---
services:
  gitlab:
    image: registry.hub.docker.com/gitlab/gitlab-ce:17.11.1-ce.0
    restart: always
    environment:
      # yamllint disable rule:line-length
      GITLAB_OMNIBUS_CONFIG: |
        #gitlab_rails['initial_root_password'] = "${INITIAL_ROOT_PASSWORD:-qwerty123}"  # pragma: allowlist secret
        #
        # Deal with the Nginx web proxy.
        external_url 'https://git.shore.co.il'
        gitlab_rails['trusted_proxies'] = ['127.0.0.1/8', "172.16.0.0/12", "192.168.0.0/16"]
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        nginx['real_ip_trusted_addresses'] = ['127.0.0.1/8', "172.16.0.0/12", "192.168.0.0/16"]
        nginx['real_ip_header'] = 'X-Forwarded-For'
        nginx['real_ip_recursive'] = 'on'
        letsencrypt['enable'] = false
        #
        # Backups
        gitlab_rails['backup_path'] = '/var/backups'
        #
        # SSH configuration since we already have SSH running on the host.
        gitlab_rails['gitlab_ssh_host'] = 'git.shore.co.il'
        #
        # Allow bigger uploads
        nginx['client_max_body_size'] = '250m'
        #
        # Mail configuration.
        #gitlab_rails['smtp_enable'] = true
        #gitlab_rails['smtp_address'] = "smtp"
        #gitlab_rails['gitlab_email_from'] = 'noreply@shore.co.il'
        #gitlab_rails['incoming_email_enabled'] = false
        #
        # LDAP configuration.
        gitlab_rails['ldap_enabled'] = true
        gitlab_rails['prevent_ldap_sign_in'] = false
        gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
          main: # 'main' is the GitLab 'provider ID' of this LDAP server
            label: 'LDAP'
            host: 'ldap'
            port: 389
            uid: 'uid'
            encryption: 'plain'
            base: 'dc=shore,dc=co,dc=il'
            allow_username_or_email_login: true
            user_filer: '(objectclass=inetOrgPerson)'
        EOS
        #
        # Disable monitoring.
        prometheus['enable'] = false
        alertmanager['enable'] = false
        gitlab_exporter['enable'] = false
        redis_exporter['enable'] = false
        postgres_exporter['enable'] = false
        node_exporter['enable'] = false
        redis_exporter['enable'] = false
        mattermost['enable'] = false

    # yamllint enable rule:line-length

    # This has been lifted from
    # https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/master/docker/Dockerfile
    # but with the single change of setting a high start_period.
    healthcheck:
      test:
        - "CMD"
        - "/opt/gitlab/bin/gitlab-healthcheck"
        - "--fail"
        - "--max-time"
        - "10"
      interval: 60s
      retries: 5
      start_period: 5m
      timeout: 30s
    ports:
      - '2222:22'
    volumes:
      - config:/etc/gitlab
      - data:/var/opt/gitlab
      - logs:/var/log/gitlab
      - /var/backups/gitlab:/var/backups
      - _run_slapd:/run/slapd

  crond:
    build:
      context: crond/
    restart: always
    volumes:
      - /run/docker.sock:/run/docker.sock

volumes:
  config:
  data:
  logs:
  _run_slapd:
    external: true
    name: run_slapd

networks:
  default:
    name: shore
    external: true