Initial commit

templates/docker-compose.j2

@@ -0,0 +1,31 @@
+version: '3.6'
+services:
+  web:
+    image: 'gitlab/gitlab-ee:{{ image_tag }}'
+    restart: always
+    hostname: '{{ hostname }}'
+    environment:
+      GITLAB_OMNIBUS_CONFIG: |
+        external_url 'https://{{ hostname }}'
+        gitlab_rails['gitlab_email_enabled'] = true
+        gitlab_rails['gitlab_email_from'] = '{{ smtp_username }}'
+        gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
+        gitlab_rails['smtp_enable'] = true
+        gitlab_rails['smtp_address'] = '{{ smtp_server }}'
+        gitlab_rails['smtp_port'] = {{ smtp_port }}
+        gitlab_rails['smtp_user_name'] = '{{ smtp_username }}'
+        gitlab_rails['smtp_password'] = '{{ smtp_password }}'
+        gitlab_rails['smtp_authentication'] = 'login'
+        gitlab_rails['smtp_enable_starttls_auto'] = true
+        gitlab_rails['smtp_tls'] = true
+        gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
+        user['git_user_email'] = '{{ smtp_username }}'
+    ports:
+      - '9090:80'
+      - '9093:443'
+      - '22:22'
+    volumes:
+      - '$GITLAB_HOME/config:/etc/gitlab'
+      - '$GITLAB_HOME/logs:/var/log/gitlab'
+      - '$GITLAB_HOME/data:/var/opt/gitlab'
+    shm_size: '256m'

templates/nftables.j2

@@ -1,19 +0,0 @@
-# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
-#
-# vim:set ts=2 sw=2 et:
-
-flush ruleset
-
-table inet filter {
-	chain input {
-		type filter hook input priority 0; policy drop;
-
-		# accept any localhost traffic
-		iif lo accept
-
-		# accept traffic originated from us
-		ct state { established, related } accept
-
-		tcp dport { 22, 80, 443 } accept
-	}
-}

templates/postfix.j2

@@ -1,46 +0,0 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
-
-
-# Debian specific:  Specifying a file name will cause the first
-# line of that file to be used as the name.  The Debian default
-# is /etc/mailname.
-#myorigin = /etc/mailname
-
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-
-# appending .domain is the MUA's job.
-append_dot_mydomain = no
-
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-
-readme_directory = no
-
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2
-
-
-
-# TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
-smtpd_use_tls=yes
-smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-
-# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
-# information on enabling SSL in the smtp client.
-
-smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = {{ smtp_domain }}
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydestination = $myhostname, localhost.localdomain, localhost
-relayhost = 
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all