uploads_object_store_proxy_download'] = false
+# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
+# gitlab_rails['uploads_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'host' => 's3.amazonaws.com',
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+### Terraform state
+###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
+# gitlab_rails['terraform_state_enabled'] = true
+# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
+# gitlab_rails['terraform_state_object_store_enabled'] = false
+# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
+# gitlab_rails['terraform_state_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'host' => 's3.amazonaws.com',
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+### GitLab Pages
+# gitlab_rails['pages_object_store_enabled'] = false
+# gitlab_rails['pages_object_store_remote_directory'] = "pages"
+# gitlab_rails['pages_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'host' => 's3.amazonaws.com',
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+### Impersonation settings
+# gitlab_rails['impersonation_enabled'] = true
+
+### Usage Statistics
+# gitlab_rails['usage_ping_enabled'] = true
+
+### Seat Link setting
+###! Docs: https://docs.gitlab.com/ee/subscriptions/index.html#seat-link
+# gitlab_rails['seat_link_enabled'] = true
+
+### GitLab Mattermost
+###! These settings are void if Mattermost is installed on the same omnibus
+###! install
+# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"
+
+### LDAP Settings
+###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
+###! **Be careful not to break the indentation in the ldap_servers block. It is
+###!   in yaml format and the spaces must be retained. Using tabs will not work.**
+
+# gitlab_rails['ldap_enabled'] = false
+# gitlab_rails['prevent_ldap_sign_in'] = false
+gitlab_rails['ldap_enabled'] = true
+
+
+###! **remember to close this block with 'EOS' below**
+# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
+#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
+#     label: 'LDAP'
+#     host: '_your_ldap_server'
+#     port: 389
+#     uid: 'sAMAccountName'
+#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+#     password: '_the_password_of_the_bind_user'
+#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+#     verify_certificates: true
+#     smartcard_auth: false
+#     active_directory: true
+#     allow_username_or_email_login: false
+#     lowercase_usernames: false
+#     block_auto_created_users: false
+#     base: ''
+#     user_filter: ''
+#     ## EE only
+#     group_base: ''
+#     admin_group: ''
+#     sync_ssh_keys: false
+#
+#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
+#     label: 'LDAP'
+#     host: '_your_ldap_server'
+#     port: 389
+#     uid: 'sAMAccountName'
+#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+#     password: '_the_password_of_the_bind_user'
+#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+#     verify_certificates: true
+#     smartcard_auth: false
+#     active_directory: true
+#     allow_username_or_email_login: false
+#     lowercase_usernames: false
+#     block_auto_created_users: false
+#     base: ''
+#     user_filter: ''
+#     ## EE only
+#     group_base: ''
+#     admin_group: ''
+#     sync_ssh_keys: false
+# EOS
+
+gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
+  main:
+    label: 'LDAP'
+    host: '{{ ldap_ip_ext }}'
+    port: 389
+    uid: 'uid'
+    method: 'plain'
+    bind_dn: '{{ ldap_readonly_bind_dn }}'
+    password: '{{ ldap_readonly_pass }}'
+    base: '{{ ldap_base_dn }}'
+    user_filter: '(&(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))'
+    attributes:
+      username: ['uid', 'cn']
+      email: ['mail', 'email']
+      name: 'cn'
+      first_name: 'givenName'
+      last_name: 'sn'
+EOS
+
+
+### Smartcard authentication settings
+###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
+# gitlab_rails['smartcard_enabled'] = false
+# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
+# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
+# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
+# gitlab_rails['smartcard_required_for_git_access'] = false
+# gitlab_rails['smartcard_san_extensions'] = false
+
+### OmniAuth Settings
+###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
+# gitlab_rails['omniauth_enabled'] = nil
+# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
+# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
+# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
+# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
+# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
+# gitlab_rails['omniauth_block_auto_created_users'] = true
+# gitlab_rails['omniauth_auto_link_ldap_user'] = false
+# gitlab_rails['omniauth_auto_link_saml_user'] = false
+# gitlab_rails['omniauth_auto_link_user'] = ['saml']
+# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
+# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
+# gitlab_rails['omniauth_providers'] = [
+#   {
+#     "name" => "google_oauth2",
+#     "app_id" => "YOUR APP ID",
+#     "app_secret" => "YOUR APP SECRET",
+#     "args" => { "access_type" => "offline", "approval_prompt" => "" }
+#   }
+# ]
+
+### Backup Settings
+###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html
+
+# gitlab_rails['manage_backup_path'] = true
+# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
+
+###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
+# gitlab_rails['backup_archive_permissions'] = 0644
+
+# gitlab_rails['backup_pg_schema'] = 'public'
+
+###! The duration in seconds to keep backups before they are allowed to be deleted
+# gitlab_rails['backup_keep_time'] = 604800
+
+# gitlab_rails['backup_upload_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AKIAKIAKI',
+#   'aws_secret_access_key' => 'secret123',
+#   # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
+#   'use_iam_profile' => false
+# }
+# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
+# gitlab_rails['backup_multipart_chunk_size'] = 104857600
+
+###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
+###!   backups**
+# gitlab_rails['backup_encryption'] = 'AES256'
+###! The encryption key to use with AWS Server-Side Encryption.
+###! Setting this value will enable Server-Side Encryption with customer provided keys;
+###!   otherwise S3-managed keys are used.
+# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'
+
+###! **Specifies Amazon S3 storage class to use for backups. Valid values
+###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
+# gitlab_rails['backup_storage_class'] = 'STANDARD'
+
+###! Skip parts of the backup. Comma separated.
+###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
+#gitlab_rails['env'] = {
+#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
+#}
+
+### Pseudonymizer Settings
+# gitlab_rails['pseudonymizer_manifest'] = 'config/pseudonymizer.yml'
+# gitlab_rails['pseudonymizer_upload_remote_directory'] = 'gitlab-elt'
+# gitlab_rails['pseudonymizer_upload_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AKIAKIAKI',
+#   'aws_secret_access_key' => 'secret123'
+# }
+
+
+### For setting up different data storing directory
+###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#storing-git-data-in-an-alternative-directory
+###! **If you want to use a single non-default directory to store git data use a
+###!   path that doesn't contain symlinks.**
+# git_data_dirs({
+#   "default" => {
+#     "path" => "/mnt/nfs-01/git-data"
+#    }
+# })
+
+### Gitaly settings
+# gitlab_rails['gitaly_token'] = 'secret token'
+
+### For storing GitLab application uploads, eg. LFS objects, build artifacts
+###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
+# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'
+
+### Wait for file system to be mounted
+###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-filesystem-is-mounted
+# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
+
+### GitLab Shell settings for GitLab
+# gitlab_rails['gitlab_shell_ssh_port'] = 22
+# gitlab_rails['gitlab_shell_git_timeout'] = 800
+gitlab_rails['gitlab_shell_ssh_port'] = 444
+
+### Extra customization
+# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
+# gitlab_rails['extra_piwik_url'] = '_your_piwik_url'
+# gitlab_rails['extra_piwik_site_id'] = '_your_piwik_site_id'
+
+##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
+# gitlab_rails['env'] = {
+#   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
+#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
+# }
+
+# gitlab_rails['rack_attack_git_basic_auth'] = {
+#   'enabled' => false,
+#   'ip_whitelist' => ["127.0.0.1"],
+#   'maxretry' => 10,
+#   'findtime' => 60,
+#   'bantime' => 3600
+# }
+
+###! **We do not recommend changing these directories.**
+# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
+# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"
+
+### GitLab application settings
+# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
+
+#### Change the initial default admin password and shared runner registration tokens.
+####! **Only applicable on initial setup, changing these settings after database
+####!   is created and seeded won't yield any change.**
+# gitlab_rails['initial_root_password'] = "password"
+# gitlab_rails['initial_shared_runners_registration_token'] = "token"
+
+#### Set path to an initial license to be used while bootstrapping GitLab.
+####! **Only applicable on initial setup, future license updations need to be done via UI.
+####! Updating the file specified in this path won't yield any change after the first reconfigure run.
+# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'
+
+#### Enable or disable automatic database migrations
+# gitlab_rails['auto_migrate'] = true
+
+#### This is advanced feature used by large gitlab deployments where loading
+#### whole RAILS env takes a lot of time.
+# gitlab_rails['rake_cache_clear'] = true
+
+### GitLab database settings
+###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
+###! **Only needed if you use an external database.**
+# gitlab_rails['db_adapter'] = "postgresql"
+# gitlab_rails['db_encoding'] = "unicode"
+# gitlab_rails['db_collation'] = nil
+# gitlab_rails['db_database'] = "gitlabhq_production"
+# gitlab_rails['db_username'] = "gitlab"
+# gitlab_rails['db_password'] = nil
+# gitlab_rails['db_host'] = nil
+# gitlab_rails['db_port'] = 5432
+# gitlab_rails['db_socket'] = nil
+# gitlab_rails['db_sslmode'] = nil
+# gitlab_rails['db_sslcompression'] = 0
+# gitlab_rails['db_sslrootcert'] = nil
+# gitlab_rails['db_sslcert'] = nil
+# gitlab_rails['db_sslkey'] = nil
+# gitlab_rails['db_prepared_statements'] = false
+# gitlab_rails['db_statements_limit'] = 1000
+# gitlab_rails['db_connect_timeout'] = nil
+
+
+### GitLab Redis settings
+###! Connect to your own Redis instance
+###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
+
+#### Redis TCP connection
+# gitlab_rails['redis_host'] = "127.0.0.1"
+# gitlab_rails['redis_port'] = 6379
+# gitlab_rails['redis_ssl'] = false
+# gitlab_rails['redis_password'] = nil
+# gitlab_rails['redis_database'] = 0
+# gitlab_rails['redis_enable_client'] = true
+
+#### Redis local UNIX socket (will be disabled if TCP method is used)
+# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"
+
+#### Sentinel support
+####! To have Sentinel working, you must enable Redis TCP connection support
+####! above and define a few Sentinel hosts below (to get a reliable setup
+####! at least 3 hosts).
+####! **You don't need to list every sentinel host, but the ones not listed will
+####!   not be used in a fail-over situation to query for the new master.**
+# gitlab_rails['redis_sentinels'] = [
+#   {'host' => '127.0.0.1', 'port' => 26379},
+# ]
+
+#### Separate instances support
+###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
+# gitlab_rails['redis_cache_instance'] = nil
+# gitlab_rails['redis_cache_sentinels'] = nil
+# gitlab_rails['redis_queues_instance'] = nil
+# gitlab_rails['redis_queues_sentinels'] = nil
+# gitlab_rails['redis_shared_state_instance'] = nil
+# gitlab_rails['redis_shared_sentinels'] = nil
+# gitlab_rails['redis_actioncable_instance'] = nil
+# gitlab_rails['redis_actioncable_sentinels'] = nil
+
+###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
+###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
+# gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+
+# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
+# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"
+
+################################################################################
+## Container Registry settings
+##! Docs: https://docs.gitlab.com/ee/administration/container_registry.html
+################################################################################
+
+registry_external_url 'https://{{ domain_registry }}'
+
+### Settings used by GitLab application
+# gitlab_rails['registry_enabled'] = true
+# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
+# gitlab_rails['registry_port'] = "5005"
+# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"
+gitlab_rails['registry_enabled'] = true
+
+# Notification secret, it's used to authenticate notification requests to GitLab application
+# You only need to change this when you use external Registry service, otherwise
+# it will be taken directly from notification settings of your Registry
+# gitlab_rails['registry_notification_secret'] = nil
+
+###! **Do not change the following 3 settings unless you know what you are
+###!   doing**
+# gitlab_rails['registry_api_url'] = "http://localhost:5000"
+# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
+# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"
+
+### Settings used by Registry application
+registry['enable'] = true
+# registry['username'] = "registry"
+# registry['group'] = "registry"
+# registry['uid'] = nil
+# registry['gid'] = nil
+# registry['dir'] = "/var/opt/gitlab/registry"
+# registry['registry_http_addr'] = "localhost:5000"
+# registry['debug_addr'] = "localhost:5001"
+# registry['log_directory'] = "/var/log/gitlab/registry"
+# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
+# registry['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+# registry['log_level'] = "info"
+# registry['log_formatter'] = "text"
+# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
+# registry['health_storagedriver_enabled'] = true
+# registry['storage_delete_enabled'] = true
+# registry['validation_enabled'] = false
+# registry['autoredirect'] = false
+# registry['compatibility_schema1_enabled'] = false
+
+### Registry backend storage
+###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
+# registry['storage'] = {
+#   's3' => {
+#     'accesskey' => 's3-access-key',
+#     'secretkey' => 's3-secret-key-for-access-key',
+#     'bucket' => 'your-s3-bucket',
+#     'region' => 'your-s3-region',
+#     'regionendpoint' => 'your-s3-regionendpoint'
+#   },
+#   'redirect' => {
+#     'disable' => false
+#   }
+# }
+
+### Registry notifications endpoints
+# registry['notifications'] = [
+#   {
+#     'name' => 'test_endpoint',
+#     'url' => 'https://gitlab.example.com/notify2',
+#     'timeout' => '500ms',
+#     'threshold' => 5,
+#     'backoff' => '1s',
+#     'headers' => {
+#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
+#     }
+#   }
+# ]
+### Default registry notifications
+# registry['default_notifications_timeout'] = "500ms"
+# registry['default_notifications_threshold'] = 5
+# registry['default_notifications_backoff'] = "1s"
+# registry['default_notifications_headers'] = {}
+
+################################################################################
+## Error Reporting and Logging with Sentry
+################################################################################
+# gitlab_rails['sentry_enabled'] = false
+# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
+# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
+# gitlab_rails['sentry_environment'] = 'production'
+
+################################################################################
+## CI_JOB_JWT
+################################################################################
+##! RSA private key used to sign CI_JOB_JWT
+# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.
+
+################################################################################
+## GitLab Workhorse
+##! Docs: https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md
+################################################################################
+
+# gitlab_workhorse['enable'] = true
+# gitlab_workhorse['ha'] = false
+# gitlab_workhorse['listen_network'] = "unix"
+# gitlab_workhorse['listen_umask'] = 000
+# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
+# gitlab_workhorse['auth_backend'] = "http://localhost:8080"
+
+##! the empty string is the default in gitlab-workhorse option parser
+# gitlab_workhorse['auth_socket'] = "''"
+
+##! put an empty string on the command line
+# gitlab_workhorse['pprof_listen_addr'] = "''"
+
+# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"
+
+# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
+# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
+# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"
+
+##! limit number of concurrent API requests, defaults to 0 which is unlimited
+# gitlab_workhorse['api_limit'] = 0
+
+##! limit number of API requests allowed to be queued, defaults to 0 which
+##! disables queuing
+# gitlab_workhorse['api_queue_limit'] = 0
+
+##! duration after which we timeout requests if they sit too long in the queue
+# gitlab_workhorse['api_queue_duration'] = "30s"
+
+##! Long polling duration for job requesting for runners
+# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"
+
+##! Log format: default is json, can also be text or none.
+# gitlab_workhorse['log_format'] = "json"
+
+# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
+# gitlab_workhorse['env'] = {
+#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+
+################################################################################
+## GitLab User Settings
+##! Modify default git user.
+##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#changing-the-name-of-the-git-user-group
+################################################################################
+
+# user['username'] = "git"
+# user['group'] = "git"
+# user['uid'] = nil
+# user['gid'] = nil
+
+##! The shell for the git user
+# user['shell'] = "/bin/sh"
+
+##! The home directory for the git user
+# user['home'] = "/var/opt/gitlab"
+
+# user['git_user_name'] = "GitLab"
+# user['git_user_email'] = "gitlab@#{node['fqdn']}"
+
+################################################################################
+## GitLab Unicorn
+##! Tweak unicorn settings.
+##! Docs: https://docs.gitlab.com/omnibus/settings/unicorn.html
+################################################################################
+
+# unicorn['enable'] = false
+# unicorn['worker_timeout'] = 60
+###! Minimum worker_processes is 2 at this moment
+###! See https://gitlab.com/gitlab-org/gitlab-foss/issues/18771
+# unicorn['worker_processes'] = 2
+
+### Advanced settings
+# unicorn['listen'] = 'localhost'
+# unicorn['port'] = 8080
+# unicorn['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
+# unicorn['pidfile'] = '/opt/gitlab/var/unicorn/unicorn.pid'
+# unicorn['tcp_nopush'] = true
+# unicorn['backlog_socket'] = 1024
+
+###! **Make sure somaxconn is equal or higher then backlog_socket**
+# unicorn['somaxconn'] = 1024
+
+###! **We do not recommend changing this setting**
+# unicorn['log_directory'] = "/var/log/gitlab/unicorn"
+
+### **Only change these settings if you understand well what they mean**
+###! Docs: https://docs.gitlab.com/ee/administration/operations/unicorn.html#unicorn-worker-killer
+###!       https://github.com/kzk/unicorn-worker-killer
+# unicorn['worker_memory_limit_min'] = "1024 * 1 << 20"
+# unicorn['worker_memory_limit_max'] = "1280 * 1 << 20"
+
+# unicorn['exporter_enabled'] = false
+# unicorn['exporter_address'] = "127.0.0.1"
+# unicorn['exporter_port'] = 8083
+
+################################################################################
+## GitLab Puma
+##! Tweak puma settings. You should only use Unicorn or Puma, not both.
+##! Docs: https://docs.gitlab.com/omnibus/settings/puma.html
+################################################################################
+
+# puma['enable'] = true
+# puma['ha'] = false
+# puma['worker_timeout'] = 60
+# puma['worker_processes'] = 2
+# puma['min_threads'] = 4
+# puma['max_threads'] = 4
+
+### Advanced settings
+# puma['listen'] = '127.0.0.1'
+# puma['port'] = 8080
+# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
+# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
+# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'
+
+###! **We do not recommend changing this setting**
+# puma['log_directory'] = "/var/log/gitlab/puma"
+
+### **Only change these settings if you understand well what they mean**
+###! Docs: https://github.com/schneems/puma_worker_killer
+# puma['per_worker_max_memory_mb'] = 850
+
+# puma['exporter_enabled'] = false
+# puma['exporter_address'] = "127.0.0.1"
+# puma['exporter_port'] = 8083
+
+################################################################################
+## GitLab Sidekiq
+################################################################################
+
+##! GitLab allows one to start multiple sidekiq processes. These
+##! processes can be used to consume a dedicated set of queues. This
+##! can be used to ensure certain queues are able to handle additional workload.
+##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html
+
+# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
+# sidekiq['log_format'] = "json"
+# sidekiq['shutdown_timeout'] = 4
+# sidekiq['cluster'] = true
+# sidekiq['experimental_queue_selector'] = false
+# sidekiq['interval'] = nil
+# sidekiq['max_concurrency'] = 50
+# sidekiq['min_concurrency'] = nil
+
+##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
+##! Sidekiq process. Multiple queues can be processed by the same process by
+##! separating them with a comma within the group entry, a `*` will process all queues
+
+# sidekiq['queue_groups'] = ['*']
+
+##! If negate is enabled then sidekiq-cluster will process all the queues that
+##! don't match those in queue_groups.
+
+# sidekiq['negate'] = false
+
+# sidekiq['metrics_enabled'] = true
+# sidekiq['exporter_log_enabled'] = false
+# sidekiq['listen_address'] = "localhost"
+# sidekiq['listen_port'] = 8082
+
+################################################################################
+## gitlab-shell
+################################################################################
+
+# gitlab_shell['audit_usernames'] = false
+# gitlab_shell['log_level'] = 'INFO'
+# gitlab_shell['log_format'] = 'json'
+# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs', self_signed_cert: false}
+# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"
+# gitlab_shell['custom_hooks_dir'] = "/opt/gitlab/embedded/service/gitlab-shell/hooks"
+
+# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"
+
+### Migration to Go feature flags
+###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
+# gitlab_shell['migration'] = { enabled: true, features: [] }
+
+### Git trace log file.
+###! If set, git commands receive GIT_TRACE* environment variables
+###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
+###! An absolute path starting with / – the trace output will be appended to
+###! that file. It needs to exist so we can check permissions and avoid
+###! throwing warnings to the users.
+# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"
+
+##! **We do not recommend changing this directory.**
+# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"
+
+################################################################
+## GitLab PostgreSQL
+################################################################
+
+###! Changing any of these settings requires a restart of postgresql.
+###! By default, reconfigure reloads postgresql if it is running. If you
+###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
+###! after reconfigure in order for the changes to take effect.
+# postgresql['enable'] = true
+# postgresql['listen_address'] = nil
+# postgresql['port'] = 5432
+
+## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other
+## cluster members. This port is used by Patroni to advertize the PostgreSQL connection
+## endpoint to the cluster. By default it is the same as postgresql['port'].
+# postgresql['connect_port'] = 5432
+
+# postgresql['data_dir'] = "/var/opt/gitlab/postgresql/data"
+
+##! **recommend value is 1/4 of total RAM, up to 14GB.**
+# postgresql['shared_buffers'] = "256MB"
+
+### Advanced settings
+# postgresql['ha'] = false
+# postgresql['dir'] = "/var/opt/gitlab/postgresql"
+# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
+# postgresql['log_destination'] = nil
+# postgresql['logging_collector'] = nil
+# postgresql['log_truncate_on_rotation'] = nil
+# postgresql['log_rotation_age'] = nil
+# postgresql['log_rotation_size'] = nil
+# postgresql['username'] = "gitlab-psql"
+# postgresql['group'] = "gitlab-psql"
+##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
+# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
+# postgresql['uid'] = nil
+# postgresql['gid'] = nil
+# postgresql['shell'] = "/bin/sh"
+# postgresql['home'] = "/var/opt/gitlab/postgresql"
+# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
+# postgresql['sql_user'] = "gitlab"
+# postgresql['max_connections'] = 200
+# postgresql['md5_auth_cidr_addresses'] = []
+# postgresql['trust_auth_cidr_addresses'] = []
+# postgresql['wal_buffers'] = "-1"
+# postgresql['autovacuum_max_workers'] = "3"
+# postgresql['autovacuum_freeze_max_age'] = "200000000"
+# postgresql['log_statement'] = nil
+# postgresql['track_activity_query_size'] = "1024"
+# postgresql['shared_preload_libraries'] = nil
+# postgresql['dynamic_shared_memory_type'] = nil
+# postgresql['hot_standby'] = "off"
+
+### SSL settings
+# See https://www.postgresql.org/docs/11/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
+# postgresql['ssl'] = 'on'
+# postgresql['hostssl'] = false
+# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
+# postgresql['ssl_cert_file'] = 'server.crt'
+# postgresql['ssl_key_file'] = 'server.key'
+# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
+# postgresql['ssl_crl_file'] = nil
+# postgresql['cert_auth_addresses'] = {
+#   'ADDRESS' => {
+#     database: 'gitlabhq_production',
+#     user: 'gitlab'
+#   }
+# }
+
+### Replication settings
+###! Note, some replication settings do not require a full restart. They are documented below.
+# postgresql['wal_level'] = "hot_standby"
+# postgresql['wal_log_hints'] = 'off'
+# postgresql['max_wal_senders'] = 5
+# postgresql['max_replication_slots'] = 0
+# postgresql['max_locks_per_transaction'] = 128
+
+# Backup/Archive settings
+# postgresql['archive_mode'] = "off"
+
+###! Changing any of these settings only requires a reload of postgresql. You do not need to
+###! restart postgresql if you change any of these and run reconfigure.
+# postgresql['work_mem'] = "16MB"
+# postgresql['maintenance_work_mem'] = "16MB"
+# postgresql['checkpoint_segments'] = 10
+# postgresql['checkpoint_timeout'] = "5min"
+# postgresql['checkpoint_completion_target'] = 0.9
+# postgresql['effective_io_concurrency'] = 1
+# postgresql['checkpoint_warning'] = "30s"
+# postgresql['effective_cache_size'] = "1MB"
+# postgresql['shmmax'] =  17179869184 # or 4294967295
+# postgresql['shmall'] =  4194304 # or 1048575
+# postgresql['autovacuum'] = "on"
+# postgresql['log_autovacuum_min_duration'] = "-1"
+# postgresql['autovacuum_naptime'] = "1min"
+# postgresql['autovacuum_vacuum_threshold'] = "50"
+# postgresql['autovacuum_analyze_threshold'] = "50"
+# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
+# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
+# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
+# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
+# postgresql['statement_timeout'] = "60000"
+# postgresql['idle_in_transaction_session_timeout'] = "60000"
+# postgresql['log_line_prefix'] = "%a"
+# postgresql['max_worker_processes'] = 8
+# postgresql['max_parallel_workers_per_gather'] = 0
+# postgresql['log_lock_waits'] = 1
+# postgresql['deadlock_timeout'] = '5s'
+# postgresql['track_io_timing'] = 0
+# postgresql['default_statistics_target'] = 1000
+
+### Available in PostgreSQL 9.6 and later
+# postgresql['min_wal_size'] = 80MB
+# postgresql['max_wal_size'] = 1GB
+
+# Backup/Archive settings
+# postgresql['archive_command'] = nil
+# postgresql['archive_timeout'] = "0"
+
+### Replication settings
+# postgresql['sql_replication_user'] = "gitlab_replicator"
+# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
+# postgresql['wal_keep_segments'] = 10
+# postgresql['max_standby_archive_delay'] = "30s"
+# postgresql['max_standby_streaming_delay'] = "30s"
+# postgresql['synchronous_commit'] = on
+# postgresql['synchronous_standby_names'] = ''
+# postgresql['hot_standby_feedback'] = 'off'
+# postgresql['random_page_cost'] = 2.0
+# postgresql['log_temp_files'] = -1
+# postgresql['log_checkpoints'] = 'off'
+# To add custom entries to pg_hba.conf use the following
+# postgresql['custom_pg_hba_entries'] = {
+#   APPLICATION: [ # APPLICATION should identify what the settings are used for
+#     {
+#       type: example,
+#       database: example,
+#       user: example,
+#       cidr: example,
+#       method: example,
+#       option: example
+#     }
+#   ]
+# }
+# See https://www.postgresql.org/docs/11/static/auth-pg-hba-conf.html for an explanation
+# of the values
+
+### Version settings
+# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
+# postgresql['version'] = 10
+
+################################################################################
+## GitLab Redis
+##! **Can be disabled if you are using your own Redis instance.**
+##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
+################################################################################
+
+# redis['enable'] = true
+# redis['ha'] = false
+# redis['hz'] = 10
+# redis['dir'] = "/var/opt/gitlab/redis"
+# redis['log_directory'] = "/var/log/gitlab/redis"
+# redis['username'] = "gitlab-redis"
+# redis['group'] = "gitlab-redis"
+# redis['maxclients'] = "10000"
+# redis['maxmemory'] = "0"
+# redis['maxmemory_policy'] = "noeviction"
+# redis['maxmemory_samples'] = "5"
+# redis['tcp_backlog'] = 511
+# redis['tcp_timeout'] = "60"
+# redis['tcp_keepalive'] = "300"
+# redis['uid'] = nil
+# redis['gid'] = nil
+
+### Disable or obfuscate unnecessary redis command names
+### Uncomment and edit this block to add or remove entries.
+### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
+### for detailed usage
+###
+# redis['rename_commands'] = {
+#   'KEYS': ''
+#}
+#
+
+###! **To enable only Redis service in this machine, uncomment
+###!   one of the lines below (choose master or replica instance types).**
+###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
+###!       https://docs.gitlab.com/ee/administration/high_availability/redis.html
+# redis_master_role['enable'] = true
+# redis_replica_role['enable'] = true
+
+### Redis TCP support (will disable UNIX socket transport)
+# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
+# redis['port'] = 6379
+# redis['password'] = 'redis-password-goes-here'
+
+### Redis Sentinel support
+###! **You need a master replica Redis replication to be able to do failover**
+###! **Please read the documentation before enabling it to understand the
+###!   caveats:**
+###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
+
+### Replication support
+#### Replica Redis instance
+# redis['master'] = false # by default this is true
+
+#### Replica and Sentinel shared configuration
+####! **Both need to point to the master Redis instance to get replication and
+####!   heartbeat monitoring**
+# redis['master_name'] = 'gitlab-redis'
+# redis['master_ip'] = nil
+# redis['master_port'] = 6379
+
+#### Support to run redis replicas in a Docker or NAT environment
+####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
+# redis['announce_ip'] = nil
+# redis['announce_port'] = nil
+
+####! **Master password should have the same value defined in
+####!   redis['password'] to enable the instance to transition to/from
+####!   master/replica in a failover event.**
+# redis['master_password'] = 'redis-password-goes-here'
+
+####! Increase these values when your replicas can't catch up with master
+# redis['client_output_buffer_limit_normal'] = '0 0 0'
+# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
+# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'
+
+#####! Redis snapshotting frequency
+#####! Set to [] to disable
+#####! Set to [''] to clear previously set values
+# redis['save'] = [ '900 1', '300 10', '60 10000' ]
+
+#####! Redis lazy freeing
+#####! Defaults to false
+# redis['lazyfree_lazy_eviction'] = true
+# redis['lazyfree_lazy_expire'] = true
+# redis['lazyfree_lazy_server_del'] = true
+# redis['replica_lazy_flush'] = true
+
+################################################################################
+## GitLab Web server
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
+################################################################################
+
+##! When bundled nginx is disabled we need to add the external webserver user to
+##! the GitLab webserver group.
+# web_server['external_users'] = []
+# web_server['username'] = 'gitlab-www'
+# web_server['group'] = 'gitlab-www'
+# web_server['uid'] = nil
+# web_server['gid'] = nil
+# web_server['shell'] = '/bin/false'
+# web_server['home'] = '/var/opt/gitlab/nginx'
+
+################################################################################
+## GitLab NGINX
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
+################################################################################
+
+# nginx['enable'] = true
+# nginx['client_max_body_size'] = '250m'
+# nginx['redirect_http_to_https'] = false
+# nginx['redirect_http_to_https_port'] = 80
+
+##! Most root CA's are included by default
+# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
+
+##! enable/disable 2-way SSL client authentication
+# nginx['ssl_verify_client'] = "off"
+
+##! if ssl_verify_client on, verification depth in the client certificates chain
+# nginx['ssl_verify_depth'] = "1"
+
+# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
+# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
+# nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
+# nginx['ssl_prefer_server_ciphers'] = "on"
+
+##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+##!                   https://cipherli.st/**
+# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"
+
+##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
+# nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m"
+
+##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
+# nginx['ssl_session_timeout'] = "5m"
+
+# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
+# nginx['listen_addresses'] = ['*', '[::]']
+
+##! **Defaults to forcing web browsers to always communicate using only HTTPS**
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
+# nginx['hsts_max_age'] = 31536000
+# nginx['hsts_include_subdomains'] = false
+
+##! Defaults to stripping path information when making cross-origin requests
+# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'
+
+##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
+# nginx['gzip_enabled'] = true
+
+##! **Override only if you use a reverse proxy**
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
+# nginx['listen_port'] = nil
+nginx['listen_port'] = 80
+
+##! **Override only if your reverse proxy internally communicates over HTTP**
+##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
+# nginx['listen_https'] = nil
+nginx['listen_https'] = false
+
+# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
+# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
+# nginx['proxy_read_timeout'] = 3600
+# nginx['proxy_connect_timeout'] = 300
+# nginx['proxy_set_headers'] = {
+#  "Host" => "$http_host_with_default",
+#  "X-Real-IP" => "$remote_addr",
+#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
+#  "X-Forwarded-Proto" => "https",
+#  "X-Forwarded-Ssl" => "on",
+#  "Upgrade" => "$http_upgrade",
+#  "Connection" => "$connection_upgrade"
+# }
+nginx['proxy_set_headers'] = {
+  "Host" => "$http_host",
+  "X-Real-IP" => "$remote_addr",
+  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
+  "X-Forwarded-Proto" => "https",
+  "X-Forwarded-Ssl" => "on"
+}
+
+# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
+# nginx['proxy_cache'] = 'gitlab'
+# nginx['http2_enabled'] = true
+# nginx['real_ip_trusted_addresses'] = []
+# nginx['real_ip_header'] = nil
+# nginx['real_ip_recursive'] = nil
+# nginx['custom_error_pages'] = {
+#   '404' => {
+#     'title' => 'Example title',
+#     'header' => 'Example header',
+#     'message' => 'Example message'
+#   }
+# }
+
+### Advanced settings
+# nginx['dir'] = "/var/opt/gitlab/nginx"
+# nginx['log_directory'] = "/var/log/gitlab/nginx"
+# nginx['worker_processes'] = 4
+# nginx['worker_connections'] = 10240
+# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
+# nginx['sendfile'] = 'on'
+# nginx['tcp_nopush'] = 'on'
+# nginx['tcp_nodelay'] = 'on'
+# nginx['gzip'] = "on"
+# nginx['gzip_http_version'] = "1.0"
+# nginx['gzip_comp_level'] = "2"
+# nginx['gzip_proxied'] = "any"
+# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
+# nginx['keepalive_timeout'] = 65
+# nginx['cache_max_size'] = '5000m'
+# nginx['server_names_hash_bucket_size'] = 64
+##! These paths have proxy_request_buffering disabled
+# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"
+
+### Nginx status
+# nginx['status'] = {
+#  "enable" => true,
+#  "listen_addresses" => ["127.0.0.1"],
+#  "fqdn" => "dev.example.com",
+#  "port" => 9999,
+#  "vts_enable" => true,
+#  "options" => {
+#    "server_tokens" => "off", # Don't show the version of NGINX
+#    "access_log" => "off", # Disable logs for stats
+#    "allow" => "127.0.0.1", # Only allow access from localhost
+#    "deny" => "all" # Deny access to anyone else
+#  }
+# }
+
+################################################################################
+## GitLab Logging
+##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
+################################################################################
+
+# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
+logging['svlogd_size'] = 200 * 1024 * 1024
+# logging['svlogd_num'] = 30 # keep 30 rotated log files
+logging['svlogd_num'] = 30
+# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
+logging['svlogd_timeout'] = 24 * 60 * 60
+# logging['svlogd_filter'] = "gzip" # compress logs with gzip
+logging['svlogd_filter'] = "gzip"
+# logging['svlogd_udp'] = nil # transmit log messages via UDP
+# logging['svlogd_prefix'] = nil # custom prefix for log messages
+# logging['logrotate_frequency'] = "daily" # rotate logs daily
+logging['logrotate_frequency'] = "daily"
+# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
+logging['logrotate_maxsize'] = "200M"
+# logging['logrotate_size'] = nil # do not rotate by size by default
+logging['logrotate_size'] = "50M"
+# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
+logging['logrotate_rotate'] = 30
+# logging['logrotate_compress'] = "compress" # see 'man logrotate'
+logging['logrotate_compress'] = "compress"
+# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
+logging['logrotate_method'] = "copytruncate"
+# logging['logrotate_postrotate'] = nil # no postrotate command by default
+# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz
+
+### UDP log forwarding
+##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding
+
+##! remote host to ship log messages to via UDP
+# logging['udp_log_shipping_host'] = nil
+
+##! override the hostname used when logs are shipped via UDP,
+##  by default the system hostname will be used.
+# logging['udp_log_shipping_hostname'] = nil
+
+##! remote port to ship log messages to via UDP
+# logging['udp_log_shipping_port'] = 514
+
+################################################################################
+## Logrotate
+##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
+##! You can disable built in logrotate feature.
+################################################################################
+logrotate['enable'] = true
+# logrotate['log_directory'] = "/var/log/gitlab/logrotate"
+
+################################################################################
+## Users and groups accounts
+##! Disable management of users and groups accounts.
+##! **Set only if creating accounts manually**
+##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
+################################################################################
+
+# manage_accounts['enable'] = false
+
+################################################################################
+## Storage directories
+##! Disable managing storage directories
+##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
+################################################################################
+
+##! **Set only if the select directories are created manually**
+# manage_storage_directories['enable'] = false
+# manage_storage_directories['manage_etc'] = false
+
+################################################################################
+## Runtime directory
+##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
+################################################################################
+
+# runtime_dir '/run'
+
+################################################################################
+## Git
+##! Advanced setting for configuring git system settings for omnibus-gitlab
+##! internal git
+################################################################################
+
+##! For multiple options under one header use array of comma separated values,
+##! eg.:
+##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
+
+# omnibus_gitconfig['system'] = {
+#  "pack" => ["threads = 1", "useSparse = true"],
+#  "receive" => ["fsckObjects = true", "advertisePushOptions = true"],
+#  "repack" => ["writeBitmaps = true"],
+#  "transfer" => ["hideRefs=^refs/tmp/", "hideRefs=^refs/keep-around/", "hideRefs=^refs/remotes/"],
+#  "core" => [
+#    'alternateRefsCommand="exit 0 #"',
+#    "fsyncObjectFiles = true"
+#  ],
+#  "fetch" => ["writeCommitGraph = true"]
+# }
+
+################################################################################
+## GitLab Pages
+##! Docs: https://docs.gitlab.com/ee/pages/administration.html
+################################################################################
+
+##! Define to enable GitLab Pages
+# pages_external_url "http://pages.example.com/"
+# gitlab_pages['enable'] = false
+
+##! Configure to expose GitLab Pages on external IP address, serving the HTTP
+# gitlab_pages['external_http'] = []
+
+##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
+# gitlab_pages['external_https'] = []
+
+##! Configure to use the default list of cipher suites
+# gitlab_pages['insecure_ciphers'] = false
+
+##! Configure to enable health check endpoint on GitLab Pages
+# gitlab_pages['status_uri'] = "/@status"
+
+##! Tune the maximum number of concurrent connections GitLab Pages will handle.
+##! This should be in the range 1 - 10000, defaulting to 5000.
+# gitlab_pages['max_connections'] = 5000
+
+##! Configure to use JSON structured logging in GitLab Pages
+# gitlab_pages['log_format'] = "json"
+
+##! Configure verbose logging for GitLab Pages
+# gitlab_pages['log_verbose'] = false
+
+##! Error Reporting and Logging with Sentry
+# gitlab_pages['sentry_enabled'] = false
+# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
+# gitlab_pages['sentry_environment'] = 'production'
+
+##! Listen for requests forwarded by reverse proxy
+# gitlab_pages['listen_proxy'] = "localhost:8090"
+
+# gitlab_pages['redirect_http'] = true
+# gitlab_pages['use_http2'] = true
+# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
+# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"
+
+# gitlab_pages['artifacts_server'] = true
+# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
+# gitlab_pages['artifacts_server_timeout'] = 10
+
+##! Environments that do not support bind-mounting should set this parameter to
+##! true. This is incompatible with the artifacts server
+# gitlab_pages['inplace_chroot'] = false
+
+##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
+# gitlab_pages['metrics_address'] = ":9235"
+
+##! Specifies the minimum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
+# gitlab_pages['tls_min_version'] = "ssl3"
+
+##! Specifies the maximum SSL/TLS version ("ssl3", "tls1.0", "tls1.1" or "tls1.2")
+# gitlab_pages['tls_max_version'] = "tls1.2"
+
+##! Pages access control
+# gitlab_pages['access_control'] = false
+# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
+# gitlab_pages['gitlab_secret'] = nil # Generated if not present
+# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
+# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
+# gitlab_pages['internal_gitlab_server'] = nil # defaults to gitlab_server, can be changed to internal load balancer
+# gitlab_pages['auth_secret'] = nil # Generated if not present
+
+##! GitLab API HTTP client connection timeout
+# gitlab_pages['gitlab_client_http_timeout'] = "10s"
+
+##! GitLab API JWT Token expiry time
+# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"
+
+##! Domain configuration source, defaults to disk if set to nil
+# gitlab_pages['domain_config_source'] = nil
+
+##! Define custom gitlab-pages HTTP headers for the whole instance
+# gitlab_pages['headers'] = []
+
+##! Shared secret used for authentication between Pages and GitLab
+# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
+
+# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
+# gitlab_pages['env'] = {
+#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
+# }
+
+################################################################################
+## GitLab Pages NGINX
+################################################################################
+
+# All the settings defined in the "GitLab Nginx" section are also available in
+# this "GitLab Pages NGINX" section, using the key `pages_nginx`.  However,
+# those settings should be explicitly set. That is, settings given as
+# `nginx['some_setting']` WILL NOT be automatically replicated as
+# `pages_nginx['some_setting']` and should be set separately.
+
+# Below you can find settings that are exclusive to "GitLab Pages NGINX"
+# pages_nginx['enable'] = false
+
+# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"
+
+################################################################################
+## GitLab CI
+##! Docs: https://docs.gitlab.com/ee/ci/quick_start/README.html
+################################################################################
+
+# gitlab_ci['gitlab_ci_all_broken_builds'] = true
+# gitlab_ci['gitlab_ci_add_pusher'] = true
+# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'
+
+################################################################################
+## GitLab Kubernetes Agent Server
+##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
+################################################################################
+
+##! Enable GitLab KAS
+# gitlab_kas['enable'] = true
+
+##! Agent configuration for GitLab KAS
+# gitlab_kas['agent_configuration_poll_period'] = 20
+# gitlab_kas['agent_gitops_poll_period'] = 20
+# gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300
+# gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60
+# gitlab_kas['agent_info_cache_ttl'] = 300
+# gitlab_kas['agent_info_cache_error_ttl'] = 60
+
+##! Shared secret used for authentication between KAS and GitLab
+# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.
+
+##! Listen configuration for GitLab KAS
+# gitlab_kas['listen_address'] = 'localhost:8150'
+# gitlab_kas['listen_network'] = 'tcp'
+# gitlab_kas['listen_websocket'] = true
+
+##! Metrics configuration for GitLab KAS
+# gitlab_kas['metrics_usage_reporting_period'] = 60
+
+##! Directories for GitLab KAS
+# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
+# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
+# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'
+
+################################################################################
+## GitLab Mattermost
+##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
+################################################################################
+
+# mattermost_external_url 'http://mattermost.example.com'
+
+# mattermost['enable'] = false
+mattermost['enable'] = false
+# mattermost['username'] = 'mattermost'
+# mattermost['group'] = 'mattermost'
+# mattermost['uid'] = nil
+# mattermost['gid'] = nil
+# mattermost['home'] = '/var/opt/gitlab/mattermost'
+# mattermost['database_name'] = 'mattermost_production'
+# mattermost['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+# mattermost['service_address'] = "127.0.0.1"
+# mattermost['service_port'] = "8065"
+# mattermost['service_site_url'] = nil
+# mattermost['service_allowed_untrusted_internal_connections'] = ""
+# mattermost['service_enable_api_team_deletion'] = true
+# mattermost['team_site_name'] = "GitLab Mattermost"
+# mattermost['sql_driver_name'] = 'mysql'
+# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
+# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
+# mattermost['gitlab_enable'] = false
+# mattermost['gitlab_id'] = "12345656"
+# mattermost['gitlab_secret'] = "123456789"
+# mattermost['gitlab_scope'] = ""
+# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
+# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
+# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
+# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
+# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
+# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"
+
+################################################################################
+## Mattermost NGINX
+################################################################################
+
+# All the settings defined in the "GitLab Nginx" section are also available in
+# this "Mattermost NGINX" section, using the key `mattermost_nginx`.  However,
+# those settings should be explicitly set. That is, settings given as
+# `nginx['some_setting']` WILL NOT be automatically replicated as
+# `mattermost_nginx['some_setting']` and should be set separately.
+
+# Below you can find settings that are exclusive to "Mattermost NGINX"
+# mattermost_nginx['enable'] = false
+
+# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
+# mattermost_nginx['proxy_set_headers'] = {
+#   "Host" => "$http_host",
+#   "X-Real-IP" => "$remote_addr",
+#   "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
+#   "X-Frame-Options" => "SAMEORIGIN",
+#   "X-Forwarded-Proto" => "https",
+#   "X-Forwarded-Ssl" => "on",
+#   "Upgrade" => "$http_upgrade",
+#   "Connection" => "$connection_upgrade"
+# }
+
+
+################################################################################
+## Registry NGINX
+################################################################################
+
+# All the settings defined in the "GitLab Nginx" section are also available in
+# this "Registry NGINX" section, using the key `registry_nginx`.  However, those
+# settings should be explicitly set. That is, settings given as
+# `nginx['some_setting']` WILL NOT be automatically replicated as
+# `registry_nginx['some_setting']` and should be set separately.
+
+# Below you can find settings that are exclusive to "Registry NGINX"
+# registry_nginx['enable'] = false
+registry_nginx['enable'] = true
+
+# registry_nginx['proxy_set_headers'] = {
+#  "Host" => "$http_host",
+#  "X-Real-IP" => "$remote_addr",
+#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
+#  "X-Forwarded-Proto" => "https",
+#  "X-Forwarded-Ssl" => "on"
+# }
+
+# When the registry is automatically enabled using the same domain as `external_url`,
+# it listens on this port
+# registry_nginx['listen_port'] = 5050
+
+registry_nginx['listen_port'] = 5005
+registry_nginx['listen_https'] = false
+
+registry_nginx['proxy_set_headers'] = {
+  "Host" => "$http_host",
+  "X-Real-IP" => "$remote_addr",
+  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
+  "X-Forwarded-Proto" => "https",
+  "X-Forwarded-Ssl" => "on"
+}
+
+################################################################################
+## Prometheus
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/
+################################################################################
+
+###! **To enable only Monitoring service in this machine, uncomment
+###!   the line below.**
+###! Docs: https://docs.gitlab.com/ee/administration/high_availability
+# monitoring_role['enable'] = true
+
+# prometheus['enable'] = true
+prometheus['enable'] = false
+# prometheus['monitor_kubernetes'] = true
+# prometheus['username'] = 'gitlab-prometheus'
+# prometheus['group'] = 'gitlab-prometheus'
+# prometheus['uid'] = nil
+# prometheus['gid'] = nil
+# prometheus['shell'] = '/bin/sh'
+# prometheus['home'] = '/var/opt/gitlab/prometheus'
+# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
+# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
+# prometheus['scrape_interval'] = 15
+# prometheus['scrape_timeout'] = 15
+# prometheus['external_labels'] = { }
+# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
+# prometheus['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+#
+### Custom scrape configs
+#
+# Prometheus can scrape additional jobs via scrape_configs.  The default automatically
+# includes all of the exporters supported by the omnibus config.
+#
+# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
+#
+# Example:
+#
+# prometheus['scrape_configs'] = [
+#   {
+#     'job_name': 'example',
+#     'static_configs' => [
+#       'targets' => ['hostname:port'],
+#     ],
+#   },
+# ]
+#
+### Custom alertmanager config
+#
+# To configure external alertmanagers, create an alertmanager config.
+#
+# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
+#
+# prometheus['alertmanagers'] = [
+#   {
+#     'static_configs' => [
+#       {
+#         'targets' => [
+#           'hostname:port'
+#         ]
+#       }
+#     ]
+#   }
+# ]
+#
+### Custom Prometheus flags
+#
+# prometheus['flags'] = {
+#   'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
+#   'storage.tsdb.retention.time' => "15d",
+#   'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
+# }
+
+##! Advanced settings. Should be changed only if absolutely needed.
+# prometheus['listen_address'] = 'localhost:9090'
+#
+
+################################################################################
+###! **Only needed if Prometheus and Rails are not on the same server.**
+### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node.
+### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
+### This value should be the address at which Prometheus is available to GitLab Rails(Puma/Unicorn, Sidekiq) node.
+################################################################################
+# gitlab_rails['prometheus_address'] = 'your.prom:9090'
+
+################################################################################
+## Prometheus Alertmanager
+################################################################################
+
+# alertmanager['enable'] = true
+alertmanager['enable'] = false
+# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
+# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
+# alertmanager['admin_email'] = 'admin@example.com'
+# alertmanager['flags'] = {
+#   'web.listen-address' => "localhost:9093",
+#   'storage.path' => "/var/opt/gitlab/alertmanager/data",
+#   'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
+# }
+# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
+# alertmanager['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+
+##! Advanced settings. Should be changed only if absolutely needed.
+# alertmanager['listen_address'] = 'localhost:9093'
+# alertmanager['global'] = {}
+
+################################################################################
+## Prometheus Node Exporter
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
+################################################################################
+
+# node_exporter['enable'] = true
+node_exporter['enable'] = false
+# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
+# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
+# node_exporter['flags'] = {
+#   'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
+# }
+# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
+# node_exporter['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+
+##! Advanced settings. Should be changed only if absolutely needed.
+# node_exporter['listen_address'] = 'localhost:9100'
+
+################################################################################
+## Prometheus Redis exporter
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
+################################################################################
+
+# redis_exporter['enable'] = true
+redis_exporter['enable'] = false
+# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
+# redis_exporter['flags'] = {
+#   'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
+# }
+# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
+# redis_exporter['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+
+##! Advanced settings. Should be changed only if absolutely needed.
+# redis_exporter['listen_address'] = 'localhost:9121'
+
+################################################################################
+## Prometheus Postgres exporter
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
+################################################################################
+
+# postgres_exporter['enable'] = true
+postgres_exporter['enable'] = false
+# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
+# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
+# postgres_exporter['flags'] = {}
+# postgres_exporter['listen_address'] = 'localhost:9187'
+# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
+# postgres_exporter['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+# postgres_exporter['sslmode'] = nil
+
+################################################################################
+## Prometheus PgBouncer exporter (EE only)
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
+################################################################################
+
+# pgbouncer_exporter['enable'] = false
+# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
+# pgbouncer_exporter['listen_address'] = 'localhost:9188'
+# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
+# pgbouncer_exporter['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+
+################################################################################
+## Prometheus Gitlab exporter
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
+################################################################################
+
+
+# gitlab_exporter['enable'] = true
+gitlab_exporter['enable'] = false
+# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
+# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"
+
+##! Advanced settings. Should be changed only if absolutely needed.
+# gitlab_exporter['listen_address'] = 'localhost'
+# gitlab_exporter['listen_port'] = '9168'
+
+##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
+##! found.
+# gitlab_exporter['probe_sidekiq'] = true
+
+# To completely disable prometheus, and all of it's exporters, set to false
+# prometheus_monitoring['enable'] = true
+prometheus_monitoring['enable'] = false
+
+################################################################################
+## Grafana Dashboards
+##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
+################################################################################
+
+# grafana['enable'] = true
+grafana['enable'] = false
+# grafana['log_directory'] = '/var/log/gitlab/grafana'
+# grafana['home'] = '/var/opt/gitlab/grafana'
+# grafana['admin_password'] = 'admin'
+# grafana['allow_user_sign_up'] = false
+# grafana['basic_auth_enabled'] = false
+# grafana['disable_login_form'] = true
+# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
+# grafana['gitlab_secret'] = 'GITLAB_SECRET'
+# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
+# grafana['allowed_groups'] = []
+# grafana['gitlab_auth_sign_up'] = true
+# grafana['env'] = {
+#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
+# }
+# grafana['metrics_enabled'] = false
+# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
+# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
+# grafana['alerting_enabled'] = false
+
+### Dashboards
+#
+# See: http://docs.grafana.org/administration/provisioning/#dashboards
+#
+# NOTE: Setting this will override the default.
+#
+# grafana['dashboards'] = [
+#   {
+#     'name' => 'GitLab Omnibus',
+#     'orgId' => 1,
+#     'folder' => 'GitLab Omnibus',
+#     'type' => 'file',
+#     'disableDeletion' => true,
+#     'updateIntervalSeconds' => 600,
+#     'options' => {
+#       'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
+#     }
+#   }
+# ]
+
+### Datasources
+#
+# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
+#
+# NOTE: Setting this will override the default.
+#
+# grafana['datasources'] = [
+#   {
+#     'name' => 'GitLab Omnibus',
+#     'type' => 'prometheus',
+#     'access' => 'proxy',
+#     'url' => 'http://localhost:9090'
+#   }
+# ]
+
+##! Advanced settings. Should be changed only if absolutely needed.
+# grafana['http_addr'] = 'localhost'
+# grafana['http_port'] = 3000
+
+################################################################################
+## Gitaly
+##! Docs:
+################################################################################
+
+# The gitaly['enable'] option exists for the purpose of cluster
+# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
+# gitaly['enable'] = true
+# gitaly['dir'] = "/var/opt/gitlab/gitaly"
+# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
+# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
+# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
+# gitaly['env'] = {
+#  'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
+#  'HOME' => '/var/opt/gitlab',
+#  'TZ' => ':/etc/localtime',
+#  'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.7/site-packages",
+#  'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
+#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
+#  'WRAPPER_JSON_LOGGING' => true
+# }
+
+##! internal_socket_dir is the directory that will contain internal gitaly sockets,
+##! separate from socket_path which is the socket that external clients listen on
+
+# gitaly['internal_socket_dir'] = "/var/opt/gitlab/gitaly"
+# gitaly['socket_path'] = "/var/opt/gitlab/gitaly/gitaly.socket"
+# gitaly['listen_addr'] = "localhost:8075"
+# gitaly['tls_listen_addr'] = "localhost:9075"
+# gitaly['certificate_path'] = "/var/opt/gitlab/gitaly/certificate.pem"
+# gitaly['key_path'] = "/var/opt/gitlab/gitaly/key.pem"
+# gitaly['prometheus_listen_addr'] = "localhost:9236"
+# gitaly['logging_level'] = "warn"
+# gitaly['logging_format'] = "json"
+# gitaly['logging_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
+# gitaly['logging_ruby_sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
+# gitaly['logging_sentry_environment'] = "production"
+# gitaly['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
+# gitaly['auth_token'] = '<secret>'
+# gitaly['auth_transitioning'] = false # When true, auth is logged to Prometheus but NOT enforced
+# gitaly['graceful_restart_timeout'] = '1m' # Grace time for a gitaly process to finish ongoing requests
+# gitaly['git_catfile_cache_size'] = 100 # Number of 'git cat-file' processes kept around for re-use
+# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
+# gitaly['ruby_max_rss'] = 300000000 # RSS threshold in bytes for triggering a gitaly-ruby restart
+# gitaly['ruby_graceful_restart_timeout'] = '10m' # Grace time for a gitaly-ruby process to finish ongoing requests
+# gitaly['ruby_restart_delay'] = '5m' # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
+# gitaly['ruby_rugged_git_config_search_path'] = "/opt/gitlab/embedded/etc" # Location of system-wide gitconfig file
+# gitaly['ruby_num_workers'] = 3 # Number of gitaly-ruby worker processes. Minimum 2, default 2.
+# gitaly['concurrency'] = [
+#   {
+#     'rpc' => "/gitaly.SmartHTTPService/PostReceivePack",
+#     'max_per_repo' => 20
+#   }, {
+#     'rpc' => "/gitaly.SSHService/SSHUploadPack",
+#     'max_per_repo' => 5
+#   }
+# ]
+#
+# gitaly['daily_maintenance_start_hour'] = 22
+# gitaly['daily_maintenance_start_minute'] = 30
+# gitaly['daily_maintenance_duration'] = '30m'
+# gitaly['daily_maintenance_storages'] = ["default"]
+
+################################################################################
+## Praefect
+##! Docs: https://gitlab.com/gitlab-org/gitaly/blob/master/doc/design_ha.md
+################################################################################
+
+# praefect['enable'] = false
+# praefect['dir'] = "/var/opt/gitlab/praefect"
+# praefect['log_directory'] = "/var/log/gitlab/praefect"
+# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
+# praefect['env'] = {
+#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
+#  'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
+#  'WRAPPER_JSON_LOGGING' => true
+# }
+# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
+# praefect['virtual_storage_name'] = "praefect"
+# praefect['failover_enabled'] = false
+# praefect['failover_election_strategy'] = 'sql'
+# praefect['auth_token'] = ""
+# praefect['auth_transitioning'] = false
+# praefect['listen_addr'] = "localhost:2305"
+# praefect['tls_listen_addr'] = "localhost:3305"
+# praefect['certificate_path'] = "/var/opt/gitlab/prafect/certificate.pem"
+# praefect['key_path'] = "/var/opt/gitlab/prafect/key.pem"
+# praefect['prometheus_listen_addr'] = "localhost:9652"
+# praefect['prometheus_grpc_latency_buckets'] = "[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0]"
+# praefect['logging_level'] = "warn"
+# praefect['logging_format'] = "json"
+# praefect['virtual_storages'] = {
+#   'default' => {
+#     'praefect-internal-0' => {
+#       'address' => 'tcp://10.23.56.78:8075',
+#       'token' => 'abc123'
+#     },
+#     'praefect-internal-1' => {
+#       'address' => 'tcp://10.76.23.31:8075',
+#       'token' => 'xyz456'
+#     }
+#   },
+#   'alternative' => {
+#     'praefect-internal-2' => {
+#       'address' => 'tcp://10.34.1.16:8075',
+#       'token' => 'abc321'
+#     },
+#     'praefect-internal-3' => {
+#       'address' => 'tcp://10.23.18.6:8075',
+#       'token' => 'xyz890'
+#     }
+#   }
+# }
+# praefect['sentry_dsn'] = "https://<key>:<secret>@sentry.io/<project>"
+# praefect['sentry_environment'] = "production"
+# praefect['auto_migrate'] = true
+# praefect['database_host'] = 'postgres.external'
+# praefect['database_port'] = 6432
+# praefect['database_user'] = 'praefect'
+# praefect['database_password'] = 'secret'
+# praefect['database_dbname'] = 'praefect_production'
+# praefect['database_sslmode'] = 'disable'
+# praefect['database_sslcert'] = '/path/to/client-cert'
+# praefect['database_sslkey'] = '/path/to/client-key'
+# praefect['database_sslrootcert'] = '/path/to/rootcert'
+# praefect['reconciliation_scheduling_interval'] = '5m'
+# praefect['reconciliation_histogram_buckets'] = '[0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0]'
+# praefect['database_host_no_proxy'] = 'postgres.internal'
+# praefect['database_port_no_proxy'] = 5432
+
+################################################################################
+# Storage check
+################################################################################
+# storage_check['enable'] = false
+# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
+# storage_check['log_directory'] = '/var/log/gitlab/storage-check'
+
+################################################################################
+# Let's Encrypt integration
+################################################################################
+# letsencrypt['enable'] = nil
+# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
+# letsencrypt['group'] = 'root'
+# letsencrypt['key_size'] = 2048
+# letsencrypt['owner'] = 'root'
+# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
+# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
+# letsencrypt['auto_renew'] = true
+# letsencrypt['auto_renew_hour'] = 0
+# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
+# letsencrypt['auto_renew_day_of_month'] = "*/4"
+
+##! Turn off automatic init system detection. To skip init detection in
+##! non-docker containers. Recommended not to change.
+# package['detect_init'] = true
+
+##! Specify maximum number of tasks that can be created by the systemd unit
+##! Will be populated as TasksMax value to the unit file if user is on a systemd
+##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
+# package['systemd_tasks_max'] = 4915
+
+##! Settings to configure order of GitLab's systemd unit.
+##! Note: We do not recommend changing these values unless absolutely necessary
+# package['systemd_after'] = 'multi-user.target'
+# package['systemd_wanted_by'] = 'multi-user.target'
+################################################################################
+################################################################################
+##                  Configuration Settings for GitLab EE only                 ##
+################################################################################
+################################################################################
+
+
+################################################################################
+## Auxiliary cron jobs applicable to GitLab EE only
+################################################################################
+#
+# gitlab_rails['geo_file_download_dispatch_worker_cron'] = "*/10 * * * *"
+# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
+# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
+# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
+# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
+# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
+# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
+# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
+# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
+# gitlab_rails['pseudonymizer_worker_cron'] = "0 23 * * *"
+# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
+
+################################################################################
+## Kerberos (EE Only)
+##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
+################################################################################
+
+# gitlab_rails['kerberos_enabled'] = true
+# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
+# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
+# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
+# gitlab_rails['kerberos_use_dedicated_port'] = true
+# gitlab_rails['kerberos_port'] = 8443
+# gitlab_rails['kerberos_https'] = true
+
+################################################################################
+## Package repository (EE Only)
+##! Docs: https://docs.gitlab.com/ee/administration/maven_packages.md
+################################################################################
+
+# gitlab_rails['packages_enabled'] = true
+# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
+# gitlab_rails['packages_object_store_enabled'] = false
+# gitlab_rails['packages_object_store_direct_upload'] = false
+# gitlab_rails['packages_object_store_background_upload'] = true
+# gitlab_rails['packages_object_store_proxy_download'] = false
+# gitlab_rails['packages_object_store_remote_directory'] = "packages"
+# gitlab_rails['packages_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'host' => 's3.amazonaws.com',
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+################################################################################
+## Dependency proxy (EE Only)
+##! Docs: https://docs.gitlab.com/ee/administration/dependency_proxy.md
+################################################################################
+
+# gitlab_rails['dependency_proxy_enabled'] = true
+# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
+# gitlab_rails['dependency_proxy_object_store_enabled'] = false
+# gitlab_rails['dependency_proxy_object_store_direct_upload'] = false
+# gitlab_rails['dependency_proxy_object_store_background_upload'] = true
+# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
+# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
+# gitlab_rails['dependency_proxy_object_store_connection'] = {
+#   'provider' => 'AWS',
+#   'region' => 'eu-west-1',
+#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
+#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
+#   # # The below options configure an S3 compatible host instead of AWS
+#   # 'host' => 's3.amazonaws.com',
+#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
+#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
+#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
+# }
+
+################################################################################
+## GitLab Sentinel (EE Only)
+##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
+################################################################################
+
+##! **Make sure you configured all redis['master_*'] keys above before
+##!   continuing.**
+
+##! To enable Sentinel and disable all other services in this machine,
+##! uncomment the line below (if you've enabled Redis role, it will keep it).
+##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
+# redis_sentinel_role['enable'] = true
+
+# sentinel['enable'] = true
+
+##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
+# sentinel['bind'] = '0.0.0.0'
+
+##! Uncomment to change default port
+# sentinel['port'] = 26379
+
+#### Support to run sentinels in a Docker or NAT environment
+#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
+# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
+# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
+# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
+# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present
+
+##! Quorum must reflect the amount of voting sentinels it take to start a
+##! failover.
+##! **Value must NOT be greater then the amount of sentinels.**
+##! The quorum can be used to tune Sentinel in two ways:
+##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
+##!    we deploy, we are basically making Sentinel more sensible to master
+##!    failures, triggering a failover as soon as even just a minority of
+##!    Sentinels is no longer able to talk with the master.
+##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
+##!    are making Sentinel able to failover only when there are a very large
+##!    number (larger than majority) of well connected Sentinels which agree
+##!    about the master being down.
+# sentinel['quorum'] = 1
+
+### Consider unresponsive server down after x amount of ms.
+# sentinel['down_after_milliseconds'] = 10000
+
+### Specifies the failover timeout in milliseconds.
+##! It is used in many ways:
+##!
+##! - The time needed to re-start a failover after a previous failover was
+##!   already tried against the same master by a given Sentinel, is two
+##!   times the failover timeout.
+##!
+##! - The time needed for a replica replicating to a wrong master according
+##!   to a Sentinel current configuration, to be forced to replicate
+##!   with the right master, is exactly the failover timeout (counting since
+##!   the moment a Sentinel detected the misconfiguration).
+##!
+##! - The time needed to cancel a failover that is already in progress but
+##!   did not produced any configuration change (REPLICAOF NO ONE yet not
+##!   acknowledged by the promoted replica).
+##!
+##! - The maximum time a failover in progress waits for all the replicas to be
+##!   reconfigured as replicas of the new master. However even after this time
+##!   the replicas will be reconfigured by the Sentinels anyway, but not with
+##!   the exact parallel-syncs progression as specified.
+# sentinel['failover_timeout'] = 60000
+
+################################################################################
+## Additional Database Settings (EE only)
+##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
+################################################################################
+# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }
+
+################################################################################
+## GitLab Geo
+##! Docs: https://docs.gitlab.com/ee/gitlab-geo
+################################################################################
+##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with
+##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/README.html#roles.
+
+# This is an optional identifier which Geo nodes can use to identify themselves.
+# For example, if external_url is the same for two secondaries, you must specify
+# a unique Geo node name for those secondaries.
+#
+# If it is blank, it defaults to external_url.
+# gitlab_rails['geo_node_name'] = nil
+
+# gitlab_rails['geo_registry_replication_enabled'] = true
+# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'
+
+
+################################################################################
+## GitLab Geo Secondary (EE only)
+################################################################################
+# geo_secondary['auto_migrate'] = true
+# geo_secondary['db_adapter'] = "postgresql"
+# geo_secondary['db_encoding'] = "unicode"
+# geo_secondary['db_collation'] = nil
+# geo_secondary['db_database'] = "gitlabhq_geo_production"
+# geo_secondary['db_username'] = "gitlab_geo"
+# geo_secondary['db_password'] = nil
+# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
+# geo_secondary['db_port'] = 5431
+# geo_secondary['db_socket'] = nil
+# geo_secondary['db_sslmode'] = nil
+# geo_secondary['db_sslcompression'] = 0
+# geo_secondary['db_sslrootcert'] = nil
+# geo_secondary['db_sslca'] = nil
+
+################################################################################
+## GitLab Geo Secondary Tracking Database (EE only)
+################################################################################
+
+# geo_postgresql['enable'] = false
+# geo_postgresql['ha'] = false
+# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
+# geo_postgresql['data_dir'] = '/var/opt/gitlab/geo-postgresql/data'
+# geo_postgresql['pgbouncer_user'] = nil
+# geo_postgresql['pgbouncer_user_password'] = nil
+##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
+# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
+
+################################################################################
+## Unleash
+##! These settings are for GitLab internal use.
+##! They are used to control feature flags during GitLab development.
+##! Docs: https://docs.gitlab.com/ee/development/feature_flags
+################################################################################
+# gitlab_rails['feature_flags_unleash_enabled'] = false
+# gitlab_rails['feature_flags_unleash_url'] = nil
+# gitlab_rails['feature_flags_unleash_app_name'] = nil
+# gitlab_rails['feature_flags_unleash_instance_id'] = nil
+
+################################################################################
+# Pgbouncer (EE only)
+# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
+# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
+################################################################################
+# pgbouncer['enable'] = false
+# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
+# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
+# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
+# pgbouncer['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+# pgbouncer['listen_addr'] = '0.0.0.0'
+# pgbouncer['listen_port'] = '6432'
+# pgbouncer['pool_mode'] = 'transaction'
+# pgbouncer['server_reset_query'] = 'DISCARD ALL'
+# pgbouncer['application_name_add_host'] = '1'
+# pgbouncer['max_client_conn'] = '2048'
+# pgbouncer['default_pool_size'] = '100'
+# pgbouncer['min_pool_size'] = '0'
+# pgbouncer['reserve_pool_size'] = '5'
+# pgbouncer['reserve_pool_timeout'] = '5.0'
+# pgbouncer['server_round_robin'] = '0'
+# pgbouncer['log_connections'] = '0'
+# pgbouncer['server_idle_timeout'] = '30'
+# pgbouncer['dns_max_ttl'] = '15.0'
+# pgbouncer['dns_zone_check_period'] = '0'
+# pgbouncer['dns_nxdomain_ttl'] = '15.0'
+# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
+# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
+# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
+# pgbouncer['databases'] = {
+#   DATABASE_NAME: {
+#     host: HOSTNAME,
+#     port: PORT
+#     user: USERNAME,
+#     password: PASSWORD
+###! generate this with `echo -n '$password + $username' | md5sum`
+#   }
+#   ...
+# }
+# pgbouncer['logfile'] = nil
+# pgbouncer['unix_socket_dir'] = nil
+# pgbouncer['unix_socket_mode'] = '0777'
+# pgbouncer['unix_socket_group'] = nil
+# pgbouncer['auth_type'] = 'md5'
+# pgbouncer['auth_hba_file'] = nil
+# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
+# pgbouncer['users'] = {
+#   {
+#     name: USERNAME,
+#     password: MD5_PASSWORD_HASH
+#   }
+# }
+# postgresql['pgbouncer_user'] = nil
+# postgresql['pgbouncer_user_password'] = nil
+# pgbouncer['server_reset_query_always'] = 0
+# pgbouncer['server_check_query'] = 'select 1'
+# pgbouncer['server_check_delay'] = 30
+# pgbouncer['max_db_connections'] = nil
+# pgbouncer['max_user_connections'] = nil
+# pgbouncer['syslog'] = 0
+# pgbouncer['syslog_facility'] = 'daemon'
+# pgbouncer['syslog_ident'] = 'pgbouncer'
+# pgbouncer['log_disconnections'] = 1
+# pgbouncer['log_pooler_errors'] = 1
+# pgbouncer['stats_period'] = 60
+# pgbouncer['verbose'] = 0
+# pgbouncer['server_lifetime'] = 3600
+# pgbouncer['server_connect_timeout'] = 15
+# pgbouncer['server_login_retry'] = 15
+# pgbouncer['query_timeout'] = 0
+# pgbouncer['query_wait_timeout'] = 120
+# pgbouncer['client_idle_timeout'] = 0
+# pgbouncer['client_login_timeout'] = 60
+# pgbouncer['autodb_idle_timeout'] = 3600
+# pgbouncer['suspend_timeout'] = 10
+# pgbouncer['idle_transaction_timeout'] = 0
+# pgbouncer['pkt_buf'] = 4096
+# pgbouncer['listen_backlog'] = 128
+# pgbouncer['sbuf_loopcnt'] = 5
+# pgbouncer['max_packet_size'] = 2147483647
+# pgbouncer['tcp_defer_accept'] = 0
+# pgbouncer['tcp_socket_buffer'] = 0
+# pgbouncer['tcp_keepalive'] = 1
+# pgbouncer['tcp_keepcnt'] = 0
+# pgbouncer['tcp_keepidle'] = 0
+# pgbouncer['tcp_keepintvl'] = 0
+# pgbouncer['disable_pqexec'] = 0
+
+## Pgbouncer client TLS options
+# pgbouncer['client_tls_sslmode'] = 'disable'
+# pgbouncer['client_tls_ca_file'] = nil
+# pgbouncer['client_tls_key_file'] = nil
+# pgbouncer['client_tls_cert_file'] = nil
+# pgbouncer['client_tls_protocols'] = 'all'
+# pgbouncer['client_tls_dheparams'] = 'auto'
+# pgbouncer['client_tls_ecdhcurve'] = 'auto'
+#
+## Pgbouncer server  TLS options
+# pgbouncer['server_tls_sslmode'] = 'disable'
+# pgbouncer['server_tls_ca_file'] = nil
+# pgbouncer['server_tls_key_file'] = nil
+# pgbouncer['server_tls_cert_file'] = nil
+# pgbouncer['server_tls_protocols'] = 'all'
+# pgbouncer['server_tls_ciphers'] = 'fast'
+
+################################################################################
+# Repmgr (EE only)
+################################################################################
+# repmgr['enable'] = false
+# repmgr['cluster'] = 'gitlab_cluster'
+# repmgr['database'] = 'gitlab_repmgr'
+# repmgr['host'] = nil
+# repmgr['node_number'] = nil
+# repmgr['port'] = 5432
+# repmgr['trust_auth_cidr_addresses'] = []
+# repmgr['username'] = 'gitlab_repmgr'
+# repmgr['sslmode'] = 'prefer'
+# repmgr['sslcompression'] = 0
+# repmgr['failover'] = 'automatic'
+# repmgr['log_directory'] = '/var/log/gitlab/repmgrd'
+# repmgr['node_name'] = nil
+# repmgr['pg_bindir'] = '/opt/gitlab/embedded/bin'
+# repmgr['service_start_command'] = '/opt/gitlab/bin/gitlab-ctl start postgresql'
+# repmgr['service_stop_command'] = '/opt/gitlab/bin/gitlab-ctl stop postgresql'
+# repmgr['service_reload_command'] = '/opt/gitlab/bin/gitlab-ctl hup postgresql'
+# repmgr['service_restart_command'] = '/opt/gitlab/bin/gitlab-ctl restart postgresql'
+# repmgr['service_promote_command'] = nil
+# repmgr['promote_command'] = '/opt/gitlab/embedded/bin/repmgr standby promote -f /var/opt/gitlab/postgresql/repmgr.conf'
+# repmgr['follow_command'] = '/opt/gitlab/embedded/bin/repmgr standby follow -f /var/opt/gitlab/postgresql/repmgr.conf'
+
+# repmgr['upstream_node'] = nil
+# repmgr['use_replication_slots'] = false
+# repmgr['loglevel'] = 'INFO'
+# repmgr['logfacility'] = 'STDERR'
+# repmgr['logfile'] = nil
+
+# repmgr['event_notification_command'] = nil
+# repmgr['event_notifications'] = nil
+
+# repmgr['rsync_options'] = nil
+# repmgr['ssh_options'] = nil
+# repmgr['priority'] = nil
+#
+# HA setting to specify if a node should attempt to be master on initialization
+# repmgr['master_on_initialization'] = true
+
+# repmgr['retry_promote_interval_secs'] = 300
+# repmgr['witness_repl_nodes_sync_interval_secs'] = 15
+# repmgr['reconnect_attempts'] = 6
+# repmgr['reconnect_interval'] = 10
+# repmgr['monitor_interval_secs'] = 2
+# repmgr['master_response_timeout'] = 60
+# repmgr['daemon'] = true
+# repmgrd['enable'] = true
+
+################################################################################
+# Patroni (EE only)
+#
+# NOTICE: Patroni is an experimental feature and subject to change.
+#
+################################################################################
+# patroni['enable'] = false
+
+# patroni['dir'] = '/var/opt/gitlab/patroni'
+# patroni['data_dir'] = '/var/opt/gitlab/patroni/data'
+# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'
+
+# patroni['scope'] = 'gitlab-postgresql-ha'
+# patroni['name'] = nil
+
+# patroni['log_directory'] = '/var/log/gitlab/patroni'
+# patroni['log_level'] = 'INFO'
+
+# patroni['consul']['url'] = 'http://127.0.0.1:8500'
+# patroni['consul']['service_check_interval'] = '10s'
+# patroni['consul']['register_service'] = false
+# patroni['consul']['checks'] = []
+
+## Bootstrap settings
+# patroni['loop_wait'] = 10
+# patroni['ttl'] = 30
+# patroni['retry_timeout'] = 10
+# patroni['maximum_lag_on_failover'] = 1_048_576
+# patroni['max_timelines_history'] = 0
+# patroni['master_start_timeout'] = 300
+
+## PostgreSQL configuration override
+# patroni['postgresql']['wal_level'] = 'replica'
+# patroni['postgresql']['hot_standby'] = 'on'
+# patroni['postgresql']['wal_keep_segments'] = 8
+# patroni['postgresql']['max_wal_senders'] = 5
+# patroni['postgresql']['max_replication_slots'] = 5
+# patroni['postgresql']['checkpoint_timeout'] = 30
+
+# patroni['use_pg_rewind'] = false
+# patroni['use_slots'] = true
+
+## Permanent replication slots for Streaming Replication
+# patroni['replication_slots'] = {
+#   'geo_secondary' => { 'type' => 'physical' }
+# }
+
+## The address and port that Patroni API binds to and listens on.
+# patroni['listen_address'] = nil
+# patroni['port'] = '8008'
+
+## The address of the Patroni node that is advertized to other cluster
+## members to communicate with its API and PostgreSQL. If it is not specified,
+## it tries to use the first available private IP and falls back to the default
+## network interface.
+# patroni['connect_address'] = nil
+
+## The port that Patroni API responds to other cluster members. This port is
+## advertized and by default is the same as patroni['port'].
+# patroni['connect_port'] = '8008'
+
+
+################################################################################
+# Consul (EEP only)
+################################################################################
+# consul['enable'] = false
+# consul['dir'] = '/var/opt/gitlab/consul'
+# consul['username'] = 'gitlab-consul'
+# consul['group'] = 'gitlab-consul'
+# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
+# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
+# consul['data_dir'] = '/var/opt/gitlab/consul/data'
+# consul['log_directory'] = '/var/log/gitlab/consul'
+# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
+# consul['env'] = {
+#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
+# }
+# consul['monitoring_service_discovery'] = false
+# consul['node_name'] = nil
+# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
+# consul['configuration'] = {
+#   'client_addr' => nil,
+#   'datacenter' => 'gitlab_consul',
+#   'enable_script_checks' => true,
+#   'server' => false
+# }
+# consul['services'] = []
+# consul['service_config'] = {
+#   'postgresql' => {
+#     'service' => {
+#       'name' => "postgresql",
+#       'address' => '',
+#       'port' => 5432,
+#       'checks' => [
+#         {
+#           'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
+#           'interval' => "10s"
+#         }
+#       ]
+#     }
+#   }
+# }
+# consul['watchers'] = {
+#   'postgresql' => {
+#     enable: false,
+#     handler: 'failover_pgbouncer'
+#   }
+# }
+################################################################################
+# Service desk email settings (EEP only)
+################################################################################
+### Service desk email
+###! Allow users to create new service desk issues by sending an email to
+###! service desk address.
+###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
+# gitlab_rails['service_desk_email_enabled'] = false
+
+#### Service Desk Mailbox Settings (via `mail_room`)
+#### Service Desk Email Address
+####! The email address including the `%{key}` placeholder that will be replaced
+####! to reference the item being replied to.
+####! **The placeholder can be omitted but if present, it must appear in the
+####!   "user" part of the address (before the `@`).**
+# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"
+
+#### Service Desk Email account username
+####! **With third party providers, this is usually the full email address.**
+####! **With self-hosted email servers, this is usually the user part of the
+####!   email address.**
+# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"
+
+#### Service Desk Email account password
+# gitlab_rails['service_desk_email_password'] = "[REDACTED]"
+
+####! The mailbox where service desk mail will end up. Usually "inbox".
+# gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
+####! The IDLE command timeout.
+# gitlab_rails['service_desk_email_idle_timeout'] = 60
+####! The file name for internal `mail_room` JSON logfile
+# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
+
+#### Service Desk IMAP Settings
+# gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
+# gitlab_rails['service_desk_email_port'] = 993
+# gitlab_rails['service_desk_email_ssl'] = true
+# gitlab_rails['service_desk_email_start_tls'] = false
diff --git a/testserver/docker_gitlab/templates/docker-compose.yml b/testserver/docker_gitlab/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..161ba773edd750a8e943ed9564bbe1cfeb5b9b76
--- /dev/null
+++ b/testserver/docker_gitlab/templates/docker-compose.yml
@@ -0,0 +1,101 @@
+
+version: "2.4"
+
+services:
+
+  app:
+
+    image: gitlab/gitlab-ce:16.7.4-ce.0
+    restart: always
+    ports:
+      - "444:22"
+    volumes:
+      - /srv/gitlab/conf:/etc/gitlab
+      - /srv/gitlab/log:/var/log/gitlab
+      - /srv/gitlab/data:/var/opt/gitlab
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.routers.{{ servicename }}.service={{ servicename }}
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+      - traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-cors-headers
+      - traefik.http.middlewares.{{ servicename }}-cors-headers.headers.accesscontrolalloworiginlist=*
+      - traefik.http.routers.{{ servicename }}_registry.rule=Host(`{{ domain_registry }}`)
+      - traefik.http.routers.{{ servicename }}_registry.entrypoints=websecure
+      - traefik.http.routers.{{ servicename }}_registry.service={{ servicename }}_registry
+      - traefik.http.services.{{ servicename }}_registry.loadbalancer.server.port=5005
+    networks:
+      - default
+      - web
+
+
+  # Docker in Docker for Gitlab-Runner execution
+  # see https://forum.gitlab.com/t/example-gitlab-runner-docker-compose-configuration/67344
+
+  dind:
+
+    image: docker:25-dind
+    restart: always
+    privileged: true
+    environment:
+      DOCKER_TLS_CERTDIR: ""
+    command:
+      - --storage-driver=overlay2
+    networks:
+      - default
+
+
+  runner:
+
+    restart: always
+    image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
+    depends_on:
+      - dind
+      - app
+    environment:
+      - DOCKER_HOST=tcp://dind:2375
+    volumes:
+      - "/srv/gitlab/runner:/etc/gitlab-runner:z"
+    networks:
+      - default
+
+  
+  # Runner Registration 
+  # Excecute once when Gitlab is running 
+
+  # register-runner:
+
+  #   restart: 'no'
+  #   image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
+  #   depends_on:
+  #     - dind
+  #     - app
+  #   environment:
+  #     - CI_SERVER_URL=https://{{ domain }}
+  #     - REGISTRATION_TOKEN={{ runner_registration_token }}
+  #   command:
+  #     - register
+  #     - --non-interactive
+  #     - --locked=false
+  #     - --name=warpzone-webserver
+  #     - --executor=docker
+  #     - --docker-image=docker:20-dind
+  #     - --docker-volumes=/var/run/docker.sock:/var/run/docker.sock
+  #   volumes:
+  #     - "/srv/gitlab/runner:/etc/gitlab-runner:z"
+  #   networks:
+  #     - default
+
+
+networks:
+  web:
+    external: true
+  default:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        # must be a ULA range
+        - subnet: fd00:dead:beef:444::/64
diff --git a/testserver/docker_traefik/tasks/certificate.yml b/testserver/docker_traefik/tasks/certificate.yml
new file mode 100644
index 0000000000000000000000000000000000000000..599d43c64fab3d9228d0e0ffa672beca36b41d08
--- /dev/null
+++ b/testserver/docker_traefik/tasks/certificate.yml
@@ -0,0 +1,98 @@
+
+# Eigene CA und Server Zertifikat erstellen, falls diese noch nicht existiert   
+
+- name: "Install Packages"
+  apt:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+      - python3-cryptography
+
+
+- name: "Check if SelfSigned CA key exists"
+  stat:
+    path: "{{ basedir }}/ca.key"
+  register: ca_key_stat_result
+
+- name: "Create SelfSigned CA key"
+  community.crypto.openssl_privatekey:
+    path: "{{ basedir }}/ca.key"
+  when: not ca_key_stat_result.stat.exists
+
+- name: "Check if SelfSigned CA cert exists"
+  stat:
+    path: "{{ basedir }}/ca.pem"
+  register: ca_cert_stat_result
+
+- name: "Check if SelfSigned CA cert CSR"
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: "{{ basedir }}/ca.key"
+    common_name: "{{ selfSignedCN }} CA"
+    use_common_name_for_san: false  # since we do not specify SANs, don't use CN as a SAN
+    basic_constraints:
+      - 'CA:TRUE'
+    basic_constraints_critical: true
+    key_usage:
+      - keyCertSign
+    key_usage_critical: true
+  register: ca_csr
+  when: not ca_cert_stat_result.stat.exists
+
+- name: "Create SelfSigned CA cert from CSR"
+  community.crypto.x509_certificate:
+    path: "{{ basedir }}/ca.pem"
+    csr_content: "{{ ca_csr.csr }}"
+    privatekey_path: "{{ basedir }}/ca.key"
+    provider: selfsigned
+  when: not ca_cert_stat_result.stat.exists
+
+
+- name: "Check if ServerCert key exists"
+  stat:
+    path: "{{ basedir }}/cert.key"
+  register: cert_key_stat_result
+
+- name: "Create ServerCert key"
+  community.crypto.openssl_privatekey:
+    path: "{{ basedir }}/cert.key"
+  when: not cert_key_stat_result.stat.exists
+
+- name: "Check if ServerCert cert exists"
+  stat:
+    path: "{{ basedir }}/cert.pem"
+  register: cert_cert_stat_result
+
+- name: "Create ServerCert CSR"
+  community.crypto.openssl_csr_pipe:
+    privatekey_path: "{{ basedir }}/cert.key"
+    subject_alt_name:
+      - "DNS:{{ selfSignedDomain }}"
+      - "DNS:{{ domain }}"
+  register: cert_csr
+  when: not cert_cert_stat_result.stat.exists
+
+- name: "Create ServerCert from CSR"
+  community.crypto.x509_certificate_pipe:
+    csr_content: "{{ cert_csr.csr }}"
+    provider: ownca
+    ownca_path: "{{ basedir }}/ca.pem"
+    ownca_privatekey_path: "{{ basedir }}/ca.key"
+    ownca_not_after: +9999d  # long lifetime 
+    ownca_not_before: "-1d"  # valid since yesterday
+  register: cert 
+  when: not cert_cert_stat_result.stat.exists
+
+- name: "Create ServerCert chain"
+  community.crypto.certificate_complete_chain:
+    input_chain: "{{ cert.certificate  }}"
+    root_certificates:
+    - "{{ basedir }}/ca.pem"
+  register: cert_chain
+  when: not cert_cert_stat_result.stat.exists
+
+- name: "Create ServerCert chain"
+  copy:
+    dest: "{{ basedir }}/cert.pem"
+    content: "{{ ''.join(cert_chain.complete_chain) }}"
+  when: not cert_cert_stat_result.stat.exists
diff --git a/testserver/docker_traefik/tasks/main.yml b/testserver/docker_traefik/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..54b26f8b8ee7a38f8965c45229d0f8514931a5ab
--- /dev/null
+++ b/testserver/docker_traefik/tasks/main.yml
@@ -0,0 +1,63 @@
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: "{{ basedir }}/letsencrypt_notification_email",  length: -1 }
+  when: selfSignedCN is not defined 
+
+- name: "create folder struct for {{ servicename }}"
+  file:
+    path: "{{ item }}"
+    state: "directory"
+  with_items:
+    - "{{ basedir }}"
+    - "{{ basedir }}/dynamic"
+
+- name: "Check if CertStore exists"
+  stat:
+    path: "{{ basedir }}/acme.json"
+  register: acme_stat_result
+
+- name: "Create CertStore if needed and set permissions"
+  file:
+    path: "{{ basedir }}/acme.json"
+    owner: root
+    group: root
+    mode: '600'
+    state: touch
+  when: not acme_stat_result.stat.exists
+
+- name: "Create SelfSigned CA and Cert"
+  ansible.builtin.include_tasks: certificate.yml
+  when: selfSignedCN is defined 
+  
+
+- name: Docker Compose Konfig-Datei erstellen
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - docker-compose.yml
+    - traefik.yml
+    - dynamic/tls.yml
+  register: config
+
+- name: redirect-default ersstellen, wenn domain_default definiert ist
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - dynamic/redirect-default.yml
+  when: domain_default is defined
+  register: config
+
+- name: "stop {{ servicename}} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config.changed
+
+- name: "start {{ servicename}} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
+    
diff --git a/testserver/docker_traefik/templates/docker-compose.yml b/testserver/docker_traefik/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..865cd732d00d06602531b3703a9b684eafa02672
--- /dev/null
+++ b/testserver/docker_traefik/templates/docker-compose.yml
@@ -0,0 +1,53 @@
+version: '2.4'
+
+services:
+
+    app:
+        image: traefik:v3.0.0-beta5
+        restart: always
+        ports:
+            - "80:80"
+            - "443:443"
+{% if matrix_federation is defined and matrix_federation == true %}            - "8448:8448"
+{% endif %}
+            - "{{ int_ip4 }}:8081:8080"
+        volumes:
+            - "/srv/traefik/traefik.yml:/etc/traefik/traefik.yml:ro"
+            - "/srv/traefik/dynamic:/etc/traefik/dynamic:ro"
+            - "/srv/traefik/acme.json:/acme.json"
+            - "/var/run/docker.sock:/var/run/docker.sock"
+{% if selfSignedCN is defined %}
+            - "{{ basedir }}/cert.pem:/cert.pem:ro"
+            - "{{ basedir }}/cert.key:/cert.key:ro"
+{% endif %}
+        networks:
+            - default
+            - web
+        healthcheck:
+            test: ['CMD', 'traefik', 'healthcheck']
+            interval: 30s
+            timeout: 10s
+            retries: 3
+
+# for debugging only
+#    whoami:
+#        image: containous/whoami
+#        labels:
+#            - traefik.enable=true
+#            - traefik.http.routers.{{ servicename }}.rule=Host(`{ domain }`)
+#            - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+#            - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+#        networks:
+#            - web
+
+networks:
+  web:
+    external: true
+  default:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        # must be a ULA range
+        - subnet: fd00:dead:beef:80::/64
diff --git a/testserver/docker_traefik/templates/dynamic/redirect-default.yml b/testserver/docker_traefik/templates/dynamic/redirect-default.yml
new file mode 100644
index 0000000000000000000000000000000000000000..c196f5253ff07ef89bf00db022e7fe416081fe4c
--- /dev/null
+++ b/testserver/docker_traefik/templates/dynamic/redirect-default.yml
@@ -0,0 +1,22 @@
+http:
+    routers:
+        router-default:
+            entrypoints:
+                - websecure
+            rule: "Host(`{{ domain }}`)"
+            middlewares: 
+                - redirect-default
+            service: service-default
+
+    services:
+        service-default:
+            loadBalancer:
+                servers: 
+                    - url: http://noop-dummy
+                            
+    middlewares:
+        redirect-default:
+            redirectRegex:
+                regex: "^https://{{ domain }}/(.*)"
+                replacement: "https://{{ domain_default }}/$1"
+
diff --git a/testserver/docker_traefik/templates/dynamic/tls.yml b/testserver/docker_traefik/templates/dynamic/tls.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0909bb1f47c3e55aa47b46aec72a3e4f9dbca74d
--- /dev/null
+++ b/testserver/docker_traefik/templates/dynamic/tls.yml
@@ -0,0 +1,28 @@
+
+# TLS Options 
+tls:
+
+{% if selfSignedCN is defined %}
+
+    # use local certificate 
+    certificates:
+        - certFile: "/cert.pem"
+          keyFile: "/cert.key"
+
+{% endif %}
+
+    options:
+        default:
+            sniStrict: true
+            minVersion: "VersionTLS12"
+            curvePreferences:
+                - "secp521r1"
+                - "secp384r1"
+            cipherSuites:
+                - "TLS_AES_128_GCM_SHA256"
+                - "TLS_AES_256_GCM_SHA384"
+                - "TLS_CHACHA20_POLY1305_SHA256"
+                - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+                - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+                - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+
diff --git a/testserver/docker_traefik/templates/traefik.yml b/testserver/docker_traefik/templates/traefik.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f96aa28efd39719a39e535b1b9244189693bb7db
--- /dev/null
+++ b/testserver/docker_traefik/templates/traefik.yml
@@ -0,0 +1,86 @@
+
+# Global settings
+global:
+    checkNewVersion: true
+
+    
+# Entrypoints 
+entryPoints:
+
+    # HTTP, redirect all to HTTPS
+    web:
+        address: ":80"
+        http:
+            redirections:
+                entryPoint:
+                    to: "websecure"
+                    scheme: "https"
+                    permanent: true   
+
+    # HTTPS, get certificates from letsencrypt
+    websecure:
+        address: ":443"
+        http:
+            tls:
+                certResolver: "letsencrypt"
+
+
+{% if matrix_federation is defined and matrix_federation == true %}
+
+    # additional entrypoint for matrix-federation 
+    matrix_federation:
+        address: ":8448"
+        http:
+            tls:
+                certResolver: "letsencrypt"
+
+{% endif %}
+
+# Discover configuration via docker 
+# use network 'web' for interconnect  
+providers:
+    docker:
+        watch: true
+        endpoint: "unix:///var/run/docker.sock"
+        network: "web"
+        exposedByDefault: false
+    file:
+        directory: "/etc/traefik/dynamic"
+        watch: true
+
+
+# Traefik API and dashboard 
+api:
+    insecure: true
+    dashboard: true
+    debug: false
+
+
+# Enable Ping endpoint for docker healthcheck 
+ping: {}
+
+
+# Enable prometheus metrics
+metrics: 
+    prometheus: 
+        addEntryPointsLabels: true 
+        addServicesLabels: true 
+
+
+# Logging 
+log:
+    level: "INFO"
+    format: "common"
+
+
+{% if selfSignedCN is not defined %}
+
+# get certificates from letsEncrypt 
+certificatesResolvers:
+    letsencrypt:
+        acme:
+            email: "{{ letsencrypt_notification_email }}"
+            storage: "/acme.json"
+            tlsChallenge: true
+
+{% endif %}
diff --git a/testserver/docker_wordpress/tasks/main.yml b/testserver/docker_wordpress/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..88007627a0e5ceaa77ae8ecb84364ffdea3673a8
--- /dev/null
+++ b/testserver/docker_wordpress/tasks/main.yml
@@ -0,0 +1,44 @@
+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+   - { path: /srv/shared/noreply_email_pass, length: -1 } 
+   - { path: "{{ basedir }}/mysql_root_pass",  length: 24 }
+   - { path: "{{ basedir }}/mysql_user_pass",  length: 12 }
+
+- name: "create folder struct for {{ servicename }}"
+  file:
+    path: "{{ item }}"
+    state: "directory"
+    owner: www-data
+    group: www-data
+  with_items:
+    - "{{ basedir }}/"
+    - "{{ basedir }}/config"
+    - "{{ basedir }}/data/"
+    - "{{ basedir }}/db/"
+    - "{{ basedir }}/data/wp-content/"
+    - "{{ basedir }}/data/wp-content/plugins"
+    - "{{ basedir }}/data/wp-content/plugins/wz-status/"
+
+- name: create config file
+  template:
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - Dockerfile
+    - docker-compose.yml
+    - config/uploads.ini
+    - data/wp-content/plugins/wz-status/wz-status.php
+  register: config
+
+- name: "stop {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: absent
+  when: config.changed
+
+- name: "start {{ servicename }} docker"
+  community.docker.docker_compose_v2:
+    project_src: "{{ basedir }}"
+    state: present
diff --git a/testserver/docker_wordpress/templates/Dockerfile b/testserver/docker_wordpress/templates/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1c41da02f4c43761b8e7f8e4639d7314a7390b4a
--- /dev/null
+++ b/testserver/docker_wordpress/templates/Dockerfile
@@ -0,0 +1,10 @@
+FROM wordpress:6.4.2-apache
+
+# install the PHP extensions we need
+RUN set -x \
+	&& apt-get update \
+	&& apt-get install -y libldap2-dev \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ \
+	&& docker-php-ext-install ldap \
+	&& apt-get purge -y --auto-remove libldap2-dev
diff --git a/testserver/docker_wordpress/templates/config/uploads.ini b/testserver/docker_wordpress/templates/config/uploads.ini
new file mode 100644
index 0000000000000000000000000000000000000000..c32c80ec4475ac54fb2ce2c7deb03677be062942
--- /dev/null
+++ b/testserver/docker_wordpress/templates/config/uploads.ini
@@ -0,0 +1,6 @@
+
+file_uploads = On
+memory_limit = 64M
+upload_max_filesize = 64M
+post_max_size = 64M
+max_execution_time = 600
diff --git a/testserver/docker_wordpress/templates/data/wp-content/plugins/wz-status/wz-status.php b/testserver/docker_wordpress/templates/data/wp-content/plugins/wz-status/wz-status.php
new file mode 100644
index 0000000000000000000000000000000000000000..36b3bf0a09affb3d2a6345d314291b8d84c4659d
--- /dev/null
+++ b/testserver/docker_wordpress/templates/data/wp-content/plugins/wz-status/wz-status.php
@@ -0,0 +1,152 @@
+<?php
+/*
+Plugin Name: WZ Status
+Plugin URI: http://www.warpzone.ms
+Description: This plugin adds a custom widget.
+Version: 1.0
+Author: Christian <void> Elberfeld
+Author URI: http://www.warpzone.ms
+License: GPL2
+Original Source: https://github.com/wpexplorer/my-widget-plugin
+*/
+
+// The widget class
+class WZ_Status_Widget extends WP_Widget {
+
+	// Main constructor
+	public function __construct() {
+		parent::__construct(
+			'wz_status_widget',
+			__( 'WZ Status Widget', 'text_domain' ),
+			array(
+				'customize_selective_refresh' => true,
+			)
+		);
+	}
+
+	// The widget form (for the backend )
+	public function form( $instance ) {
+
+		// Set widget defaults
+		$defaults = array(
+                        'title'      => '',
+			'api_url'    => '',
+		);
+
+		// Parse current settings with defaults
+		extract( wp_parse_args( ( array ) $instance, $defaults ) ); ?>
+
+		<?php // Widget Title ?>
+		<p>
+			<label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php _e( 'Widget Title', 'text_domain' ); ?></label>
+			<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" />
+		</p>
+
+		<?php // Api Url ?>
+		<p>
+			<label for="<?php echo esc_attr( $this->get_field_id( 'api_url' ) ); ?>"><?php _e( 'Api Url:', 'api_url' ); ?></label>
+			<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'api_url' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'api_url' ) ); ?>" type="text" value="<?php echo esc_attr( $text ); ?>" />
+		</p>
+
+
+	<?php }
+
+	// Update widget settings
+	public function update( $new_instance, $old_instance ) {
+		$instance = $old_instance;
+		$instance['title']    = isset( $new_instance['title'] ) ? wp_strip_all_tags( $new_instance['title'] ) : '';
+		$instance['api_url']  = isset( $new_instance['api_url'] ) ? wp_strip_all_tags( $new_instance['api_url'] ) : '';
+		return $instance;
+	}
+
+	// Display the widget
+	public function widget( $args, $instance ) {
+
+		extract( $args );
+
+		// Check the widget options
+		$title    = isset( $instance['title'] ) ? apply_filters( 'widget_title', $instance['title'] ) : '';
+		$api_url  = isset( $instance['api_url'] ) ? $instance['api_url'] : '';
+
+		$zone_status = "UNBEKANNT";
+        $zone_status_text = "Unbekannt";
+		$zone_status_color = "#000000";
+
+		// WordPress core before_widget hook (always include )
+		echo $before_widget;
+
+		// Display the widget
+		echo '<div class="widget-text wp_widget_plugin_box">';
+
+			// Display widget title if defined
+			if ( $title ) {
+				echo $before_title . $title . $after_title;
+			}
+
+
+			// Zone Status abrufen
+
+            $curl = curl_init();
+
+            curl_setopt_array($curl, array(
+                CURLOPT_URL => "https://api.warpzone.ms/statuswidget",
+				CURLOPT_RETURNTRANSFER => true,
+                CURLOPT_FOLLOWLOCATION => true,
+                CURLOPT_ENCODING => "",
+                CURLOPT_MAXREDIRS => 3,
+                CURLOPT_TIMEOUT => 5,
+                CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
+                CURLOPT_CUSTOMREQUEST => "GET"
+            ));
+
+			$response = curl_exec($curl);
+			$err = curl_error($curl);
+
+            curl_close($curl);
+
+			if ($err) {
+
+				$zone_status = $err;
+
+			} else {
+
+				$responseObj = json_decode($response,true);
+				$zone_status = $responseObj['zone_door_status'];
+
+				if ($zone_status == "OPEN") {
+
+					$zone_status_text =  "Offen";
+					$zone_status_color = "#00cc00";
+				}
+
+                if ($zone_status == "CLOSED") {
+
+                    $zone_status_text =  "Geschlossen";
+                    $zone_status_color = "#cc0000";
+                }
+
+			}
+
+
+			// Anzeige Status im Widget
+			echo "<span style='font-weight: bold; color:" . $zone_status_color . ";'>" . $zone_status_text . "</span>";
+
+			// Status mit in die Menueleiste fuer Mobilgeraete
+			echo "<script type='text/javascript'>jQuery(document).ready(function() { jQuery('#mainnav-toggle').text('MENU | Status: " . $zone_status_text . "'); });</script>";
+
+
+		echo '</div>';
+
+		// WordPress core after_widget hook (always include )
+		echo $after_widget;
+
+	}
+
+}
+
+// Register the widget
+function my_register_wz_status_widget() {
+	register_widget( 'WZ_Status_Widget' );
+}
+add_action( 'widgets_init', 'my_register_wz_status_widget' );
+
diff --git a/testserver/docker_wordpress/templates/docker-compose.yml b/testserver/docker_wordpress/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..bd06cf593ae32bb2a4796b9599d661889ebe1e0a
--- /dev/null
+++ b/testserver/docker_wordpress/templates/docker-compose.yml
@@ -0,0 +1,42 @@
+
+version: "3"
+
+services:
+
+  db:
+
+    image: mariadb:11.2.2
+    restart: always
+    volumes:
+      - /srv/wordpress/db/:/var/lib/mysql
+    environment:
+      MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
+      MYSQL_PASSWORD: "{{ mysql_user_pass }}"
+      MYSQL_DATABASE: wordpress
+      MYSQL_USER: wordpress
+    networks:
+      - default
+
+  app:
+    # values set in configuration: noreply_email_user - noreply_email_pass - smtp_host - smtp_port 
+    build: .
+    restart: always
+    volumes:
+      - /srv/wordpress/config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
+      - /srv/wordpress/data:/var/www/html
+    environment:
+      WORDPRESS_DB_HOST: db
+      WORDPRESS_DB_USER: wordpress
+      WORDPRESS_DB_PASSWORD: "{{ mysql_user_pass }}"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+    networks:
+      - default
+      - web
+
+networks:
+  web:
+    external: true