summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdam Coldrick <adam.coldrick@codethink.co.uk>2014-05-09 10:52:06 +0000
committerAdam Coldrick <adam.coldrick@codethink.co.uk>2014-05-15 16:04:02 +0000
commit2b120087f3fdddca03d79c6b67275b0509afa154 (patch)
tree304fee78bbed50e09fd1debde515b675ccc147b8
parent2fb6ede1ffed0b2ca4bd805c1ab558cdeea8c446 (diff)
downloaddefinitions-2b120087f3fdddca03d79c6b67275b0509afa154.tar.gz
Add a configure extension and relevant files for installing GitLab
-rw-r--r--gitlab-server/manifest34
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml43
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml3
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb102
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci36
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml41
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml49
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml270
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb18
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml3
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb113
-rw-r--r--gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab70
-rw-r--r--gitlab-server/usr/share/gitlab-install/nginx.conf73
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service24
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service24
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service24
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service24
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target15
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service15
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service25
-rw-r--r--gitlab-server/usr/share/gitlab-install/systemd-units/redis.service13
-rwxr-xr-xgitlab-server/usr/share/gitlab-setup104
-rw-r--r--gitlab.configure84
23 files changed, 1207 insertions, 0 deletions
diff --git a/gitlab-server/manifest b/gitlab-server/manifest
new file mode 100644
index 00000000..8d1dae7a
--- /dev/null
+++ b/gitlab-server/manifest
@@ -0,0 +1,34 @@
+0100755 0 0 /usr/share/gitlab-setup
+0040755 0 0 /usr/share/gitlab-install
+0040755 0 0 /usr/share/gitlab-install/gitlab
+0040755 0 0 /usr/share/gitlab-install/gitlab/config
+0100644 0 0 /usr/share/gitlab-install/gitlab/config/gitlab.yml
+0040755 0 0 /usr/share/gitlab-install/gitlab/config/initializers
+0100644 0 0 /usr/share/gitlab-install/gitlab/config/resque.yml
+0100644 0 0 /usr/share/gitlab-install/gitlab/config/unicorn.rb
+0100644 0 0 /usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb
+0040755 0 0 /usr/share/gitlab-install/gitlab/lib
+0040755 0 0 /usr/share/gitlab-install/gitlab/lib/support
+0040755 0 0 /usr/share/gitlab-install/gitlab/lib/support/nginx
+0100644 0 0 /usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab
+0040755 0 0 /usr/share/gitlab-install/gitlab-shell
+0100644 0 0 /usr/share/gitlab-install/gitlab-shell/config.yml
+0040755 0 0 /usr/share/gitlab-install/gitlab-ci
+0040755 0 0 /usr/share/gitlab-install/gitlab-ci/config
+0100644 0 0 /usr/share/gitlab-install/gitlab-ci/config/application.yml
+0100644 0 0 /usr/share/gitlab-install/gitlab-ci/config/resque.yml
+0100644 0 0 /usr/share/gitlab-install/gitlab-ci/config/unicorn.rb
+0040755 0 0 /usr/share/gitlab-install/gitlab-ci/lib
+0040755 0 0 /usr/share/gitlab-install/gitlab-ci/lib/support
+0040755 0 0 /usr/share/gitlab-install/gitlab-ci/lib/support/nginx
+0100644 0 0 /usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci
+0100644 0 0 /usr/share/gitlab-install/nginx.conf
+0040755 0 0 /usr/share/gitlab-install/systemd-units
+0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab.target
+0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service
+0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service
+0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service
+0100644 0 0 /usr/share/gitlab-install/systemd-units/gitlab-unicorn.service
+0100644 0 0 /usr/share/gitlab-install/systemd-units/nginx.service
+0100644 0 0 /usr/share/gitlab-install/systemd-units/postgres.service
+0100644 0 0 /usr/share/gitlab-install/systemd-units/redis.service
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml
new file mode 100644
index 00000000..6eb5eb19
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/application.yml
@@ -0,0 +1,43 @@
+defaults: &defaults
+ gitlab_server_urls:
+ # Replace with your gitlab server url
+ - 'http://##GITLAB_HOSTNAME##/'
+
+ ## Gitlab CI settings
+ gitlab_ci:
+ ## Web server settings
+ host: ##GITLAB_HOSTNAME##
+ port: ##CI_PORT##
+ https: false
+
+ ## Email settings
+ # Email address used in the "From" field in mails sent by GitLab-CI
+ email_from: gitlab-ci@localhost
+
+ # Email address of your support contact (default: same as email_from)
+ support_email: support@localhost
+
+ # Default project notifications settings:
+ #
+ # Send emails only on broken builds (default: true)
+ # all_broken_builds: true
+ #
+ # Add committer to recipients list (default: false)
+ # add_committer: true
+
+ gravatar:
+ enabled: true
+ plain_url: "http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
+ ssl_url: "https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm"
+
+
+development:
+ <<: *defaults
+
+test:
+ <<: *defaults
+ gitlab_server_urls:
+ - 'http://demo.gitlab.com/'
+
+production:
+ <<: *defaults
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml
new file mode 100644
index 00000000..f42ffe78
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/resque.yml
@@ -0,0 +1,3 @@
+development: redis://127.0.0.1:6379
+test: redis://127.0.0.1:6379
+production: redis://127.0.0.1:6379
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb
new file mode 100644
index 00000000..cdcbe39a
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb
@@ -0,0 +1,102 @@
+# Sample verbose configuration file for Unicorn (not Rack)
+#
+# This configuration file documents many features of Unicorn
+# that may not be needed for some applications. See
+# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb
+# for a much simpler configuration file.
+#
+# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
+# documentation.
+
+# Use at least one worker per core if you're on a dedicated server,
+# more will usually help for _short_ waits on databases/caches.
+worker_processes 2
+
+# Since Unicorn is never exposed to outside clients, it does not need to
+# run on the standard HTTP port (80), there is no reason to start Unicorn
+# as root unless it's from system init scripts.
+# If running the master process as root and the workers as an unprivileged
+# user, do this to switch euid/egid in the workers (also chowns logs):
+# user "unprivileged_user", "unprivileged_group"
+
+# Help ensure your application will always spawn in the symlinked
+# "current" directory that Capistrano sets up.
+working_directory "/home/gitlab_ci/gitlab-ci" # available in 0.94.0+
+
+# listen on both a Unix domain socket and a TCP port,
+# we use a shorter backlog for quicker failover when busy
+listen "/home/gitlab_ci/gitlab-ci/tmp/sockets/gitlab-ci.socket", :backlog => 64
+listen "127.0.0.1:##UNICORN_CI_PORT##", :tcp_nopush => true
+
+# nuke workers after 30 seconds instead of 60 seconds (the default)
+timeout 30
+
+# feel free to point this anywhere accessible on the filesystem
+pid "/home/gitlab_ci/gitlab-ci/tmp/pids/unicorn.pid"
+
+# By default, the Unicorn logger will write to stderr.
+# Additionally, some applications/frameworks log to stderr or stdout,
+# so prevent them from going to /dev/null when daemonized here:
+stderr_path "/home/gitlab_ci/gitlab-ci/log/unicorn.stderr.log"
+stdout_path "/home/gitlab_ci/gitlab-ci/log/unicorn.stdout.log"
+
+# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
+# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
+preload_app true
+GC.respond_to?(:copy_on_write_friendly=) and
+ GC.copy_on_write_friendly = true
+
+# Enable this flag to have unicorn test client connections by writing the
+# beginning of the HTTP headers before calling the application. This
+# prevents calling the application for connections that have disconnected
+# while queued. This is only guaranteed to detect clients on the same
+# host unicorn runs on, and unlikely to detect disconnects even on a
+# fast LAN.
+check_client_connection false
+
+before_fork do |server, worker|
+ # the following is highly recomended for Rails + "preload_app true"
+ # as there's no need for the master process to hold a connection
+ defined?(ActiveRecord::Base) and
+ ActiveRecord::Base.connection.disconnect!
+
+ # The following is only recommended for memory/DB-constrained
+ # installations. It is not needed if your system can house
+ # twice as many worker_processes as you have configured.
+ #
+ # This allows a new master process to incrementally
+ # phase out the old master process with SIGTTOU to avoid a
+ # thundering herd (especially in the "preload_app false" case)
+ # when doing a transparent upgrade. The last worker spawned
+ # will then kill off the old master process with a SIGQUIT.
+ old_pid = "#{server.config[:pid]}.oldbin"
+ if old_pid != server.pid
+ begin
+ sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+ Process.kill(sig, File.read(old_pid).to_i)
+ rescue Errno::ENOENT, Errno::ESRCH
+ end
+ end
+ #
+ # Throttle the master from forking too quickly by sleeping. Due
+ # to the implementation of standard Unix signal handlers, this
+ # helps (but does not completely) prevent identical, repeated signals
+ # from being lost when the receiving process is busy.
+ # sleep 1
+end
+
+after_fork do |server, worker|
+ # per-process listener ports for debugging/admin/migrations
+ # addr = "127.0.0.1:#{9293 + worker.nr}"
+ # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
+
+ # the following is *required* for Rails + "preload_app true",
+ defined?(ActiveRecord::Base) and
+ ActiveRecord::Base.establish_connection
+
+ # if preload_app is true, then you may also want to check and
+ # restart any other shared sockets/descriptors such as Memcached,
+ # and Redis. TokyoCabinet file handles are safe to reuse
+ # between any number of forked children (assuming your kernel
+ # correctly implements pread()/pwrite() system calls)
+end
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci b/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci
new file mode 100644
index 00000000..aa26614c
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci
@@ -0,0 +1,36 @@
+# GITLAB CI
+# Maintainer: @randx
+# App Version: 2.0
+
+upstream gitlab_ci {
+ server unix:/home/gitlab_ci/gitlab-ci/tmp/sockets/gitlab-ci.socket;
+}
+
+server {
+ listen 81 default_server; # e.g., listen 192.168.1.1:80;
+ server_name ct-gitlab.dyn.ducie.codethink.co.uk; # e.g., server_name source.example.com;
+ root /home/gitlab_ci/gitlab-ci/public;
+
+ access_log /var/log/nginx/gitlab_ci_access.log;
+ error_log /var/log/nginx/gitlab_ci_error.log;
+
+ location / {
+ try_files $uri $uri/index.html $uri.html @gitlab_ci;
+ }
+
+ location @gitlab_ci {
+ proxy_read_timeout 300;
+ proxy_connect_timeout 300;
+ proxy_redirect off;
+
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+
+ proxy_pass http://gitlab_ci;
+ }
+
+ # adjust this to match the largest build log your runners might submit,
+ # set to 0 to disable limit
+ client_max_body_size 10m;
+}
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml b/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml
new file mode 100644
index 00000000..fba31eb6
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab-shell/config.yml
@@ -0,0 +1,41 @@
+# GitLab user. git by default
+user: git
+
+# Url to gitlab instance. Used for api calls. Should end with a slash.
+gitlab_url: "http://##GITLAB_HOSTNAME##/"
+
+http_settings:
+# user: someone
+# password: somepass
+# ca_file: /etc/ssl/cert.pem
+# ca_path: /etc/pki/tls/certs
+ self_signed_cert: false
+
+# Repositories path
+# Give the canonicalized absolute pathname,
+# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
+# Check twice that none of the components is a symlink, including "/home".
+repos_path: "/home/git/repositories"
+
+# File used as authorized_keys for gitlab user
+auth_file: "/home/git/.ssh/authorized_keys"
+
+# Redis settings used for pushing commit notices to gitlab
+redis:
+ bin: /usr/bin/redis-cli
+ host: 127.0.0.1
+ port: 6379
+ # socket: /tmp/redis.socket # Only define this if you want to use sockets
+ namespace: resque:gitlab
+
+# Log file.
+# Default is gitlab-shell.log in the root directory.
+# log_file: "/home/git/gitlab-shell/gitlab-shell.log"
+
+# Log level. INFO by default
+log_level: INFO
+
+# Audit usernames.
+# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
+# incurs an extra API call on every gitlab-shell command.
+audit_usernames: false
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml
new file mode 100644
index 00000000..66960551
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/database.yml
@@ -0,0 +1,49 @@
+#
+# PRODUCTION
+#
+production:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_production
+ pool: 10
+ # username: git
+ # password:
+ # host: localhost
+ # port: 5432
+ # socket: /tmp/postgresql.sock
+
+#
+# Development specific
+#
+development:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_development
+ pool: 5
+ username: postgres
+ password:
+ # socket: /tmp/postgresql.sock
+
+#
+# Staging specific
+#
+staging:
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_staging
+ pool: 5
+ username: postgres
+ password:
+ # socket: /tmp/postgresql.sock
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test: &test
+ adapter: postgresql
+ encoding: unicode
+ database: gitlabhq_test
+ pool: 5
+ username: postgres
+ password:
+ # socket: /tmp/postgresql.sock
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml
new file mode 100644
index 00000000..06d2cee5
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/gitlab.yml
@@ -0,0 +1,270 @@
+# # # # # # # # # # # # # # # # # #
+# GitLab application config file #
+# # # # # # # # # # # # # # # # # #
+#
+# How to use:
+# 1. copy file as gitlab.yml
+# 2. Replace gitlab -> host with your domain
+# 3. Replace gitlab -> email_from
+
+production: &base
+ #
+ # 1. GitLab app settings
+ # ==========================
+
+ ## GitLab settings
+ gitlab:
+ ## Web server settings (note: host is the FQDN, do not include http://)
+ host: ##GITLAB_HOSTNAME##
+ port: ##GITLAB_PORT##
+ https: false
+
+ # Uncomment and customize the last line to run in a non-root path
+ # WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this.
+ # Note that four settings need to be changed for this to work.
+ # 1) In your application.rb file: config.relative_url_root = "/gitlab"
+ # 2) In your gitlab.yml file: relative_url_root: /gitlab
+ # 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
+ # 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab"
+ # To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
+ #
+ # relative_url_root: /gitlab
+
+ # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
+ # user: git
+
+ ## Email settings
+ # Email address used in the "From" field in mails sent by GitLab
+ email_from: ##GITLAB_EMAIL##
+
+ # Email address of your support contact (default: same as email_from)
+ support_email: ##GITLAB_EMAIL##
+
+ ## User settings
+ default_projects_limit: 10
+ # default_can_create_group: false # default: true
+ # username_changing_enabled: false # default: true - User can change her username/namespace
+ ## Default theme
+ ## BASIC = 1
+ ## MARS = 2
+ ## MODERN = 3
+ ## GRAY = 4
+ ## COLOR = 5
+ # default_theme: 2 # default: 2
+
+
+ ## Users management
+ # default: false - Account passwords are not sent via the email if signup is enabled.
+ # signup_enabled: true
+ #
+ # default: true - If set to false, standard login form won't be shown on the sign-in page
+ # signin_enabled: false
+
+
+ # Restrict setting visibility levels for non-admin users.
+ # The default is to allow all levels.
+ #restricted_visibility_levels: [ "public" ]
+
+ ## Automatic issue closing
+ # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
+ # This happens when the commit is pushed or merged into the default branch of a project.
+ # When not specified the default issue_closing_pattern as specified below will be used.
+ # issue_closing_pattern: '([Cc]lose[sd]|[Ff]ixe[sd]) #(\d+)'
+
+ ## Default project features settings
+ default_projects_features:
+ issues: true
+ merge_requests: true
+ wiki: true
+ wall: false
+ snippets: false
+ visibility_level: "private" # can be "private" | "internal" | "public"
+
+ ## Repository downloads directory
+ # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
+ # The default is 'tmp/repositories' relative to the root of the Rails app.
+ # repository_downloads_path: tmp/repositories
+
+ ## External issues trackers
+ issues_tracker:
+ # redmine:
+ # title: "Redmine"
+ # ## If not nil, link 'Issues' on project page will be replaced with this
+ # ## Use placeholders:
+ # ## :project_id - GitLab project identifier
+ # ## :issues_tracker_id - Project Name or Id in external issue tracker
+ # project_url: "http://redmine.sample/projects/:issues_tracker_id"
+ #
+ # ## If not nil, links from /#\d/ entities from commit messages will replaced with this
+ # ## Use placeholders:
+ # ## :project_id - GitLab project identifier
+ # ## :issues_tracker_id - Project Name or Id in external issue tracker
+ # ## :id - Issue id (from commit messages)
+ # issues_url: "http://redmine.sample/issues/:id"
+ #
+ # ## If not nil, linkis to creating new issues will be replaced with this
+ # ## Use placeholders:
+ # ## :project_id - GitLab project identifier
+ # ## :issues_tracker_id - Project Name or Id in external issue tracker
+ # new_issue_url: "http://redmine.sample/projects/:issues_tracker_id/issues/new"
+ #
+ # jira:
+ # title: "Atlassian Jira"
+ # project_url: "http://jira.sample/issues/?jql=project=:issues_tracker_id"
+ # issues_url: "http://jira.sample/browse/:id"
+ # new_issue_url: "http://jira.sample/secure/CreateIssue.jspa"
+
+ ## Gravatar
+ gravatar:
+ enabled: true # Use user avatar image from Gravatar.com (default: true)
+ # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=mm
+ # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=mm
+
+ #
+ # 2. Auth settings
+ # ==========================
+
+ ## LDAP settings
+ # You can inspect a sample of the LDAP users with login access by running:
+ # bundle exec rake gitlab:ldap:check RAILS_ENV=production
+ ldap:
+ enabled: false
+ host: '_your_ldap_server'
+ port: 636
+ uid: 'sAMAccountName'
+ method: 'ssl' # "tls" or "ssl" or "plain"
+ bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+ password: '_the_password_of_the_bind_user'
+ # If allow_username_or_email_login is enabled, GitLab will ignore everything
+ # after the first '@' in the LDAP username submitted by the user on login.
+ #
+ # Example:
+ # - the user enters 'jane.doe@example.com' and 'p@ssw0rd' as LDAP credentials;
+ # - GitLab queries the LDAP server with 'jane.doe' and 'p@ssw0rd'.
+ #
+ # If you are using "uid: 'userPrincipalName'" on ActiveDirectory you need to
+ # disable this setting, because the userPrincipalName contains an '@'.
+ allow_username_or_email_login: true
+
+ # Base where we can search for users
+ #
+ # Ex. ou=People,dc=gitlab,dc=example
+ #
+ base: ''
+
+ # Filter LDAP users
+ #
+ # Format: RFC 4515
+ # Ex. (employeeType=developer)
+ #
+ user_filter: ''
+
+
+ ## OmniAuth settings
+ omniauth:
+ # Allow login via Twitter, Google, etc. using OmniAuth providers
+ enabled: false
+
+ # CAUTION!
+ # This allows users to login without having a user account first (default: false).
+ # User accounts will be created automatically when authentication was successful.
+ allow_single_sign_on: false
+ # Locks down those users until they have been cleared by the admin (default: true).
+ block_auto_created_users: true
+
+ ## Auth providers
+ # Uncomment the following lines and fill in the data of the auth provider you want to use
+ # If your favorite auth provider is not listed you can use others:
+ # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
+ # The 'app_id' and 'app_secret' parameters are always passed as the first two
+ # arguments, followed by optional 'args' which can be either a hash or an array.
+ # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
+ providers:
+ # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET',
+ # args: { access_type: 'offline', approval_prompt: '' } }
+ # - { name: 'twitter', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET'}
+ # - { name: 'github', app_id: 'YOUR APP ID',
+ # app_secret: 'YOUR APP SECRET',
+ # args: { scope: 'user:email' } }
+
+
+
+ #
+ # 3. Advanced settings
+ # ==========================
+
+ # GitLab Satellites
+ satellites:
+ # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
+ path: /home/git/gitlab-satellites/
+
+ ## Backup settings
+ backup:
+ path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
+ # keep_time: 604800 # default: 0 (forever) (in seconds)
+
+ ## GitLab Shell settings
+ gitlab_shell:
+ path: /home/git/gitlab-shell/
+
+ # REPOS_PATH MUST NOT BE A SYMLINK!!!
+ repos_path: /home/git/repositories/
+ hooks_path: /home/git/gitlab-shell/hooks/
+
+ # Git over HTTP
+ upload_pack: true
+ receive_pack: true
+
+ # If you use non-standard ssh port you need to specify it
+ # ssh_port: 22
+
+ ## Git settings
+ # CAUTION!
+ # Use the default values unless you really know what you are doing
+ git:
+ bin_path: /usr/bin/git
+ # The next value is the maximum memory size grit can use
+ # Given in number of bytes per git object (e.g. a commit)
+ # This value can be increased if you have very large commits
+ max_size: 5242880 # 5.megabytes
+ # Git timeout to read a commit, in seconds
+ timeout: 10
+
+ #
+ # 4. Extra customization
+ # ==========================
+
+ extra:
+ ## Google analytics. Uncomment if you want it
+ # google_analytics_id: '_your_tracking_id'
+
+ ## Piwik analytics.
+ # piwik_url: '_your_piwik_url'
+ # piwik_site_id: '_your_piwik_site_id'
+
+ ## Text under sign-in page (Markdown enabled)
+ # sign_in_text: |
+ # ![Company Logo](http://www.companydomain.com/logo.png)
+ # [Learn more about CompanyName](http://www.companydomain.com/)
+
+development:
+ <<: *base
+
+test:
+ <<: *base
+ gravatar:
+ enabled: true
+ gitlab:
+ host: localhost
+ port: 80
+ issues_tracker:
+ redmine:
+ title: "Redmine"
+ project_url: "http://redmine/projects/:issues_tracker_id"
+ issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
+ new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
+
+staging:
+ <<: *base
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb b/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb
new file mode 100644
index 00000000..bc3234bf
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/initializers/rack_attack.rb
@@ -0,0 +1,18 @@
+# 1. Rename this file to rack_attack.rb
+# 2. Review the paths_to_be_protected and add any other path you need protecting
+#
+
+paths_to_be_protected = [
+ "#{Rails.application.config.relative_url_root}/users/password",
+ "#{Rails.application.config.relative_url_root}/users/sign_in",
+ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
+ "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
+ "#{Rails.application.config.relative_url_root}/users",
+ "#{Rails.application.config.relative_url_root}/users/confirmation"
+]
+
+unless Rails.env.test?
+ Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
+ req.ip if paths_to_be_protected.include?(req.path) && req.post?
+ end
+end
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml b/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml
new file mode 100644
index 00000000..f42ffe78
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/resque.yml
@@ -0,0 +1,3 @@
+development: redis://127.0.0.1:6379
+test: redis://127.0.0.1:6379
+production: redis://127.0.0.1:6379
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb b/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb
new file mode 100644
index 00000000..02dbd98a
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab/config/unicorn.rb
@@ -0,0 +1,113 @@
+# Sample verbose configuration file for Unicorn (not Rack)
+#
+# This configuration file documents many features of Unicorn
+# that may not be needed for some applications. See
+# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb
+# for a much simpler configuration file.
+#
+# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
+# documentation.
+
+# Uncomment and customize the last line to run in a non-root path
+# WARNING: We recommend creating a FQDN to host GitLab in a root path instead of this.
+# Note that four settings need to be changed for this to work.
+# 1) In your application.rb file: config.relative_url_root = "/gitlab"
+# 2) In your gitlab.yml file: relative_url_root: /gitlab
+# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
+# 4) In ../gitlab-shell/config.yml: gitlab_url: "http://127.0.0.1/gitlab"
+# To update the path, run: sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
+#
+# ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
+
+# Use at least one worker per core if you're on a dedicated server,
+# more will usually help for _short_ waits on databases/caches.
+worker_processes 2
+
+# Since Unicorn is never exposed to outside clients, it does not need to
+# run on the standard HTTP port (80), there is no reason to start Unicorn
+# as root unless it's from system init scripts.
+# If running the master process as root and the workers as an unprivileged
+# user, do this to switch euid/egid in the workers (also chowns logs):
+# user "unprivileged_user", "unprivileged_group"
+
+# Help ensure your application will always spawn in the symlinked
+# "current" directory that Capistrano sets up.
+working_directory "/home/git/gitlab" # available in 0.94.0+
+
+# listen on both a Unix domain socket and a TCP port,
+# we use a shorter backlog for quicker failover when busy
+listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 64
+listen "127.0.0.1:##UNICORN_PORT##", :tcp_nopush => true
+
+# nuke workers after 30 seconds instead of 60 seconds (the default)
+timeout 30
+
+# feel free to point this anywhere accessible on the filesystem
+pid "/home/git/gitlab/tmp/pids/unicorn.pid"
+
+# By default, the Unicorn logger will write to stderr.
+# Additionally, some applications/frameworks log to stderr or stdout,
+# so prevent them from going to /dev/null when daemonized here:
+stderr_path "/home/git/gitlab/log/unicorn.stderr.log"
+stdout_path "/home/git/gitlab/log/unicorn.stdout.log"
+
+# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
+# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
+preload_app true
+GC.respond_to?(:copy_on_write_friendly=) and
+ GC.copy_on_write_friendly = true
+
+# Enable this flag to have unicorn test client connections by writing the
+# beginning of the HTTP headers before calling the application. This
+# prevents calling the application for connections that have disconnected
+# while queued. This is only guaranteed to detect clients on the same
+# host unicorn runs on, and unlikely to detect disconnects even on a
+# fast LAN.
+check_client_connection false
+
+before_fork do |server, worker|
+ # the following is highly recomended for Rails + "preload_app true"
+ # as there's no need for the master process to hold a connection
+ defined?(ActiveRecord::Base) and
+ ActiveRecord::Base.connection.disconnect!
+
+ # The following is only recommended for memory/DB-constrained
+ # installations. It is not needed if your system can house
+ # twice as many worker_processes as you have configured.
+ #
+ # This allows a new master process to incrementally
+ # phase out the old master process with SIGTTOU to avoid a
+ # thundering herd (especially in the "preload_app false" case)
+ # when doing a transparent upgrade. The last worker spawned
+ # will then kill off the old master process with a SIGQUIT.
+ old_pid = "#{server.config[:pid]}.oldbin"
+ if old_pid != server.pid
+ begin
+ sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+ Process.kill(sig, File.read(old_pid).to_i)
+ rescue Errno::ENOENT, Errno::ESRCH
+ end
+ end
+ #
+ # Throttle the master from forking too quickly by sleeping. Due
+ # to the implementation of standard Unix signal handlers, this
+ # helps (but does not completely) prevent identical, repeated signals
+ # from being lost when the receiving process is busy.
+ # sleep 1
+end
+
+after_fork do |server, worker|
+ # per-process listener ports for debugging/admin/migrations
+ # addr = "127.0.0.1:#{9293 + worker.nr}"
+ # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
+
+ # the following is *required* for Rails + "preload_app true",
+ defined?(ActiveRecord::Base) and
+ ActiveRecord::Base.establish_connection
+
+ # if preload_app is true, then you may also want to check and
+ # restart any other shared sockets/descriptors such as Memcached,
+ # and Redis. TokyoCabinet file handles are safe to reuse
+ # between any number of forked children (assuming your kernel
+ # correctly implements pread()/pwrite() system calls)
+end
diff --git a/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab b/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab
new file mode 100644
index 00000000..e9d3b1f0
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab
@@ -0,0 +1,70 @@
+# GITLAB
+# Maintainer: @randx
+
+# CHUNKED TRANSFER
+# It is a known issue that Git-over-HTTP requires chunked transfer encoding [0] which is not
+# supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with Git (i.e. a single large file)
+# can lead to a 411 error. In theory you can get around this by tweaking this configuration file and either
+# - installing an old version of Nginx with the chunkin module [2] compiled in, or
+# - using a newer version of Nginx.
+#
+# At the time of writing we do not know if either of these theoretical solutions works. As a workaround
+# users can use Git over SSH to push large files.
+#
+# [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
+# [1] https://github.com/agentzh/chunkin-nginx-module#status
+# [2] https://github.com/agentzh/chunkin-nginx-module
+
+upstream gitlab {
+ server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
+}
+
+server {
+ listen *:##GITLAB_PORT## default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
+ server_name ##GITLAB_HOSTNAME##; # e.g., server_name source.example.com;
+ server_tokens off; # don't show the version number, a security best practice
+ root /home/git/gitlab/public;
+
+ # Increase this if you want to upload large attachments
+ # Or if you want to accept large git objects over http
+ client_max_body_size 20m;
+
+ # individual nginx logs for this gitlab vhost
+ access_log /var/log/nginx/gitlab_access.log;
+ error_log /var/log/nginx/gitlab_error.log;
+
+ location / {
+ # serve static files from defined root folder;.
+ # @gitlab is a named location for the upstream fallback, see below
+ try_files $uri $uri/index.html $uri.html @gitlab;
+ }
+
+ # if a file, which is not found in the root folder is requested,
+ # then the proxy pass the request to the upsteam (gitlab unicorn)
+ location @gitlab {
+ # If you use https make sure you disable gzip compression
+ # to be safe against BREACH attack
+ # gzip off;
+
+ proxy_read_timeout 300; # Some requests take more than 30 seconds.
+ proxy_connect_timeout 300; # Some requests take more than 30 seconds.
+ proxy_redirect off;
+
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ proxy_pass http://gitlab;
+ }
+
+ # Enable gzip compression as per rails guide: http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
+ location ~ ^/(assets)/ {
+ root /home/git/gitlab/public;
+ #gzip_static on; # to serve pre-gzipped version
+ expires max;
+ add_header Cache-Control public;
+ }
+
+ error_page 502 /502.html;
+}
diff --git a/gitlab-server/usr/share/gitlab-install/nginx.conf b/gitlab-server/usr/share/gitlab-install/nginx.conf
new file mode 100644
index 00000000..6e40b0e9
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/nginx.conf
@@ -0,0 +1,73 @@
+
+#user nobody;
+worker_processes 1;
+
+#error_log logs/error.log;
+#error_log logs/error.log notice;
+#error_log logs/error.log info;
+
+#pid logs/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ #log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ # '$status $body_bytes_sent "$http_referer" '
+ # '"$http_user_agent" "$http_x_forwarded_for"';
+
+ #access_log logs/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ #keepalive_timeout 0;
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ include /home/git/gitlab/lib/support/nginx/gitlab;
+ include /home/gitlab_ci/gitlab-ci/lib/support/nginx/gitlab_ci;
+
+ # another virtual host using mix of IP-, name-, and port-based configuration
+ #
+ #server {
+ # listen 8000;
+ # listen somename:8080;
+ # server_name somename alias another.alias;
+
+ # location / {
+ # root html;
+ # index index.html index.htm;
+ # }
+ #}
+
+
+ # HTTPS server
+ #
+ #server {
+ # listen 443 ssl;
+ # server_name localhost;
+
+ # ssl_certificate cert.pem;
+ # ssl_certificate_key cert.key;
+
+ # ssl_session_cache shared:SSL:1m;
+ # ssl_session_timeout 5m;
+
+ # ssl_ciphers HIGH:!aNULL:!MD5;
+ # ssl_prefer_server_ciphers on;
+
+ # location / {
+ # root html;
+ # index index.html index.htm;
+ # }
+ #}
+
+}
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service
new file mode 100644
index 00000000..9a1a82d2
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-sidekiq.service
@@ -0,0 +1,24 @@
+#####################################################
+#
+# GitLab version : 5.x - 6.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+####################################################
+
+[Unit]
+Description=GitLab CI Sidekiq Worker
+
+[Service]
+Type=forking
+User=gitlab_ci
+WorkingDirectory=/home/gitlab_ci/gitlab-ci
+Environment=RAILS_ENV=production
+SyslogIdentifier=gitlab-ci-sidekiq
+PIDFile=/home/gitlab_ci/gitlab-ci/tmp/pids/sidekiq.pid
+
+ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P tmp/pids/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1"
+ExecStop=/usr/bin/bundle exec "sidekiqctl stop /home/gitlab_ci/gitlab-ci/tmp/pids/sidekiq.pid >> /home/gitlab_ci/gitlab-ci/log/sidekiq.log 2>&1"
+
+[Install]
+WantedBy=gitlab.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service
new file mode 100644
index 00000000..811b3fc0
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-ci-unicorn.service
@@ -0,0 +1,24 @@
+#####################################################
+#
+# GitLab version : 5.x - 6.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+####################################################
+
+[Unit]
+Description=GitLab CI Unicorn Server
+
+[Service]
+User=gitlab_ci
+WorkingDirectory=/home/gitlab_ci/gitlab-ci
+Environment=RAILS_ENV=production
+SyslogIdentifier=gitlab-ci-unicorn
+PIDFile=/home/gitlab_ci/gitlab-ci/tmp/pids/unicorn.pid
+
+ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/gitlab_ci/gitlab-ci/config/unicorn.rb -E production"
+ExecStop=/usr/bin/kill -QUIT $MAINPID
+ExecReload=/usr/bin/kill -USR2 $MAINPID
+
+[Install]
+WantedBy=gitlab.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service
new file mode 100644
index 00000000..82ff78d4
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-sidekiq.service
@@ -0,0 +1,24 @@
+#####################################################
+#
+# GitLab version : 5.x - 6.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+####################################################
+
+[Unit]
+Description=GitLab Sidekiq Worker
+
+[Service]
+Type=forking
+User=git
+WorkingDirectory=/home/git/gitlab
+Environment=RAILS_ENV=production
+SyslogIdentifier=gitlab-sidekiq
+PIDFile=/home/git/gitlab/tmp/pids/sidekiq.pid
+
+ExecStart=/usr/bin/bundle exec "sidekiq -q post_receive,mailer,system_hook,project_web_hook,gitlab_shell,common,default -e production -P tmp/pids/sidekiq.pid -d -L log/sidekiq.log >> log/sidekiq.log 2>&1"
+ExecStop=/usr/bin/bundle exec "sidekiqctl stop /home/git/gitlab/tmp/pids/sidekiq.pid >> /home/git/gitlab/log/sidekiq.log 2>&1"
+
+[Install]
+WantedBy=gitlab.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service
new file mode 100644
index 00000000..71e3d84d
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab-unicorn.service
@@ -0,0 +1,24 @@
+#####################################################
+#
+# GitLab version : 5.x - 6.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+####################################################
+
+[Unit]
+Description=GitLab Unicorn Server
+
+[Service]
+User=git
+WorkingDirectory=/home/git/gitlab
+Environment=RAILS_ENV=production
+SyslogIdentifier=gitlab-unicorn
+PIDFile=/home/git/gitlab/tmp/pids/unicorn.pid
+
+ExecStart=/usr/bin/bundle exec "unicorn_rails -c /home/git/gitlab/config/unicorn.rb -E production"
+ExecStop=/usr/bin/kill -QUIT $MAINPID
+ExecReload=/usr/bin/kill -USR2 $MAINPID
+
+[Install]
+WantedBy=gitlab.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target
new file mode 100644
index 00000000..11e85441
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/gitlab.target
@@ -0,0 +1,15 @@
+###########################################################################################
+#
+# GitLab version : 5.x - 6.x
+# Contributors : davispuh, mtorromeo, axilleas, boeserwolf91
+# Downloaded from : https://github.com/gitlabhq/gitlab-recipes/tree/master/init/systemd
+#
+###########################################################################################
+
+[Unit]
+Description=GitLab - Self Hosted Git Management
+Requires=redis.service postgres.service
+After=redis.service postgres.service syslog.target network.target
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service b/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service
new file mode 100644
index 00000000..0a50c50b
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/nginx.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=The nginx HTTP and reverse proxy server
+After=syslog.target network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=forking
+PIDFile=/etc/nginx/nginx.pid
+ExecStartPre=/usr/sbin/nginx -t
+ExecStart=/usr/sbin/nginx
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s QUIT $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service b/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service
new file mode 100644
index 00000000..ed46d965
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/postgres.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=PostgreSQL database server
+After=network.target
+
+[Service]
+Type=forking
+TimeoutSec=120
+User=postgres
+Group=postgres
+
+Environment=PGROOT=/home/postgres/pgsql
+
+SyslogIdentifier=postgres
+PIDFile=/home/postgres/pgsql/data/postmaster.pid
+
+ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT}/data start -w -t 120
+ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT}/data reload
+ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT}/data stop -m fast
+
+# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
+# killing Postgres, so adjust it downward
+OOMScoreAdjust=-200
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service b/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service
new file mode 100644
index 00000000..c936f8da
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-install/systemd-units/redis.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Redis Server
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/redis-server
+ExecStop=/bin/kill -15 $MAINPID
+PIDFile=/var/run/redis.pid
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/gitlab-server/usr/share/gitlab-setup b/gitlab-server/usr/share/gitlab-setup
new file mode 100755
index 00000000..5c53c859
--- /dev/null
+++ b/gitlab-server/usr/share/gitlab-setup
@@ -0,0 +1,104 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+set -e
+
+# install bundler (not nice, we need to figure out how to do this traceably)
+gem install bundler
+
+# create required users
+adduser -D --gecos 'GitLab' -s /bin/sh git
+adduser -D -s /bin/sh postgres
+adduser -D --gecos 'GitLab CI' -s /bin/sh gitlab_ci
+
+# initialize postgres database, start server
+su -c "mkdir -p pgsql/data" - postgres
+su -c "pg_ctl -D pgsql/data initdb" - postgres
+su -c "pg_ctl -D pgsql/data -l logfile start" - postgres
+
+# wait for the database server to start
+echo "Waiting for database..."
+sleep 2s
+
+# create gitlab database
+su -c "psql -d template1 -c 'CREATE USER git;'" - postgres
+su -c "psql -d template1 -c 'CREATE DATABASE gitlabhq_production OWNER git;'" - postgres
+
+# create the gitlab ci database
+su -c "psql -d template1 -c 'CREATE USER gitlab_ci;'" - postgres
+su -c "psql -d template1 -c 'CREATE DATABASE gitlab_ci_production OWNER gitlab_ci;'" - postgres
+
+# set up git config for gitlab user
+su -c "git config --global http.sslVerify false" - git
+su -c "git config --global user.name 'GitLab'" - git
+su -c "git config --global user.email 'gitlab@localhost'" - git
+su -c "git config --global core.autocrlf input" - git
+
+# install gitlab shell
+su -c "git clone https://gitlab.com/gitlab-org/gitlab-shell.git -b v1.9.3 ~/gitlab-shell" - git
+cd /home/git/gitlab-shell
+cp /usr/share/gitlab-install/gitlab-shell/config.yml ./config.yml
+su -c "~/gitlab-shell/bin/install" - git
+
+# install gitlab
+su -c "git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 6-8-stable ~/gitlab" - git
+cd /home/git/gitlab
+su -c "cp config/database.yml.postgresql config/database.yml" git
+su -c "cp -r /usr/share/gitlab-install/gitlab/config/* config/" git
+
+su -c "chmod -R u+rwX log/" git
+su -c "chmod -R u+rwX tmp/" git
+su -c "chmod o-rwx config/database.yml" git
+
+su -c "/usr/bin/redis-server" - git &
+su -c "bundle install --deployment --without development test mysql aws" git
+su -c "export force='yes'; bundle exec rake gitlab:setup RAILS_ENV=production" git
+su -c "bundle exec rake assets:precompile RAILS_ENV=production" git
+
+# set up git config for gitlab_ci user
+su -c "git config --global http.sslVerify false" - gitlab_ci
+su -c "git config --global user.name 'GitLab CI'" - gitlab_ci
+su -c "git config --global user.email 'gitlab_ci@localhost'" - gitlab_ci
+su -c "git config --global core.autocrlf input" - gitlab_ci
+
+# install gitlab ci
+su -c "git clone https://gitlab.com/gitlab-org/gitlab-ci.git -b 5-0-stable" - gitlab_ci
+cd /home/gitlab_ci/gitlab-ci
+su -c "cp config/database.yml.postgresql config/database.yml" gitlab_ci
+su -c "cp -r /usr/share/gitlab-install/gitlab-ci/config/* config/" gitlab_ci
+
+su -c "mkdir -p tmp/sockets" gitlab_ci
+su -c "mkdir -p tmp/pids" gitlab_ci
+su -c "chmod -R u+rwx tmp/sockets" gitlab_ci
+su -c "chmod -R u+rwx tmp/pids" gitlab_ci
+
+su -c "bundle install --without development test mysql --deployment" gitlab_ci
+su -c "bundle exec rake setup RAILS_ENV=production" gitlab_ci
+su -c "bundle exec whenever -w RAILS_ENV=production" gitlab_ci
+
+# configure nginx
+addgroup nobody
+mkdir -p /var/log/nginx
+cp /usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab /home/git/gitlab/lib/support/nginx/
+cp /usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci /home/gitlab_ci/gitlab-ci/lib/support/nginx/
+cp /usr/share/gitlab-install/nginx.conf /etc/nginx/nginx.conf
+
+# make systemd units to start gitlab and required stuff on boot
+cd /etc/systemd/system
+cp /usr/share/gitlab-install/systemd-units/* .
+systemctl enable redis.service nginx.service postgres.service gitlab.target gitlab-unicorn.service gitlab-sidekiq.service gitlab-ci-sidekiq.service gitlab-ci-unicorn.service
+reboot
diff --git a/gitlab.configure b/gitlab.configure
new file mode 100644
index 00000000..ab4ef561
--- /dev/null
+++ b/gitlab.configure
@@ -0,0 +1,84 @@
+#!/bin/sh
+#
+# Copyright (C) 2014 Codethink Limited
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# This is a "morph deploy" configuration extension to fully configure
+# a GitLab and GitLab CI instance at deployment time. It uses the
+# following variables from the environment:
+#
+# * GITLAB_HOSTNAME
+# * GITLAB_PORT
+# * GITLAB_EMAIL
+# * UNICORN_PORT
+# * CI_PORT
+# * UNICORN_CI_PORT
+
+set -e
+
+ROOT="$1"
+
+
+##########################################################################
+# Substitutions in configuration files
+##########################################################################
+
+echo "Creating /etc/gitlab-setup.sed"
+
+cat <<EOF > "$ROOT"/etc/gitlab-setup.sed
+s/##GITLAB_HOSTNAME##/$GITLAB_HOSTNAME/g
+s/##GITLAB_PORT##/$GITLAB_PORT/g
+s/##GITLAB_EMAIL##/$GITLAB_EMAIL/g
+s/##UNICORN_PORT##/$UNICORN_PORT/g
+s/##CI_PORT##/$CI_PORT/g
+s/##UNICORN_CI_PORT##/$UNICORN_CI_PORT/g
+EOF
+
+echo "Performing substitutions in /usr/share/gitlab config"
+
+sed -f "$ROOT"/etc/gitlab-setup.sed -i \
+ "$ROOT"/usr/share/gitlab-install/gitlab/config/gitlab.yml \
+ "$ROOT"/usr/share/gitlab-install/gitlab/config/unicorn.rb \
+ "$ROOT"/usr/share/gitlab-install/gitlab/lib/support/nginx/gitlab \
+ "$ROOT"/usr/share/gitlab-install/gitlab-shell/config.yml \
+ "$ROOT"/usr/share/gitlab-install/gitlab-ci/config/application.yml \
+ "$ROOT"/usr/share/gitlab-install/gitlab-ci/config/unicorn.rb \
+ "$ROOT"/usr/share/gitlab-install/gitlab-ci/lib/support/nginx/gitlab_ci \
+ "$ROOT"/usr/share/gitlab-install/nginx.conf
+
+##########################################################################
+
+echo "Create gitlab-setup unit file"
+cat <<EOF > "$ROOT/etc/systemd/system/gitlab-setup.service"
+[Unit]
+Description=Run gitlab-setup (once)
+Requires=network.target
+After=network.target
+Requires=local-fs.target
+After=local-fs.target
+
+ConditionPathExists=!/home/git/gitlab
+
+[Service]
+Type=oneshot
+ExecStart=/usr/share/gitlab-setup
+Restart=no
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+ln -s "/etc/systemd/system/gitlab-setup.service" \
+ "$ROOT/etc/systemd/system/multi-user.target.wants/gitlab-setup.service"