summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
Diffstat (limited to 'config')
-rw-r--r--config/database.yml.env9
-rw-r--r--config/gitlab.yml.example28
-rw-r--r--config/initializers/1_settings.rb24
-rw-r--r--config/initializers/devise.rb14
-rw-r--r--config/initializers/recaptcha.rb6
-rw-r--r--config/initializers/sidekiq.rb11
-rw-r--r--config/routes.rb3
-rw-r--r--config/schedule.yml10
8 files changed, 85 insertions, 20 deletions
diff --git a/config/database.yml.env b/config/database.yml.env
new file mode 100644
index 00000000000..b2ff23cb5ab
--- /dev/null
+++ b/config/database.yml.env
@@ -0,0 +1,9 @@
+<%= ENV['RAILS_ENV'] %>:
+ adapter: <%= ENV['GITLAB_DATABASE_ADAPTER'] || 'postgresql' %>
+ encoding: <%= ENV['GITLAB_DATABASE_ENCODING'] || 'unicode' %>
+ database: <%= ENV['GITLAB_DATABASE_DATABASE'] || "gitlab_#{ENV['RAILS_ENV']}" %>
+ pool: <%= ENV['GITLAB_DATABASE_POOL'] || '10' %>
+ username: <%= ENV['GITLAB_DATABASE_USERNAME'] || 'root' %>
+ password: <%= ENV['GITLAB_DATABASE_PASSWORD'] || '' %>
+ host: <%= ENV['GITLAB_DATABASE_HOST'] || 'localhost' %>
+ port: <%= ENV['GITLAB_DATABASE_PORT'] || '5432' %>
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index acfc86bf4d1..da6d4005da6 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -144,6 +144,15 @@ production: &base
# plain_url: "http://..." # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
# ssl_url: "https://..." # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
+ ## Auxiliary jobs
+ # Periodically executed jobs, to self-heal Gitlab, do external synchronizations, etc.
+ # Please read here for more information: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
+ cron_jobs:
+ # Flag stuck CI builds as failed
+ stuck_ci_builds_worker:
+ cron: "0 0 * * *"
+
+
#
# 2. GitLab CI settings
# ==========================
@@ -287,6 +296,15 @@ production: &base
# arguments, followed by optional 'args' which can be either a hash or an array.
# Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
providers:
+ # See omniauth-cas3 for more configuration details
+ # - { name: 'cas3',
+ # label: 'cas3',
+ # args: {
+ # url: 'https://sso.example.com',
+ # disable_ssl_verification: false,
+ # login_url: '/cas/login',
+ # service_validate_url: '/cas/p3/serviceValidate',
+ # logout_url: '/cas/logout'} }
# - { name: 'github',
# app_id: 'YOUR_APP_ID',
# app_secret: 'YOUR_APP_SECRET',
@@ -324,6 +342,16 @@ production: &base
# application_name: 'YOUR_APP_NAME',
# application_password: 'YOUR_APP_PASSWORD' } }
+ # SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
+ # cas3:
+ # session_duration: 28800
+
+ # reCAPTCHA settings. See: http://www.google.com/recaptcha
+ recaptcha:
+ enabled: false
+ public_key: 'YOUR_PUBLIC_KEY'
+ private_key: 'YOUR_PRIVATE_KEY'
+
# Shared file storage settings
shared:
# path: /mnt/gitlab # Default: shared
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 63d8ae17436..045bab739ea 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -126,6 +126,17 @@ Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block
Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
Settings.omniauth['providers'] ||= []
+Settings.omniauth['cas3'] ||= Settingslogic.new({})
+Settings.omniauth.cas3['session_duration'] ||= 8.hours
+Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
+Settings.omniauth.session_tickets['cas3'] = 'ticket'
+
+# ReCAPTCHA settings
+Settings['recaptcha'] ||= Settingslogic.new({})
+Settings.recaptcha['enabled'] = false if Settings.recaptcha['enabled'].nil?
+Settings.recaptcha['public_key'] ||= Settings.recaptcha['public_key']
+Settings.recaptcha['private_key'] ||= Settings.recaptcha['private_key']
+
Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
@@ -140,7 +151,7 @@ Settings.gitlab['default_projects_limit'] ||= 10
Settings.gitlab['default_branch_protection'] ||= 2
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
Settings.gitlab['default_theme'] = Gitlab::Themes::APPLICATION_DEFAULT if Settings.gitlab['default_theme'].nil?
-Settings.gitlab['host'] ||= 'localhost'
+Settings.gitlab['host'] ||= ENV['GITLAB_HOST'] || 'localhost'
Settings.gitlab['ssh_host'] ||= Settings.gitlab.host
Settings.gitlab['https'] = false if Settings.gitlab['https'].nil?
Settings.gitlab['port'] ||= Settings.gitlab.https ? 443 : 80
@@ -164,7 +175,7 @@ Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].
Settings.gitlab['twitter_sharing_enabled'] ||= true if Settings.gitlab['twitter_sharing_enabled'].nil?
Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil?
-Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?))+)' if Settings.gitlab['issue_closing_pattern'].nil?
+Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z]*-\d*))+)' if Settings.gitlab['issue_closing_pattern'].nil?
Settings.gitlab['default_projects_features'] ||= {}
Settings.gitlab['webhook_timeout'] ||= 10
Settings.gitlab['max_attachment_size'] ||= 10
@@ -225,6 +236,15 @@ Settings.gravatar['ssl_url'] ||= 'https://secure.gravatar.com/avatar/%{hash}?
Settings.gravatar['host'] = Settings.get_host_without_www(Settings.gravatar['plain_url'])
#
+# Cron Jobs
+#
+Settings['cron_jobs'] ||= Settingslogic.new({})
+Settings.cron_jobs['stuck_ci_builds_worker'] ||= Settingslogic.new({})
+Settings.cron_jobs['stuck_ci_builds_worker']['cron'] ||= '0 0 * * *'
+Settings.cron_jobs['stuck_ci_builds_worker']['job_class'] = 'StuckCiBuildsWorker'
+
+
+#
# GitLab Shell
#
Settings['gitlab_shell'] ||= Settingslogic.new({})
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 5fb43a86e13..d82cfb3ec0c 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -121,14 +121,14 @@ Devise.setup do |config|
config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
- # config.unlock_keys = [ :email ]
+ config.unlock_keys = [ :email ]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
# :both = Enables both strategies
# :none = No unlock strategy. You should handle unlocking by yourself.
- config.unlock_strategy = :time
+ config.unlock_strategy = :both
# Number of authentication tries before locking an account if lock_strategy
# is failed attempts.
@@ -241,6 +241,16 @@ Devise.setup do |config|
# An Array from the configuration will be expanded.
provider_arguments.concat provider['args']
when Hash
+ # Add procs for handling SLO
+ if provider['name'] == 'cas3'
+ provider['args'][:on_single_sign_out] = lambda do |request|
+ ticket = request.params[:session_index]
+ raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket)
+ Gitlab::OAuth::Session.destroy(:cas3, ticket)
+ true
+ end
+ end
+
# A Hash from the configuration will be passed as is.
provider_arguments << provider['args'].symbolize_keys
end
diff --git a/config/initializers/recaptcha.rb b/config/initializers/recaptcha.rb
new file mode 100644
index 00000000000..7509e327ae1
--- /dev/null
+++ b/config/initializers/recaptcha.rb
@@ -0,0 +1,6 @@
+if Gitlab.config.recaptcha.enabled
+ Recaptcha.configure do |config|
+ config.public_key = Gitlab.config.recaptcha['public_key']
+ config.private_key = Gitlab.config.recaptcha['private_key']
+ end
+end
diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb
index 2e3a71912ef..dcf6ce74d96 100644
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@@ -18,11 +18,12 @@ Sidekiq.configure_server do |config|
chain.add Gitlab::SidekiqMiddleware::MemoryKiller if ENV['SIDEKIQ_MEMORY_KILLER_MAX_RSS']
end
- # Sidekiq-cron: load recurring jobs from schedule.yml
- schedule_file = 'config/schedule.yml'
- if File.exists?(schedule_file)
- Sidekiq::Cron::Job.load_from_hash YAML.load_file(schedule_file)
- end
+ # Sidekiq-cron: load recurring jobs from gitlab.yml
+ # UGLY Hack to get nested hash from settingslogic
+ cron_jobs = JSON.parse(Gitlab.config.cron_jobs.to_json)
+ # UGLY hack: Settingslogic doesn't allow 'class' key
+ cron_jobs.each { |k,v| cron_jobs[k]['class'] = cron_jobs[k].delete('job_class') }
+ Sidekiq::Cron::Job.load_from_hash! cron_jobs
# Database pool should be at least `sidekiq_concurrency` + 2
# For more info, see: https://github.com/mperham/sidekiq/blob/master/4.0-Upgrade.md
diff --git a/config/routes.rb b/config/routes.rb
index 57be57e3251..3e7d9f78710 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -188,7 +188,7 @@ Rails.application.routes.draw do
namespace :admin do
resources :users, constraints: { id: /[a-zA-Z.\/0-9_\-]+/ } do
resources :keys, only: [:show, :destroy]
- resources :identities, only: [:index, :edit, :update, :destroy]
+ resources :identities, except: [:show]
delete 'stop_impersonation' => 'impersonation#destroy', on: :collection
@@ -297,6 +297,7 @@ Rails.application.routes.draw do
resource :two_factor_auth, only: [:new, :create, :destroy] do
member do
post :codes
+ patch :skip
end
end
end
diff --git a/config/schedule.yml b/config/schedule.yml
deleted file mode 100644
index 993a95fef56..00000000000
--- a/config/schedule.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-# Here is a list of jobs that are scheduled to run periodically.
-# We use a UNIX cron notation to specify execution schedule.
-#
-# Please read here for more information:
-# https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
-
-stuck_ci_builds_worker:
- cron: "0 0 * * *"
- class: "StuckCiBuildsWorker"
- queue: "default"