diff --git a/README.md b/README.md
index a3d0bdb2495b5c518b05828bf6df27a5966d747a..4c6ece0f9c7637770be969c7f1834f818605606c 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,45 @@
-Role Name
-=========
+docker_gitlab
+==============
-A brief description of the role goes here.
+This role deploys GitLab on Docker
Requirements
------------
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+None
Role Variables
--------------
-A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+Variables from default directory :
+* domain: domain belonging to customer
+* git_url: URL on which GitLab will be listening
+* Mail configuration :
+ * real_mailserver: Whether to authorize e-mail from GitLab or not (if set to true - by default, the following variables need to be defined, otherwise a mailhog instance will be deployed for blocking e-mails)
+ * mailserver: SMTP server to use for sending e-mails (defaults to smtp.{{ domain }})
+ * smtpport: SMTP server port (defaults to 465)
+ * smtpuser: SMTP username (defaults to smtpuser)
+ * smtppass: SMTP user password (defaults to veryUnsecurePassToBeModified)
+ * git_mail_from: from address used in e-mail sent from GitLab (defaults to git@{{ domain }})
+* default_maintenance_email: maintenance e-mail used to request Let's Encrypt certificate (defaults to maintenance@{{ domain }})
+* SSO integration :
+ * enable_omniauth: whether or not configure SSO integration (defaults to false)
+ * sso_url: URL for SSO server
+ * sso_oidc_gitlab_id: OpenID connect identifier defined for gitlab
+ * sso_oidc_gitlab_secret: OpenID connect secret defined for gitlab
+* Backups :
+ * swift parameters for 2 object storage instances where backups should be pushed daily
+ * git_backup_pass : Passphrase for encryption of backups
+
Dependencies
------------
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+This role requires the following Ansible collection :
+* community.docker
+
+This Docker role supposes that Traefik is deployed as an inverseproxy in front of the deployed Dockers.
+The following role is used by Le Filament for deploying Traefik : docker_server (https://sources.le-filament.com/lefilament/ansible-roles/docker_server)
Example Playbook
----------------
@@ -25,7 +48,13 @@ Including an example of how to use your role (for instance, with variables passe
- hosts: servers
roles:
- - { role: username.rolename, x: 42 }
+ - { role: docker_gitlab }
+ vars:
+ - { domain: "example.org" }
+ - { git_url: "git.example.org" }
+ - { real_mailserver: false }
+ - { default_maintenance_email: "maintenance@example.org" }
+ - { enable_omniauth: false }
License
-------
diff --git a/defaults/main.yml b/defaults/main.yml
index 9457e0c9ab4dc507ab0989797be184a2746d5a1a..3101b1a9ef17ab96687e71f4485b6dccb3139f2f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,40 @@
---
-# defaults file for test
+domain: example.org
+git_url: git.{{ domain }}
+
+# Mail configuration
+real_mailserver: true
+mailserver: smtp.{{ domain }}
+smtpport: 465
+smtpuser: smtpuser
+smtppass: veryUnsecurePassToBeModified
+git_mail_from: git@{{ domain }}
+
+# Maintenance e-mail for Let's Encrypt certificate
+default_maintenance_email: maintenance@{{ domain }}
+
+# SSO integration
+enable_omniauth: false
+sso_url: auth.{{ domain }}
+sso_oidc_gitlab_id: gitlabid
+sso_oidc_gitlab_secret: secrettobemodified
+
+# Backups
+# Parameters for pushing backups to Object Storage - Instance 1
+swift_odoo_authurl: https://auth.cloud.ovh.net/v3/
+swift_odoo_authversion: 3
+swift_odoo_tenantid: "132e1fa"
+swift_odoo_tenantname: "12312534534"
+swift_odoo_username: "testuser"
+swift_odoo_password: "testpassword"
+swift_odoo_regionname: "GRA"
+# Parameters for pushing backups to Object Storage - Instance 2
+swift_odoo2_authurl: https://auth.cloud.ovh.net/v3/
+swift_odoo2_authversion: 3
+swift_odoo2_tenantid: "12323534ab"
+swift_odoo2_tenantname: "123124235345"
+swift_odoo2_username: "testuser"
+swift_odoo2_password: "testpassword"
+swift_odoo2_regionname: "DE"
+# Passphrase for backups encryption
+git_backup_pass: notSecureEnoughPasswordToBeModified
diff --git a/templates/gitlab.yaml.j2 b/templates/gitlab.yaml.j2
index 8bf304505eb111c99ab8acd74ef4942b1ef52429..e472f23416143ee9dab01aea48fbae94fa6add89 100644
--- a/templates/gitlab.yaml.j2
+++ b/templates/gitlab.yaml.j2
@@ -2,7 +2,7 @@ version: '2.1'
services:
smtp:
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
image: tecnativa/postfix-relay
volumes:
- smtp:/var/spool/postfix
@@ -10,13 +10,13 @@ services:
default:
public:
environment:
- MAILNAME: "{{ mailname }}"
+ MAILNAME: "{{ domain }}"
MAIL_RELAY_HOST: "{{ mailserver }}"
MAIL_RELAY_PORT: "{{ smtpport }}"
MAIL_RELAY_USER: "{{ smtpuser }}"
MAIL_RELAY_PASS: "{{ smtppass }}"
- MAIL_CANONICAL_DOMAINS: "{{ mailname }}"
- MAIL_NON_CANONICAL_DEFAULT: "{{ mailname }}"
+ MAIL_CANONICAL_DOMAINS: "{{ domain }}"
+ MAIL_NON_CANONICAL_DEFAULT: "{{ domain }}"
{% else %}
image: mailhog/mailhog
networks:
@@ -84,9 +84,9 @@ services:
{% endif %}
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = 'smtp'
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
gitlab_rails['smtp_port'] = 25
- gitlab_rails['smtp_domain'] = '{{ mailname }}'
+ gitlab_rails['smtp_domain'] = '{{ domain }}'
{% else %}
gitlab_rails['smtp_port'] = 1025
{% endif %}
@@ -117,7 +117,7 @@ networks:
encrypted: 1
inverseproxy_shared:
external: true
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
public:
{% else %}
inverseproxy_smtp:
@@ -128,6 +128,6 @@ volumes:
config:
data:
logs:
-{% if mailname is defined %}
+{% if real_mailserver is defined %}
smtp:
{% endif %}