diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/database.yml.env | 9 | ||||
-rw-r--r-- | config/gitlab.yml.example | 28 | ||||
-rw-r--r-- | config/initializers/1_settings.rb | 24 | ||||
-rw-r--r-- | config/initializers/devise.rb | 14 | ||||
-rw-r--r-- | config/initializers/recaptcha.rb | 6 | ||||
-rw-r--r-- | config/initializers/sidekiq.rb | 11 | ||||
-rw-r--r-- | config/routes.rb | 3 | ||||
-rw-r--r-- | config/schedule.yml | 10 |
8 files changed, 85 insertions, 20 deletions
diff --git a/config/database.yml.env b/config/database.yml.env new file mode 100644 index 00000000000..b2ff23cb5ab --- /dev/null +++ b/config/database.yml.env @@ -0,0 +1,9 @@ +<%= ENV['RAILS_ENV'] %>: + adapter: <%= ENV['GITLAB_DATABASE_ADAPTER'] || 'postgresql' %> + encoding: <%= ENV['GITLAB_DATABASE_ENCODING'] || 'unicode' %> + database: <%= ENV['GITLAB_DATABASE_DATABASE'] || "gitlab_#{ENV['RAILS_ENV']}" %> + pool: <%= ENV['GITLAB_DATABASE_POOL'] || '10' %> + username: <%= ENV['GITLAB_DATABASE_USERNAME'] || 'root' %> + password: <%= ENV['GITLAB_DATABASE_PASSWORD'] || '' %> + host: <%= ENV['GITLAB_DATABASE_HOST'] || 'localhost' %> + port: <%= ENV['GITLAB_DATABASE_PORT'] || '5432' %> diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example index acfc86bf4d1..da6d4005da6 100644 --- a/config/gitlab.yml.example +++ b/config/gitlab.yml.example @@ -144,6 +144,15 @@ production: &base # plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon # ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon + ## Auxiliary jobs + # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc. + # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job + cron_jobs: + # Flag stuck CI builds as failed + stuck_ci_builds_worker: + cron: "0 0 * * *" + + # # 2. GitLab CI settings # ========================== @@ -287,6 +296,15 @@ production: &base # arguments, followed by optional 'args' which can be either a hash or an array. # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html providers: + # See omniauth-cas3 for more configuration details + # - { name: 'cas3', + # label: 'cas3', + # args: { + # url: 'https://sso.example.com', + # disable_ssl_verification: false, + # login_url: '/cas/login', + # service_validate_url: '/cas/p3/serviceValidate', + # logout_url: '/cas/logout'} } # - { name: 'github', # app_id: 'YOUR_APP_ID', # app_secret: 'YOUR_APP_SECRET', @@ -324,6 +342,16 @@ production: &base # application_name: 'YOUR_APP_NAME', # application_password: 'YOUR_APP_PASSWORD' } } + # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours. + # cas3: + # session_duration: 28800 + + # reCAPTCHA settings. See: http://www.google.com/recaptcha + recaptcha: + enabled: false + public_key: 'YOUR_PUBLIC_KEY' + private_key: 'YOUR_PRIVATE_KEY' + # Shared file storage settings shared: # path: /mnt/gitlab # Default: shared diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 63d8ae17436..045bab739ea 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -126,6 +126,17 @@ Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil? Settings.omniauth['providers'] ||= [] +Settings.omniauth['cas3'] ||= Settingslogic.new({}) +Settings.omniauth.cas3['session_duration'] ||= 8.hours +Settings.omniauth['session_tickets'] ||= Settingslogic.new({}) +Settings.omniauth.session_tickets['cas3'] = 'ticket' + +# ReCAPTCHA settings +Settings['recaptcha'] ||= Settingslogic.new({}) +Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil? +Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key'] +Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key'] + Settings['shared'] ||= Settingslogic.new({}) Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root) @@ -140,7 +151,7 @@ Settings.gitlab['default_projects_limit'] ||= 10 Settings.gitlab['default_branch_protection'] ||= 2 Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil? Settings.gitlab['default_theme'] = Gitlab::Themes::APPLICATION_DEFAULT if Settings.gitlab['default_theme'].nil? -Settings.gitlab['host'] ||= 'localhost' +Settings.gitlab['host'] ||= ENV['GITLAB_HOST'] || 'localhost' Settings.gitlab['ssh_host'] ||= Settings.gitlab.host Settings.gitlab['https'] = false if Settings.gitlab['https'].nil? Settings.gitlab['port'] ||= Settings.gitlab.https ? 443 : 80 @@ -164,7 +175,7 @@ Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled']. Settings.gitlab['twitter_sharing_enabled'] ||= true if Settings.gitlab['twitter_sharing_enabled'].nil? Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], []) Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil? -Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?))+)' if Settings.gitlab['issue_closing_pattern'].nil? +Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z]*-\d*))+)' if Settings.gitlab['issue_closing_pattern'].nil? Settings.gitlab['default_projects_features'] ||= {} Settings.gitlab['webhook_timeout'] ||= 10 Settings.gitlab['max_attachment_size'] ||= 10 @@ -225,6 +236,15 @@ Settings.gravatar['ssl_url'] ||= 'https://secure.gravatar.com/avatar/%{hash}? Settings.gravatar['host'] = Settings.get_host_without_www(Settings.gravatar['plain_url']) # +# Cron Jobs +# +Settings['cron_jobs'] ||= Settingslogic.new({}) +Settings.cron_jobs['stuck_ci_builds_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['stuck_ci_builds_worker']['cron'] ||= '0 0 * * *' +Settings.cron_jobs['stuck_ci_builds_worker']['job_class'] = 'StuckCiBuildsWorker' + + +# # GitLab Shell # Settings['gitlab_shell'] ||= Settingslogic.new({}) diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index 5fb43a86e13..d82cfb3ec0c 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -121,14 +121,14 @@ Devise.setup do |config| config.lock_strategy = :failed_attempts # Defines which key will be used when locking and unlocking an account - # config.unlock_keys = [ :email ] + config.unlock_keys = [ :email ] # Defines which strategy will be used to unlock an account. # :email = Sends an unlock link to the user email # :time = Re-enables login after a certain amount of time (see :unlock_in below) # :both = Enables both strategies # :none = No unlock strategy. You should handle unlocking by yourself. - config.unlock_strategy = :time + config.unlock_strategy = :both # Number of authentication tries before locking an account if lock_strategy # is failed attempts. @@ -241,6 +241,16 @@ Devise.setup do |config| # An Array from the configuration will be expanded. provider_arguments.concat provider['args'] when Hash + # Add procs for handling SLO + if provider['name'] == 'cas3' + provider['args'][:on_single_sign_out] = lambda do |request| + ticket = request.params[:session_index] + raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket) + Gitlab::OAuth::Session.destroy(:cas3, ticket) + true + end + end + # A Hash from the configuration will be passed as is. provider_arguments << provider['args'].symbolize_keys end diff --git a/config/initializers/recaptcha.rb b/config/initializers/recaptcha.rb new file mode 100644 index 00000000000..7509e327ae1 --- /dev/null +++ b/config/initializers/recaptcha.rb @@ -0,0 +1,6 @@ +if Gitlab.config.recaptcha.enabled + Recaptcha.configure do |config| + config.public_key = Gitlab.config.recaptcha['public_key'] + config.private_key = Gitlab.config.recaptcha['private_key'] + end +end diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb index 2e3a71912ef..dcf6ce74d96 100644 --- a/config/initializers/sidekiq.rb +++ b/config/initializers/sidekiq.rb @@ -18,11 +18,12 @@ Sidekiq.configure_server do |config| chain.add Gitlab::SidekiqMiddleware::MemoryKiller if ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS'] end - # Sidekiq-cron: load recurring jobs from schedule.yml - schedule_file = 'config/schedule.yml' - if File.exists?(schedule_file) - Sidekiq::Cron::Job.load_from_hash YAML.load_file(schedule_file) - end + # Sidekiq-cron: load recurring jobs from gitlab.yml + # UGLY Hack to get nested hash from settingslogic + cron_jobs = JSON.parse(Gitlab.config.cron_jobs.to_json) + # UGLY hack: Settingslogic doesn't allow 'class' key + cron_jobs.each { |k,v| cron_jobs[k]['class'] = cron_jobs[k].delete('job_class') } + Sidekiq::Cron::Job.load_from_hash! cron_jobs # Database pool should be at least `sidekiq_concurrency` + 2 # For more info, see: https://github.com/mperham/sidekiq/blob/master/4.0-Upgrade.md diff --git a/config/routes.rb b/config/routes.rb index 57be57e3251..3e7d9f78710 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -188,7 +188,7 @@ Rails.application.routes.draw do namespace :admin do resources :users, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do resources :keys, only: [:show, :destroy] - resources :identities, only: [:index, :edit, :update, :destroy] + resources :identities, except: [:show] delete 'stop_impersonation' => 'impersonation#destroy', on: :collection @@ -297,6 +297,7 @@ Rails.application.routes.draw do resource :two_factor_auth, only: [:new, :create, :destroy] do member do post :codes + patch :skip end end end diff --git a/config/schedule.yml b/config/schedule.yml deleted file mode 100644 index 993a95fef56..00000000000 --- a/config/schedule.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Here is a list of jobs that are scheduled to run periodically. -# We use a UNIX cron notation to specify execution schedule. -# -# Please read here for more information: -# https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job - -stuck_ci_builds_worker: - cron: "0 0 * * *" - class: "StuckCiBuildsWorker" - queue: "default" |