gitlab configuration

site.yml

@@ -48,11 +48,20 @@
         api_port: 5665,
         mysql_port: 33306
       }
+    - { 
+        role: testserver/docker_gitlab, tags: [ test_gitlab, docker_services ],
+        servicename: "gitlab",
+        basedir: "/srv/{{ servicename }}",
+        domain: "gitlab.test-warpzone.de",
+        domain_registry: "gitlab-registry.test-warpzone.de",
+        git_ssh_port: 444
+      }
     - { 
         role: testserver/docker_gitea, tags: [ test_gitea, docker_services ],
         servicename: "gitea",
         basedir: "/srv/{{ servicename }}",
-        domain: "verwaltung-git.test-warpzone.de"
+        domain: "verwaltung-git.test-warpzone.de",
+        git_ssh_port: 555
       }
     - { 
         role: testserver/docker_grafana, tags: [ test_grafana, docker_services ],

testserver/docker_gitea/templates/docker-compose.yml

@@ -6,14 +6,14 @@ services:
     depends_on:
       - db
     ports:
-      - 444:444
+      - "{{ git_ssh_port }}:{{ git_ssh_port}}"
     volumes:
       - "{{ basedir }}/data:/data"
     environment:
       APP_NAME: "Warpzone Verwaltung"
       RUN_MODE: "prod"
       SSH_DOMAIN: "{{ domain }}"
-      SSH_PORT: "444"
+      SSH_PORT: "{{ git_ssh_port}}"
       ROOT_URL: "https://{{ domain }}"
       HTTP_PORT: "42001"
       USER_UID: "1000"
@@ -67,4 +67,4 @@ networks:
       driver: default
       config:
         # must be a ULA range
-        - subnet: fd00:dead:beef:444::/64
+        - subnet: fd00:dead:beef:{{ git_ssh_port }}::/64

testserver/docker_gitlab/tasks/main.yml

+---
+
+- include_tasks: ../functions/get_secret.yml
+  with_items:
+    - { path: /srv/shared/noreply_email_pass,  length: -1 }
+    - { path: /srv/gitlab/oidc_client_secret,  length: 32 }
+    - { path: /srv/gitlab/runner_registration_token,  length: -1 }
+
+# Benötigte Verzeichnisstrukturen erstellen
+
+- name: create folder structur for gitlab
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+  with_items:
+    - "/srv/gitlab/"
+    - "/srv/gitlab/conf/"
+    - "/srv/gitlab/data/"
+    - "/srv/gitlab/log"
+    - "/srv/gitlab/runner"
+
+# Konfigurationsdateien erstellen
+
+- name: Konfig-Datei Gitlab
+  template:
+    src: "{{ item }}"
+    dest: "/srv/gitlab/{{ item }}"
+  with_items:
+    - "conf/gitlab.rb"
+    - "docker-compose.yml"
+  register: configs
+
+
+- name: stop gitlab docker
+  community.docker.docker_compose_v2:
+    project_src: /srv/gitlab/
+    state: absent
+  when: configs.changed
+
+- name: start gitlab docker
+  community.docker.docker_compose_v2:
+    project_src: /srv/gitlab/
+    state: present

testserver/docker_gitlab/templates/docker-compose.yml

+services:
+
+  app:
+
+    image: gitlab/gitlab-ce:latest
+    restart: always
+    ports:
+      - "{{ git_ssh_port }}:22"
+    volumes:
+      - /srv/gitlab/conf:/etc/gitlab
+      - /srv/gitlab/log:/var/log/gitlab
+      - /srv/gitlab/data:/var/opt/gitlab
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.routers.{{ servicename }}.service={{ servicename }}
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
+      - traefik.http.routers.{{ servicename }}.middlewares={{ servicename }}-cors-headers
+      - traefik.http.middlewares.{{ servicename }}-cors-headers.headers.accesscontrolalloworiginlist=*
+      - traefik.http.routers.{{ servicename }}_registry.rule=Host(`{{ domain_registry }}`)
+      - traefik.http.routers.{{ servicename }}_registry.entrypoints=websecure
+      - traefik.http.routers.{{ servicename }}_registry.service={{ servicename }}_registry
+      - traefik.http.services.{{ servicename }}_registry.loadbalancer.server.port=5005
+    networks:
+      - default
+      - web
+
+
+  # Docker in Docker for Gitlab-Runner execution
+  # see https://forum.gitlab.com/t/example-gitlab-runner-docker-compose-configuration/67344
+
+  dind:
+
+    image: docker:25-dind
+    restart: always
+    privileged: true
+    environment:
+      DOCKER_TLS_CERTDIR: ""
+    command:
+      - --storage-driver=overlay2
+    networks:
+      - default
+
+
+  runner:
+
+    restart: always
+    image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
+    depends_on:
+      - dind
+      - app
+    environment:
+      - DOCKER_HOST=tcp://dind:2375
+    volumes:
+      - "/srv/gitlab/runner:/etc/gitlab-runner:z"
+    networks:
+      - default
+
+  
+  # Runner Registration 
+  # Excecute once when Gitlab is running 
+
+  # register-runner:
+
+  #   restart: 'no'
+  #   image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
+  #   depends_on:
+  #     - dind
+  #     - app
+  #   environment:
+  #     - CI_SERVER_URL=https://{{ domain }}
+  #     - REGISTRATION_TOKEN={{ runner_registration_token }}
+  #   command:
+  #     - register
+  #     - --non-interactive
+  #     - --locked=false
+  #     - --name=warpzone-webserver
+  #     - --executor=docker
+  #     - --docker-image=docker:20-dind
+  #     - --docker-volumes=/var/run/docker.sock:/var/run/docker.sock
+  #   volumes:
+  #     - "/srv/gitlab/runner:/etc/gitlab-runner:z"
+  #   networks:
+  #     - default
+
+
+networks:
+  web:
+    external: true
+  default:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        # must be a ULA range
+        - subnet: fd00:dead:beef:444::/64