Commit b8d35c8d authored by Kirill Smelkov's avatar Kirill Smelkov

X secure secrets (and move them all into 1 place)

parent 117f23de
# GitLab instance
# NOTE instance/software layout is inspired by gitlab omnibus
# NOTE all services are interconnected via unix sockets - because of easier
# security and performance reasons.
# security and performance reasons (unix has 2x less latency and more
# throughput compared to tcp over loopback).
[buildout]
extends = {{ gitlab_parameters_cfg }}
parts =
......@@ -16,7 +17,7 @@ parts =
gitlab-{{ prog }}
{% endfor %}
# TODO gitlab-shell - since compiled shell picks up /usr/bin/env ruby ...
# TODO gitlab-shell - since compiled shell picks up /usr/bin/env ruby ... ?
gitlab-root-shadow
gitlab-shell-root-shadow
......@@ -116,7 +117,7 @@ repositories = ${directory:srv}/repositories
backup = ${directory:srv}/backup
# gitlab-shell: etc/ log/ gitlab_shell_secrete ...
# gitlab-shell: etc/ log/ gitlab_shell_secret ...
[gitlab-shell-dir]
recipe = slapos.cookbook:mkdirectory
etc = ${directory:etc}/gitlab-shell
......@@ -125,7 +126,14 @@ log = ${directory:log}/gitlab-shell
[gitlab-shell]
etc = ${gitlab-shell-dir:etc}
log = ${gitlab-shell-dir:log}
secret = ${:etc}/gitlab_shell_secret
secret = ${secrets:secrets}/gitlab_shell_secret
[secrets]
recipe = slapos.cookbook:mkdirectory
secrets = ${directory:srv}/secrets
mode = 0700
......@@ -293,6 +301,7 @@ update-command =
${:tune-command}
# XXX store
# NOTE there is no need to link/create .gitlab_shell_secret - we set path to it
# in gitlab & gitlab-shell configs, and gitlab creates it on its first start
[gitlab-root-shadow]
......@@ -302,7 +311,7 @@ tune-command =
# secret* tmp/ log/
rm -f .secret &&
rm -rf log tmp &&
ln -sf ${gitlab:etc}/secret .secret &&
ln -sf ${secrets:secrets}/gitlab_rails_secret .secret &&
ln -sf ${gitlab:log} log &&
ln -sf ${gitlab:tmp} tmp &&
# config/
......@@ -311,6 +320,7 @@ tune-command =
ln -sf ${gitlab.yml:rendered} gitlab.yml &&
ln -sf ${database.yml:rendered} database.yml &&
ln -sf ${resque.yml:rendered} resque.yml &&
ln -sf ${secrets:secrets}/gitlab_secrets.yml secrets.yml &&
# config/initializers/
cd initializers &&
ln -sf ${rack_attack.rb:rendered} rack_attack.rb &&
......@@ -333,12 +343,7 @@ tune-command =
# etc/
# service/
# unicorn
# sidekiq
# 4. services
#####################
# Postgresql db #
......@@ -384,7 +389,6 @@ port =
#############
# Redis #
#############
[redis]
recipe = slapos.cookbook:mkdirectory
srv = ${directory:srv}/redis
......
......@@ -12,11 +12,9 @@ offline = true
[switch-softwaretype]
recipe = slapos.cookbook:softwaretype
default = $${instance-gitlab.cfg:rendered}
#single-default = $${dynamic-template-powerdns:rendered}
[instance-gitlab.cfg]
#<= jinja2-template-base
recipe = slapos.recipe.template:jinja2
mode = 0644
template= ${instance-gitlab.cfg.in:target}
......
......@@ -83,7 +83,7 @@ git-executable = ${git:location}/bin/git
[gitlab-repository]
<= git-repository
repository = https://gitlab.com/gitlab-org/gitlab-ce.git
revision = v8.1.2-5-ge6e4aa04dc464717ef929a453af0eea11dbc8a03
revision = v8.1.3-9-g0350a36f28bfb19fddf570c9f77e181e32efc149
location = ${buildout:parts-directory}/gitlab
[gitlab-shell-repository]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment