Commit d97c7b3c authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Merge branch 'enable-gitlab-pages' into 'master'

Enable gitlab pages

Closes #228

See merge request !181
parents 9f8409b6 a1512f13
Pipeline #3919 passed with stage
in 43 seconds
<!--
This template should be used by DevOps members when adding a GitLab Pages project to GitLab.
In order to use GitLab Pages with Arch Linux, you'll have to specifically request a custom subdomain
below `pkgbuild.com` or `archlinux.org` to be assigned. We don't allow random projects to use Pages
because of legal and safety reasons (we don't want people to be able to trick others into thinking
something hosted below one of our domains is official).
-->
# Procedure for adding a GitLab Pages project to GitLab
## Details
- **Project name**: hello
- **Desired subdomain**: hello.archlinux.org
## New Pages site checklist
1. [ ] Have a pipeline that outputs some static HTML to `public/` during the build.
1. [ ] Specify this path (`public/`) as an artifact path.
1. [ ] GitLab should now recognize that you're trying to use Pages and will show some relevant
information at https://gitlab.archlinux.org/your-namespace/your-project/pages
1. [ ] At this page, you'll also need to add your custom domain. Add the custom domain you requested earlier.
GitLab will then show domain verification information which you'll need in the next step.
1. [ ] At this point, we'll need to add some stuff to `archlinux.tf`. It should look something like this.
Make sure to substitute the `your_domain` and `your-domain` strings accordingly:
resource "hetznerdns_record" "gitlab_pages_your_domain_a" {
zone_id = hetznerdns_zone.archlinux.id
name = "your-domain"
value = hcloud_floating_ip.gitlab_pages.ip_address
type = "A"
}
resource "hetznerdns_record" "gitlab_pages_your_domain_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
name = "your-domain"
value = var.gitlab_pages_ipv6
type = "AAAA"
}
resource "hetznerdns_record" "gitlab_pages_your_domain_verification" {
zone_id = hetznerdns_zone.archlinux.id
name = "_gitlab-pages-verification-code.your-domain"
value = "gitlab-pages-verification-code=your-code-shown-by-gitlab"
type = "TXT"
}
1. [ ] Run `terraform apply` and go back to GitLab. Hit `Verify` and it should pick up the new domain
verification code. It should then also automatically begin fetching a certificate via Let's
Encrypt. That should take roughly 10min.
---
enable_zram_swap: true
dhcp: true
---
filesystem: btrfs
gitlab_backupdir: /srv/gitlab/data/backups
additional_addresses: ["116.203.6.156/32", "2a01:4f8:c2c:5d2d::2/64"]
......@@ -9,7 +9,12 @@
- { role: firewalld }
- { role: sshd }
- { role: root_ssh }
- { role: gitlab, gitlab_domain: "gitlab.archlinux.org" }
- { role: gitlab,
gitlab_domain: "gitlab.archlinux.org",
gitlab_primary_addresses: ['159.69.41.129', '[2a01:4f8:c2c:5d2d::1]'],
gitlab_pages_http_addresses: ['116.203.6.156:80', '[2a01:4f8:c2c:5d2d::2]:80'],
gitlab_pages_https_addresses: ['116.203.6.156:443', '[2a01:4f8:c2c:5d2d::2]:443']
}
- { role: borg_client, tags: ["borg"] }
- { role: prometheus_exporters }
- { role: fail2ban }
# Additional addresses to add to the default interface
{% for address in additional_addresses %}
[Address]
Address={{ address }}
{% endfor %}
......@@ -26,11 +26,20 @@
# 2. In order to logout properly we need to configure the "After sign out path" and set it to
# https://accounts.archlinux.org/auth/realms/archlinux/protocol/openid-connect/logout?redirect_uri=https%3A//gitlab.archlinux.org
# https://gitlab.com/gitlab-org/gitlab/issues/14414
#
# In addition, see https://docs.gitlab.com/ee/administration/pages/ for the GitLab Pages trickery done below.
# Basically, we only allow specific GitLab Pages with custom domains to work. We don't want to enable everyone
# to be able to have a GitLab Page on purpose (for security and legal safety reasons).
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://{{ gitlab_domain }}'
nginx['client_max_body_size'] = '2g'
nginx['listen_addresses'] = ["0.0.0.0", "[::]"]
nginx['listen_addresses'] = {{ gitlab_primary_addresses }}
registry_nginx['listen_addresses'] = ['*', '[::]']
gitlab_pages['inplace_chroot'] = true
pages_external_url "http://{{ gitlab_domain }}"
pages_nginx['enable'] = false
gitlab_pages['external_http'] = {{ gitlab_pages_http_addresses }}
gitlab_pages['external_https'] = {{ gitlab_pages_https_addresses }}
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['webmaster@archlinux.org']
gitlab_rails['lfs_enabled'] = true
......
......@@ -1087,27 +1087,6 @@ variable "gitlab_pages_ipv6" {
default = "2a01:4f8:c2c:5d2d::2"
}
resource "hetznerdns_record" "gitlab_pages_test_a" {
zone_id = hetznerdns_zone.archlinux.id
name = "test"
value = hcloud_floating_ip.gitlab_pages.ip_address
type = "A"
}
resource "hetznerdns_record" "gitlab_pages_test_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
name = "test"
value = var.gitlab_pages_ipv6
type = "AAAA"
}
resource "hetznerdns_record" "gitlab_pages_test_verification" {
zone_id = hetznerdns_zone.archlinux.id
name = "_gitlab-pages-verification-code.test"
value = "\"gitlab-pages-verification-code=04ee0a6d7284e43a85bee57bf401bb03\""
type = "TXT"
}
resource "hcloud_volume" "gitlab" {
name = "gitlab"
size = 1000
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment