srv/gitlab/config/0000775000000000000000000000000014632752426013112 5ustar  rootrootsrv/gitlab/config/gitlab-secrets.json0000600000000000000000000004572014635621661016712 0ustar  rootroot{
  "gitlab_workhorse": {
    "secret_token": "7f03jYnJNW3iJd5+asJSt2GAw2GJ22Goz11XvdjFuAs="
  },
  "gitlab_shell": {
    "secret_token": "a4454701957aaa3a9a062ccc01ed866a57c375da0fb5c315ae83dd61829eff6119227ea4d2ae663824eee93e932fb18aeb71503ebdaf933539fc23dc24eb5fc2"
  },
  "gitlab_rails": {
    "secret_key_base": "577b0f7d9bf3594161cfe8d1a24af103b82bf1db2f707371f6788486189a0a44bb1b2a0080dc332dad5a5925fd8b782ad330913ff47d1d8012f91767c707d7ed",
    "db_key_base": "92a9312d61c575005ede245a476cdfdb11428a7f044aac23089d3da85bb7f23fea6bf9cac5e8dd73c5a943cee6df40a7639f099691b5766887a18ad1c9e4fe0b",
    "otp_key_base": "b5f75d5e9865264711d9de4b1c512aefb2a48c0bb43b3a3fdddb7a6dbc0cab609a2ce22e4db397ce7b839d0f28190b79dbc20d8da96b9e36895902001d4a961f",
    "encrypted_settings_key_base": "782993081bb8c4fab53668caa04238e9ec75f2278a7935a0dfa9406d22ca4c35bb03a82eaebbaa214691a142cc35ff9021f7b32b0980c915804d38b86f2f30d1",
    "openid_connect_signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAn6W00UakK7vrhto/1bszqLpm+yC+DS26gStqrM4d2IyQIQFK\nbGiFMlLhTwoLiepGGOFIZYPA0xzLS3vY22LU3jLL/i3YEUwVaNHsfpDTeenDGNcP\nNlpY8JDWW8XALvsjDfYHm8LkId5wu4YGen8PVODimkKKtWZPF6rExD0OAjAUgo31\nQaqWKtduxTl+cPDne0/9j6IH9/712enwP1zV0E4/EdurY1QKjdBtbVkZiPDLmbID\nk8Kwu621SfiFYoPit6/mKLCoc9cKH9SyBpG6sVzb/M9KxgH2/LeGHSLlIqt3R6sg\n0pyfUqa1RYXQsA+pleP3m6087Pd7PP6kCVzk14neKed6lnX7aAsIYZUBpKf4DpLq\n0Nz0zmM7aR55E9ALff/2FqTQexU+XB5CH0m5YvTJRKgGfzSUKb0ZXwW3pL41OGUl\nlNuvWY5Zy7NadJpAc4xAAsRiH598z+qvkd8NsTxvE9gRqfXnGjJ0Fu6GWWhu5vQR\nMU1G/P4/ovFWjuMoK6xnvBY0sG53bkoi0NjOq0cNJcL1OQja1Fs8r6QI0KjjTbuo\nedUIY9k2C8YDeV5dy71lWfIl3QTuzOke3Xf5nLZ7tK3svTdMyOKHxqyBLqVMP0K6\nvUZysNlJZ2B/0uALf1rmISZQDcqF62Cvgm3KzzCdXjna/wSSLYGy31ZotKECAwEA\nAQKCAgEAjllutPvL/sL8661HJghZs6UhleJIE/AmUG6qG5NdwWz0Rrmj5q37tjd4\ndsV6LGscPasCpqGoGZWfH5s6bcPeEpIwml++PQ4eOOyVdvUj25y4PTnlco10qGw8\n9m+JQVrkktpBRn2sdRamZk7HEAqjXQd4hhu3GrAy7eNyt5fJGeJNJ2v0t6ynYWPe\nfTUarRHhFW7ppFzRxisshDW35oecjrR2QDIiy9pv3qtuJwY/Yn9yy4SS8/mxJGdr\nMp3KMWFvkmHhU37RdRjVCjTY2EqwsN0fungLMCsoU4ZAq1ImBZfmL51DEwhcd5H2\nKBt9TL9qcyBl9AWwQYsZ8/UJxt9xm+WLMWO4G+bkOsz9hfsRIcbvovNQR9o98Onn\nBcx0JIlfpCqYQ/4tKieHQrdbJmoBL+zyDGu4SYY0xoiWo7XcaSqDyeqbtvJn5976\nfPJxjCkwC2ycGCxl3PspEl5zsIDbbr4l5GNWk3cTh3fdI5TmP5X7LfpRG5nRcVko\nE4nNh3hry55bBTRF3V2JVpPoSMbSm0e6mg91uMGp2gEqKL9R8Vl/ic4BASow2Y8h\nLaVpXcmeTkMnDqDhSj5i7BpRWE+yu163wByJxyPZmsvDupqlVlDANqIJ/6i/spv2\ndwD+dz8itjAi7WTOO/qvOp0bnTA/H6zHUWfhXJ8gnQh4kydtkwECggEBANN88NiA\nPY6U1PxyRi9Q490NieTCC7rPL2bxC5GkmdfH2AeMvLpisMr3L62epsf+F8Z1i3yF\nu9b3U64GwJh/OchIR6/BhIll7fh4YJvB/Vej8FvXPAYHyM60wcVcGFUrefsf5n95\nLWx2GJXM+p2/06qgcViKYGw9s2SAsn2NVCb0hXVLMzaMPYblrYBsOMJFYgg/frdM\nAPgv+/iHvGP4EqHeXGvUq4kk92WIxCzhGiCedWhfkBLvhg66wAiRMVquy0CAIk5+\nHL+ALReUM5r4EmL1AHmmIswxrztbJzf0uK7qQWZoByYhpFDcppNeLSIBPiVllObE\npt2FODoRJLPw42kCggEBAME/kKU8IcePXJI9Ey0X9mWE7TZWWijDUXZk5bEqRFLp\niTjcYZ2H6ow65biv0SceoCkLOQxcWA8HBmZsBawufH0h2/NGyvRQR4ttHZT3As4P\n4laqQg3Llkxq+0Zvtai+IwawygSOyKJLSOHnG9DhoQq9ZEmtuiNpF4HWb2bC7tUk\nDaEU6fTmhvi2hEqjYqm36CM/jAzn+DHhYTIGp1UL9JkOSSHwTXe0p5f0uChOHTMl\nM5ghshNK1BSecRabXTgkcil6rKgccXsAtjHSDy05Dx/72H3DDzTqnlkchFyrTzF9\nQHdIXjP/77fj8vdPx/PadaM4fs0FU66ST5LIYyzUeHkCggEAJhhCVe07qVw7xUFc\nTReYA/B1X0Ro0nyRgEx5FgH9SDYSPsHmGPi/+b9u0ipaxnmJlNEFkCeSv1ULuLQ0\nqwN3yBDlAM6t7gXzSKd+V3ApD0lTeWeaw0dRr5I1uTQumeDb9xU28s1EFl5rbUhf\n+FxeZ0TBRf6fAcBXeQoJnL4BY4b2JzulfPTj/FGQ4CoeSzguQWgWjjPdlNcn3wus\nLqG30Xp5UV8civairaJmG+NsTmXcpjFYhWCp2CthfemRZ1FHAVZTV6o1yXTwKmgi\np4552WNic4cui3ODqgBwXw7w2WkO4MBqUT8MFxi31KHJJW/t3tSebrcLi6l8iFEg\nOF1yyQKCAQB7dvAkEXIHfLmJGQo6YjfjDnU7pRn/NyLBwJ7bfQSf8GLieDLJob+h\njjOctn+rPa7X6jqtggYku7lEELnjEuQoUkyjdlROmUfMdY9T0CjznERgWHDRPYQu\nGJ+nldF7GNdp++Nl3A+lWPIcmjo0TyNDqFL9m8fzvb3uDyGnht1uQZWPl7wN4obT\nOlD1GsP7aOsgMgZ5bG8u9y7Q9l1MQdIpQ25IB66Gz13QAOLzpUyUk60OAmEyYDl1\nXvEjn2mEaAykIaNT2LBMBN1ioTFfFDhsl8vuNYRuq4M1rbmHN0/mb36TdyHwmRD/\n7NwbU9aNHsLP4FVrCX84ZnP+dJagWrMJAoIBAB5TbMMC6km4BfDnZowbIseDxgdz\n7+rAp0xZOJnXv4m5K8Y8tUrGa45JD19G6vVnSGTIcQVE5nEB+7OeIHIbnG8SXU/+\n2SVc4ZMNnOz+6FFozCrYeY/TwvKIu3+DqXVq+Owqh4qfceW/nV4nDcwiwjwP0ceo\nfZn3hKWjR+Q9gyCTkYiSSR7vAcn1eUtvlzLBJFsae0Yisv+ZTPMCmmw4Nb1rKVM9\n9Ff1MIUWFiKZghJ9d/UYT0DxpgDm0Nv59PdzNSDeJUQNh+txETFjTWoAYvmRTagu\nLEKGOVO6T7aJZ8A2mRTJgRniEt8v/T8ZdY/W/yiJLrn/X03y2JYnzXnIago=\n-----END RSA PRIVATE KEY-----\n",
    "ci_jwt_signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgEAxmYfcA46p9C4iNQKB0LKgotCWrd6VDc6gko/cvkmmOa3BCjx\nC0PSyuykzQFB6xINQW1IIfal4P9HaQMbacUg775theVkd2sHu5+5/7evlkgNFoEs\nbpv7/E0ExD/n8qHBGjvQOoVdF3R9BxbssTn5xvqYySBDPtP0a3SGMs/lEFRmGrwf\nl3FoI2efetGwaJkdHgOaIYctZhhGGPkB1EQ6PLXpaxxfRa0DRHQmm6QBmeFSwi/L\nTDx4puaQi7JqkxnmJFDUJ7B4EluSILm1iwFx+RG6VkfOPTweEPN+R4C3YcJt/Vt0\nJjEq4lqa1t2eoXKmTGK+DG5GjdewxVC/LJ/vQrt9zDIL52oniSpG7VkOKs2bhbAc\nEw4b+wstANPeezAdFM6YG5bd6VktRZ4tpLQWJoA/ZpysBNNr+oFLZ6YSLn4rLXqm\noaGrNYJpwbNRwp15m4ZgMbzoN153EQUk7wcNUeizs0/LX/7pNPdQ2d0KsRO9PJ3V\n4beBJHEZ1eyshT84TqRthHTDFqWC4wQ5wVy5WsE5bo7JZ0XelOO/dvkCBfwe3H3h\n6hgpnBNJtSHkO3h/bDlcXB/2LAaaC4R1mrKPInhaoKrcg29MBy5aKUdsoslooN7/\nxGbUC8biGzFHi0BuPISiE4nhwWOtuhrZpOE/2E5INbqz030hWYoq0NOzsqcCAwEA\nAQKCAgEAg0A0NBF1xGdUbVC5gawyBMLUFueiyevvjRpJd2pUmnqnQN1E+crYvN5o\n+CaI0VaT5mDBg5aEjqDTQSmJDSQYcgJsulPTbx0jdIBqsD14r9bisayrFFGlFnht\nWtdcPyu7b/t5+f0YZNfvjq0f0O8lyvkl8oihdAMMg7oGvb7DL1ZmZfFmhO3FkwaO\nftYR+mCw3pZLdTrUUeJlHUg+aYrpbBh8XxvZ+2JF8xdUI0sQtBhYg5bSy5CF0QRf\nQ8u4rbBIjGXctJUOGjbyKSwyac9+8uNDfqjqS6Bl05kCRZNlvgq+cQn7gPiuAikm\nnlbnBq+uTIJWcCrUCipTC3Yrwv3bbgQUCZSX1zKeroMhaswHWutpq5f3roVVd8o1\nvs0tPtfp23NGnt66Z6aElS7vEbr88awJAnwcmU6T+k4S+eQA1ZKvXSkQHsS7TN7n\nJaJZL91Qy83pnNsJ/GPcJdeaTlZNsMQF6wl5Xm/ewgwD5qpFbhgqkz7Rxp1JKXmt\nYDYWcAsD0kWW9DV6sTBjJUZQNXTFifVONprUmxCVCbtc92juZXsZio63c988ow6J\n0/H/T6CMLlp4IfydvrsOjkZqjy2YkriUsHPVatmUtqj2eZUsyY/CG/moYX2VruYb\nj7uGaDvx8pnlCwpbihmP/HT/t53omI2wmlg4C8on+XjQYeuIPwECggEBAOXy9U7A\nxeQo/ksrN4gsrEYtgWKpxPDyQRHQqg35REpJmW2pWtaXSX5/jlH1EeD6hqogmC6R\nYlJNew7Lyyyr8UKS6sLlSFbgZhenfr3qR2r8ywtNFWjt6hj30L6lCtxsZM7xMzJS\nbo/iKid9+7znnUwYsrm2kMaUURHZ7dho1FRvpLM0hjvYgcLBYgiD7/Se8uuFwyDr\nUxLEbMKYWbswSz3F19EpDfxm1D1F4dxqp9Hr+0JSmosBTbUL3MjrJvTby3c6Jcet\neKQhqWLBj+N43UQM5QP9QikZUDheSprh93c2mFE57LXfN9uuFEj6Age40VY92CzO\nG6z+cRJsbKSZbmECggEBANzgI6robkrXuxDlcoS++GhGCWT5h4xDmwktDIXprZ7l\nV1qXNd3o0lhNtXtirmYX122p84EfTYe5hh6A+za1YAyWrdkw/nltJ1vnGmWfTVbP\nDA3Uw+ujb8prGDJIBbN5OqdD9WJXYcFs04dBpVWDmoNz0Tvt+AX4bfwtWt4poJyh\nnXCW6bIDsiF8Ajbvu1FRO0AB3ulBN8MOSWHBwFDAJKPCWLsqKmlGA7y24qvvnKx7\nT0sIvOaneYi4bZNQUVoIRRI65yayoMzSRK3UhxaWgokvu/mX8o8HZSlp3vPvyy5Q\nnVo2yJ4rFlyBOuS4VNoj6OmsdVtW/exQhHZ1FlaUbgcCggEBAJEcx+3Q/ZFExWWO\nelb3SihnYzVuSZh8aM/jTM3QtmXjGG356BdwFbM8sAXMkGHX98+5DhClMtUZjEUE\nGs2wHGqU6I3hv8sDhan7y6HyDOvZaBFTreUv7wGesh79bGM6DEwELvjcyGUIpu2R\nNaI60CtLks5cBfUreBW5370oOoamhduJlASEVy8eds1E5dML0+UJ3uARYbWAO9p5\n5naYvYLYLaATNn5ILjwUs7oznIB/WWq7UkfSpMVSHRy2OTlg04AEM/9U28NIcuqd\nmD5G8euV75ia5HunO9a2uoIPg+m5jFoGIfmMSmXZ73c2Pr28xm6UTK3Jy/FaCOVF\ngzJEmUECggEAOf7AXsfY7d3nSHB2uVRLdVWucczzQmkd9DLX7vGEnQwq+6ZohnPz\nhywgUt1+XWA1OJ4/SdAmU1TrWmcTjzHgnm2SCE1NBCUdCIyN6dECRaDn0Vnkd6La\nX5PvLoSquo1CUVkOvVukV11zzTf3aZS8pXdroQjC7w5kEqr2CQ91FKt64208v3ko\n9JHTIwmfbaKepBfZp/Vv5s+BhSGSlaFd/YGyOrK/oBS6Nnru2aZ4xPE7yL/qmcWv\nq66BVwTn13QEbtz4hLiycBVl4x7CubObYtodyVOUZOnULiOWXwa/mtGf/2gTFTTL\nEk78X8HmxcBYD8MwrWMSGVKq9U+ZJfKjUQKCAQEAm5HKlmcgABuYhD7PZdAUwPyO\nGgL4Xz41LLryE5oCjnedsLqn5cT/ENwmGksNOqVO+IIAuit74iFWKXsZe1JiGrak\n82vOU4fsz8WNuLBPDzmEBBmTk0YGr4xUD93xS82cH9gJ4G1xdSceR5rUvPGaKJRr\nj3e74CqYNEaNA3c5YahpYB9vGLFQGW7RtAdjlbrL/S4A7XEss6of005MAnBPo1XZ\nl+t5mM2bucWMHetm8PcCthXjV17US33fAV+Plye0FBRvWO44rX88bQNpDg69iiy/\nUvRQJ0Lncln+asIqAbT/LRdoy1bjeKr1LzfO/wf2J6E7txhDlJ+Sh4J7+O34/Q==\n-----END RSA PRIVATE KEY-----\n"
  },
  "gitlab_pages": {
    "gitlab_secret": "AmHZjmJvLcj_iUMrnQRIL-H-Plg1r4wMsFThtta9OoQ",
    "gitlab_id": "e4Sxz8HJng1jlx26nOYq3sng-TcRl1B5Jq8aSy79BQ4",
    "auth_secret": null,
    "api_secret_key": "8vdMWQUe3MVjZYu27yEhyl6BnX2rBBydWDjquTtDnLQ=",
    "register_as_oauth_app": null
  },
  "gitlab_kas": {
    "api_secret_key": "MTA3YzdkN2YyZjA5ZmZlMjNmMjc2NDE3OTU4M2Y3NzQ=",
    "private_api_secret_key": "NmE1Zjk1ZjlhMzM1ZjMxNDVlMGI3NDM3ZDc0NDY3MWQ="
  },
  "suggested_reviewers": {
    "api_secret_key": null
  },
  "grafana": {
    "secret_key": "f557b879e6e03969d24821ddacef0620",
    "gitlab_secret": "FdxMh6WGIduYpId4ipHz2GG52SRTG55ZfNdQTTIsxII",
    "gitlab_application_id": "-AnucjgaCNVkR7JD9kzfwDM_iKBUseTHQ2YNRPquZlE",
    "admin_password": "4ef5de2de8da8ec9993a6a4f51ecb2ac",
    "metrics_basic_auth_password": null,
    "register_as_oauth_app": null
  },
  "registry": {
    "http_secret": "81fd818914908ba8a29130eedfae3990b26503bf69150c1148c2ba57a853779d3f69f2e04416ebaebc26b45172f3dd5423f977c40f57a0d2f0a245daa0fdbf15",
    "internal_certificate": "-----BEGIN CERTIFICATE-----\nMIIFBTCCAu2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBGMQwwCgYDVQQGEwNVU0Ex\nDzANBgNVBAoMBkdpdExhYjESMBAGA1UECwwJQ29udGFpbmVyMREwDwYDVQQDDAhS\nZWdpc3RyeTAeFw0yMzA1MjcyMDIzNDNaFw0zMzA1MjQyMDIzNDNaMEYxDDAKBgNV\nBAYTA1VTQTEPMA0GA1UECgwGR2l0TGFiMRIwEAYDVQQLDAlDb250YWluZXIxETAP\nBgNVBAMMCFJlZ2lzdHJ5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\nqO0113ZbAR748Lu63qZa2BDRgaT6IjuRgxAXH5Uq9v6vWgVehP0EgISPHruZ5Pt4\nwBP+7okS2+0knn9k8stemfAWcu6iaS1sONZHeZMQ+3Yecq4MQn+TWWVG69C974QV\nier7GIGgOz3WrAvXdvUPsfs80xfCsnF56RlHmuUDUCWjIL1Emi8RJ+cVIC1T4xyz\n9DIKYlE+xWOtBol3R3bFFMfH+y723LCR7Enq+mCHRFU4DBa8vXrF26BdklJKTK3q\nWD70osH8iF/GMklt9SZ41tcUYI6XlxI8v8dgtBUTInte9gXifcUyBiDgYJfsBvVh\ncrpEHEoprS78/vYeZNyxGnrmTM2w+zxdki9Gih3HuUz73VHN2qibFxSkZ4Imgpte\nzv/iSsCVX6/lBqx1QjuYXaOO7BiCJdShv6K1Q4iMhtBpbkcKxI3RI56NWCpU9ZJC\nywDXqUUK9sJwXB7U+lIb0NAVqhHmnowXJY0c+esynBUhihUEiR/jtlWsomRzDuEu\n79t+iLJxOlBt7fvN+Avfp3iTNSkFrlIBQSaGDJ9BLaP/t/i9voqX+/A4vVHUz6na\nTqYjEbSCvGwRs/QBhhbuKHcYR86MUPFsW8lqX+7E6TmGr5TIbXytAIOy2o3MCunt\nzIhwdi3V51KW75ClpXtGrFncuyNBX7FZyEo4sEN8IfUCAwEAATANBgkqhkiG9w0B\nAQsFAAOCAgEAjprP3WT3C0+7jHFQsh0SoPZY8aBV+e1EPFjLAcwA/LM0oFlh1QYA\nwCGfMIetKZLF+O95KngkuRbMNEGkW9Ehaj4vVmfqkatf7LankDoOpGBvH+1NuSmH\n/EinR/yfnX7EQ/5++dIScVN4qf2OLDdAw4Wuhlf7Vtpc3UUYj9f1EeFSsJvWA8O/\nTLZWOTPpiJoey3BwoOKA4t/g/OYVdwOeChc0jokLELC/fj+paRpivuF7/gC0WTH0\n3omTyS+2/LUjAsjBT7sCtHyPXgvq8ki1KG0aqUfQlh39eFBXZxmaV4b+9/l5SfTP\niR3BCN7LdCpBwOFCzng1J6hIoil7yyFp+7u2qR6Quvu8J9XVttJCYuboaeIs/8rl\nSbCJjopfDoeXq1sz4hmVot0AWkIYoFcZQIZwFwYv5GqSv+u0xWzsxu6p6CIQ5x0v\nvyXKeaTrWQkbHFs7EpVgG2hUjT+tfkYAzzCxSKOUyOzqZh/td2lU9BmZF+oSit8g\ntMFGgk4mXNeF3pEIK3iQXtl55k3Sk2WU4lrq4ujvD8C4R6uuAYURhv6EsF+05erO\nXomFlWFfz+vERqrjYbvQIc5Mxlmx+g/9VLuit13gXv2Rj7VvxU8B7lHm0YhRLh8k\n2CPewheYRiE3Mq9VAj3omq6Te1fNPBmcCgRFcJczutbL444nICp4oyA=\n-----END CERTIFICATE-----\n",
    "internal_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAqO0113ZbAR748Lu63qZa2BDRgaT6IjuRgxAXH5Uq9v6vWgVe\nhP0EgISPHruZ5Pt4wBP+7okS2+0knn9k8stemfAWcu6iaS1sONZHeZMQ+3Yecq4M\nQn+TWWVG69C974QVier7GIGgOz3WrAvXdvUPsfs80xfCsnF56RlHmuUDUCWjIL1E\nmi8RJ+cVIC1T4xyz9DIKYlE+xWOtBol3R3bFFMfH+y723LCR7Enq+mCHRFU4DBa8\nvXrF26BdklJKTK3qWD70osH8iF/GMklt9SZ41tcUYI6XlxI8v8dgtBUTInte9gXi\nfcUyBiDgYJfsBvVhcrpEHEoprS78/vYeZNyxGnrmTM2w+zxdki9Gih3HuUz73VHN\n2qibFxSkZ4Imgptezv/iSsCVX6/lBqx1QjuYXaOO7BiCJdShv6K1Q4iMhtBpbkcK\nxI3RI56NWCpU9ZJCywDXqUUK9sJwXB7U+lIb0NAVqhHmnowXJY0c+esynBUhihUE\niR/jtlWsomRzDuEu79t+iLJxOlBt7fvN+Avfp3iTNSkFrlIBQSaGDJ9BLaP/t/i9\nvoqX+/A4vVHUz6naTqYjEbSCvGwRs/QBhhbuKHcYR86MUPFsW8lqX+7E6TmGr5TI\nbXytAIOy2o3MCuntzIhwdi3V51KW75ClpXtGrFncuyNBX7FZyEo4sEN8IfUCAwEA\nAQKCAgA++a/I02a51EIZ/OJ9fqb/RcXU/xwBBxQIOEdmjsWlruzQMpA6I9k50DFK\n08VbiCRL9yhi5NcTBiVQsU2A9jAeU1MLJcuGSli+F6QtvpXmKPLQ7fHEGKtl+Euo\nPfmRATzGXcOeLzT84ODW4tNAlbt0LqVOTN1YiNVaAQKgzB+gEWfvHKAmmsVaittl\nU4CiemDb+IvGe2NbUv1+ImFFUxHF3XTAP5HoVCsSW7wt+y5yWxK57wAN42c/qVk4\n41SvoWZr34xz4L20WYAZ3yYO7ni+HxCJrp70wufC1yFGAVVQ1Y1hSnBVUt6DSl5b\npEdpkLDzhF0/7qX62jmXE0nhcCTVjzx+KCeHBIMXMxnPIo3IwKY5oVJD+3oubeHz\nYO5EVAOharP1eLW1R5T+LHw6M05Eb60aqrVYwCPb/MA1QE4FXRh6VCPlcaLAwc2x\nsqzgZlD6El5kX0ViXOT6J/vdUFrQe9110QdmLBKSLigRvahukKKvOKYVEPVen1mM\nPlTWFqDrefOUQCY/43D5e6+8M1MEq6VMJW+qqccPOR3GegA1uxG0lKubP8GjeNhA\n0rp+L+CFHHL8a2XOzNoYbAQaSRxu4aaPMGxI6ar4w28MRvqAHwvmgRVuzrsWzA/N\nOs6TtzUuBpmz0T4UlTJiWOEmiqX+hDh4DSYim0wfOUe+tPClQQKCAQEA1kbfTWaK\nsBfN05/X9Z+/7qjRZEOzMBHK9Wp373MiuOO9Wx2SBVgkXhygSGDweIRD21Hr24yr\nDbNm5byUd5Jh51LZtJegCguBKkn+Su9ZAAiTbU58PM+0mkRQucfC7I4HFZJtsgrq\neYZ58raq3bvsW9QB5j+sJSyOWRhmBZiRGOzo44l2ENwe91TYGB+iza4dWMIrbMVQ\nSBw3g3UsrzlzuorHWIB713ZMCT1hW+DhYwU/Bc9AWTGz8kRh+Lrn96dsXCXbT2TW\n/N6Dyk1ZsXfyyFSQHuj1NFSPPnvqwR9xPSJDKSRdutwFqxcEoknPKJnYXRcacEaJ\nNZznQfiFkCaRgwKCAQEAydG/74zWWjUMDAHfoLphfrD9blZLif21qAYefA0C+7Zc\nGOSStcHc9iOKa4O8ZESjRqElir9125ZfGjlgGShbHL8oTmcjnlehvF5OTQ3mIrn2\nKHyzAhgI9vlXNDPjRsn3F2lmeF04epVh/2J0Ne2W0RiOb0Ie9ZOedwt6/RpRvPO2\njQHVO4q2UmILh7Z3E3OCbSp7HwpiIYPf4/o/FKzdAALxOs9InbSDiHj+ogKBsvq6\n0+DipDhzEprNeY1MrIi0adpGCCu8yOy1JGrRCBW7VGbfyRHEBC0hj+q6Cmm5TM5/\n3EhMTj234BePnK1SF4gEVLbp5yM+aSRgOKDRCwV9JwKCAQBHJhdFexP37p+AcmXi\nAB5Z36JPeY9JGc9bd/PFBWT1IWGhnIr8zUyeF0E9ZzrRuZFShLwdFXNCxFwZUmm1\n3lw11DPHnEUesL09zn3qYdkagr55IANuqcUdKCvp1COsKmi9x/Y2lRtQKM/bQL4x\njBGqWBYdXu0JFudZPBm8J/Gd5iRaUS1r4btCguCR+gcz5mmGLEsA/e9vUjc4pjKl\nKB1+RlB02YzFeVk8BC6MtHoCSB6qDiwesbs/aWdikKUvfV8kpclRbnlYU4ZNKSvs\nGpj53eJQ8SdiLeW2aK0FXSxbkUHdql6ZCi+zpJv8SyfHInZOSrqTp0guDiBXrm6i\n87uDAoIBABJeefbGvdfWDjOllAIgFLGgUGDTj+qOYhNaAzpNQOFCNt25KDVM4Nyy\nXW3tvp7ttGLAVhdr18FVzXAomruPdcOHDpccQhyuYzUu7DeNNU4h2OrUdsKRB3fb\nN/mzY1NVHJ1P5Zi8+2AE6reA8YzbBCgh8QzlWsYFWp4BOH+C/r+Q+yOYcB0MQg37\niIsgq3PkxpFDFZO8sTPVufIZG9a46SCQI/6zUSuxe2tXf+2lBsMQmSKhzF8gGDEw\nT9Vpa/okMy+TQ16JBJTRHqei5UW0HKnQ9zto14t9xBlCRw6dktUP0oltNyzD51GJ\nM3QSPm+P3L0NLPrxtUOCoRNmZ8B2Dm8CggEBALi9/mGoc4Elrtdn0g5PS6VqpgcD\n6sXcFgNT/D64H0fVsu9W5SuL6XoNSypCXrCy6lAvDqCIDJsqd+kH0RkcvDyGBtQ2\n2HClsTLatMExM2Nw53Y1C48Bu6uWYvByDDwaER/mNFWYt7ugVztkQoCv/1kllirI\nLepuaLR+h4l5C9ibNEFbfUkOpQchWL+IF6aAxcxecF/HiYEheEpQTogqPa0iQ7H1\nM/xJm36U55ZLtsEIlRrBPF+cmMmGR4CCd8YBuWVD2zemHG32JJKtFOqXk6VpnOla\n0phM7LdWEGIg+A1Mxw/lvjlhogGhcnsvkqxjEmqJix85Es4AMERlenBXMr0=\n-----END RSA PRIVATE KEY-----\n"
  },
  "letsencrypt": {
    "auto_enabled": null
  },
  "mattermost": {
    "email_invite_salt": "617f572a3ac96a26a3b339a214f36dab",
    "file_public_link_salt": "ff33cb5d75bd7f045b47583b557e9443",
    "sql_at_rest_encrypt_key": "b583a2a62006e23bbb7454a3f495a44e",
    "register_as_oauth_app": null
  },
  "postgresql": {
    "internal_certificate": "-----BEGIN CERTIFICATE-----\nMIIFBzCCAu+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBHMQwwCgYDVQQGEwNVU0Ex\nDzANBgNVBAoMBkdpdExhYjERMA8GA1UECwwIRGF0YWJhc2UxEzARBgNVBAMMClBv\nc3RncmVTUUwwHhcNMjMwNTI3MjAyMzQ0WhcNMzMwNTI0MjAyMzQ0WjBHMQwwCgYD\nVQQGEwNVU0ExDzANBgNVBAoMBkdpdExhYjERMA8GA1UECwwIRGF0YWJhc2UxEzAR\nBgNVBAMMClBvc3RncmVTUUwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDf6MttphqQ6u6lMxkJWXhm2XXHlUVa7794aTbOvDF+470R/BbaO2eQwnc2SWMa\nd1lyXLcqockmT9yZy02keHDbkJnSEnAPopVtTtdo192h1viCLErDQ1UHqInmKf//\nMaIkIbti5EBrob5pnhZ8XPtLw5wN8jT06jS49PtYtv5yVsO8RYUTc2EnKLf3PPXz\noRNec9lAzg5VA+EHOTMzSz4NCzVOofpBIuqARntG5cEaQDvxkN+wkdLoc/XZ7Ias\nFTm4sdPijsx9LcTNJ6rRwpId8ihTmGyGDxPz2aWJhiadOKqc6CxFjrSu4XJmQJfO\nKnkItfkC6zFvyU726D4ERgDMIFRbaVFKICGesYkvc7cmbnwXA3JmoO1b2BoJiVKt\nynsGlxQejHg5BZGzWPCgDzuHyJqniaZIDGXJFwK2Mad8xVajPQ3qPfKUsfqci/gp\nfGGMVpCPbA2XHVrbp1+MI846SEIilj5tAzxJccSqkM1yrdfrKch+2wsA74LQj9Od\nWLYYcp6fUbbnvX3zMeCX/OZWzlw7CA46G+KDO9DSa3XYrz0c1VHPOG51jjHadYqv\nPZ/2J8fr5Xnz585TMBuoDu5MPfwzjX/+S+FndxhN91Y9hEdy9CvIdiTgwZGlIBST\n7hM69ljilpjXiBtMzhYuh0qf+YP01G4NXs14mUBfkG4SvQIDAQABMA0GCSqGSIb3\nDQEBCwUAA4ICAQBblKiKcy3eWDOGlxc7ybZZO0T4bcIQMQ+nMuM5utlcn8LGhrMK\nDzTvF320s8dVfM35oiN5cFFj/C59s+8cARDjBOfTgECIy/OhjMtqBnmy1T6yx/UX\ngXFsxts1x4sGjwK01LVl13ZyOF8/vgSCvKeRnZqQMvuuDGpt7TiDsUhsTRouLzr+\n7pRPbxpCh6j2zC6LBY93xUYzE6UG6AzIXVki9hlmJkrWYBXO9jrFYFXsEcKeqwEV\n4V+uHzFqZoYrI7DRY1zwC/KAtF447zM1HTGIV6+RNgyv78/3j2uhQaeAXnIP2NZl\nXdfXidjdm4AB71chlqLN0lVl1ImzfocUcvZVGezVkC2wkSc7vHrO8TwrG80n8BL+\n270kV8ldQOZ/U5+jwny70HaRlwNrnaFnquySc1BoThv9FBKSUm17TRM/i6dIEkD7\nHHL6hGofDZ4BzbUylloEd2OURiW7lf5pCfEfReNcUdj4AaRYLq1fRu54LTp0pkVP\n68W35xwhQ7CsOisrOa8lNqBlPnGMsQr/QbBu2McuVi85I8XzvVvzgQR7p3u/PYPL\nXiz70rrGz91mC6ezkWH+4jqAJUP0+gGWZDO8ECCQRdLrgmpqm46s2dtYuV/i6/hV\nJy0+kC+lxQ4fiVWl8hS5v4vQZpIZxkzBGh3jdMV9rv+EtqUE0I3wqEizbw==\n-----END CERTIFICATE-----\n",
    "internal_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEA3+jLbaYakOrupTMZCVl4Ztl1x5VFWu+/eGk2zrwxfuO9EfwW\n2jtnkMJ3NkljGndZcly3KqHJJk/cmctNpHhw25CZ0hJwD6KVbU7XaNfdodb4gixK\nw0NVB6iJ5in//zGiJCG7YuRAa6G+aZ4WfFz7S8OcDfI09Oo0uPT7WLb+clbDvEWF\nE3NhJyi39zz186ETXnPZQM4OVQPhBzkzM0s+DQs1TqH6QSLqgEZ7RuXBGkA78ZDf\nsJHS6HP12eyGrBU5uLHT4o7MfS3EzSeq0cKSHfIoU5hshg8T89mliYYmnTiqnOgs\nRY60ruFyZkCXzip5CLX5Ausxb8lO9ug+BEYAzCBUW2lRSiAhnrGJL3O3Jm58FwNy\nZqDtW9gaCYlSrcp7BpcUHox4OQWRs1jwoA87h8iap4mmSAxlyRcCtjGnfMVWoz0N\n6j3ylLH6nIv4KXxhjFaQj2wNlx1a26dfjCPOOkhCIpY+bQM8SXHEqpDNcq3X6ynI\nftsLAO+C0I/TnVi2GHKen1G257198zHgl/zmVs5cOwgOOhvigzvQ0mt12K89HNVR\nzzhudY4x2nWKrz2f9ifH6+V58+fOUzAbqA7uTD38M41//kvhZ3cYTfdWPYRHcvQr\nyHYk4MGRpSAUk+4TOvZY4paY14gbTM4WLodKn/mD9NRuDV7NeJlAX5BuEr0CAwEA\nAQKCAgBp1l4iDDvOeF4plEenVbVF2FCF8JcB7wVwYztW6Tn0Iq4CTEh5C09e66zx\n6iqAHh4Xop+p9SNhiqpZv/GJZqzh/C3ZUIHLwiwjqPrFQhQvJa/9x/Xm6nLM1euo\n8f1hoRJlRdSPYBjbR277+Y/jZQgbvfCL3wsNIY+eRZ5xRr5rSXvoCGxoz0cC/YpH\nwXb4nBDNurDcowm/QcAia/U5r7066Stfac0i8OArliU7U+q8/9PV0YcKrUMmQXna\ncqUNvlK0bMoc8ybRnMrDtpZV5ESxBv/s08WocIQb5asLoG+sLVboKA6VKmlZqJMs\npiebehQP/AQiTw3lKyC6MPjviC9jaue7MHTFy1QD4KIEhosbiK7fL4azWHqnDjQF\ntKy9/g4mriIEbiz7d50ak74urqQU0eQDH6Z4gszf4nPwy4ux7JCBFsoCsD9XtkqM\n8iK5gqY1zcmmjqNMP+R5bsCYbzPuMUZv5vq8U3ltT5IrO1dIjnZsmJG1aYcz+rLz\nXnjL/NLoQONcYeZtds1+uGRJ1IRON2Ks2/UMYTPI4AC11s7jTdRREJuDf6G6qOlV\n9BtSPSI9uA1NOs7cKH/dDdkDrNmglSYteKIBbdS75y33Wp3Py/8jk6KabEiM0UbU\nfSdn00lLl97pdLcfTfeNoRM2J9Hm+6NLWByVMX3t3KDT2AVmOQKCAQEA+sS20X3x\nMkY7w3kDizGkARChHXOhGmbCFlgsqVXecXBDWP9TN5ajYmTA1okD/dFaAamKyxra\n/npIuaKll12gb5o9fx+a4Hl58KRpLu5erlDTzD1f6jhByz20Yal20woKiBjwJCah\nc76S50cksyS+9C+KY15E7z5gGxmuVYNtdPHUFDUSQuVqi+ukFfalltnwAEv+GMkX\ncN8QQw+JRExYlyvEwvjIxe790BBq9IoXzlBOmyAlV8pvrMfSm75py6TLbH6NPlNw\nf9hNueYaWbFxLfUA0EAa1y3PAKmstGgJ6XPYCuOHwm3HFNztk0aCbfutg6FixI9U\nwXJbtzKr/V7hOwKCAQEA5JSiMepE+qrqs3CRpi6F0T6jWMP9xs151aGiXE5vfwWZ\nkswZn1gTYF2BK74t1kFXyom9GbL5z8e++lNDEQVGQoKvXOMCYFDLHEmQKWQz2Dt1\nSdqx07Jvhiuv3WuVGBKh+zF3wHZ489mq5amL5w8gRAmR0k//J4Jn2+gZo1ituCzh\nJ1x3i3K9ddcV24NS1P+zvqK0tPGqvWQesqnu5fhg7t3vXCxEUW6bXxhv8DDy/tGO\ncPI9Ul3LeI71v3fj20h3dQcXFrPiLE8ZJQ7pBVA4wvOx9uns/3rSAcwjsM+WLUWZ\njRz8ZEUUNaMhEDIJMRdsY+q+ZQWqoakQRIVTge0cZwKCAQAdjwRxqyO8JlUzFFeb\nl61aRsiG/TM3NneYRKp3B10iB/aYTfhULBh0J6YnY50p1PyEB6UJjc/UgTuDTi2w\nquOXZBntmx8ZaJg8ClUvp/9XEsX0ZCOjKyBuQYa6oEwWUi+tnSrpR/ht+T+9rUAh\nMaqkg9oPHnSHstWHPD61a7mCOGMkQqE1a29ksND1mc4o+uV0U4DPER0HO/Phw7oN\nZ+ZlY05dIRAhbKtUVCsXShPGSOcLF/3u3DjPp/omS4qS64ji8APcHd+74hY/XGUs\nv2K05RVEdtnzFT46OMXXug+5CeOkXO+Ktn/p8KS8YGpNZoYsZuCKhM6bwswWyw1E\n32MzAoIBAC5pi6Fs+wKWz78NnVVL3voEqPAuI4pJUHKzNh9eAb+d6HfpH06+eHi5\no6+5Ft+JNwU2AIKGV7j7yuhTHawIESMSG/9VTLc30HX27eGpqek+8WrEkBT3BzQM\nDNJ9tLFFn0Q84B7hL1/8E3o8ed65sIiAFO7KNXnVPbdmIkaLjAJ4gmMWoGNdMeEK\ngjKnMJt1LA8KRHz1EQERojYO0SY6z5vQzng9uMV8GuotMRVpKv3YmP6QASmHR/g7\ntuRguJBe33qQrPx8G/F5QhbHN0NP7aaQCtOi3e9mBdw9kgWlsM2Sc0I233yQljDp\n5Z2/OySPp/+Fu5ERnHrktBvlonYgKgMCggEBAPAA9MOJ5iOmDFnK09QZNEkKKhlJ\n6/vP01CWR+YeNQrZ2ZqthQMsvhD7ZK5lrLKOPCOIAq9SPBemdFpqa4mxbtXyH49X\ndaWB0n12PaDBMZ6vUZlikKvW/GTUCUHuU5WTMBJoFmcBtF2z0w9aB0+jAOepjsud\nrjm5yMUhld5gUoGr3ymrBSSPYa+XyBsvHIGVig59sqDixwKzUach1gSYpqybgm6d\nV3E1rN2WKb3flPJMOlRJhfiX8TeNhcfL6CMyorzx85IHDL2yOmFDAwGACRpxq1uh\nsn9NliuiPiiXWf0HZNz9Jq/lqwtaRYbisQfNFudlYyfVs73e/IZ7vDkg09A=\n-----END RSA PRIVATE KEY-----\n"
  },
  "mailroom": {
    "incoming_email_auth_token": null,
    "service_desk_email_auth_token": null
  }
}
srv/gitlab/config/ssh_host_ed25519_key.pub0000644000000000000000000000015514434463302017371 0ustar  rootrootssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRSR8SlmmsbK+FkWhbxtP5c6WYW8QgJAVQ0s0ITv42u root@git.dcpltechnology.com
srv/gitlab/config/ssh_host_rsa_key0000600000000000000000000000507614434463302016372 0ustar  rootroot-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAwkaZu72ungDeuhqgMKFOueiPBHell/FPHexC1lkUc7k8q5U46tE7
h2OrPmqrQ/Fja2jtT3voEMqeDPgTSiFdG7TWnw4Yqke5lzAWRpfq7sboZ2T6uBpgvE0ZUV
TThM+Ql7QFrAWAz6e838imY1BoBMaWN1/KIupFeblp8pu1LoNCopvIBMYs4llUxSCGzSuc
nF5wy8rsgwJU2w0fRg1sazY9rcLgAQPPy2g/kEn6H4zweFzt+w6aahXKZqA7OnqAYUz54T
hrQy2ByhAda9ffwNQA87CBRfCUuETe7+lR8Bn66NrNNoVznwK5MkETC1pCIL9FGhgAp0It
YK0k+AZ5wZDVcGb8E5eVCZ7kgVRhDJYVnW0UzRzZguGuN3SyYQIhdeeqoBrZSCYAC0R/Oz
vj/xE4HZvebOCelMO1t/kqjqVX3/kH2o9IYw4ni7gSkXCH/3FZMQiDlYhVWc7zrsc/Jpeb
m/nGjUD2N29kPw64JSeKGze9jepTZI/RNHjpL6SFAAAFmNB7d9zQe3fcAAAAB3NzaC1yc2
EAAAGBAMJGmbu9rp4A3roaoDChTrnojwR3pZfxTx3sQtZZFHO5PKuVOOrRO4djqz5qq0Px
Y2to7U976BDKngz4E0ohXRu01p8OGKpHuZcwFkaX6u7G6Gdk+rgaYLxNGVFU04TPkJe0Ba
wFgM+nvN/IpmNQaATGljdfyiLqRXm5afKbtS6DQqKbyATGLOJZVMUghs0rnJxecMvK7IMC
VNsNH0YNbGs2Pa3C4AEDz8toP5BJ+h+M8Hhc7fsOmmoVymagOzp6gGFM+eE4a0MtgcoQHW
vX38DUAPOwgUXwlLhE3u/pUfAZ+ujazTaFc58CuTJBEwtaQiC/RRoYAKdCLWCtJPgGecGQ
1XBm/BOXlQme5IFUYQyWFZ1tFM0c2YLhrjd0smECIXXnqqAa2UgmAAtEfzs74/8ROB2b3m
zgnpTDtbf5Ko6lV9/5B9qPSGMOJ4u4EpFwh/9xWTEIg5WIVVnO867HPyaXm5v5xo1A9jdv
ZD8OuCUnihs3vY3qU2SP0TR46S+khQAAAAMBAAEAAAGAGcKmy+Ag8U6IOgEh0JDzEW+m1x
7OVFFo/jy/uBBjx9x+EPpea7SGwjMTF9mpD/9IAYwOO4Xghal4P5v9Ysz9vZjDBKAn4RxV
nZiAu6eVPUgetOcM37CPtyg5/TDUQz4KnDMAtYidReul/b5rYavdvxReAsWu1eZeg/9z7v
l6kspQ4aLqaMemV/UkamcfuMDZqVpUdpFXvx9mBQ2+YdmR0L2GfC3k6f2JZh1SoF1OzzQv
Bqa735hWHU76YZVJhT2M4Sy6DMptK9lMjzrCVg6GzLFcp5bKD7dUAhRYj2oMSG/X7yz8R2
ToV4yzlxIE/ocMC99Z+fTj16no1KqInufuETVoAv51gjUYUVLL1i7ejCGEF37e3r1DVWDk
5LQ1SyBEQqZbntVP7f0EJdZnS5zGSyvrWmRjoH8+FLdfatjJVRJuMbOMUEafAaKoD8HMEi
tCsEaAfyigNHCVbaN2dIV003HQSfmFB6cfInZtOJQik+1uzCz5uvu60AAErGdt5SsBAAAA
wQCUPJkx7600mA8sYFewX295WTSZgrsl7IdSPZF32lnt4JfCIexPDWtlOyxoWMvUNL4yX3
z0HzYoZ9X2lvWycegKqEU4A8N0JFOYLbxs+z4y/vRgV6zmTs2dYlHxvSjD+BW/wpkKFOjh
VvZ7ExS5ewZL8r/1Es6sEXHuU1nwWG0dWEBaEF3Jjj4kq+KDfhFMO7p7lmPPWTUGWqi5OU
hGKmEZH+4E523MD8iTvAlDT7OEtUaFmIhVMZW9qLvlFExOb2gAAADBAObDFCftCcfWjkTv
GRG/BkpgUI2Ui+LGrxiwil32H2CaDfNM7GPg8DkZCQg/8Xzq8FQgIQ6ezA81E/d+BUyzwW
64ILvWRQBWBQdnX9xRFiK2ae3alMPla5lTZUs3krVaCyIvrYoPSthhl6ITNIOtw+pkI9nm
+473LEcpqldzKMZMUgwSJGsDDVx+/DGyQwJauHZRoO+HS17yy98/b09S8RuElvE+pKrn80
yd+GQ8ebMtUgSl8zaWusSc35dcVxdppQAAAMEA14X5ARoROhpuHQpYo9ZdSTKpmGIFz4hK
zbO3B5eHkLu3fYKzJmO1/tWBJ2xrXWnh09PRdjU4OwbHysWBE+MKij7GfKNRihOXPkfc/k
DXOjyE8lt1rYklmcYSjZViJmV3/I9x4tFSmKDvXhmDsMcLDGvXVXLWlfJxp/+dmxUOKNzn
Td7Q8Ml3w0jUb1rz6Zp4LGkM319rUqo4ouS1zkhA0atFXY28VVoMeWnLGJYsD5VjdqwDBZ
BY0wG2Y2106ZlhAAAAG3Jvb3RAZ2l0LmRjcGx0ZWNobm9sb2d5LmNvbQECAwQFBgc=
-----END OPENSSH PRIVATE KEY-----
srv/gitlab/config/gitlab.rb0000600000000000000000000043202314434463301014662 0ustar  rootroot## GitLab configuration settings
##! This file is generated during initial installation and **is not** modified
##! during upgrades.
##! Check out the latest version of this file to know about the different
##! settings that can be configured, when they were introduced and why:
##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template

##! Locally, the complete template corresponding to the installed version can be found at:
##! /opt/gitlab/etc/gitlab.rb.template

##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
##! the gitlab.rb.template from the currently running version.

##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
##! running `gitlab-ctl reconfigure`

##! In general, the values specified here should reflect what the default value of the attribute will be.
##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
##! or connecting to third party services.
##! In those instances, we endeavour to provide an example configuration.

## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
##!
##! Note: During installation/upgrades, the value of the environment variable
##! EXTERNAL_URL will be used to populate/replace this value.
##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
##! address from AWS. For more details, see:
##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
# external_url 'GENERATED_EXTERNAL_URL'

## Roles for multi-instance GitLab
##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
##! Options:
##!   redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
##!   postgres_role consul_role application_role monitoring_role
##! For more details on each role, see:
##! https://docs.gitlab.com/omnibus/roles/index.html#roles
##!
# roles ['redis_sentinel_role', 'redis_master_role']

## Legend
##! The following notations at the beginning of each line may be used to
##! differentiate between components of this file and to easily select them using
##! a regex.
##! ## Titles, subtitles etc
##! ##! More information - Description, Docs, Links, Issues etc.
##! Configuration settings have a single # followed by a single space at the
##! beginning; Remove them to enable the setting.

##! **Configuration settings below are optional.**


################################################################################
################################################################################
##                Configuration Settings for GitLab CE and EE                 ##
################################################################################
################################################################################

################################################################################
## gitlab.yml configuration
##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
################################################################################
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
# gitlab_rails['gitlab_ssh_user'] = ''
# gitlab_rails['time_zone'] = 'UTC'

### Rails asset / CDN host
###! Defines a url for a host/cdn to use for the Rails assets
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-delivery-network-url
# gitlab_rails['cdn_host'] = 'https://mycdnsubdomain.fictional-cdn.com'

### Request duration
###! Tells the rails application how long it has to complete a request
###! This value needs to be lower than the worker timeout set in puma.
###! By default, we'll allow 95% of the the worker timeout
# gitlab_rails['max_request_duration_seconds'] = 57

### GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**

# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.server"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
# gitlab_rails['smtp_pool'] = false

###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_openssl_verify_mode'] = 'none'

# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

### Email Settings

# gitlab_rails['gitlab_email_enabled'] = true

##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
##! can change the 'From' with this setting.
# gitlab_rails['gitlab_email_from'] = 'example@example.com'
# gitlab_rails['gitlab_email_display_name'] = 'Example'
# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
# gitlab_rails['gitlab_email_subject_suffix'] = ''
# gitlab_rails['gitlab_email_smime_enabled'] = false
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'

### GitLab user privileges
# gitlab_rails['gitlab_default_can_create_group'] = true
# gitlab_rails['gitlab_username_changing_enabled'] = true

### Default Theme
### Available values:
##! `1`  for Indigo
##! `2`  for Dark
##! `3`  for Light
##! `4`  for Blue
##! `5`  for Green
##! `6`  for Light Indigo
##! `7`  for Light Blue
##! `8`  for Light Green
##! `9`  for Red
##! `10` for Light Red
# gitlab_rails['gitlab_default_theme'] = 2

### Default project feature settings
# gitlab_rails['gitlab_default_projects_features_issues'] = true
# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
# gitlab_rails['gitlab_default_projects_features_wiki'] = true
# gitlab_rails['gitlab_default_projects_features_snippets'] = true
# gitlab_rails['gitlab_default_projects_features_builds'] = true
# gitlab_rails['gitlab_default_projects_features_container_registry'] = true

### Automatic issue closing
###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
###! information about this pattern.
# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"

### Download location
###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
###! is created in the following directory.
###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'

### Gravatar Settings
# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'

### Auxiliary jobs
###! Periodically executed jobs, to self-heal Gitlab, do external
###! synchronizations, etc.
###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
###!       https://docs.gitlab.com/ee/ci/yaml/index.html#artifactsexpire_in
# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
# gitlab_rails['ci_runner_versions_reconciliation_worker_cron'] = "@daily"
# gitlab_rails['ci_runners_stale_machines_cleanup_worker_cron'] = "36 4 * * *"

### Webhook Settings
###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
###! request (default: 10)
# gitlab_rails['webhook_timeout'] = 10

### GraphQL Settings
###! Tells the rails application how long it has to complete a GraphQL request.
###! We suggest this value to be higher than the database timeout value
###! and lower than the worker timeout set in puma. (default: 30)
# gitlab_rails['graphql_timeout'] = 30

### Trusted proxies
###! Customize if you have GitLab behind a reverse proxy which is running on a
###! different machine.
###! **Add the IP address for your reverse proxy to the list, otherwise users
###!   will appear signed in from that address.**
# gitlab_rails['trusted_proxies'] = []

### Content Security Policy
####! Customize if you want to enable the Content-Security-Policy header, which
####! can help thwart JavaScript cross-site scripting (XSS) attacks.
####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# gitlab_rails['content_security_policy'] = {
#  'enabled' => false,
#  'report_only' => false,
#  # Each directive is a String (e.g. "'self'").
#  'directives' => {
#    'base_uri' => nil,
#    'child_src' => nil,
#    'connect_src' => nil,
#    'default_src' => nil,
#    'font_src' => nil,
#    'form_action' => nil,
#    'frame_ancestors' => nil,
#    'frame_src' => nil,
#    'img_src' => nil,
#    'manifest_src' => nil,
#    'media_src' => nil,
#    'object_src' => nil,
#    'script_src' => nil,
#    'style_src' => nil,
#    'worker_src' => nil,
#    'report_uri' => nil,
#  }
# }

### Allowed hosts
###! Customize the `host` headers that should be catered by the Rails
###! application. By default, everything is allowed.
# gitlab_rails['allowed_hosts'] = []

### Monitoring settings
###! IP whitelist controlling access to monitoring endpoints
# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']

### Shutdown settings
###! Defines an interval to block healthcheck,
###! but continue accepting application requests.
# gitlab_rails['shutdown_blackout_seconds'] = 10

### Microsoft Graph Mailer
###! Allows delivery of emails using Microsoft Graph API with OAuth 2.0 client
###! credentials flow.
###! Docs: https://docs.gitlab.com/omnibus/settings/microsoft_graph_mailer.html
# gitlab_rails['microsoft_graph_mailer_enabled'] = false
# gitlab_rails['microsoft_graph_mailer_user_id'] = "YOUR-USER-ID"
# gitlab_rails['microsoft_graph_mailer_tenant'] = "YOUR-TENANT-ID"
# gitlab_rails['microsoft_graph_mailer_client_id'] = "YOUR-CLIENT-ID"
# gitlab_rails['microsoft_graph_mailer_client_secret'] = "YOUR-CLIENT-SECRET-ID"
# gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
# gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"

### Reply by email
###! Allow users to comment on issues and merge requests by replying to
###! notification emails.
###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
# gitlab_rails['incoming_email_enabled'] = true

#### Incoming Email Address
####! The email address including the `%{key}` placeholder that will be replaced
####! to reference the item being replied to.
####! **The placeholder can be omitted but if present, it must appear in the
####!   "user" part of the address (before the `@`).**
# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"

#### Email account username
####! **With third party providers, this is usually the full email address.**
####! **With self-hosted email servers, this is usually the user part of the
####!   email address.**
# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"

#### Email account password
# gitlab_rails['incoming_email_password'] = "[REDACTED]"

#### IMAP Settings
# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
# gitlab_rails['incoming_email_port'] = 993
# gitlab_rails['incoming_email_ssl'] = true
# gitlab_rails['incoming_email_start_tls'] = false

#### Incoming Mailbox Settings (via `mail_room`)
####! The mailbox where incoming mail will end up. Usually "inbox".
# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
####! The IDLE command timeout.
# gitlab_rails['incoming_email_idle_timeout'] = 60
####! The file name for internal `mail_room` JSON logfile
# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
####! This marks incoming messages deleted after delivery.
####! If you are using Microsoft Graph API instead of IMAP, set this to false to retain
####! messages in the inbox since deleted messages are auto-expunged after some time.
# gitlab_rails['incoming_email_delete_after_delivery'] = true
####! Permanently remove messages from the mailbox when they are marked as deleted after delivery
####! Only applies to IMAP. Microsoft Graph will auto-expunge any deleted messages.
# gitlab_rails['incoming_email_expunge_deleted'] = false

#### Inbox options (for Microsoft Graph)
# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
# gitlab_rails['incoming_email_inbox_options'] = {
#    'tenant_id': 'YOUR-TENANT-ID',
#    'client_id': 'YOUR-CLIENT-ID',
#    'client_secret': 'YOUR-CLIENT-SECRET',
#    'poll_interval': 60  # Optional
# }

#### How incoming emails are delivered to Rails process. Accept either sidekiq
#### or webhook. The default config is webhook.
# gitlab_rails['incoming_email_delivery_method'] = "webhook"

#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
#### encoded with base64
# gitlab_rails['incoming_email_auth_token'] = nil

####! The format of mail_room crash logs
# mailroom['exit_log_format'] = "plain"

### Consolidated (simplified) object storage configuration
###! This uses a single credential for object storage with multiple buckets.
###! It also enables Workhorse to upload files directly with its own S3 client
###! instead of using pre-signed URLs.
###!
###! This configuration will only take effect if the object_store
###! sections are not defined within the types. For example, enabling
###! gitlab_rails['artifacts_object_store_enabled'] or
###! gitlab_rails['lfs_object_store_enabled'] will prevent the
###! consolidated settings from being used.
###!
###! Be sure to use different buckets for each type of object.
###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
# gitlab_rails['object_store']['enabled'] = false
# gitlab_rails['object_store']['connection'] = {}
# gitlab_rails['object_store']['storage_options'] = {}
# gitlab_rails['object_store']['proxy_download'] = false
# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
# gitlab_rails['object_store']['objects']['pages']['bucket'] = nil

### Job Artifacts
# gitlab_rails['artifacts_enabled'] = true
# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
####! Job artifacts Object Store
####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
# gitlab_rails['artifacts_object_store_enabled'] = false
# gitlab_rails['artifacts_object_store_proxy_download'] = false
# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
# gitlab_rails['artifacts_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### External merge request diffs
# gitlab_rails['external_diffs_enabled'] = false
# gitlab_rails['external_diffs_when'] = nil
# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
# gitlab_rails['external_diffs_object_store_enabled'] = false
# gitlab_rails['external_diffs_object_store_proxy_download'] = false
# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
# gitlab_rails['external_diffs_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### Git LFS
# gitlab_rails['lfs_enabled'] = true
# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
# gitlab_rails['lfs_object_store_enabled'] = false
# gitlab_rails['lfs_object_store_proxy_download'] = false
# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
# gitlab_rails['lfs_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### GitLab uploads
###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
# gitlab_rails['uploads_object_store_enabled'] = false
# gitlab_rails['uploads_object_store_proxy_download'] = false
# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
# gitlab_rails['uploads_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### Terraform state
###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
# gitlab_rails['terraform_state_enabled'] = true
# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
# gitlab_rails['terraform_state_object_store_enabled'] = false
# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
# gitlab_rails['terraform_state_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### CI Secure Files
# gitlab_rails['ci_secure_files_enabled'] = false
# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
# gitlab_rails['ci_secure_files_object_store_enabled'] = false
# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
# gitlab_rails['ci_secure_files_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### GitLab Pages
# gitlab_rails['pages_object_store_enabled'] = false
# gitlab_rails['pages_object_store_remote_directory'] = "pages"
# gitlab_rails['pages_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
# gitlab_rails['pages_local_store_enabled'] = true
# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"

### Impersonation settings
# gitlab_rails['impersonation_enabled'] = true

### Disable jQuery and CSS animations
# gitlab_rails['disable_animations'] = false

### Application settings cache expiry in seconds. (default: 60)
# gitlab_rails['application_settings_cache_seconds'] = 60

### Usage Statistics
# gitlab_rails['usage_ping_enabled'] = true

### GitLab Mattermost
###! These settings are void if Mattermost is installed on the same omnibus
###! install
# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"

### LDAP Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
###! **Be careful not to break the indentation in the ldap_servers block. It is
###!   in yaml format and the spaces must be retained. Using tabs will not work.**

# gitlab_rails['ldap_enabled'] = false
# gitlab_rails['prevent_ldap_sign_in'] = false

###! **remember to close this block with 'EOS' below**
# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
#     port: 389
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
#     smartcard_auth: false
#     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
#     port: 389
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
#     smartcard_auth: false
#     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
# EOS

### Smartcard authentication settings
###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
# gitlab_rails['smartcard_enabled'] = false
# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
# gitlab_rails['smartcard_required_for_git_access'] = false
# gitlab_rails['smartcard_san_extensions'] = false

### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
# gitlab_rails['omniauth_enabled'] = nil
# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
# gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_auto_link_user'] = ['twitter']
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
# gitlab_rails['omniauth_providers'] = [
#   {
#     "name" => "google_oauth2",
#     "app_id" => "YOUR APP ID",
#     "app_secret" => "YOUR APP SECRET",
#     "args" => { "access_type" => "offline", "approval_prompt" => "" }
#   }
# ]
# gitlab_rails['omniauth_cas3_session_duration'] = 28800
# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000

### FortiAuthenticator authentication settings
# gitlab_rails['forti_authenticator_enabled'] = false
# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
# gitlab_rails['forti_authenticator_port'] = 443
# gitlab_rails['forti_authenticator_username'] = 'admin'
# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'

### FortiToken Cloud authentication settings
# gitlab_rails['forti_token_cloud_enabled'] = false
# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'

### DuoAuth authentication settings
# gitlab_rails['duo_auth_enabled'] = false
# gitlab_rails['duo_auth_integration_key'] = 'duo_auth_integration_key'
# gitlab_rails['duo_auth_secret_key'] = 'duo_auth_secret_key'
# gitlab_rails['duo_auth_hostname'] = 'duo_auth.example.com'

### Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html

# gitlab_rails['manage_backup_path'] = true
# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"

###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
# gitlab_rails['backup_archive_permissions'] = 0644

# gitlab_rails['backup_pg_schema'] = 'public'

###! The duration in seconds to keep backups before they are allowed to be deleted
# gitlab_rails['backup_keep_time'] = 604800

# gitlab_rails['backup_upload_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AKIAKIAKI',
#   'aws_secret_access_key' => 'secret123',
#   # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
#   'use_iam_profile' => false
# }
# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
# gitlab_rails['backup_multipart_chunk_size'] = 104857600

###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
###!   backups**
# gitlab_rails['backup_encryption'] = 'AES256'
###! The encryption key to use with AWS Server-Side Encryption.
###! Setting this value will enable Server-Side Encryption with customer provided keys;
###!   otherwise S3-managed keys are used.
# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'

###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key)
# gitlab_rails['backup_upload_storage_options'] = {
#  'server_side_encryption' => 'aws:kms',
#  'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
# }

###! **Specifies Amazon S3 storage class to use for backups. Valid values
###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
# gitlab_rails['backup_storage_class'] = 'STANDARD'

###! Skip parts of the backup. Comma separated.
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
#gitlab_rails['env'] = {
#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}

### For setting up different data storing directory
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory
###! **If you want to use a single non-default directory to store git data use a
###!   path that doesn't contain symlinks.**
# git_data_dirs({
#   "default" => {
#     "path" => "/mnt/nfs-01/git-data"
#    }
# })

### Gitaly settings
# gitlab_rails['gitaly_token'] = 'secret token'

### For storing GitLab application uploads, eg. LFS objects, build artifacts
###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'

### For storing encrypted configuration files
###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'

### Wait for file system to be mounted
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]

### GitLab Shell settings for GitLab
# gitlab_rails['gitlab_shell_ssh_port'] = 22
# gitlab_rails['gitlab_shell_git_timeout'] = 800

### Extra customization
# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
# gitlab_rails['extra_bizible'] = false
# gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
# gitlab_rails['extra_matomo_disable_cookies'] = false
# gitlab_rails['extra_maximum_text_highlight_size_kilobytes'] = 512

##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
# gitlab_rails['env'] = {
#   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
# }

# gitlab_rails['rack_attack_git_basic_auth'] = {
#   'enabled' => false,
#   'ip_whitelist' => ["127.0.0.1"],
#   'maxretry' => 10,
#   'findtime' => 60,
#   'bantime' => 3600
# }

# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"

#### Change the initial default admin password and shared runner registration tokens.
####! **Only applicable on initial setup, changing these settings after database
####!   is created and seeded won't yield any change.**
# gitlab_rails['initial_root_password'] = "password"
# gitlab_rails['initial_shared_runners_registration_token'] = "token"

#### Toggle if root password should be printed to STDOUT during initialization
# gitlab_rails['display_initial_root_password'] = false

#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
# gitlab_rails['store_initial_root_password'] = true

#### Set path to an initial license to be used while bootstrapping GitLab.
####! **Only applicable on initial setup, future license updates need to be done via UI.
####! Updating the file specified in this path won't yield any change after the first reconfigure run.
# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'

#### Enable or disable automatic database migrations
# gitlab_rails['auto_migrate'] = true

#### This is advanced feature used by large gitlab deployments where loading
#### whole RAILS env takes a lot of time.
# gitlab_rails['rake_cache_clear'] = true

### GitLab database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
###! **Only needed if you use an external database.**
# gitlab_rails['db_adapter'] = "postgresql"
# gitlab_rails['db_encoding'] = "unicode"
# gitlab_rails['db_collation'] = nil
# gitlab_rails['db_database'] = "gitlabhq_production"
# gitlab_rails['db_username'] = "gitlab"
# gitlab_rails['db_password'] = nil
# gitlab_rails['db_host'] = nil
# gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
# gitlab_rails['db_sslmode'] = nil
# gitlab_rails['db_sslcompression'] = 0
# gitlab_rails['db_sslrootcert'] = nil
# gitlab_rails['db_sslcert'] = nil
# gitlab_rails['db_sslkey'] = nil
# gitlab_rails['db_prepared_statements'] = false
# gitlab_rails['db_statements_limit'] = 1000
# gitlab_rails['db_connect_timeout'] = nil
# gitlab_rails['db_keepalives'] = nil
# gitlab_rails['db_keepalives_idle'] = nil
# gitlab_rails['db_keepalives_interval'] = nil
# gitlab_rails['db_keepalives_count'] = nil
# gitlab_rails['db_tcp_user_timeout'] = nil
# gitlab_rails['db_application_name'] = nil
# gitlab_rails['db_database_tasks'] = true

### Gitlab decomposed database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
# gitlab_rails['databases']['ci']['enable'] = false
# gitlab_rails['databases']['ci']['db_database'] = 'gitlabhq_production'
# gitlab_rails['databases']['ci']['database_tasks'] = false

### GitLab Redis settings
###! Connect to your own Redis instance
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html

#### Redis TCP connection
# gitlab_rails['redis_host'] = "127.0.0.1"
# gitlab_rails['redis_port'] = 6379
# gitlab_rails['redis_ssl'] = false
# gitlab_rails['redis_password'] = nil
# gitlab_rails['redis_database'] = 0
# gitlab_rails['redis_enable_client'] = true

#### Redis local UNIX socket (will be disabled if TCP method is used)
# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"

#### Sentinel support
####! To have Sentinel working, you must enable Redis TCP connection support
####! above and define a few Sentinel hosts below (to get a reliable setup
####! at least 3 hosts).
####! **You don't need to list every sentinel host, but the ones not listed will
####!   not be used in a fail-over situation to query for the new master.**
# gitlab_rails['redis_sentinels'] = [
#   {'host' => '127.0.0.1', 'port' => 26379},
# ]


#### Cluster support
####! Cluster support is only available for selected Redis instances. `resque.yml` will not
####! support cluster mode to maintain full-compatibility with the GitLab rails application.
####!
####! To have Redis Cluster working, you must declare `redis_{instance}_cluster_nodes`
####! `redis_{instance}_username` and `redis_{instance}_password` are required if ACL
####! is enabled for the Redis servers.
# gitlab_rails['redis_xxxx_cluster_nodes'] = [
#    {'host' => '127.0.0.1', 'port' => 6379},
# ]

#### Separate instances support
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
# gitlab_rails['redis_cache_instance'] = nil
# gitlab_rails['redis_cache_sentinels'] = nil
# gitlab_rails['redis_cache_username'] = nil
# gitlab_rails['redis_cache_password'] = nil
# gitlab_rails['redis_cache_cluster_nodes'] = nil
# gitlab_rails['redis_queues_instance'] = nil
# gitlab_rails['redis_queues_sentinels'] = nil
# gitlab_rails['redis_queues_username'] = nil
# gitlab_rails['redis_queues_password'] = nil
# gitlab_rails['redis_queues_cluster_nodes'] = nil
# gitlab_rails['redis_shared_state_instance'] = nil
# gitlab_rails['redis_shared_state_sentinels'] = nil
# gitlab_rails['redis_shared_state_username'] = nil
# gitlab_rails['redis_shared_state_password'] = nil
# gitlab_rails['redis_shared_state_cluster_nodes'] = nil
# gitlab_rails['redis_trace_chunks_instance'] = nil
# gitlab_rails['redis_trace_chunks_sentinels'] = nil
# gitlab_rails['redis_trace_chunks_username'] = nil
# gitlab_rails['redis_trace_chunks_password'] = nil
# gitlab_rails['redis_trace_chunks_cluster_nodes'] = nil
# gitlab_rails['redis_actioncable_instance'] = nil
# gitlab_rails['redis_actioncable_sentinels'] = nil
# gitlab_rails['redis_actioncable_username'] = nil
# gitlab_rails['redis_actioncable_password'] = nil
# gitlab_rails['redis_actioncable_cluster_nodes'] = nil
# gitlab_rails['redis_rate_limiting_instance'] = nil
# gitlab_rails['redis_rate_limiting_sentinels'] = nil
# gitlab_rails['redis_rate_limiting_username'] = nil
# gitlab_rails['redis_rate_limiting_password'] = nil
# gitlab_rails['redis_rate_limiting_cluster_nodes'] = nil
# gitlab_rails['redis_sessions_instance'] = nil
# gitlab_rails['redis_sessions_sentinels'] = nil
# gitlab_rails['redis_sessions_username'] = nil
# gitlab_rails['redis_sessions_password'] = nil
# gitlab_rails['redis_sessions_cluster_nodes'] = nil
# gitlab_rails['redis_cluster_rate_limiting_instance'] = nil
# gitlab_rails['redis_cluster_rate_limiting_sentinels'] = nil
# gitlab_rails['redis_cluster_rate_limiting_username'] = nil
# gitlab_rails['redis_cluster_rate_limiting_password'] = nil
# gitlab_rails['redis_cluster_rate_limiting_cluster_nodes'] = nil
# gitlab_rails['redis_repository_cache_instance'] = nil
# gitlab_rails['redis_repository_cache_sentinels'] = nil
# gitlab_rails['redis_repository_cache_username'] = nil
# gitlab_rails['redis_repository_cache_password'] = nil
# gitlab_rails['redis_repository_cache_cluster_nodes'] = nil


# gitlab_rails['redis_yml_override'] = nil

################################################################################
## Container Registry settings
##! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html
################################################################################

# registry_external_url 'https://registry.example.com'

### Settings used by GitLab application
# gitlab_rails['registry_enabled'] = true
# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

# Notification secret, it's used to authenticate notification requests to GitLab application
# You only need to change this when you use external Registry service, otherwise
# it will be taken directly from notification settings of your Registry
# gitlab_rails['registry_notification_secret'] = nil

###! **Do not change the following 3 settings unless you know what you are
###!   doing**
# gitlab_rails['registry_api_url'] = "http://127.0.0.1:5000"
# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"

### Settings used by Registry application
# registry['enable'] = true
# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
# registry['registry_http_addr'] = "127.0.0.1:5000"
# registry['debug_addr'] = "localhost:5001"
# registry['log_directory'] = "/var/log/gitlab/registry"
# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
# registry['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# registry['log_level'] = "info"
# registry['log_formatter'] = "text"
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
# registry['health_storagedriver_enabled'] = true
# registry['middleware'] = nil
# registry['storage_delete_enabled'] = true
# registry['validation_enabled'] = false
# registry['autoredirect'] = false
# registry['compatibility_schema1_enabled'] = false

### Registry backend storage
###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
# registry['storage'] = {
#   's3' => {
#     'accesskey' => 's3-access-key',
#     'secretkey' => 's3-secret-key-for-access-key',
#     'bucket' => 'your-s3-bucket',
#     'region' => 'your-s3-region',
#     'regionendpoint' => 'your-s3-regionendpoint'
#   },
#   'redirect' => {
#     'disable' => false
#   }
# }

### Registry notifications endpoints
# registry['notifications'] = [
#   {
#     'name' => 'test_endpoint',
#     'url' => 'https://gitlab.example.com/notify2',
#     'timeout' => '500ms',
#     'threshold' => 5,
#     'backoff' => '1s',
#     'headers' => {
#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
#     }
#   }
# ]
### Default registry notifications
# registry['default_notifications_timeout'] = "500ms"
# registry['default_notifications_threshold'] = 5
# registry['default_notifications_backoff'] = "1s"
# registry['default_notifications_headers'] = {}

################################################################################
## Error Reporting and Logging with Sentry
################################################################################
# gitlab_rails['sentry_enabled'] = false
# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_rails['sentry_environment'] = 'production'

################################################################################
## CI_JOB_JWT
################################################################################
##! RSA private key used to sign CI_JOB_JWT
# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.

################################################################################
## GitLab Workhorse
##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
################################################################################

# gitlab_workhorse['enable'] = true
# gitlab_workhorse['ha'] = false
# gitlab_workhorse['alt_document_root'] = nil

##! Duration to wait for all requests to finish (e.g. "10s" for 10
##! seconds). By default this is disabled to preserve the existing
##! behavior of fast shutdown. This should not be set higher than 30
##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
##! the SVWAIT variable) and report a timeout error if the process has
##! not shut down.
# gitlab_workhorse['shutdown_timeout'] = nil
# gitlab_workhorse['listen_network'] = "unix"
# gitlab_workhorse['listen_umask'] = 000
# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
# gitlab_workhorse['auth_backend'] = "http://localhost:8080"

##! Enable Redis keywatcher, if this setting is not present it defaults to true
# gitlab_workhorse['workhorse_keywatcher'] = true

##! the empty string is the default in gitlab-workhorse option parser
# gitlab_workhorse['auth_socket'] = "''"

##! put an empty string on the command line
# gitlab_workhorse['pprof_listen_addr'] = "''"

# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"

# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"

##! limit number of concurrent API requests, defaults to 0 which is unlimited
# gitlab_workhorse['api_limit'] = 0

##! limit number of API requests allowed to be queued, defaults to 0 which
##! disables queuing
# gitlab_workhorse['api_queue_limit'] = 0

##! duration after which we timeout requests if they sit too long in the queue
# gitlab_workhorse['api_queue_duration'] = "30s"

##! Long polling duration for job requesting for runners
# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"

##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise.
# gitlab_workhorse['propagate_correlation_id'] = false

##! A list of CIDR blocks to allow for propagation of correlation ID.
##! propagate_correlation_id should also be set to true.
##! For example: %w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil

##! A list of CIDR blocks that must match remote IP addresses to use
##! X-Forwarded-For HTTP header for the actual client IP. Used in
##! conjuction with propagate_correlation_id and
##! trusted_cidrs_for_propagation.
##! For example: %w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil

##! Log format: default is json, can also be text or none.
# gitlab_workhorse['log_format'] = "json"

# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
# gitlab_workhorse['env'] = {
#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Resource limitations for the dynamic image scaler.
##! Exceeding these thresholds will cause Workhorse to serve images in their original size.
##!
##! Maximum number of scaler processes that are allowed to execute concurrently.
##! It is recommended for this not to exceed the number of CPUs available.
# gitlab_workhorse['image_scaler_max_procs'] = 4
##!
##! Maximum file size in bytes for an image to be considered eligible for rescaling
# gitlab_workhorse['image_scaler_max_filesize'] = 250000

##! Service name used to register GitLab Workhorse as a Consul service
# gitlab_workhorse['consul_service_name'] = 'workhorse'
##! Semantic metadata used when registering GitLab Workhorse as a Consul service
# gitlab_workhorse['consul_service_meta'] = {}

################################################################################
## GitLab User Settings
##! Modify default git user.
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#change-the-name-of-the-git-user-or-group
################################################################################

# user['username'] = "git"
# user['group'] = "git"
# user['uid'] = nil
# user['gid'] = nil

##! The shell for the git user
# user['shell'] = "/bin/sh"

##! The home directory for the git user
# user['home'] = "/var/opt/gitlab"

# user['git_user_name'] = "GitLab"
# user['git_user_email'] = "gitlab@#{node['fqdn']}"

################################################################################
## GitLab Puma
##! Tweak puma settings.
##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html
################################################################################

# puma['enable'] = true
# puma['ha'] = false
# puma['worker_timeout'] = 60
# puma['worker_processes'] = 2
# puma['min_threads'] = 4
# puma['max_threads'] = 4

### Advanced settings
# puma['listen'] = '127.0.0.1'
# puma['port'] = 8080
# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# puma['somaxconn'] = 1024

### SSL settings
# puma['ssl_listen'] = nil
# puma['ssl_port'] = nil
# puma['ssl_certificate'] = nil
# puma['ssl_certificate_key'] = nil
# puma['ssl_client_certificate'] = nil
# puma['ssl_cipher_filter'] = nil
# puma['ssl_verify_mode'] = 'none'

# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'

###! **We do not recommend changing this setting**
# puma['log_directory'] = "/var/log/gitlab/puma"

### **Only change these settings if you understand well what they mean**
###! Docs: https://github.com/schneems/puma_worker_killer
# puma['per_worker_max_memory_mb'] = 1024

# puma['exporter_enabled'] = false
# puma['exporter_address'] = "127.0.0.1"
# puma['exporter_port'] = 8083
# puma['exporter_tls_enabled'] = false
# puma['exporter_tls_cert_path'] = ""
# puma['exporter_tls_key_path'] = ""

# puma['prometheus_scrape_scheme'] = 'http'
# puma['prometheus_scrape_tls_server_name'] = 'localhost'
# puma['prometheus_scrape_tls_skip_verification'] = false

##! Service name used to register Puma as a Consul service
# puma['consul_service_name'] = 'rails'
##! Semantic metadata used when registering Puma as a Consul service
# puma['consul_service_meta'] = {}

################################################################################
## GitLab Sidekiq
################################################################################

##! GitLab allows one to start multiple sidekiq processes. These
##! processes can be used to consume a dedicated set of queues. This
##! can be used to ensure certain queues are able to handle additional workload.
##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html

# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
# sidekiq['log_format'] = "json"
# sidekiq['shutdown_timeout'] = 4
# sidekiq['interval'] = nil
# sidekiq['max_concurrency'] = 20
# sidekiq['min_concurrency'] = nil

##! GitLab allows route a job to a particular queue determined by an array of ##! routing rules.
##! Each routing rule is a tuple of queue selector query and corresponding queue. By default,
##! the routing rules are not configured (empty array)

# sidekiq['routing_rules'] = []

##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
##! Sidekiq process. Multiple queues can be processed by the same process by
##! separating them with a comma within the group entry, a `*` will process all queues

# sidekiq['queue_groups'] = ['*']

##! Specifies where Prometheus metrics endpoints should be made available for Sidekiq processes.
# sidekiq['metrics_enabled'] = true
# sidekiq['exporter_log_enabled'] = false
# sidekiq['exporter_tls_enabled'] = false
# sidekiq['exporter_tls_cert_path'] = ""
# sidekiq['exporter_tls_key_path'] = ""
# sidekiq['listen_address'] = "localhost"
# sidekiq['listen_port'] = 8082

##! Specifies where health-check endpoints should be made available for Sidekiq processes.
##! Defaults to the same settings as for Prometheus metrics (see above).
# sidekiq['health_checks_enabled'] = true
# sidekiq['health_checks_listen_address'] = "localhost"
# sidekiq['health_checks_listen_port'] = 8092

##! Service name used to register Sidekiq as a Consul service
# sidekiq['consul_service_name'] = 'sidekiq'
##! Semantic metadata used when registering Sidekiq as a Consul service
# sidekiq['consul_service_meta'] = {}

################################################################################
## gitlab-shell
################################################################################

# gitlab_shell['audit_usernames'] = false
# gitlab_shell['log_level'] = 'INFO'
# gitlab_shell['log_format'] = 'json'
# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs'}
# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"

# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"

### Migration to Go feature flags
###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
# gitlab_shell['migration'] = { enabled: true, features: [] }

### Git trace log file.
###! If set, git commands receive GIT_TRACE* environment variables
###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
###! An absolute path starting with / – the trace output will be appended to
###! that file. It needs to exist so we can check permissions and avoid
###! throwing warnings to the users.
# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"

##! **We do not recommend changing this directory.**
# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"

################################################################################
## gitlab-sshd
################################################################################

# gitlab_sshd['enable'] = false
# gitlab_sshd['generate_host_keys'] = true
# gitlab_sshd['dir'] = "/var/opt/gitlab/gitlab-sshd"

# gitlab-sshd outputs most logs to /var/log/gitlab/gitlab-shell/gitlab-shell.log.
# This directory only stores stdout/stderr output from the daemon.
# gitlab_sshd['log_directory'] = "/var/log/gitlab/gitlab-sshd/"

# gitlab_sshd['env_directory'] = '/opt/gitlab/etc/gitlab-sshd/env'
# gitlab_sshd['listen_address'] = 'localhost:2222'
# gitlab_sshd['metrics_address'] = 'localhost:9122'
# gitlab_sshd['concurrent_sessions_limit'] = 100
# gitlab_sshd['proxy_protocol'] = false
# gitlab_sshd['proxy_policy'] = 'use'
# gitlab_sshd['proxy_header_timeout'] = '500ms'
# gitlab_sshd['grace_period'] = 55
# gitlab_sshd['client_alive_interval'] = nil
# gitlab_sshd['ciphers'] = nil
# gitlab_sshd['kex_algorithms'] = nil
# gitlab_sshd['macs'] = nil
# gitlab_sshd['login_grace_time'] = 60
# gitlab_sshd['host_keys_dir'] = '/var/opt/gitlab/gitlab-sshd'
# gitlab_sshd['host_keys_glob'] = 'ssh_host_*_key'
# gitlab_sshd['host_certs_dir'] = '/var/opt/gitlab/gitlab-sshd'
# gitlab_sshd['host_certs_glob'] = 'ssh_host_*-cert.pub'

################################################################
## GitLab PostgreSQL
################################################################

###! Changing any of these settings requires a restart of postgresql.
###! By default, reconfigure reloads postgresql if it is running. If you
###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
###! after reconfigure in order for the changes to take effect.
# postgresql['enable'] = true
# postgresql['listen_address'] = nil
# postgresql['port'] = 5432

## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other
## cluster members. This port is used by Patroni to advertize the PostgreSQL connection
## endpoint to the cluster. By default it is the same as postgresql['port'].
# postgresql['connect_port'] = 5432

##! **recommend value is 1/4 of total RAM, up to 14GB.**
# postgresql['shared_buffers'] = "256MB"

### Advanced settings
# postgresql['ha'] = false
# postgresql['dir'] = "/var/opt/gitlab/postgresql"
# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
# postgresql['log_destination'] = nil
# postgresql['logging_collector'] = nil
# postgresql['log_truncate_on_rotation'] = nil
# postgresql['log_rotation_age'] = nil
# postgresql['log_rotation_size'] = nil
##! 'username' affects the system and PostgreSQL user accounts created during installation and cannot be changed
##! on an existing installation. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606 for more details.
# postgresql['username'] = "gitlab-psql"
# postgresql['group'] = "gitlab-psql"
##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# postgresql['uid'] = nil
# postgresql['gid'] = nil
# postgresql['shell'] = "/bin/sh"
# postgresql['home'] = "/var/opt/gitlab/postgresql"
# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
# postgresql['sql_user'] = "gitlab"
# postgresql['max_connections'] = 400
# postgresql['md5_auth_cidr_addresses'] = []
# postgresql['trust_auth_cidr_addresses'] = []
# postgresql['wal_buffers'] = "-1"
# postgresql['autovacuum_max_workers'] = "3"
# postgresql['autovacuum_freeze_max_age'] = "200000000"
# postgresql['log_statement'] = nil
# postgresql['track_activity_query_size'] = "1024"
# postgresql['shared_preload_libraries'] = nil
# postgresql['dynamic_shared_memory_type'] = nil
# postgresql['hot_standby'] = "off"

### SSL settings
# See https://www.postgresql.org/docs/12/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
# postgresql['ssl'] = 'on'
# postgresql['hostssl'] = false
# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
# postgresql['ssl_cert_file'] = 'server.crt'
# postgresql['ssl_key_file'] = 'server.key'
# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# postgresql['ssl_crl_file'] = nil
# postgresql['cert_auth_addresses'] = {
#   'ADDRESS' => {
#     database: 'gitlabhq_production',
#     user: 'gitlab'
#   }
# }

### Replication settings
###! Note, some replication settings do not require a full restart. They are documented below.
# postgresql['wal_level'] = "hot_standby"
# postgresql['wal_log_hints'] = 'off'
# postgresql['max_wal_senders'] = 5
# postgresql['max_replication_slots'] = 0
# postgresql['max_locks_per_transaction'] = 128

# Backup/Archive settings
# postgresql['archive_mode'] = "off"

###! Changing any of these settings only requires a reload of postgresql. You do not need to
###! restart postgresql if you change any of these and run reconfigure.
# postgresql['work_mem'] = "16MB"
# postgresql['maintenance_work_mem'] = "16MB"
# postgresql['checkpoint_timeout'] = "5min"
# postgresql['checkpoint_completion_target'] = 0.9
# postgresql['effective_io_concurrency'] = 1
# postgresql['checkpoint_warning'] = "30s"
# postgresql['effective_cache_size'] = "1MB"
# postgresql['shmmax'] =  17179869184 # or 4294967295
# postgresql['shmall'] =  4194304 # or 1048575
# postgresql['autovacuum'] = "on"
# postgresql['log_autovacuum_min_duration'] = "-1"
# postgresql['autovacuum_naptime'] = "1min"
# postgresql['autovacuum_vacuum_threshold'] = "50"
# postgresql['autovacuum_analyze_threshold'] = "50"
# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
# postgresql['statement_timeout'] = "60000"
# postgresql['idle_in_transaction_session_timeout'] = "60000"
# postgresql['log_line_prefix'] = "%a"
# postgresql['max_worker_processes'] = 8
# postgresql['max_parallel_workers_per_gather'] = 0
# postgresql['log_lock_waits'] = 1
# postgresql['deadlock_timeout'] = '5s'
# postgresql['track_io_timing'] = 0
# postgresql['default_statistics_target'] = 1000

### Available in PostgreSQL 9.6 and later
# postgresql['min_wal_size'] = "80MB"
# postgresql['max_wal_size'] = "1GB"

# Backup/Archive settings
# postgresql['archive_command'] = nil
# postgresql['archive_timeout'] = "0"

### Replication settings
# postgresql['sql_replication_user'] = "gitlab_replicator"
# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
# postgresql['wal_keep_segments'] = 10
# postgresql['max_standby_archive_delay'] = "30s"
# postgresql['max_standby_streaming_delay'] = "30s"
# postgresql['synchronous_commit'] = on
# postgresql['synchronous_standby_names'] = ''
# postgresql['hot_standby_feedback'] = 'off'
# postgresql['random_page_cost'] = 2.0
# postgresql['log_temp_files'] = -1
# postgresql['log_checkpoints'] = 'off'
# To add custom entries to pg_hba.conf use the following
# postgresql['custom_pg_hba_entries'] = {
#   APPLICATION: [ # APPLICATION should identify what the settings are used for
#     {
#       type: example,
#       database: example,
#       user: example,
#       cidr: example,
#       method: example,
#       option: example
#     }
#   ]
# }
# See https://www.postgresql.org/docs/12/static/auth-pg-hba-conf.html for an explanation
# of the values

### Version settings
# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
# postgresql['version'] = 10


##! Automatically restart PostgreSQL service when version changes.
# postgresql['auto_restart_on_version_change'] = true

################################################################################
## GitLab Redis
##! **Can be disabled if you are using your own Redis instance.**
##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
################################################################################

# redis['enable'] = true
# redis['ha'] = false
# redis['start_down'] = false
# redis['set_replicaof'] = false
# redis['hz'] = 10
# redis['dir'] = "/var/opt/gitlab/redis"
# redis['log_directory'] = "/var/log/gitlab/redis"
# redis['username'] = "gitlab-redis"
# redis['group'] = "gitlab-redis"
# redis['maxclients'] = "10000"
# redis['maxmemory'] = "0"
# redis['maxmemory_policy'] = "noeviction"
# redis['maxmemory_samples'] = "5"
# redis['stop_writes_on_bgsave_error'] = true
# redis['tcp_backlog'] = 511
# redis['tcp_timeout'] = "60"
# redis['tcp_keepalive'] = "300"
# redis['uid'] = nil
# redis['gid'] = nil

### Redis TLS settings
###! To run Redis over TLS, specify values for the following settings
# redis['tls_port'] = nil
# redis['tls_cert_file'] = nil
# redis['tls_key_file'] = nil

###! Other TLS related optional settings
# redis['tls_dh_params_file'] = nil
# redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# redis['tls_auth_clients'] = 'optional'
# redis['tls_replication'] = nil
# redis['tls_cluster'] = nil
# redis['tls_protocols'] = nil
# redis['tls_ciphers'] = nil
# redis['tls_ciphersuites'] = nil
# redis['tls_prefer_server_ciphers'] = nil
# redis['tls_session_caching'] = nil
# redis['tls_session_cache_size'] = nil
# redis['tls_session_cache_timeout'] = nil

### Disable or obfuscate unnecessary redis command names
### Uncomment and edit this block to add or remove entries.
### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
### for detailed usage
###
# redis['rename_commands'] = {
#   'KEYS': ''
#}
#

###! **To enable only Redis service in this machine, uncomment
###!   one of the lines below (choose master or replica instance types).**
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
###!       https://docs.gitlab.com/ee/administration/high_availability/redis.html
# redis_master_role['enable'] = true
# redis_replica_role['enable'] = true

### Redis TCP support (will disable UNIX socket transport)
# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
# redis['port'] = 6379
# redis['password'] = 'redis-password-goes-here'

### Redis Sentinel support
###! **You need a master replica Redis replication to be able to do failover**
###! **Please read the documentation before enabling it to understand the
###!   caveats:**
###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html

### Replication support
#### Replica Redis instance
# redis['master'] = false # by default this is true

#### Replica and Sentinel shared configuration
####! **Both need to point to the master Redis instance to get replication and
####!   heartbeat monitoring**
# redis['master_name'] = 'gitlab-redis'
# redis['master_ip'] = nil
# redis['master_port'] = 6379

#### Support to run redis replicas in a Docker or NAT environment
####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
# redis['announce_ip'] = nil
# redis['announce_port'] = nil
# redis['announce_ip_from_hostname'] = false

####! **Master password should have the same value defined in
####!   redis['password'] to enable the instance to transition to/from
####!   master/replica in a failover event.**
# redis['master_password'] = 'redis-password-goes-here'

####! Increase these values when your replicas can't catch up with master
# redis['client_output_buffer_limit_normal'] = '0 0 0'
# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'

#####! Redis snapshotting frequency
#####! Set to [] to disable
#####! Set to [''] to clear previously set values
# redis['save'] = [ '900 1', '300 10', '60 10000' ]

#####! Redis lazy freeing
#####! Defaults to false
# redis['lazyfree_lazy_eviction'] = true
# redis['lazyfree_lazy_expire'] = true
# redis['lazyfree_lazy_server_del'] = true
# redis['replica_lazy_flush'] = true

#####! Redis threaded I/O
#####! Defaults to disabled
# redis['io_threads'] = 4
# redis['io_threads_do_reads'] = true

################################################################################
## GitLab Web server
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
################################################################################

##! When bundled nginx is disabled we need to add the external webserver user to
##! the GitLab webserver group.
# web_server['external_users'] = []
# web_server['username'] = 'gitlab-www'
# web_server['group'] = 'gitlab-www'
# web_server['uid'] = nil
# web_server['gid'] = nil
# web_server['shell'] = '/bin/false'
# web_server['home'] = '/var/opt/gitlab/nginx'

################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################

# nginx['enable'] = true
# nginx['client_max_body_size'] = '250m'
# nginx['redirect_http_to_https'] = false
# nginx['redirect_http_to_https_port'] = 80

##! Most root CA's are included by default
# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"

##! enable/disable 2-way SSL client authentication
# nginx['ssl_verify_client'] = "off"

##! if ssl_verify_client on, verification depth in the client certificates chain
# nginx['ssl_verify_depth'] = "1"

# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
# nginx['ssl_prefer_server_ciphers'] = "off"

##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##!                   https://cipherli.st/**
# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"

##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_cache'] = "shared:SSL:10m"

##! **Recommended in: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6**
# nginx['ssl_session_tickets'] = "off"

##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_timeout'] = "1d"

# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
# nginx['ssl_password_file'] = nil # Path to file with passphrases for ssl certificate secret keys
# nginx['listen_addresses'] = ['*', '[::]']

##! **Defaults to forcing web browsers to always communicate using only HTTPS**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
# nginx['hsts_max_age'] = 63072000
# nginx['hsts_include_subdomains'] = false

##! Defaults to stripping path information when making cross-origin requests
# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'

##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
# nginx['gzip_enabled'] = true

##! **Override only if you use a reverse proxy**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
# nginx['listen_port'] = nil

##! **Override only if your reverse proxy internally communicates over HTTP**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
# nginx['listen_https'] = nil

##! **Override only if you use a reverse proxy with proxy protocol enabled**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-proxy-protocol
# nginx['proxy_protocol'] = false

# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
# nginx['proxy_read_timeout'] = 3600
# nginx['proxy_connect_timeout'] = 300
# nginx['proxy_set_headers'] = {
#  "Host" => "$http_host_with_default",
#  "X-Real-IP" => "$remote_addr",
#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
#  "X-Forwarded-Proto" => "https",
#  "X-Forwarded-Ssl" => "on",
#  "Upgrade" => "$http_upgrade",
#  "Connection" => "$connection_upgrade"
# }
# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
# nginx['proxy_cache'] = 'gitlab'
# nginx['proxy_custom_buffer_size'] = '4k'
# nginx['http2_enabled'] = true
# nginx['real_ip_trusted_addresses'] = []
# nginx['real_ip_header'] = nil
# nginx['real_ip_recursive'] = nil
# nginx['custom_error_pages'] = {
#   '404' => {
#     'title' => 'Example title',
#     'header' => 'Example header',
#     'message' => 'Example message'
#   }
# }

### Advanced settings
# nginx['dir'] = "/var/opt/gitlab/nginx"
# nginx['log_directory'] = "/var/log/gitlab/nginx"
# nginx['error_log_level'] = "error"
# nginx['worker_processes'] = 4
# nginx['worker_connections'] = 10240
# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
# nginx['sendfile'] = 'on'
# nginx['tcp_nopush'] = 'on'
# nginx['tcp_nodelay'] = 'on'
# nginx['hide_server_tokens'] = 'off'
# nginx['gzip_http_version'] = "1.0"
# nginx['gzip_comp_level'] = "2"
# nginx['gzip_proxied'] = "any"
# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
# nginx['keepalive_timeout'] = 65
# nginx['keepalive_time'] = '1h'
# nginx['cache_max_size'] = '5000m'
# nginx['server_names_hash_bucket_size'] = 64
##! These paths have proxy_request_buffering disabled
# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|/import/gitlab_project$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"

### Nginx status
# nginx['status'] = {
#  "enable" => true,
#  "listen_addresses" => ["127.0.0.1"],
#  "fqdn" => "dev.example.com",
#  "port" => 9999,
#  "vts_enable" => true,
#  "options" => {
#    "server_tokens" => "off", # Don't show the version of NGINX
#    "access_log" => "off", # Disable logs for stats
#    "allow" => "127.0.0.1", # Only allow access from localhost
#    "deny" => "all" # Deny access to anyone else
#  }
# }

##! Service name used to register Nginx as a Consul service
# nginx['consul_service_name'] = 'nginx'
##! Semantic metadata used when registering NGINX as a Consul service
# nginx['consul_service_meta'] = {}

################################################################################
## GitLab Logging
##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
################################################################################

# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
# logging['svlogd_num'] = 30 # keep 30 rotated log files
# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
# logging['svlogd_filter'] = "gzip" # compress logs with gzip
# logging['svlogd_udp'] = nil # transmit log messages via UDP
# logging['svlogd_prefix'] = nil # custom prefix for log messages
# logging['logrotate_frequency'] = "daily" # rotate logs daily
# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
# logging['logrotate_size'] = nil # do not rotate by size by default
# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
# logging['logrotate_compress'] = "compress" # see 'man logrotate'
# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
# logging['logrotate_postrotate'] = nil # no postrotate command by default
# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz

### UDP log forwarding
##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding

##! remote host to ship log messages to via UDP
# logging['udp_log_shipping_host'] = nil

##! override the hostname used when logs are shipped via UDP,
##  by default the system hostname will be used.
# logging['udp_log_shipping_hostname'] = nil

##! remote port to ship log messages to via UDP
# logging['udp_log_shipping_port'] = 514

################################################################################
## Logrotate
##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
##! You can disable built in logrotate feature.
################################################################################
# logrotate['enable'] = true
# logrotate['log_directory'] = "/var/log/gitlab/logrotate"

################################################################################
## Users and groups accounts
##! Disable management of users and groups accounts.
##! **Set only if creating accounts manually**
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
################################################################################

# manage_accounts['enable'] = true

################################################################################
## Storage directories
##! Disable managing storage directories
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
################################################################################

##! **Set only if the select directories are created manually**
# manage_storage_directories['enable'] = false
# manage_storage_directories['manage_etc'] = false

################################################################################
## Runtime directory
##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
################################################################################

# runtime_dir '/run'

################################################################################
## Git
##! Advanced setting for configuring git system settings for omnibus-gitlab
##! internal git
################################################################################

##! The format of the Omnibus gitconfig is:
##! { "section" => ["subsection = value"] }
##! For example:
##! { "pack" => ["threads = 1"] }
##! For multiple options under one header use array of comma separated values,
##! eg.:
##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
# omnibus_gitconfig['system'] = {}

################################################################################
## GitLab Pages
##! Docs: https://docs.gitlab.com/ee/administration/pages/
################################################################################

##! Define to enable GitLab Pages
# pages_external_url "http://pages.example.com/"
# gitlab_pages['enable'] = false

##! Configure to expose GitLab Pages on external IP address, serving the HTTP
# gitlab_pages['external_http'] = []

##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
# gitlab_pages['external_https'] = []

##! Configure to expose GitLab Pages on external IP address, serving the HTTPS over PROXYv2
# gitlab_pages['external_https_proxyv2'] = []

##! Configure cert when using external IP address
# gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt"
# gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key"

##! Configure to use the default list of cipher suites
# gitlab_pages['insecure_ciphers'] = false

##! Configure to enable health check endpoint on GitLab Pages
# gitlab_pages['status_uri'] = "/@status"

##! Tune the maximum number of concurrent connections GitLab Pages will handle.
##! Default to 0 for unlimited connections.
# gitlab_pages['max_connections'] = 0

##! Configure the maximum length of URIs accepted by GitLab Pages
##! By default is limited for security reasons. Set 0 for unlimited
# gitlab_pages['max_uri_length'] = 1024

##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy
##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy
##! sets the header value X-Request-ID, the value will be propagated in the request chain.
# gitlab_pages['propagate_correlation_id'] = false

##! Configure to use JSON structured logging in GitLab Pages
# gitlab_pages['log_format'] = "json"

##! Configure verbose logging for GitLab Pages
# gitlab_pages['log_verbose'] = false

##! Error Reporting and Logging with Sentry
# gitlab_pages['sentry_enabled'] = false
# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_pages['sentry_environment'] = 'production'

##! Listen for requests forwarded by reverse proxy
# gitlab_pages['listen_proxy'] = "localhost:8090"

# gitlab_pages['redirect_http'] = true
# gitlab_pages['use_http2'] = true
# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"

# gitlab_pages['artifacts_server'] = true
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# gitlab_pages['artifacts_server_timeout'] = 10

##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
# gitlab_pages['metrics_address'] = ":9235"

##! Specifies the minimum TLS version ("tls1.2" or "tls1.3")
# gitlab_pages['tls_min_version'] = "tls1.2"

##! Specifies the maximum TLS version ("tls1.2" or "tls1.3")
# gitlab_pages['tls_max_version'] = "tls1.3"

##! Pages access control
# gitlab_pages['access_control'] = false
# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
# gitlab_pages['gitlab_secret'] = nil # Generated if not present
# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
# gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer
# gitlab_pages['auth_secret'] = nil # Generated if not present
# gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security
# gitlab_pages['auth_cookie_session_timeout'] = "10m" # Authentication cookie session timeout (truncated to seconds). A zero value means the cookie will be deleted after the browser session ends

##! GitLab Pages Server Shutdown Timeout
##! Duration ("30s" for 30 seconds)
# gitlab_pages['server_shutdown_timeout'] = "30s"

##! GitLab API HTTP client connection timeout
# gitlab_pages['gitlab_client_http_timeout'] = "10s"

##! GitLab API JWT Token expiry time
# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"

##! Advanced settings for API-based configuration for GitLab Pages.
##! The recommended default values are set inside GitLab Pages.
##! Should be changed only if absolutely needed.

##! The maximum time a domain's configuration is stored in the cache.
# gitlab_pages['gitlab_cache_expiry'] = "600s"
##! The interval at which a domain's configuration is set to be due to refresh (default: 60s).
# gitlab_pages['gitlab_cache_refresh'] = "60s"
##! The interval at which expired items are removed from the cache (default: 60s).
# gitlab_pages['gitlab_cache_cleanup'] = "60s"
##! The maximum time to wait for a response from the GitLab API per request.
# gitlab_pages['gitlab_retrieval_timeout'] = "30s"
##! The interval to wait before retrying to resolve a domain's configuration via the GitLab API.
# gitlab_pages['gitlab_retrieval_interval'] = "1s"
##! The maximum number of times to retry to resolve a domain's configuration via the API
# gitlab_pages['gitlab_retrieval_retries'] = 3

##! Define custom gitlab-pages HTTP headers for the whole instance
# gitlab_pages['headers'] = []

##! Shared secret used for authentication between Pages and GitLab
# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

##! Advanced settings for serving GitLab Pages from zip archives.
##! The recommended default values are set inside GitLab Pages.
##! Should be changed only if absolutely needed.

##! The maximum time an archive will be cached in memory.
# gitlab_pages['zip_cache_expiration'] = "60s"
##! Zip archive cache cleaning interval.
# gitlab_pages['zip_cache_cleanup'] = "30s"
##! The interval to refresh a cache archive if accessed before expiring.
# gitlab_pages['zip_cache_refresh'] = "30s"
##! The maximum amount of time it takes to open a zip archive from the file system or object storage.
# gitlab_pages['zip_open_timeout'] = "30s"
##! Zip HTTP Client timeout
# gitlab_pages['zip_http_client_timeout'] = "30m"

##! ReadTimeout is the maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout.
# gitlab_pages['server_read_timeout'] = "5s"
##! ReadHeaderTimeout is the amount of time allowed to read request headers. A zero or negative value means there will be no timeout.
# gitlab_pages['server_read_header_timeout'] = "1s"
##! WriteTimeout is the maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout.
# gitlab_pages['server_write_timeout'] = "5m"
##! KeepAlive specifies the keep-alive period for network connections accepted by this listener. If zero, keep-alives are enabled if supported by the protocol and operating system. If negative, keep-alives are disabled.
# gitlab_pages['server_keep_alive'] = "15s"

##! Enable serving content from disk instead of Object Storage
# gitlab_pages['enable_disk'] = nil

##! Rate-limiting options below work in report-only mode:
##! they only count rejected requests, but don't reject them
##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to
##! reject requests.

##! Rate limits as described in https://docs.gitlab.com/ee/administration/pages/#rate-limits

##! Rate limit HTTP requests per second from a single IP, 0 means is disabled
# gitlab_pages['rate_limit_source_ip'] = 50.0
##! Rate limit HTTP requests from a single IP, maximum burst allowed per second
# gitlab_pages['rate_limit_source_ip_burst'] = 600
##! Rate limit HTTP requests per second to a single domain, 0 means is disabled
# gitlab_pages['rate_limit_domain'] = 0
##! Rate limit HTTP requests to a single domain, maximum burst allowed per second
# gitlab_pages['rate_limit_domain_burst'] = 10000

##! Rate limit new TLS connections per second from a single IP, 0 means is disabled
# gitlab_pages['rate_limit_tls_source_ip'] = 50.0
##! Rate limit new TLS connections from a single IP, maximum burst allowed per second
# gitlab_pages['rate_limit_tls_source_ip_burst'] = 600
##!Rate limit new TLS connections per second from to a single domain, 0 means is disabled
# gitlab_pages['rate_limit_tls_domain'] = 0
##! Rate limit new TLS connections to a single domain, maximum burst allowed per second
# gitlab_pages['rate_limit_tls_domain_burst'] = 10000

##! The maximum size of the _redirects file, in bytes
# gitlab_pages['redirects_max_config_size'] = 65536
##! The maximum number of path segments allowed in _redirects rules URLs
# gitlab_pages['redirects_max_path_segments'] = 25
##! The maximum number of rules allowed in _redirects
# gitlab_pages['redirects_max_rule_count'] = 1000

# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
# gitlab_pages['env'] = {
#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
# }

################################################################################
## GitLab Pages NGINX
################################################################################

# All the settings defined in the "GitLab Nginx" section are also available in
# this "GitLab Pages NGINX" section, using the key `pages_nginx`.  However,
# those settings should be explicitly set. That is, settings given as
# `nginx['some_setting']` WILL NOT be automatically replicated as
# `pages_nginx['some_setting']` and should be set separately.

# Below you can find settings that are exclusive to "GitLab Pages NGINX"
# pages_nginx['enable'] = true

# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"

################################################################################
## GitLab CI
##! Docs: https://docs.gitlab.com/ee/ci/quick_start/
################################################################################

# gitlab_ci['gitlab_ci_all_broken_builds'] = true
# gitlab_ci['gitlab_ci_add_pusher'] = true
# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'

################################################################################
## GitLab Kubernetes Agent Server
##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
################################################################################

##! Settings used by the GitLab application
# gitlab_rails['gitlab_kas_enabled'] = true
# gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.example.com/-/kubernetes-agent/'
# gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.example.com/-/kubernetes-agent/k8s-proxy/'

##! Define to enable GitLab KAS
# gitlab_kas_external_url "ws://gitlab.example.com/-/kubernetes-agent/"
# gitlab_kas['enable'] = true

##! Agent configuration for GitLab KAS
# gitlab_kas['agent_configuration_poll_period'] = 20
# gitlab_kas['agent_gitops_poll_period'] = 20
# gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300
# gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60
# gitlab_kas['agent_info_cache_ttl'] = 300
# gitlab_kas['agent_info_cache_error_ttl'] = 60

##! Shared secret used for authentication between KAS and GitLab
# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

##! Shared secret used for authentication between different KAS instances in a multi-node setup
# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

##! Listen configuration for GitLab KAS
# gitlab_kas['listen_address'] = 'localhost:8150'
# gitlab_kas['listen_network'] = 'tcp'
# gitlab_kas['listen_websocket'] = true
# gitlab_kas['certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['key_file'] = "/path/to/key.pem"
# gitlab_kas['observability_listen_network'] = 'tcp'
# gitlab_kas['observability_listen_address'] = 'localhost:8151'
# gitlab_kas['internal_api_listen_network'] = 'tcp'
# gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
# gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['internal_api_key_file'] = "/path/to/key.pem"
# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
# gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem"
# gitlab_kas['private_api_listen_network'] = 'tcp'
# gitlab_kas['private_api_listen_address'] = 'localhost:8155'
# gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['private_api_key_file'] = "/path/to/key.pem"

##! Metrics configuration for GitLab KAS
# gitlab_kas['metrics_usage_reporting_period'] = 60

##! Log configuration for GitLab KAS
# gitlab_kas['log_level'] = 'info'

##! Environment variables for GitLab KAS
# gitlab_kas['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
#   # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity
#   'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
# }

##! Error Reporting and Logging with Sentry
# gitlab_kas['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_kas['sentry_environment'] = 'production'

##! Directories for GitLab KAS
# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'

################################################################################
## GitLab Suggested Reviewers (EE Only)
##! Docs: https://docs.gitlab.com/ee/user/project/merge_requests/reviews/#suggested-reviewers
################################################################################

##! Shared secret used for authentication between Suggested Reviewers and GitLab
# suggested_reviewers['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

################################################################################
## GitLab Mattermost
##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
################################################################################

# mattermost_external_url 'http://mattermost.example.com'

# mattermost['enable'] = false
# mattermost['username'] = 'mattermost'
# mattermost['group'] = 'mattermost'
# mattermost['uid'] = nil
# mattermost['gid'] = nil
# mattermost['home'] = '/var/opt/gitlab/mattermost'
# mattermost['database_name'] = 'mattermost_production'
# mattermost['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# mattermost['service_address'] = "127.0.0.1"
# mattermost['service_port'] = "8065"
# mattermost['service_site_url'] = nil
# mattermost['service_allowed_untrusted_internal_connections'] = ""
# mattermost['service_enable_api_team_deletion'] = true
# mattermost['team_site_name'] = "GitLab Mattermost"
# mattermost['sql_driver_name'] = 'mysql'
# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
# mattermost['gitlab_enable'] = false
# mattermost['gitlab_id'] = "12345656"
# mattermost['gitlab_secret'] = "123456789"
# mattermost['gitlab_scope'] = ""
# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"

################################################################################
## Mattermost NGINX
################################################################################

# All the settings defined in the "GitLab Nginx" section are also available in
# this "Mattermost NGINX" section, using the key `mattermost_nginx`.  However,
# those settings should be explicitly set. That is, settings given as
# `nginx['some_setting']` WILL NOT be automatically replicated as
# `mattermost_nginx['some_setting']` and should be set separately.

# Below you can find settings that are exclusive to "Mattermost NGINX"
# mattermost_nginx['enable'] = false

# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# mattermost_nginx['proxy_set_headers'] = {
#   "Host" => "$http_host",
#   "X-Real-IP" => "$remote_addr",
#   "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
#   "X-Frame-Options" => "SAMEORIGIN",
#   "X-Forwarded-Proto" => "https",
#   "X-Forwarded-Ssl" => "on",
#   "Upgrade" => "$http_upgrade",
#   "Connection" => "$connection_upgrade"
# }


################################################################################
## Registry NGINX
################################################################################

# All the settings defined in the "GitLab Nginx" section are also available in
# this "Registry NGINX" section, using the key `registry_nginx`.  However, those
# settings should be explicitly set. That is, settings given as
# `nginx['some_setting']` WILL NOT be automatically replicated as
# `registry_nginx['some_setting']` and should be set separately.

# Below you can find settings that are exclusive to "Registry NGINX"
# registry_nginx['enable'] = false

# registry_nginx['proxy_set_headers'] = {
#  "Host" => "$http_host",
#  "X-Real-IP" => "$remote_addr",
#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
#  "X-Forwarded-Proto" => "https",
#  "X-Forwarded-Ssl" => "on"
# }

# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
# registry_nginx['listen_port'] = 5050

################################################################################
## Prometheus
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/
################################################################################

###! **To enable only Monitoring service in this machine, uncomment
###!   the line below.**
###! Docs: https://docs.gitlab.com/ee/administration/high_availability
# monitoring_role['enable'] = true

# prometheus['enable'] = true
# prometheus['monitor_kubernetes'] = true
# prometheus['username'] = 'gitlab-prometheus'
# prometheus['group'] = 'gitlab-prometheus'
# prometheus['uid'] = nil
# prometheus['gid'] = nil
# prometheus['shell'] = '/bin/sh'
# prometheus['home'] = '/var/opt/gitlab/prometheus'
# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
# prometheus['scrape_interval'] = 15
# prometheus['scrape_timeout'] = 15
# prometheus['external_labels'] = { }
# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
# prometheus['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
#
### Custom scrape configs
#
# Prometheus can scrape additional jobs via scrape_configs.  The default automatically
# includes all of the exporters supported by the omnibus config.
#
# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
#
# Example:
#
# prometheus['scrape_configs'] = [
#   {
#     'job_name': 'example',
#     'static_configs' => [
#       'targets' => ['hostname:port'],
#     ],
#   },
# ]
#
### Custom alertmanager config
#
# To configure external alertmanagers, create an alertmanager config.
#
# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
#
# prometheus['alertmanagers'] = [
#   {
#     'static_configs' => [
#       {
#         'targets' => [
#           'hostname:port'
#         ]
#       }
#     ]
#   }
# ]
#
### Custom Prometheus flags
#
# prometheus['flags'] = {
#   'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
#   'storage.tsdb.retention.time' => "15d",
#   'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# prometheus['listen_address'] = 'localhost:9090'
#

##! Service name used to register Prometheus as a Consul service
# prometheus['consul_service_name'] = 'prometheus'
##! Semantic metadata used when registering Prometheus as a Consul service
# prometheus['consul_service_meta'] = {}

################################################################################
###! **Only needed if Prometheus and Rails are not on the same server.**
### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node.
### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
### This value should be the address at which Prometheus is available to a GitLab Rails(Puma, Sidekiq) node.
################################################################################
# gitlab_rails['prometheus_address'] = 'your.prom:9090'

################################################################################
## Prometheus Alertmanager
################################################################################

# alertmanager['enable'] = true
# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
# alertmanager['admin_email'] = 'admin@example.com'
# alertmanager['flags'] = {
#   'web.listen-address' => "localhost:9093",
#   'storage.path' => "/var/opt/gitlab/alertmanager/data",
#   'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
# }
# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
# alertmanager['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# alertmanager['listen_address'] = 'localhost:9093'
# alertmanager['global'] = {}

################################################################################
## Prometheus Node Exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
################################################################################

# node_exporter['enable'] = true
# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
# node_exporter['flags'] = {
#   'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
# }
# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
# node_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# node_exporter['listen_address'] = 'localhost:9100'

##! Service name used to register Node Exporter as a Consul service
# node_exporter['consul_service_name'] = 'node-exporter'
##! Semantic metadata used when registering Node Exporter as a Consul service
# node_exporter['consul_service_meta'] = {}

################################################################################
## Prometheus Redis exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
################################################################################

# redis_exporter['enable'] = true
# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
# redis_exporter['flags'] = {
#   'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
# }
# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
# redis_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# redis_exporter['listen_address'] = 'localhost:9121'

##! Service name used to register Redis Exporter as a Consul service
# redis_exporter['consul_service_name'] = 'redis-exporter'
##! Semantic metadata used when registering Redis Exporter as a Consul service
# redis_exporter['consul_service_meta'] = {}

################################################################################
## Prometheus Postgres exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
################################################################################

# postgres_exporter['enable'] = true
# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
# postgres_exporter['flags'] = {}
# postgres_exporter['listen_address'] = 'localhost:9187'
# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
# postgres_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# postgres_exporter['sslmode'] = nil
# postgres_exporter['per_table_stats'] = false

##! Service name used to register Postgres Exporter as a Consul service
# postgres_exporter['consul_service_name'] = 'postgres-exporter'
##! Semantic metadata used when registering Postgres Exporter as a Consul service
# postgres_exporter['consul_service_meta'] = {}

################################################################################
## Prometheus PgBouncer exporter (EE only)
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
################################################################################

# pgbouncer_exporter['enable'] = false
# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
# pgbouncer_exporter['listen_address'] = 'localhost:9188'
# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
# pgbouncer_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

################################################################################
## Prometheus Gitlab exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
################################################################################


# gitlab_exporter['enable'] = true
# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"

##! Advanced settings. Should be changed only if absolutely needed.
# gitlab_exporter['server_name'] = 'webrick'
# gitlab_exporter['listen_address'] = 'localhost'
# gitlab_exporter['listen_port'] = '9168'

##! TLS settings.
# gitlab_exporter['tls_enabled'] = false
# gitlab_exporter['tls_cert_path'] = '/etc/gitlab/ssl/gitlab-exporter.crt'
# gitlab_exporter['tls_key_path'] = '/etc/gitlab/ssl/gitlab-exporter.key'

##! Prometheus scrape related configs
# gitlab_exporter['prometheus_scrape_scheme'] = 'http'
# gitlab_exporter['prometheus_scrape_tls_server_name'] = 'localhost'
# gitlab_exporter['prometheus_scrape_tls_skip_verification'] = false

##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
##! found.
# gitlab_exporter['probe_sidekiq'] = true

##! Manage gitlab-exporter elasticsearch probes. Add authorization header if security
##! is enabled.
# gitlab_exporter['probe_elasticsearch'] = false
# gitlab_exporter['elasticsearch_url'] = 'http://localhost:9200'
# gitlab_exporter['elasticsearch_authorization'] = 'Basic <yourbase64encodedcredentials>'

##! Service name used to register GitLab Exporter as a Consul service
# gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
##! Semantic metadata used when registering GitLab Exporter as a Consul service
# gitlab_exporter['consul_service_meta'] = {}

# To completely disable prometheus, and all of it's exporters, set to false
# prometheus_monitoring['enable'] = true

################################################################################
## Grafana Dashboards
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
################################################################################

# grafana['enable'] = false
# grafana['log_directory'] = '/var/log/gitlab/grafana'
# grafana['home'] = '/var/opt/gitlab/grafana'
# grafana['admin_password'] = 'admin'
# grafana['allow_user_sign_up'] = false
# grafana['basic_auth_enabled'] = false
# grafana['disable_login_form'] = true
# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
# grafana['gitlab_secret'] = 'GITLAB_SECRET'
# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
# grafana['allowed_groups'] = []
# grafana['gitlab_auth_sign_up'] = true
# grafana['env'] = {
#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
# }
# grafana['metrics_enabled'] = false
# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
# grafana['alerting_enabled'] = false

### SMTP Configuration
#
# See: http://docs.grafana.org/administration/configuration/#smtp
#
# grafana['smtp'] = {
#   'enabled' => true,
#   'host' => 'localhost:25',
#   'user' => nil,
#   'password' => nil,
#   'cert_file' => nil,
#   'key_file' => nil,
#   'skip_verify' => false,
#   'from_address' => 'admin@grafana.localhost',
#   'from_name' => 'Grafana',
#   'ehlo_identity' => 'dashboard.example.com',
#   'startTLS_policy' => nil
# }

# Grafana usage reporting defaults to gitlab_rails['usage_ping_enabled']
# grafana['reporting_enabled'] = true

### Dashboards
#
# See: http://docs.grafana.org/administration/provisioning/#dashboards
#
# NOTE: Setting this will override the default.
#
# grafana['dashboards'] = [
#   {
#     'name' => 'GitLab Omnibus',
#     'orgId' => 1,
#     'folder' => 'GitLab Omnibus',
#     'type' => 'file',
#     'disableDeletion' => true,
#     'updateIntervalSeconds' => 600,
#     'options' => {
#       'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
#     }
#   }
# ]

### Datasources
#
# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
#
# NOTE: Setting this will override the default.
#
# grafana['datasources'] = [
#   {
#     'name' => 'GitLab Omnibus',
#     'type' => 'prometheus',
#     'access' => 'proxy',
#     'url' => 'http://localhost:9090'
#   }
# ]

##! Advanced settings. Should be changed only if absolutely needed.
# grafana['http_addr'] = 'localhost'
# grafana['http_port'] = 3000

################################################################################
## Gitaly
##! Docs: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html
################################################################################

# The gitaly['enable'] option exists for the purpose of cluster
# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
# gitaly['enable'] = true
# gitaly['dir'] = "/var/opt/gitlab/gitaly"
# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
# gitaly['env'] = {
#  'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
#  'HOME' => '/var/opt/gitlab',
#  'TZ' => ':/etc/localtime',
#  'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages",
#  'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
#  'WRAPPER_JSON_LOGGING' => true
# }

# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
##! Service name used to register Gitaly as a Consul service
# gitaly['consul_service_name'] = 'gitaly'
##! Semantic metadata used when registering Gitaly as a Consul service
# gitaly['consul_service_meta'] = {}
# gitaly['configuration'] = {
#   socket_path: '/var/opt/gitlab/gitaly/gitaly.socket',
#   runtime_dir: '/var/opt/gitlab/gitaly/run',
#   listen_addr: 'localhost:8075',
#   prometheus_listen_addr: 'localhost:9236',
#   tls_listen_addr: 'localhost:9075',
#   tls: {
#     certificate_path: '/var/opt/gitlab/gitaly/certificate.pem',
#     key_path: '/var/opt/gitlab/gitaly/key.pem',
#   },
#   graceful_restart_timeout: '1m', # Grace time for a gitaly process to finish ongoing requests
#   logging: {
#     level: 'warn',
#     format: 'json',
#     sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
#     ruby_sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
#     sentry_environment: 'production',
#   },
#   prometheus: {
#     grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
#   },
#   auth: {
#     token: '<secret>',
#     transitioning: false, # When true, auth is logged to Prometheus but NOT enforced
#   },
#   git: {
#     catfile_cache_size: 100, # Number of 'git cat-file' processes kept around for re-use
#     bin_path: '/opt/gitlab/embedded/bin/git', # A custom path for the 'git' executable
#     use_bundled_binaries: true, # Whether to use bundled Git.
#     signing_key: '/var/opt/gitlab/gitaly/signing_key.gpg',
#     ## Gitaly knows to set up the required default configuration for spawned Git
#     ## commands automatically. It should thus not be required to configure anything
#     ## here, except in very special situations where you must e.g. tweak specific
#     ## performance-related settings or enable debugging facilities. It is not safe in
#     ## general to set Git configuration that may change Git output in ways that are
#     ## unexpected by Gitaly.
#     config: [
#       { key: 'pack.threads', value: '4' },
#       { key: 'http.http://example.com.proxy', value: 'http://example.proxy.com' },
#     ],
#   },
#   'gitaly-ruby': {
#     max_rss: 300000000, # RSS threshold in bytes for triggering a gitaly-ruby restart
#     graceful_restart_timeout: '10m', # Grace time for a gitaly-ruby process to finish ongoing requests
#     restart_delay: '5m', # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
#     num_workers: 3, # Number of gitaly-ruby worker processes. Minimum 2, default 2.
#   },
#   hooks: {
#     custom_hooks_dir: '/var/opt/gitlab/gitaly/custom_hooks',
#   },
#   daily_maintenance: {
#     disabled: false,
#     start_hour: 22,
#     start_minute: 30,
#     duration: '30m',
#     storages: ['default'],
#   },
#   cgroups: {
#     mountpoint: '/sys/fs/cgroup',
#     hierarchy_root: 'gitaly',
#     memory_bytes: 1048576,
#     cpu_shares: 512,
#     cpu_quota_us: 400000
#     repositories: {
#       count: 1000,
#       memory_bytes: 12884901888,
#       cpu_shares: 128,
#       cpu_quota_us: 200000
#     },
#   },
#   concurrency: [
#     {
#       rpc: '/gitaly.SmartHTTPService/PostReceivePack',
#       max_per_repo: 20,
#     },
#     {
#       rpc: '/gitaly.SSHService/SSHUploadPack',
#       max_per_repo: 5,
#     },
#   ],
#   rate_limiting: [
#     {
#       rpc: '/gitaly.SmartHTTPService/PostReceivePack',
#       interval: '1m',
#       burst: 10,
#     },
#     {
#       rpc: '/gitaly.SSHService/SSHUploadPack',
#       interval: '1m',
#       burst: 5,
#     },
#   ],
#   pack_objects_cache: {
#     enabled: true,
#     dir: '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache',
#     max_age: '5m',
#   },
# }

################################################################################
## Praefect
##! Docs: https://docs.gitlab.com/ee/administration/gitaly/praefect.html
################################################################################

# praefect['enable'] = false
# praefect['dir'] = "/var/opt/gitlab/praefect"
# praefect['log_directory'] = "/var/log/gitlab/praefect"
# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
# praefect['env'] = {
#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
#  'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
#  'WRAPPER_JSON_LOGGING' => true
# }
# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
# praefect['auto_migrate'] = true
##! Service name used to register Praefect as a Consul service
# praefect['consul_service_name'] = 'praefect'
##! Semantic metadata used when registering Praefect as a Consul service
# praefect['consul_service_meta'] = {}
# praefect['configuration'] = {
#   listen_addr: 'localhost:2305',
#   prometheus_listen_addr: 'localhost:9652',
#   tls_listen_addr: 'localhost:3305',
#   auth: {
#     token: '',
#     transitioning: false,
#   },
#   logging: {
#     format: 'json',
#     level: 'warn',
#   },
#   failover: {
#     enabled: true,
#   },
#   background_verification: {
#     delete_invalid_records: false,
#     verification_interval: '72h',
#   },
#   reconciliation: {
#     scheduling_interval: '5m',
#     histogram_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0],
#   },
#   tls: {
#     certificate_path: '/var/opt/gitlab/prafect/certificate.pem',
#     key_path: '/var/opt/gitlab/prafect/key.pem',
#   },
#   database: {
#     host: 'postgres.external',
#     port: 6432,
#     user: 'praefect',
#     password: 'secret',
#     dbname: 'praefect_production',
#     sslmode: 'disable',
#     sslcert: '/path/to/client-cert',
#     sslkey: '/path/to/client-key',
#     sslrootcert: '/path/to/rootcert',
#     session_pooled: {
#       host: 'postgres.internal',
#       port: 5432,
#       user: 'praefect',
#       password: 'secret',
#       dbname: 'praefect_production_direct',
#       sslmode: 'disable',
#       sslcert: '/path/to/client-cert',
#       sslkey: '/path/to/client-key',
#       sslrootcert: '/path/to/rootcert',
#     },
#   },
#   sentry: {
#     sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
#     sentry_environment: 'production',
#   },
#   prometheus: {
#     grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
#   },
#   graceful_stop_timeout: '1m',
#   virtual_storage: [
#     {
#       name: 'default',
#       default_replication_factor: 3,
#       node: [
#         {
#           storage: 'praefect-internal-0',
#           address: 'tcp://10.23.56.78:8075',
#           token: 'abc123',
#         },
#         {
#           storage: 'praefect-internal-1',
#           address: 'tcp://10.76.23.31:8075',
#           token: 'xyz456',
#         },
#       ],
#   	},
#     {
#       name: 'alternative',
#       node: [
#         {
#           storage: 'praefect-internal-2',
#           address: 'tcp://10.34.1.16:8075',
#           token: 'abc321',
#         },
#         {
#           storage: 'praefect-internal-3',
#           address: 'tcp://10.23.18.6:8075',
#           token: 'xyz890',
#         },
#       ],
#     },
#   ],
# }

################################################################################
# Storage check
################################################################################
# storage_check['enable'] = false
# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# storage_check['log_directory'] = '/var/log/gitlab/storage-check'

################################################################################
# Let's Encrypt integration
################################################################################
# letsencrypt['enable'] = nil
# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
# letsencrypt['group'] = 'root'
# letsencrypt['key_size'] = 2048
# letsencrypt['owner'] = 'root'
# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
# letsencrypt['auto_renew'] = true
# letsencrypt['auto_renew_hour'] = 0
# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
# letsencrypt['auto_renew_day_of_month'] = "*/4"
# letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'

##! Turn off automatic init system detection. To skip init detection in
##! non-docker containers. Recommended not to change.
# package['detect_init'] = true

##! Attempt to modify kernel paramaters. To skip this in containers where the
##! relevant file system is read-only, set the value to false.
# package['modify_kernel_parameters'] = true

##! Specify maximum number of tasks that can be created by the systemd unit
##! Will be populated as TasksMax value to the unit file if user is on a systemd
##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
# package['systemd_tasks_max'] = 4915

##! Settings to configure order of GitLab's systemd unit.
##! Note: We do not recommend changing these values unless absolutely necessary
# package['systemd_after'] = 'multi-user.target'
# package['systemd_wanted_by'] = 'multi-user.target'
################################################################################
################################################################################
##                  Configuration Settings for GitLab EE only                 ##
################################################################################
################################################################################


################################################################################
## Auxiliary cron jobs applicable to GitLab EE only
################################################################################
#
# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
# gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0"
# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
# gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0"
# gitlab_rails['ci_runners_stale_group_runners_prune_worker_cron'] = "30 * * * *"

################################################################################
## Kerberos (EE Only)
##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
################################################################################

# gitlab_rails['kerberos_enabled'] = true
# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
# gitlab_rails['kerberos_use_dedicated_port'] = true
# gitlab_rails['kerberos_port'] = 8443
# gitlab_rails['kerberos_https'] = true

################################################################################
## Package repository
##! Docs: https://docs.gitlab.com/ee/administration/packages/
################################################################################

# gitlab_rails['packages_enabled'] = true
# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
# gitlab_rails['packages_object_store_enabled'] = false
# gitlab_rails['packages_object_store_proxy_download'] = false
# gitlab_rails['packages_object_store_remote_directory'] = "packages"
# gitlab_rails['packages_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

################################################################################
## Dependency proxy
##! Docs: https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html
################################################################################

# gitlab_rails['dependency_proxy_enabled'] = true
# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
# gitlab_rails['dependency_proxy_object_store_enabled'] = false
# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
# gitlab_rails['dependency_proxy_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

################################################################################
## GitLab Sentinel (EE Only)
##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
################################################################################

##! **Make sure you configured all redis['master_*'] keys above before
##!   continuing.**

##! To enable Sentinel and disable all other services in this machine,
##! uncomment the line below (if you've enabled Redis role, it will keep it).
##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
# redis_sentinel_role['enable'] = true

# sentinel['enable'] = true

##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
# sentinel['bind'] = '0.0.0.0'

##! Uncomment to change default port
# sentinel['port'] = 26379

#### Support to run sentinels in a Docker or NAT environment
#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present

##! Quorum must reflect the amount of voting sentinels it take to start a
##! failover.
##! **Value must NOT be greater then the amount of sentinels.**
##! The quorum can be used to tune Sentinel in two ways:
##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
##!    we deploy, we are basically making Sentinel more sensible to master
##!    failures, triggering a failover as soon as even just a minority of
##!    Sentinels is no longer able to talk with the master.
##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
##!    are making Sentinel able to failover only when there are a very large
##!    number (larger than majority) of well connected Sentinels which agree
##!    about the master being down.
# sentinel['quorum'] = 1

### Consider unresponsive server down after x amount of ms.
# sentinel['down_after_milliseconds'] = 10000

### Specifies the failover timeout in milliseconds.
##! It is used in many ways:
##!
##! - The time needed to re-start a failover after a previous failover was
##!   already tried against the same master by a given Sentinel, is two
##!   times the failover timeout.
##!
##! - The time needed for a replica replicating to a wrong master according
##!   to a Sentinel current configuration, to be forced to replicate
##!   with the right master, is exactly the failover timeout (counting since
##!   the moment a Sentinel detected the misconfiguration).
##!
##! - The time needed to cancel a failover that is already in progress but
##!   did not produced any configuration change (REPLICAOF NO ONE yet not
##!   acknowledged by the promoted replica).
##!
##! - The maximum time a failover in progress waits for all the replicas to be
##!   reconfigured as replicas of the new master. However even after this time
##!   the replicas will be reconfigured by the Sentinels anyway, but not with
##!   the exact parallel-syncs progression as specified.
# sentinel['failover_timeout'] = 60000

### Sentinel TLS settings
###! To run Sentinel over TLS, specify values for the following settings
# sentinel['tls_port'] = nil
# sentinel['tls_cert_file'] = nil
# sentinel['tls_key_file'] = nil

###! Other TLS related optional settings
# sentinel['tls_dh_params_file'] = nil
# sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# sentinel['tls_auth_clients'] = 'optional'
# sentinel['tls_replication'] = nil
# sentinel['tls_cluster'] = nil
# sentinel['tls_protocols'] = nil
# sentinel['tls_ciphers'] = nil
# sentinel['tls_ciphersuites'] = nil
# sentinel['tls_prefer_server_ciphers'] = nil
# sentinel['tls_session_caching'] = nil
# sentinel['tls_session_cache_size'] = nil
# sentinel['tls_session_cache_timeout'] = nil

### Sentinel hostname support
###! When enabled, Redis will leverage hostname support
###! Generally this does not need to be changed as we determine this based on
###! the provided input from `redis['announce_ip']`
###! * This is configured to `true` when a fully qualified hostname is provided
###! * This is configured to `false` when an IP address is provided
# sentinel['use_hostnames'] = <calculated>

################################################################################
## Additional Database Settings (EE only)
##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
################################################################################
# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }

################################################################################
## GitLab Geo
##! Docs: https://docs.gitlab.com/ee/gitlab-geo
################################################################################
##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with
##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/index.html#roles.

# This is an optional identifier which Geo nodes can use to identify themselves.
# For example, if external_url is the same for two secondaries, you must specify
# a unique Geo node name for those secondaries.
#
# If it is blank, it defaults to external_url.
# gitlab_rails['geo_node_name'] = nil

# gitlab_rails['geo_registry_replication_enabled'] = true
# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'


################################################################################
## GitLab Geo Secondary (EE only)
################################################################################
# geo_secondary['auto_migrate'] = true
# geo_secondary['db_adapter'] = "postgresql"
# geo_secondary['db_encoding'] = "unicode"
# geo_secondary['db_collation'] = nil
# geo_secondary['db_database'] = "gitlabhq_geo_production"
# geo_secondary['db_username'] = "gitlab_geo"
# geo_secondary['db_password'] = nil
# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
# geo_secondary['db_port'] = 5431
# geo_secondary['db_socket'] = nil
# geo_secondary['db_sslmode'] = nil
# geo_secondary['db_sslcompression'] = 0
# geo_secondary['db_sslrootcert'] = nil
# geo_secondary['db_sslca'] = nil
# geo_secondary['db_prepared_statements'] = false
# geo_secondary['db_database_tasks'] = true

################################################################################
## GitLab Geo Secondary Tracking Database (EE only)
################################################################################

# geo_postgresql['enable'] = false
# geo_postgresql['ha'] = false
# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
# geo_postgresql['pgbouncer_user'] = nil
# geo_postgresql['pgbouncer_user_password'] = nil
##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# geo_postgresql['log_directory'] = '/var/log/gitlab/geo-postgresql'

##! Automatically restart PostgreSQL service when version changes.
# geo_postgresql['auto_restart_on_version_change'] = true

################################################################################
## GitLab Geo Log Cursor Daemon (EE only)
################################################################################

# geo_logcursor['log_directory'] = '/var/log/gitlab/geo-logcursor'

################################################################################
## Unleash
##! These settings are for GitLab internal use.
##! They are used to control feature flags during GitLab development.
##! Docs: https://docs.gitlab.com/ee/development/feature_flags
################################################################################
# gitlab_rails['feature_flags_unleash_enabled'] = false
# gitlab_rails['feature_flags_unleash_url'] = nil
# gitlab_rails['feature_flags_unleash_app_name'] = nil
# gitlab_rails['feature_flags_unleash_instance_id'] = nil

################################################################################
# Pgbouncer (EE only)
# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
################################################################################
# pgbouncer['enable'] = false
# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
# pgbouncer['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# pgbouncer['listen_addr'] = '0.0.0.0'
# pgbouncer['listen_port'] = '6432'
# pgbouncer['pool_mode'] = 'transaction'
# pgbouncer['server_reset_query'] = 'DISCARD ALL'
# pgbouncer['application_name_add_host'] = '1'
# pgbouncer['max_client_conn'] = '2048'
# pgbouncer['default_pool_size'] = '100'
# pgbouncer['min_pool_size'] = '0'
# pgbouncer['reserve_pool_size'] = '5'
# pgbouncer['reserve_pool_timeout'] = '5.0'
# pgbouncer['server_round_robin'] = '0'
# pgbouncer['log_connections'] = '0'
# pgbouncer['server_idle_timeout'] = '30'
# pgbouncer['dns_max_ttl'] = '15.0'
# pgbouncer['dns_zone_check_period'] = '0'
# pgbouncer['dns_nxdomain_ttl'] = '15.0'
# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
# pgbouncer['databases'] = {
#   DATABASE_NAME: {
#     host: HOSTNAME,
#     port: PORT
#     user: USERNAME,
#     password: PASSWORD
###! generate this with `echo -n '$password + $username' | md5sum`
#   }
#   ...
# }
# pgbouncer['logfile'] = nil
# pgbouncer['unix_socket_dir'] = nil
# pgbouncer['unix_socket_mode'] = '0777'
# pgbouncer['unix_socket_group'] = nil
# pgbouncer['auth_type'] = 'md5'
# pgbouncer['auth_hba_file'] = nil
# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
# pgbouncer['users'] = {
#   USERNAME: {
#     'password': MD5_PASSWORD_HASH,
#   }
# }
# postgresql['pgbouncer_user'] = nil
# postgresql['pgbouncer_user_password'] = nil
# pgbouncer['server_reset_query_always'] = 0
# pgbouncer['server_check_query'] = 'select 1'
# pgbouncer['server_check_delay'] = 30
# pgbouncer['max_db_connections'] = nil
# pgbouncer['max_user_connections'] = nil
# pgbouncer['syslog'] = 0
# pgbouncer['syslog_facility'] = 'daemon'
# pgbouncer['syslog_ident'] = 'pgbouncer'
# pgbouncer['log_disconnections'] = 1
# pgbouncer['log_pooler_errors'] = 1
# pgbouncer['stats_period'] = 60
# pgbouncer['verbose'] = 0
# pgbouncer['server_lifetime'] = 3600
# pgbouncer['server_connect_timeout'] = 15
# pgbouncer['server_login_retry'] = 15
# pgbouncer['query_timeout'] = 0
# pgbouncer['query_wait_timeout'] = 120
# pgbouncer['client_idle_timeout'] = 0
# pgbouncer['client_login_timeout'] = 60
# pgbouncer['autodb_idle_timeout'] = 3600
# pgbouncer['suspend_timeout'] = 10
# pgbouncer['idle_transaction_timeout'] = 0
# pgbouncer['pkt_buf'] = 4096
# pgbouncer['listen_backlog'] = 128
# pgbouncer['sbuf_loopcnt'] = 5
# pgbouncer['max_packet_size'] = 2147483647
# pgbouncer['tcp_defer_accept'] = 0
# pgbouncer['tcp_socket_buffer'] = 0
# pgbouncer['tcp_keepalive'] = 1
# pgbouncer['tcp_keepcnt'] = 0
# pgbouncer['tcp_keepidle'] = 0
# pgbouncer['tcp_keepintvl'] = 0
# pgbouncer['disable_pqexec'] = 0

## Pgbouncer client TLS options
# pgbouncer['client_tls_sslmode'] = 'disable'
# pgbouncer['client_tls_ca_file'] = nil
# pgbouncer['client_tls_key_file'] = nil
# pgbouncer['client_tls_cert_file'] = nil
# pgbouncer['client_tls_protocols'] = 'all'
# pgbouncer['client_tls_dheparams'] = 'auto'
# pgbouncer['client_tls_ecdhcurve'] = 'auto'
#
## Pgbouncer server  TLS options
# pgbouncer['server_tls_sslmode'] = 'disable'
# pgbouncer['server_tls_ca_file'] = nil
# pgbouncer['server_tls_key_file'] = nil
# pgbouncer['server_tls_cert_file'] = nil
# pgbouncer['server_tls_protocols'] = 'all'
# pgbouncer['server_tls_ciphers'] = 'fast'

################################################################################
# Patroni (EE only)
################################################################################
# patroni['enable'] = false

# patroni['dir'] = '/var/opt/gitlab/patroni'
# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'

## Patroni dynamic configuration settings
# patroni['loop_wait'] = 10
# patroni['ttl'] = 30
# patroni['retry_timeout'] = 10
# patroni['maximum_lag_on_failover'] = 1_048_576
# patroni['max_timelines_history'] = 0
# patroni['master_start_timeout'] = 300
# patroni['use_pg_rewind'] = true
# patroni['remove_data_directory_on_rewind_failure'] = false
# patroni['remove_data_directory_on_diverged_timelines'] = false
# patroni['use_slots'] = true
# patroni['replication_password'] = nil
# patroni['replication_slots'] = {}
# patroni['callbacks'] = {}
# patroni['recovery_conf'] = {}
# patroni['tags'] = {}

## Standby cluster replication settings
# patroni['standby_cluster']['enable'] = false
# patroni['standby_cluster']['host'] = nil
# patroni['standby_cluster']['port'] = 5432
# patroni['standby_cluster']['primary_slot_name'] = nil

## Global/Universal settings
# patroni['scope'] = 'gitlab-postgresql-ha'
# patroni['name'] = nil

## Log settings
# patroni['log_directory'] = '/var/log/gitlab/patroni'
# patroni['log_level'] = 'INFO'

## Consul specific settings
# patroni['consul']['url'] = 'http://127.0.0.1:8500'
# patroni['consul']['service_check_interval'] = '10s'
# patroni['consul']['register_service'] = true
# patroni['consul']['checks'] = []

## PostgreSQL configuration override
# patroni['postgresql']['hot_standby'] = 'on'

## The following must hold the same values on all nodes.
## Leave unassined to use PostgreSQL's default values.
# patroni['postgresql']['wal_level'] = 'replica'
# patroni['postgresql']['wal_log_hints'] = 'on'
# patroni['postgresql']['max_worker_processes'] = 8
# patroni['postgresql']['max_locks_per_transaction'] = 64
# patroni['postgresql']['max_connections'] = 400
# patroni['postgresql']['checkpoint_timeout'] = 30

## The following can hold different values on all nodes.
## Leave unassined to use PostgreSQL's default values.
# patroni['postgresql']['wal_keep_segments'] = 8
# patroni['postgresql']['max_wal_senders'] = 5
# patroni['postgresql']['max_replication_slots'] = 5

## Permanent replication slots for Streaming Replication
# patroni['replication_slots'] = {
#   'geo_secondary' => { 'type' => 'physical' }
# }

## The address and port that Patroni API binds to and listens on.
# patroni['listen_address'] = nil
# patroni['port'] = '8008'

## The address of the Patroni node that is advertized to other cluster
## members to communicate with its API and PostgreSQL. If it is not specified,
## it tries to use the first available private IP and falls back to the default
## network interface.
# patroni['connect_address'] = nil

## The port that Patroni API responds to other cluster members. This port is
## advertized and by default is the same as patroni['port'].
# patroni['connect_port'] = '8008'

## Specifies the set of hosts that are allowed to call unsafe REST API endpoints.
## Each item can be an hostname, IP address, or CIDR address.
## All hosts are allowed if this is unset.
# patroni['allowlist'] = []
# patroni['allowlist_include_members'] = false

## The username and password to use for basic auth on write commands to the
## Patroni API. If not specified then the API does not use basic auth.
# patroni['username'] = nil
# patroni['password'] = nil

## TLS configuration for Patroni API. Both certificate and key files are
## required to enable TLS. If not specified then the API uses plain HTTP.
# patroni['tls_certificate_file'] = nil
# patroni['tls_key_file'] = nil
# patroni['tls_key_password'] = nil
# patroni['tls_ca_file'] = nil
# patroni['tls_ciphers'] = nil
# patroni['tls_client_mode'] = nil
# patroni['tls_client_certificate_file'] = nil
# patroni['tls_client_key_file'] = nil
# patroni['tls_verify'] = true

################################################################################
# Consul (EEP only)
################################################################################
# consul['enable'] = false
# consul['dir'] = '/var/opt/gitlab/consul'
# consul['username'] = 'gitlab-consul'
# consul['group'] = 'gitlab-consul'
# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
# consul['data_dir'] = '/var/opt/gitlab/consul/data'
# consul['log_directory'] = '/var/log/gitlab/consul'
# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
# consul['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# consul['monitoring_service_discovery'] = false
# consul['node_name'] = nil
# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
# consul['configuration'] = {
#   'client_addr' => nil,
#   'datacenter' => 'gitlab_consul',
#   'enable_script_checks' => true,
#   'server' => false
# }
# consul['services'] = []
# consul['service_config'] = {
#   'postgresql' => {
#     'service' => {
#       'name' => "postgresql",
#       'address' => '',
#       'port' => 5432,
#       'checks' => [
#         {
#           'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
#           'interval' => "10s"
#         }
#       ]
#     }
#   }
# }
# consul['watchers'] = []
#
# consul['custom_config_dir'] = '/path/to/service/configs/directory'
#

#### HTTP API ports
# consul['http_port'] = nil
# consul['https_port'] = nil

#### Gossip encryption
# consul['encryption_key'] = nil
# consul['encryption_verify_incoming'] = nil
# consul['encryption_verify_outgoing'] = nil

#### TLS settings
# consul['use_tls'] = false
# consul['tls_ca_file'] = nil
# consul['tls_certificate_file'] = nil
# consul['tls_key_file'] = nil
# consul['tls_verify_client'] = nil

################################################################################
# Service desk email settings
################################################################################
### Service desk email
###! Allow users to create new service desk issues by sending an email to
###! service desk address.
###! Docs: https://docs.gitlab.com/ee/user/project/service_desk.html
# gitlab_rails['service_desk_email_enabled'] = false

#### Service Desk Mailbox Settings (via `mail_room`)
#### Service Desk Email Address
####! The email address including the `%{key}` placeholder that will be replaced
####! to reference the item being replied to.
####! **The placeholder can be omitted but if present, it must appear in the
####!   "user" part of the address (before the `@`).**
# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"

#### Service Desk Email account username
####! **With third party providers, this is usually the full email address.**
####! **With self-hosted email servers, this is usually the user part of the
####!   email address.**
# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"

#### Service Desk Email account password
# gitlab_rails['service_desk_email_password'] = "[REDACTED]"

####! The mailbox where service desk mail will end up. Usually "inbox".
# gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
####! The IDLE command timeout.
# gitlab_rails['service_desk_email_idle_timeout'] = 60
####! The file name for internal `mail_room` JSON logfile
# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"

#### Service Desk IMAP Settings
# gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
# gitlab_rails['service_desk_email_port'] = 993
# gitlab_rails['service_desk_email_ssl'] = true
# gitlab_rails['service_desk_email_start_tls'] = false

#### Inbox options (for Microsoft Graph)
# gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph'
# gitlab_rails['service_desk_email_inbox_options'] = {
#    'tenant_id': 'YOUR-TENANT-ID',
#    'client_id': 'YOUR-CLIENT-ID',
#    'client_secret': 'YOUR-CLIENT-SECRET',
#    'poll_interval': 60  # Optional
# }

#### How service desk emails are delivered to Rails process. Accept either
#### sidekiq or webhook. The default config is webhook.
# gitlab_rails['service_desk_email_delivery_method'] = "webhook"

#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
#### encoded with base64
# gitlab_rails['service_desk_email_auth_token'] = nil

################################################################################
## Spamcheck (EE only)
#################################################################################

# spamcheck['enable'] = false
# spamcheck['dir'] = '/var/opt/gitlab/spamcheck'
# spamcheck['port'] = 8001
# spamcheck['external_port'] = nil
# spamcheck['monitoring_address'] = ':8003'
# spamcheck['log_level'] = 'info'
# spamcheck['log_format'] = 'json'
# spamcheck['log_output'] = 'stdout'
# spamcheck['monitor_mode'] = false
# spamcheck['allowlist'] = {}
# spamcheck['denylist'] = {}
# spamcheck['log_directory'] = "/var/log/gitlab/spamcheck"
# spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env"
# spamcheck['env'] = {
#   'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/cers'
# }
# spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier"
srv/gitlab/config/ssh_host_rsa_key.pub0000644000000000000000000000110514434463302017154 0ustar  rootrootssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRpm7va6eAN66GqAwoU656I8Ed6WX8U8d7ELWWRRzuTyrlTjq0TuHY6s+aqtD8WNraO1Pe+gQyp4M+BNKIV0btNafDhiqR7mXMBZGl+ruxuhnZPq4GmC8TRlRVNOEz5CXtAWsBYDPp7zfyKZjUGgExpY3X8oi6kV5uWnym7Uug0Kim8gExiziWVTFIIbNK5ycXnDLyuyDAlTbDR9GDWxrNj2twuABA8/LaD+QSfofjPB4XO37DppqFcpmoDs6eoBhTPnhOGtDLYHKEB1r19/A1ADzsIFF8JS4RN7v6VHwGfro2s02hXOfArkyQRMLWkIgv0UaGACnQi1grST4BnnBkNVwZvwTl5UJnuSBVGEMlhWdbRTNHNmC4a43dLJhAiF156qgGtlIJgALRH87O+P/ETgdm95s4J6Uw7W3+SqOpVff+Qfaj0hjDieLuBKRcIf/cVkxCIOViFVZzvOuxz8ml5ub+caNQPY3b2Q/DrglJ4obN72N6lNkj9E0eOkvpIU= root@git.dcpltechnology.com
srv/gitlab/config/ssh_host_ed25519_key0000600000000000000000000000064314434463302016576 0ustar  rootroot-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC0UkfEpZprGyvhZFoW8bT+XOlmFvEICQFUNLNCE7+NrgAAAKDvHObu7xzm
7gAAAAtzc2gtZWQyNTUxOQAAACC0UkfEpZprGyvhZFoW8bT+XOlmFvEICQFUNLNCE7+Nrg
AAAEBDxpdxGmFtZYjzX99TyUhObPr/SZsM2IA5FCAzj9v8T7RSR8SlmmsbK+FkWhbxtP5c
6WYW8QgJAVQ0s0ITv42uAAAAG3Jvb3RAZ2l0LmRjcGx0ZWNobm9sb2d5LmNvbQEC
-----END OPENSSH PRIVATE KEY-----
srv/gitlab/config/trusted-certs/0000755000000000000000000000000014434463325015715 5ustar  rootrootsrv/gitlab/config/ssh_host_ecdsa_key.pub0000644000000000000000000000027514434463302017455 0ustar  rootrootecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM3seqAvRK78U1RvYp62B43tl8SmnosvFze+qKxK1VuC2lY58U+Vi3vGzeMP3NO1VVkY8lXRIIgKPHIzBaevqfw= root@git.dcpltechnology.com
srv/gitlab/config/ssh_host_ecdsa_key0000600000000000000000000000101514434463302016651 0ustar  rootroot-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTN7HqgL0Su/FNUb2KetgeN7ZfEpp6L
Lxc3vqisStVbgtpWOfFPlYt7xs3jD9zTtVVZGPJV0SCICjxyMwWnr6n8AAAAuO8EpkvvBK
ZLAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM3seqAvRK78U1Rv
Yp62B43tl8SmnosvFze+qKxK1VuC2lY58U+Vi3vGzeMP3NO1VVkY8lXRIIgKPHIzBaevqf
wAAAAgShjN3bqmdM3pV+/Irz+cLzAm/JqRNZwj8ig0BaWAjnIAAAAbcm9vdEBnaXQuZGNw
bHRlY2hub2xvZ3kuY29tAQIDBAU=
-----END OPENSSH PRIVATE KEY-----
srv/gitlab/config/config/0000775000000000000000000000000014503264234014347 5ustar  rootrootsrv/gitlab/config/config/gitlab-secrets.json0000600000000000000000000004572014622563126020154 0ustar  rootroot{
  "gitlab_workhorse": {
    "secret_token": "7f03jYnJNW3iJd5+asJSt2GAw2GJ22Goz11XvdjFuAs="
  },
  "gitlab_shell": {
    "secret_token": "a4454701957aaa3a9a062ccc01ed866a57c375da0fb5c315ae83dd61829eff6119227ea4d2ae663824eee93e932fb18aeb71503ebdaf933539fc23dc24eb5fc2"
  },
  "gitlab_rails": {
    "secret_key_base": "577b0f7d9bf3594161cfe8d1a24af103b82bf1db2f707371f6788486189a0a44bb1b2a0080dc332dad5a5925fd8b782ad330913ff47d1d8012f91767c707d7ed",
    "db_key_base": "92a9312d61c575005ede245a476cdfdb11428a7f044aac23089d3da85bb7f23fea6bf9cac5e8dd73c5a943cee6df40a7639f099691b5766887a18ad1c9e4fe0b",
    "otp_key_base": "b5f75d5e9865264711d9de4b1c512aefb2a48c0bb43b3a3fdddb7a6dbc0cab609a2ce22e4db397ce7b839d0f28190b79dbc20d8da96b9e36895902001d4a961f",
    "encrypted_settings_key_base": "782993081bb8c4fab53668caa04238e9ec75f2278a7935a0dfa9406d22ca4c35bb03a82eaebbaa214691a142cc35ff9021f7b32b0980c915804d38b86f2f30d1",
    "openid_connect_signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAn6W00UakK7vrhto/1bszqLpm+yC+DS26gStqrM4d2IyQIQFK\nbGiFMlLhTwoLiepGGOFIZYPA0xzLS3vY22LU3jLL/i3YEUwVaNHsfpDTeenDGNcP\nNlpY8JDWW8XALvsjDfYHm8LkId5wu4YGen8PVODimkKKtWZPF6rExD0OAjAUgo31\nQaqWKtduxTl+cPDne0/9j6IH9/712enwP1zV0E4/EdurY1QKjdBtbVkZiPDLmbID\nk8Kwu621SfiFYoPit6/mKLCoc9cKH9SyBpG6sVzb/M9KxgH2/LeGHSLlIqt3R6sg\n0pyfUqa1RYXQsA+pleP3m6087Pd7PP6kCVzk14neKed6lnX7aAsIYZUBpKf4DpLq\n0Nz0zmM7aR55E9ALff/2FqTQexU+XB5CH0m5YvTJRKgGfzSUKb0ZXwW3pL41OGUl\nlNuvWY5Zy7NadJpAc4xAAsRiH598z+qvkd8NsTxvE9gRqfXnGjJ0Fu6GWWhu5vQR\nMU1G/P4/ovFWjuMoK6xnvBY0sG53bkoi0NjOq0cNJcL1OQja1Fs8r6QI0KjjTbuo\nedUIY9k2C8YDeV5dy71lWfIl3QTuzOke3Xf5nLZ7tK3svTdMyOKHxqyBLqVMP0K6\nvUZysNlJZ2B/0uALf1rmISZQDcqF62Cvgm3KzzCdXjna/wSSLYGy31ZotKECAwEA\nAQKCAgEAjllutPvL/sL8661HJghZs6UhleJIE/AmUG6qG5NdwWz0Rrmj5q37tjd4\ndsV6LGscPasCpqGoGZWfH5s6bcPeEpIwml++PQ4eOOyVdvUj25y4PTnlco10qGw8\n9m+JQVrkktpBRn2sdRamZk7HEAqjXQd4hhu3GrAy7eNyt5fJGeJNJ2v0t6ynYWPe\nfTUarRHhFW7ppFzRxisshDW35oecjrR2QDIiy9pv3qtuJwY/Yn9yy4SS8/mxJGdr\nMp3KMWFvkmHhU37RdRjVCjTY2EqwsN0fungLMCsoU4ZAq1ImBZfmL51DEwhcd5H2\nKBt9TL9qcyBl9AWwQYsZ8/UJxt9xm+WLMWO4G+bkOsz9hfsRIcbvovNQR9o98Onn\nBcx0JIlfpCqYQ/4tKieHQrdbJmoBL+zyDGu4SYY0xoiWo7XcaSqDyeqbtvJn5976\nfPJxjCkwC2ycGCxl3PspEl5zsIDbbr4l5GNWk3cTh3fdI5TmP5X7LfpRG5nRcVko\nE4nNh3hry55bBTRF3V2JVpPoSMbSm0e6mg91uMGp2gEqKL9R8Vl/ic4BASow2Y8h\nLaVpXcmeTkMnDqDhSj5i7BpRWE+yu163wByJxyPZmsvDupqlVlDANqIJ/6i/spv2\ndwD+dz8itjAi7WTOO/qvOp0bnTA/H6zHUWfhXJ8gnQh4kydtkwECggEBANN88NiA\nPY6U1PxyRi9Q490NieTCC7rPL2bxC5GkmdfH2AeMvLpisMr3L62epsf+F8Z1i3yF\nu9b3U64GwJh/OchIR6/BhIll7fh4YJvB/Vej8FvXPAYHyM60wcVcGFUrefsf5n95\nLWx2GJXM+p2/06qgcViKYGw9s2SAsn2NVCb0hXVLMzaMPYblrYBsOMJFYgg/frdM\nAPgv+/iHvGP4EqHeXGvUq4kk92WIxCzhGiCedWhfkBLvhg66wAiRMVquy0CAIk5+\nHL+ALReUM5r4EmL1AHmmIswxrztbJzf0uK7qQWZoByYhpFDcppNeLSIBPiVllObE\npt2FODoRJLPw42kCggEBAME/kKU8IcePXJI9Ey0X9mWE7TZWWijDUXZk5bEqRFLp\niTjcYZ2H6ow65biv0SceoCkLOQxcWA8HBmZsBawufH0h2/NGyvRQR4ttHZT3As4P\n4laqQg3Llkxq+0Zvtai+IwawygSOyKJLSOHnG9DhoQq9ZEmtuiNpF4HWb2bC7tUk\nDaEU6fTmhvi2hEqjYqm36CM/jAzn+DHhYTIGp1UL9JkOSSHwTXe0p5f0uChOHTMl\nM5ghshNK1BSecRabXTgkcil6rKgccXsAtjHSDy05Dx/72H3DDzTqnlkchFyrTzF9\nQHdIXjP/77fj8vdPx/PadaM4fs0FU66ST5LIYyzUeHkCggEAJhhCVe07qVw7xUFc\nTReYA/B1X0Ro0nyRgEx5FgH9SDYSPsHmGPi/+b9u0ipaxnmJlNEFkCeSv1ULuLQ0\nqwN3yBDlAM6t7gXzSKd+V3ApD0lTeWeaw0dRr5I1uTQumeDb9xU28s1EFl5rbUhf\n+FxeZ0TBRf6fAcBXeQoJnL4BY4b2JzulfPTj/FGQ4CoeSzguQWgWjjPdlNcn3wus\nLqG30Xp5UV8civairaJmG+NsTmXcpjFYhWCp2CthfemRZ1FHAVZTV6o1yXTwKmgi\np4552WNic4cui3ODqgBwXw7w2WkO4MBqUT8MFxi31KHJJW/t3tSebrcLi6l8iFEg\nOF1yyQKCAQB7dvAkEXIHfLmJGQo6YjfjDnU7pRn/NyLBwJ7bfQSf8GLieDLJob+h\njjOctn+rPa7X6jqtggYku7lEELnjEuQoUkyjdlROmUfMdY9T0CjznERgWHDRPYQu\nGJ+nldF7GNdp++Nl3A+lWPIcmjo0TyNDqFL9m8fzvb3uDyGnht1uQZWPl7wN4obT\nOlD1GsP7aOsgMgZ5bG8u9y7Q9l1MQdIpQ25IB66Gz13QAOLzpUyUk60OAmEyYDl1\nXvEjn2mEaAykIaNT2LBMBN1ioTFfFDhsl8vuNYRuq4M1rbmHN0/mb36TdyHwmRD/\n7NwbU9aNHsLP4FVrCX84ZnP+dJagWrMJAoIBAB5TbMMC6km4BfDnZowbIseDxgdz\n7+rAp0xZOJnXv4m5K8Y8tUrGa45JD19G6vVnSGTIcQVE5nEB+7OeIHIbnG8SXU/+\n2SVc4ZMNnOz+6FFozCrYeY/TwvKIu3+DqXVq+Owqh4qfceW/nV4nDcwiwjwP0ceo\nfZn3hKWjR+Q9gyCTkYiSSR7vAcn1eUtvlzLBJFsae0Yisv+ZTPMCmmw4Nb1rKVM9\n9Ff1MIUWFiKZghJ9d/UYT0DxpgDm0Nv59PdzNSDeJUQNh+txETFjTWoAYvmRTagu\nLEKGOVO6T7aJZ8A2mRTJgRniEt8v/T8ZdY/W/yiJLrn/X03y2JYnzXnIago=\n-----END RSA PRIVATE KEY-----\n",
    "ci_jwt_signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgEAxmYfcA46p9C4iNQKB0LKgotCWrd6VDc6gko/cvkmmOa3BCjx\nC0PSyuykzQFB6xINQW1IIfal4P9HaQMbacUg775theVkd2sHu5+5/7evlkgNFoEs\nbpv7/E0ExD/n8qHBGjvQOoVdF3R9BxbssTn5xvqYySBDPtP0a3SGMs/lEFRmGrwf\nl3FoI2efetGwaJkdHgOaIYctZhhGGPkB1EQ6PLXpaxxfRa0DRHQmm6QBmeFSwi/L\nTDx4puaQi7JqkxnmJFDUJ7B4EluSILm1iwFx+RG6VkfOPTweEPN+R4C3YcJt/Vt0\nJjEq4lqa1t2eoXKmTGK+DG5GjdewxVC/LJ/vQrt9zDIL52oniSpG7VkOKs2bhbAc\nEw4b+wstANPeezAdFM6YG5bd6VktRZ4tpLQWJoA/ZpysBNNr+oFLZ6YSLn4rLXqm\noaGrNYJpwbNRwp15m4ZgMbzoN153EQUk7wcNUeizs0/LX/7pNPdQ2d0KsRO9PJ3V\n4beBJHEZ1eyshT84TqRthHTDFqWC4wQ5wVy5WsE5bo7JZ0XelOO/dvkCBfwe3H3h\n6hgpnBNJtSHkO3h/bDlcXB/2LAaaC4R1mrKPInhaoKrcg29MBy5aKUdsoslooN7/\nxGbUC8biGzFHi0BuPISiE4nhwWOtuhrZpOE/2E5INbqz030hWYoq0NOzsqcCAwEA\nAQKCAgEAg0A0NBF1xGdUbVC5gawyBMLUFueiyevvjRpJd2pUmnqnQN1E+crYvN5o\n+CaI0VaT5mDBg5aEjqDTQSmJDSQYcgJsulPTbx0jdIBqsD14r9bisayrFFGlFnht\nWtdcPyu7b/t5+f0YZNfvjq0f0O8lyvkl8oihdAMMg7oGvb7DL1ZmZfFmhO3FkwaO\nftYR+mCw3pZLdTrUUeJlHUg+aYrpbBh8XxvZ+2JF8xdUI0sQtBhYg5bSy5CF0QRf\nQ8u4rbBIjGXctJUOGjbyKSwyac9+8uNDfqjqS6Bl05kCRZNlvgq+cQn7gPiuAikm\nnlbnBq+uTIJWcCrUCipTC3Yrwv3bbgQUCZSX1zKeroMhaswHWutpq5f3roVVd8o1\nvs0tPtfp23NGnt66Z6aElS7vEbr88awJAnwcmU6T+k4S+eQA1ZKvXSkQHsS7TN7n\nJaJZL91Qy83pnNsJ/GPcJdeaTlZNsMQF6wl5Xm/ewgwD5qpFbhgqkz7Rxp1JKXmt\nYDYWcAsD0kWW9DV6sTBjJUZQNXTFifVONprUmxCVCbtc92juZXsZio63c988ow6J\n0/H/T6CMLlp4IfydvrsOjkZqjy2YkriUsHPVatmUtqj2eZUsyY/CG/moYX2VruYb\nj7uGaDvx8pnlCwpbihmP/HT/t53omI2wmlg4C8on+XjQYeuIPwECggEBAOXy9U7A\nxeQo/ksrN4gsrEYtgWKpxPDyQRHQqg35REpJmW2pWtaXSX5/jlH1EeD6hqogmC6R\nYlJNew7Lyyyr8UKS6sLlSFbgZhenfr3qR2r8ywtNFWjt6hj30L6lCtxsZM7xMzJS\nbo/iKid9+7znnUwYsrm2kMaUURHZ7dho1FRvpLM0hjvYgcLBYgiD7/Se8uuFwyDr\nUxLEbMKYWbswSz3F19EpDfxm1D1F4dxqp9Hr+0JSmosBTbUL3MjrJvTby3c6Jcet\neKQhqWLBj+N43UQM5QP9QikZUDheSprh93c2mFE57LXfN9uuFEj6Age40VY92CzO\nG6z+cRJsbKSZbmECggEBANzgI6robkrXuxDlcoS++GhGCWT5h4xDmwktDIXprZ7l\nV1qXNd3o0lhNtXtirmYX122p84EfTYe5hh6A+za1YAyWrdkw/nltJ1vnGmWfTVbP\nDA3Uw+ujb8prGDJIBbN5OqdD9WJXYcFs04dBpVWDmoNz0Tvt+AX4bfwtWt4poJyh\nnXCW6bIDsiF8Ajbvu1FRO0AB3ulBN8MOSWHBwFDAJKPCWLsqKmlGA7y24qvvnKx7\nT0sIvOaneYi4bZNQUVoIRRI65yayoMzSRK3UhxaWgokvu/mX8o8HZSlp3vPvyy5Q\nnVo2yJ4rFlyBOuS4VNoj6OmsdVtW/exQhHZ1FlaUbgcCggEBAJEcx+3Q/ZFExWWO\nelb3SihnYzVuSZh8aM/jTM3QtmXjGG356BdwFbM8sAXMkGHX98+5DhClMtUZjEUE\nGs2wHGqU6I3hv8sDhan7y6HyDOvZaBFTreUv7wGesh79bGM6DEwELvjcyGUIpu2R\nNaI60CtLks5cBfUreBW5370oOoamhduJlASEVy8eds1E5dML0+UJ3uARYbWAO9p5\n5naYvYLYLaATNn5ILjwUs7oznIB/WWq7UkfSpMVSHRy2OTlg04AEM/9U28NIcuqd\nmD5G8euV75ia5HunO9a2uoIPg+m5jFoGIfmMSmXZ73c2Pr28xm6UTK3Jy/FaCOVF\ngzJEmUECggEAOf7AXsfY7d3nSHB2uVRLdVWucczzQmkd9DLX7vGEnQwq+6ZohnPz\nhywgUt1+XWA1OJ4/SdAmU1TrWmcTjzHgnm2SCE1NBCUdCIyN6dECRaDn0Vnkd6La\nX5PvLoSquo1CUVkOvVukV11zzTf3aZS8pXdroQjC7w5kEqr2CQ91FKt64208v3ko\n9JHTIwmfbaKepBfZp/Vv5s+BhSGSlaFd/YGyOrK/oBS6Nnru2aZ4xPE7yL/qmcWv\nq66BVwTn13QEbtz4hLiycBVl4x7CubObYtodyVOUZOnULiOWXwa/mtGf/2gTFTTL\nEk78X8HmxcBYD8MwrWMSGVKq9U+ZJfKjUQKCAQEAm5HKlmcgABuYhD7PZdAUwPyO\nGgL4Xz41LLryE5oCjnedsLqn5cT/ENwmGksNOqVO+IIAuit74iFWKXsZe1JiGrak\n82vOU4fsz8WNuLBPDzmEBBmTk0YGr4xUD93xS82cH9gJ4G1xdSceR5rUvPGaKJRr\nj3e74CqYNEaNA3c5YahpYB9vGLFQGW7RtAdjlbrL/S4A7XEss6of005MAnBPo1XZ\nl+t5mM2bucWMHetm8PcCthXjV17US33fAV+Plye0FBRvWO44rX88bQNpDg69iiy/\nUvRQJ0Lncln+asIqAbT/LRdoy1bjeKr1LzfO/wf2J6E7txhDlJ+Sh4J7+O34/Q==\n-----END RSA PRIVATE KEY-----\n"
  },
  "gitlab_pages": {
    "gitlab_secret": "AmHZjmJvLcj_iUMrnQRIL-H-Plg1r4wMsFThtta9OoQ",
    "gitlab_id": "e4Sxz8HJng1jlx26nOYq3sng-TcRl1B5Jq8aSy79BQ4",
    "auth_secret": null,
    "api_secret_key": "8vdMWQUe3MVjZYu27yEhyl6BnX2rBBydWDjquTtDnLQ=",
    "register_as_oauth_app": null
  },
  "gitlab_kas": {
    "api_secret_key": "MTA3YzdkN2YyZjA5ZmZlMjNmMjc2NDE3OTU4M2Y3NzQ=",
    "private_api_secret_key": "NmE1Zjk1ZjlhMzM1ZjMxNDVlMGI3NDM3ZDc0NDY3MWQ="
  },
  "suggested_reviewers": {
    "api_secret_key": null
  },
  "grafana": {
    "secret_key": "f557b879e6e03969d24821ddacef0620",
    "gitlab_secret": "FdxMh6WGIduYpId4ipHz2GG52SRTG55ZfNdQTTIsxII",
    "gitlab_application_id": "-AnucjgaCNVkR7JD9kzfwDM_iKBUseTHQ2YNRPquZlE",
    "admin_password": "4ef5de2de8da8ec9993a6a4f51ecb2ac",
    "metrics_basic_auth_password": null,
    "register_as_oauth_app": null
  },
  "registry": {
    "http_secret": "81fd818914908ba8a29130eedfae3990b26503bf69150c1148c2ba57a853779d3f69f2e04416ebaebc26b45172f3dd5423f977c40f57a0d2f0a245daa0fdbf15",
    "internal_certificate": "-----BEGIN CERTIFICATE-----\nMIIFBTCCAu2gAwIBAgIBADANBgkqhkiG9w0BAQsFADBGMQwwCgYDVQQGEwNVU0Ex\nDzANBgNVBAoMBkdpdExhYjESMBAGA1UECwwJQ29udGFpbmVyMREwDwYDVQQDDAhS\nZWdpc3RyeTAeFw0yMzA1MjcyMDIzNDNaFw0zMzA1MjQyMDIzNDNaMEYxDDAKBgNV\nBAYTA1VTQTEPMA0GA1UECgwGR2l0TGFiMRIwEAYDVQQLDAlDb250YWluZXIxETAP\nBgNVBAMMCFJlZ2lzdHJ5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\nqO0113ZbAR748Lu63qZa2BDRgaT6IjuRgxAXH5Uq9v6vWgVehP0EgISPHruZ5Pt4\nwBP+7okS2+0knn9k8stemfAWcu6iaS1sONZHeZMQ+3Yecq4MQn+TWWVG69C974QV\nier7GIGgOz3WrAvXdvUPsfs80xfCsnF56RlHmuUDUCWjIL1Emi8RJ+cVIC1T4xyz\n9DIKYlE+xWOtBol3R3bFFMfH+y723LCR7Enq+mCHRFU4DBa8vXrF26BdklJKTK3q\nWD70osH8iF/GMklt9SZ41tcUYI6XlxI8v8dgtBUTInte9gXifcUyBiDgYJfsBvVh\ncrpEHEoprS78/vYeZNyxGnrmTM2w+zxdki9Gih3HuUz73VHN2qibFxSkZ4Imgpte\nzv/iSsCVX6/lBqx1QjuYXaOO7BiCJdShv6K1Q4iMhtBpbkcKxI3RI56NWCpU9ZJC\nywDXqUUK9sJwXB7U+lIb0NAVqhHmnowXJY0c+esynBUhihUEiR/jtlWsomRzDuEu\n79t+iLJxOlBt7fvN+Avfp3iTNSkFrlIBQSaGDJ9BLaP/t/i9voqX+/A4vVHUz6na\nTqYjEbSCvGwRs/QBhhbuKHcYR86MUPFsW8lqX+7E6TmGr5TIbXytAIOy2o3MCunt\nzIhwdi3V51KW75ClpXtGrFncuyNBX7FZyEo4sEN8IfUCAwEAATANBgkqhkiG9w0B\nAQsFAAOCAgEAjprP3WT3C0+7jHFQsh0SoPZY8aBV+e1EPFjLAcwA/LM0oFlh1QYA\nwCGfMIetKZLF+O95KngkuRbMNEGkW9Ehaj4vVmfqkatf7LankDoOpGBvH+1NuSmH\n/EinR/yfnX7EQ/5++dIScVN4qf2OLDdAw4Wuhlf7Vtpc3UUYj9f1EeFSsJvWA8O/\nTLZWOTPpiJoey3BwoOKA4t/g/OYVdwOeChc0jokLELC/fj+paRpivuF7/gC0WTH0\n3omTyS+2/LUjAsjBT7sCtHyPXgvq8ki1KG0aqUfQlh39eFBXZxmaV4b+9/l5SfTP\niR3BCN7LdCpBwOFCzng1J6hIoil7yyFp+7u2qR6Quvu8J9XVttJCYuboaeIs/8rl\nSbCJjopfDoeXq1sz4hmVot0AWkIYoFcZQIZwFwYv5GqSv+u0xWzsxu6p6CIQ5x0v\nvyXKeaTrWQkbHFs7EpVgG2hUjT+tfkYAzzCxSKOUyOzqZh/td2lU9BmZF+oSit8g\ntMFGgk4mXNeF3pEIK3iQXtl55k3Sk2WU4lrq4ujvD8C4R6uuAYURhv6EsF+05erO\nXomFlWFfz+vERqrjYbvQIc5Mxlmx+g/9VLuit13gXv2Rj7VvxU8B7lHm0YhRLh8k\n2CPewheYRiE3Mq9VAj3omq6Te1fNPBmcCgRFcJczutbL444nICp4oyA=\n-----END CERTIFICATE-----\n",
    "internal_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEAqO0113ZbAR748Lu63qZa2BDRgaT6IjuRgxAXH5Uq9v6vWgVe\nhP0EgISPHruZ5Pt4wBP+7okS2+0knn9k8stemfAWcu6iaS1sONZHeZMQ+3Yecq4M\nQn+TWWVG69C974QVier7GIGgOz3WrAvXdvUPsfs80xfCsnF56RlHmuUDUCWjIL1E\nmi8RJ+cVIC1T4xyz9DIKYlE+xWOtBol3R3bFFMfH+y723LCR7Enq+mCHRFU4DBa8\nvXrF26BdklJKTK3qWD70osH8iF/GMklt9SZ41tcUYI6XlxI8v8dgtBUTInte9gXi\nfcUyBiDgYJfsBvVhcrpEHEoprS78/vYeZNyxGnrmTM2w+zxdki9Gih3HuUz73VHN\n2qibFxSkZ4Imgptezv/iSsCVX6/lBqx1QjuYXaOO7BiCJdShv6K1Q4iMhtBpbkcK\nxI3RI56NWCpU9ZJCywDXqUUK9sJwXB7U+lIb0NAVqhHmnowXJY0c+esynBUhihUE\niR/jtlWsomRzDuEu79t+iLJxOlBt7fvN+Avfp3iTNSkFrlIBQSaGDJ9BLaP/t/i9\nvoqX+/A4vVHUz6naTqYjEbSCvGwRs/QBhhbuKHcYR86MUPFsW8lqX+7E6TmGr5TI\nbXytAIOy2o3MCuntzIhwdi3V51KW75ClpXtGrFncuyNBX7FZyEo4sEN8IfUCAwEA\nAQKCAgA++a/I02a51EIZ/OJ9fqb/RcXU/xwBBxQIOEdmjsWlruzQMpA6I9k50DFK\n08VbiCRL9yhi5NcTBiVQsU2A9jAeU1MLJcuGSli+F6QtvpXmKPLQ7fHEGKtl+Euo\nPfmRATzGXcOeLzT84ODW4tNAlbt0LqVOTN1YiNVaAQKgzB+gEWfvHKAmmsVaittl\nU4CiemDb+IvGe2NbUv1+ImFFUxHF3XTAP5HoVCsSW7wt+y5yWxK57wAN42c/qVk4\n41SvoWZr34xz4L20WYAZ3yYO7ni+HxCJrp70wufC1yFGAVVQ1Y1hSnBVUt6DSl5b\npEdpkLDzhF0/7qX62jmXE0nhcCTVjzx+KCeHBIMXMxnPIo3IwKY5oVJD+3oubeHz\nYO5EVAOharP1eLW1R5T+LHw6M05Eb60aqrVYwCPb/MA1QE4FXRh6VCPlcaLAwc2x\nsqzgZlD6El5kX0ViXOT6J/vdUFrQe9110QdmLBKSLigRvahukKKvOKYVEPVen1mM\nPlTWFqDrefOUQCY/43D5e6+8M1MEq6VMJW+qqccPOR3GegA1uxG0lKubP8GjeNhA\n0rp+L+CFHHL8a2XOzNoYbAQaSRxu4aaPMGxI6ar4w28MRvqAHwvmgRVuzrsWzA/N\nOs6TtzUuBpmz0T4UlTJiWOEmiqX+hDh4DSYim0wfOUe+tPClQQKCAQEA1kbfTWaK\nsBfN05/X9Z+/7qjRZEOzMBHK9Wp373MiuOO9Wx2SBVgkXhygSGDweIRD21Hr24yr\nDbNm5byUd5Jh51LZtJegCguBKkn+Su9ZAAiTbU58PM+0mkRQucfC7I4HFZJtsgrq\neYZ58raq3bvsW9QB5j+sJSyOWRhmBZiRGOzo44l2ENwe91TYGB+iza4dWMIrbMVQ\nSBw3g3UsrzlzuorHWIB713ZMCT1hW+DhYwU/Bc9AWTGz8kRh+Lrn96dsXCXbT2TW\n/N6Dyk1ZsXfyyFSQHuj1NFSPPnvqwR9xPSJDKSRdutwFqxcEoknPKJnYXRcacEaJ\nNZznQfiFkCaRgwKCAQEAydG/74zWWjUMDAHfoLphfrD9blZLif21qAYefA0C+7Zc\nGOSStcHc9iOKa4O8ZESjRqElir9125ZfGjlgGShbHL8oTmcjnlehvF5OTQ3mIrn2\nKHyzAhgI9vlXNDPjRsn3F2lmeF04epVh/2J0Ne2W0RiOb0Ie9ZOedwt6/RpRvPO2\njQHVO4q2UmILh7Z3E3OCbSp7HwpiIYPf4/o/FKzdAALxOs9InbSDiHj+ogKBsvq6\n0+DipDhzEprNeY1MrIi0adpGCCu8yOy1JGrRCBW7VGbfyRHEBC0hj+q6Cmm5TM5/\n3EhMTj234BePnK1SF4gEVLbp5yM+aSRgOKDRCwV9JwKCAQBHJhdFexP37p+AcmXi\nAB5Z36JPeY9JGc9bd/PFBWT1IWGhnIr8zUyeF0E9ZzrRuZFShLwdFXNCxFwZUmm1\n3lw11DPHnEUesL09zn3qYdkagr55IANuqcUdKCvp1COsKmi9x/Y2lRtQKM/bQL4x\njBGqWBYdXu0JFudZPBm8J/Gd5iRaUS1r4btCguCR+gcz5mmGLEsA/e9vUjc4pjKl\nKB1+RlB02YzFeVk8BC6MtHoCSB6qDiwesbs/aWdikKUvfV8kpclRbnlYU4ZNKSvs\nGpj53eJQ8SdiLeW2aK0FXSxbkUHdql6ZCi+zpJv8SyfHInZOSrqTp0guDiBXrm6i\n87uDAoIBABJeefbGvdfWDjOllAIgFLGgUGDTj+qOYhNaAzpNQOFCNt25KDVM4Nyy\nXW3tvp7ttGLAVhdr18FVzXAomruPdcOHDpccQhyuYzUu7DeNNU4h2OrUdsKRB3fb\nN/mzY1NVHJ1P5Zi8+2AE6reA8YzbBCgh8QzlWsYFWp4BOH+C/r+Q+yOYcB0MQg37\niIsgq3PkxpFDFZO8sTPVufIZG9a46SCQI/6zUSuxe2tXf+2lBsMQmSKhzF8gGDEw\nT9Vpa/okMy+TQ16JBJTRHqei5UW0HKnQ9zto14t9xBlCRw6dktUP0oltNyzD51GJ\nM3QSPm+P3L0NLPrxtUOCoRNmZ8B2Dm8CggEBALi9/mGoc4Elrtdn0g5PS6VqpgcD\n6sXcFgNT/D64H0fVsu9W5SuL6XoNSypCXrCy6lAvDqCIDJsqd+kH0RkcvDyGBtQ2\n2HClsTLatMExM2Nw53Y1C48Bu6uWYvByDDwaER/mNFWYt7ugVztkQoCv/1kllirI\nLepuaLR+h4l5C9ibNEFbfUkOpQchWL+IF6aAxcxecF/HiYEheEpQTogqPa0iQ7H1\nM/xJm36U55ZLtsEIlRrBPF+cmMmGR4CCd8YBuWVD2zemHG32JJKtFOqXk6VpnOla\n0phM7LdWEGIg+A1Mxw/lvjlhogGhcnsvkqxjEmqJix85Es4AMERlenBXMr0=\n-----END RSA PRIVATE KEY-----\n"
  },
  "letsencrypt": {
    "auto_enabled": null
  },
  "mattermost": {
    "email_invite_salt": "617f572a3ac96a26a3b339a214f36dab",
    "file_public_link_salt": "ff33cb5d75bd7f045b47583b557e9443",
    "sql_at_rest_encrypt_key": "b583a2a62006e23bbb7454a3f495a44e",
    "register_as_oauth_app": null
  },
  "postgresql": {
    "internal_certificate": "-----BEGIN CERTIFICATE-----\nMIIFBzCCAu+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBHMQwwCgYDVQQGEwNVU0Ex\nDzANBgNVBAoMBkdpdExhYjERMA8GA1UECwwIRGF0YWJhc2UxEzARBgNVBAMMClBv\nc3RncmVTUUwwHhcNMjMwNTI3MjAyMzQ0WhcNMzMwNTI0MjAyMzQ0WjBHMQwwCgYD\nVQQGEwNVU0ExDzANBgNVBAoMBkdpdExhYjERMA8GA1UECwwIRGF0YWJhc2UxEzAR\nBgNVBAMMClBvc3RncmVTUUwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDf6MttphqQ6u6lMxkJWXhm2XXHlUVa7794aTbOvDF+470R/BbaO2eQwnc2SWMa\nd1lyXLcqockmT9yZy02keHDbkJnSEnAPopVtTtdo192h1viCLErDQ1UHqInmKf//\nMaIkIbti5EBrob5pnhZ8XPtLw5wN8jT06jS49PtYtv5yVsO8RYUTc2EnKLf3PPXz\noRNec9lAzg5VA+EHOTMzSz4NCzVOofpBIuqARntG5cEaQDvxkN+wkdLoc/XZ7Ias\nFTm4sdPijsx9LcTNJ6rRwpId8ihTmGyGDxPz2aWJhiadOKqc6CxFjrSu4XJmQJfO\nKnkItfkC6zFvyU726D4ERgDMIFRbaVFKICGesYkvc7cmbnwXA3JmoO1b2BoJiVKt\nynsGlxQejHg5BZGzWPCgDzuHyJqniaZIDGXJFwK2Mad8xVajPQ3qPfKUsfqci/gp\nfGGMVpCPbA2XHVrbp1+MI846SEIilj5tAzxJccSqkM1yrdfrKch+2wsA74LQj9Od\nWLYYcp6fUbbnvX3zMeCX/OZWzlw7CA46G+KDO9DSa3XYrz0c1VHPOG51jjHadYqv\nPZ/2J8fr5Xnz585TMBuoDu5MPfwzjX/+S+FndxhN91Y9hEdy9CvIdiTgwZGlIBST\n7hM69ljilpjXiBtMzhYuh0qf+YP01G4NXs14mUBfkG4SvQIDAQABMA0GCSqGSIb3\nDQEBCwUAA4ICAQBblKiKcy3eWDOGlxc7ybZZO0T4bcIQMQ+nMuM5utlcn8LGhrMK\nDzTvF320s8dVfM35oiN5cFFj/C59s+8cARDjBOfTgECIy/OhjMtqBnmy1T6yx/UX\ngXFsxts1x4sGjwK01LVl13ZyOF8/vgSCvKeRnZqQMvuuDGpt7TiDsUhsTRouLzr+\n7pRPbxpCh6j2zC6LBY93xUYzE6UG6AzIXVki9hlmJkrWYBXO9jrFYFXsEcKeqwEV\n4V+uHzFqZoYrI7DRY1zwC/KAtF447zM1HTGIV6+RNgyv78/3j2uhQaeAXnIP2NZl\nXdfXidjdm4AB71chlqLN0lVl1ImzfocUcvZVGezVkC2wkSc7vHrO8TwrG80n8BL+\n270kV8ldQOZ/U5+jwny70HaRlwNrnaFnquySc1BoThv9FBKSUm17TRM/i6dIEkD7\nHHL6hGofDZ4BzbUylloEd2OURiW7lf5pCfEfReNcUdj4AaRYLq1fRu54LTp0pkVP\n68W35xwhQ7CsOisrOa8lNqBlPnGMsQr/QbBu2McuVi85I8XzvVvzgQR7p3u/PYPL\nXiz70rrGz91mC6ezkWH+4jqAJUP0+gGWZDO8ECCQRdLrgmpqm46s2dtYuV/i6/hV\nJy0+kC+lxQ4fiVWl8hS5v4vQZpIZxkzBGh3jdMV9rv+EtqUE0I3wqEizbw==\n-----END CERTIFICATE-----\n",
    "internal_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKAIBAAKCAgEA3+jLbaYakOrupTMZCVl4Ztl1x5VFWu+/eGk2zrwxfuO9EfwW\n2jtnkMJ3NkljGndZcly3KqHJJk/cmctNpHhw25CZ0hJwD6KVbU7XaNfdodb4gixK\nw0NVB6iJ5in//zGiJCG7YuRAa6G+aZ4WfFz7S8OcDfI09Oo0uPT7WLb+clbDvEWF\nE3NhJyi39zz186ETXnPZQM4OVQPhBzkzM0s+DQs1TqH6QSLqgEZ7RuXBGkA78ZDf\nsJHS6HP12eyGrBU5uLHT4o7MfS3EzSeq0cKSHfIoU5hshg8T89mliYYmnTiqnOgs\nRY60ruFyZkCXzip5CLX5Ausxb8lO9ug+BEYAzCBUW2lRSiAhnrGJL3O3Jm58FwNy\nZqDtW9gaCYlSrcp7BpcUHox4OQWRs1jwoA87h8iap4mmSAxlyRcCtjGnfMVWoz0N\n6j3ylLH6nIv4KXxhjFaQj2wNlx1a26dfjCPOOkhCIpY+bQM8SXHEqpDNcq3X6ynI\nftsLAO+C0I/TnVi2GHKen1G257198zHgl/zmVs5cOwgOOhvigzvQ0mt12K89HNVR\nzzhudY4x2nWKrz2f9ifH6+V58+fOUzAbqA7uTD38M41//kvhZ3cYTfdWPYRHcvQr\nyHYk4MGRpSAUk+4TOvZY4paY14gbTM4WLodKn/mD9NRuDV7NeJlAX5BuEr0CAwEA\nAQKCAgBp1l4iDDvOeF4plEenVbVF2FCF8JcB7wVwYztW6Tn0Iq4CTEh5C09e66zx\n6iqAHh4Xop+p9SNhiqpZv/GJZqzh/C3ZUIHLwiwjqPrFQhQvJa/9x/Xm6nLM1euo\n8f1hoRJlRdSPYBjbR277+Y/jZQgbvfCL3wsNIY+eRZ5xRr5rSXvoCGxoz0cC/YpH\nwXb4nBDNurDcowm/QcAia/U5r7066Stfac0i8OArliU7U+q8/9PV0YcKrUMmQXna\ncqUNvlK0bMoc8ybRnMrDtpZV5ESxBv/s08WocIQb5asLoG+sLVboKA6VKmlZqJMs\npiebehQP/AQiTw3lKyC6MPjviC9jaue7MHTFy1QD4KIEhosbiK7fL4azWHqnDjQF\ntKy9/g4mriIEbiz7d50ak74urqQU0eQDH6Z4gszf4nPwy4ux7JCBFsoCsD9XtkqM\n8iK5gqY1zcmmjqNMP+R5bsCYbzPuMUZv5vq8U3ltT5IrO1dIjnZsmJG1aYcz+rLz\nXnjL/NLoQONcYeZtds1+uGRJ1IRON2Ks2/UMYTPI4AC11s7jTdRREJuDf6G6qOlV\n9BtSPSI9uA1NOs7cKH/dDdkDrNmglSYteKIBbdS75y33Wp3Py/8jk6KabEiM0UbU\nfSdn00lLl97pdLcfTfeNoRM2J9Hm+6NLWByVMX3t3KDT2AVmOQKCAQEA+sS20X3x\nMkY7w3kDizGkARChHXOhGmbCFlgsqVXecXBDWP9TN5ajYmTA1okD/dFaAamKyxra\n/npIuaKll12gb5o9fx+a4Hl58KRpLu5erlDTzD1f6jhByz20Yal20woKiBjwJCah\nc76S50cksyS+9C+KY15E7z5gGxmuVYNtdPHUFDUSQuVqi+ukFfalltnwAEv+GMkX\ncN8QQw+JRExYlyvEwvjIxe790BBq9IoXzlBOmyAlV8pvrMfSm75py6TLbH6NPlNw\nf9hNueYaWbFxLfUA0EAa1y3PAKmstGgJ6XPYCuOHwm3HFNztk0aCbfutg6FixI9U\nwXJbtzKr/V7hOwKCAQEA5JSiMepE+qrqs3CRpi6F0T6jWMP9xs151aGiXE5vfwWZ\nkswZn1gTYF2BK74t1kFXyom9GbL5z8e++lNDEQVGQoKvXOMCYFDLHEmQKWQz2Dt1\nSdqx07Jvhiuv3WuVGBKh+zF3wHZ489mq5amL5w8gRAmR0k//J4Jn2+gZo1ituCzh\nJ1x3i3K9ddcV24NS1P+zvqK0tPGqvWQesqnu5fhg7t3vXCxEUW6bXxhv8DDy/tGO\ncPI9Ul3LeI71v3fj20h3dQcXFrPiLE8ZJQ7pBVA4wvOx9uns/3rSAcwjsM+WLUWZ\njRz8ZEUUNaMhEDIJMRdsY+q+ZQWqoakQRIVTge0cZwKCAQAdjwRxqyO8JlUzFFeb\nl61aRsiG/TM3NneYRKp3B10iB/aYTfhULBh0J6YnY50p1PyEB6UJjc/UgTuDTi2w\nquOXZBntmx8ZaJg8ClUvp/9XEsX0ZCOjKyBuQYa6oEwWUi+tnSrpR/ht+T+9rUAh\nMaqkg9oPHnSHstWHPD61a7mCOGMkQqE1a29ksND1mc4o+uV0U4DPER0HO/Phw7oN\nZ+ZlY05dIRAhbKtUVCsXShPGSOcLF/3u3DjPp/omS4qS64ji8APcHd+74hY/XGUs\nv2K05RVEdtnzFT46OMXXug+5CeOkXO+Ktn/p8KS8YGpNZoYsZuCKhM6bwswWyw1E\n32MzAoIBAC5pi6Fs+wKWz78NnVVL3voEqPAuI4pJUHKzNh9eAb+d6HfpH06+eHi5\no6+5Ft+JNwU2AIKGV7j7yuhTHawIESMSG/9VTLc30HX27eGpqek+8WrEkBT3BzQM\nDNJ9tLFFn0Q84B7hL1/8E3o8ed65sIiAFO7KNXnVPbdmIkaLjAJ4gmMWoGNdMeEK\ngjKnMJt1LA8KRHz1EQERojYO0SY6z5vQzng9uMV8GuotMRVpKv3YmP6QASmHR/g7\ntuRguJBe33qQrPx8G/F5QhbHN0NP7aaQCtOi3e9mBdw9kgWlsM2Sc0I233yQljDp\n5Z2/OySPp/+Fu5ERnHrktBvlonYgKgMCggEBAPAA9MOJ5iOmDFnK09QZNEkKKhlJ\n6/vP01CWR+YeNQrZ2ZqthQMsvhD7ZK5lrLKOPCOIAq9SPBemdFpqa4mxbtXyH49X\ndaWB0n12PaDBMZ6vUZlikKvW/GTUCUHuU5WTMBJoFmcBtF2z0w9aB0+jAOepjsud\nrjm5yMUhld5gUoGr3ymrBSSPYa+XyBsvHIGVig59sqDixwKzUach1gSYpqybgm6d\nV3E1rN2WKb3flPJMOlRJhfiX8TeNhcfL6CMyorzx85IHDL2yOmFDAwGACRpxq1uh\nsn9NliuiPiiXWf0HZNz9Jq/lqwtaRYbisQfNFudlYyfVs73e/IZ7vDkg09A=\n-----END RSA PRIVATE KEY-----\n"
  },
  "mailroom": {
    "incoming_email_auth_token": null,
    "service_desk_email_auth_token": null
  }
}
srv/gitlab/config/config/ssh_host_ed25519_key.pub0000644000000000000000000000015514434463302020636 0ustar  rootrootssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRSR8SlmmsbK+FkWhbxtP5c6WYW8QgJAVQ0s0ITv42u root@git.dcpltechnology.com
srv/gitlab/config/config/ssh_host_rsa_key0000600000000000000000000000507614434463302017637 0ustar  rootroot-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAwkaZu72ungDeuhqgMKFOueiPBHell/FPHexC1lkUc7k8q5U46tE7
h2OrPmqrQ/Fja2jtT3voEMqeDPgTSiFdG7TWnw4Yqke5lzAWRpfq7sboZ2T6uBpgvE0ZUV
TThM+Ql7QFrAWAz6e838imY1BoBMaWN1/KIupFeblp8pu1LoNCopvIBMYs4llUxSCGzSuc
nF5wy8rsgwJU2w0fRg1sazY9rcLgAQPPy2g/kEn6H4zweFzt+w6aahXKZqA7OnqAYUz54T
hrQy2ByhAda9ffwNQA87CBRfCUuETe7+lR8Bn66NrNNoVznwK5MkETC1pCIL9FGhgAp0It
YK0k+AZ5wZDVcGb8E5eVCZ7kgVRhDJYVnW0UzRzZguGuN3SyYQIhdeeqoBrZSCYAC0R/Oz
vj/xE4HZvebOCelMO1t/kqjqVX3/kH2o9IYw4ni7gSkXCH/3FZMQiDlYhVWc7zrsc/Jpeb
m/nGjUD2N29kPw64JSeKGze9jepTZI/RNHjpL6SFAAAFmNB7d9zQe3fcAAAAB3NzaC1yc2
EAAAGBAMJGmbu9rp4A3roaoDChTrnojwR3pZfxTx3sQtZZFHO5PKuVOOrRO4djqz5qq0Px
Y2to7U976BDKngz4E0ohXRu01p8OGKpHuZcwFkaX6u7G6Gdk+rgaYLxNGVFU04TPkJe0Ba
wFgM+nvN/IpmNQaATGljdfyiLqRXm5afKbtS6DQqKbyATGLOJZVMUghs0rnJxecMvK7IMC
VNsNH0YNbGs2Pa3C4AEDz8toP5BJ+h+M8Hhc7fsOmmoVymagOzp6gGFM+eE4a0MtgcoQHW
vX38DUAPOwgUXwlLhE3u/pUfAZ+ujazTaFc58CuTJBEwtaQiC/RRoYAKdCLWCtJPgGecGQ
1XBm/BOXlQme5IFUYQyWFZ1tFM0c2YLhrjd0smECIXXnqqAa2UgmAAtEfzs74/8ROB2b3m
zgnpTDtbf5Ko6lV9/5B9qPSGMOJ4u4EpFwh/9xWTEIg5WIVVnO867HPyaXm5v5xo1A9jdv
ZD8OuCUnihs3vY3qU2SP0TR46S+khQAAAAMBAAEAAAGAGcKmy+Ag8U6IOgEh0JDzEW+m1x
7OVFFo/jy/uBBjx9x+EPpea7SGwjMTF9mpD/9IAYwOO4Xghal4P5v9Ysz9vZjDBKAn4RxV
nZiAu6eVPUgetOcM37CPtyg5/TDUQz4KnDMAtYidReul/b5rYavdvxReAsWu1eZeg/9z7v
l6kspQ4aLqaMemV/UkamcfuMDZqVpUdpFXvx9mBQ2+YdmR0L2GfC3k6f2JZh1SoF1OzzQv
Bqa735hWHU76YZVJhT2M4Sy6DMptK9lMjzrCVg6GzLFcp5bKD7dUAhRYj2oMSG/X7yz8R2
ToV4yzlxIE/ocMC99Z+fTj16no1KqInufuETVoAv51gjUYUVLL1i7ejCGEF37e3r1DVWDk
5LQ1SyBEQqZbntVP7f0EJdZnS5zGSyvrWmRjoH8+FLdfatjJVRJuMbOMUEafAaKoD8HMEi
tCsEaAfyigNHCVbaN2dIV003HQSfmFB6cfInZtOJQik+1uzCz5uvu60AAErGdt5SsBAAAA
wQCUPJkx7600mA8sYFewX295WTSZgrsl7IdSPZF32lnt4JfCIexPDWtlOyxoWMvUNL4yX3
z0HzYoZ9X2lvWycegKqEU4A8N0JFOYLbxs+z4y/vRgV6zmTs2dYlHxvSjD+BW/wpkKFOjh
VvZ7ExS5ewZL8r/1Es6sEXHuU1nwWG0dWEBaEF3Jjj4kq+KDfhFMO7p7lmPPWTUGWqi5OU
hGKmEZH+4E523MD8iTvAlDT7OEtUaFmIhVMZW9qLvlFExOb2gAAADBAObDFCftCcfWjkTv
GRG/BkpgUI2Ui+LGrxiwil32H2CaDfNM7GPg8DkZCQg/8Xzq8FQgIQ6ezA81E/d+BUyzwW
64ILvWRQBWBQdnX9xRFiK2ae3alMPla5lTZUs3krVaCyIvrYoPSthhl6ITNIOtw+pkI9nm
+473LEcpqldzKMZMUgwSJGsDDVx+/DGyQwJauHZRoO+HS17yy98/b09S8RuElvE+pKrn80
yd+GQ8ebMtUgSl8zaWusSc35dcVxdppQAAAMEA14X5ARoROhpuHQpYo9ZdSTKpmGIFz4hK
zbO3B5eHkLu3fYKzJmO1/tWBJ2xrXWnh09PRdjU4OwbHysWBE+MKij7GfKNRihOXPkfc/k
DXOjyE8lt1rYklmcYSjZViJmV3/I9x4tFSmKDvXhmDsMcLDGvXVXLWlfJxp/+dmxUOKNzn
Td7Q8Ml3w0jUb1rz6Zp4LGkM319rUqo4ouS1zkhA0atFXY28VVoMeWnLGJYsD5VjdqwDBZ
BY0wG2Y2106ZlhAAAAG3Jvb3RAZ2l0LmRjcGx0ZWNobm9sb2d5LmNvbQECAwQFBgc=
-----END OPENSSH PRIVATE KEY-----
srv/gitlab/config/config/gitlab.rb0000600000000000000000000043202314434463301016127 0ustar  rootroot## GitLab configuration settings
##! This file is generated during initial installation and **is not** modified
##! during upgrades.
##! Check out the latest version of this file to know about the different
##! settings that can be configured, when they were introduced and why:
##! https://gitlab.com/gitlab-org/omnibus-gitlab/blame/master/files/gitlab-config-template/gitlab.rb.template

##! Locally, the complete template corresponding to the installed version can be found at:
##! /opt/gitlab/etc/gitlab.rb.template

##! You can run `gitlab-ctl diff-config` to compare the contents of the current gitlab.rb with
##! the gitlab.rb.template from the currently running version.

##! You can run `gitlab-ctl show-config` to display the configuration that will be generated by
##! running `gitlab-ctl reconfigure`

##! In general, the values specified here should reflect what the default value of the attribute will be.
##! There are instances where this behavior is not possible or desired. For example, when providing passwords,
##! or connecting to third party services.
##! In those instances, we endeavour to provide an example configuration.

## GitLab URL
##! URL on which GitLab will be reachable.
##! For more details on configuring external_url see:
##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
##!
##! Note: During installation/upgrades, the value of the environment variable
##! EXTERNAL_URL will be used to populate/replace this value.
##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
##! address from AWS. For more details, see:
##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
# external_url 'GENERATED_EXTERNAL_URL'

## Roles for multi-instance GitLab
##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
##! Options:
##!   redis_sentinel_role redis_master_role redis_replica_role geo_primary_role geo_secondary_role
##!   postgres_role consul_role application_role monitoring_role
##! For more details on each role, see:
##! https://docs.gitlab.com/omnibus/roles/index.html#roles
##!
# roles ['redis_sentinel_role', 'redis_master_role']

## Legend
##! The following notations at the beginning of each line may be used to
##! differentiate between components of this file and to easily select them using
##! a regex.
##! ## Titles, subtitles etc
##! ##! More information - Description, Docs, Links, Issues etc.
##! Configuration settings have a single # followed by a single space at the
##! beginning; Remove them to enable the setting.

##! **Configuration settings below are optional.**


################################################################################
################################################################################
##                Configuration Settings for GitLab CE and EE                 ##
################################################################################
################################################################################

################################################################################
## gitlab.yml configuration
##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
################################################################################
# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
# gitlab_rails['gitlab_ssh_user'] = ''
# gitlab_rails['time_zone'] = 'UTC'

### Rails asset / CDN host
###! Defines a url for a host/cdn to use for the Rails assets
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#set-a-content-delivery-network-url
# gitlab_rails['cdn_host'] = 'https://mycdnsubdomain.fictional-cdn.com'

### Request duration
###! Tells the rails application how long it has to complete a request
###! This value needs to be lower than the worker timeout set in puma.
###! By default, we'll allow 95% of the the worker timeout
# gitlab_rails['max_request_duration_seconds'] = 57

### GitLab email server settings
###! Docs: https://docs.gitlab.com/omnibus/settings/smtp.html
###! **Use smtp instead of sendmail/postfix.**

# gitlab_rails['smtp_enable'] = true
# gitlab_rails['smtp_address'] = "smtp.server"
# gitlab_rails['smtp_port'] = 465
# gitlab_rails['smtp_user_name'] = "smtp user"
# gitlab_rails['smtp_password'] = "smtp password"
# gitlab_rails['smtp_domain'] = "example.com"
# gitlab_rails['smtp_authentication'] = "login"
# gitlab_rails['smtp_enable_starttls_auto'] = true
# gitlab_rails['smtp_tls'] = false
# gitlab_rails['smtp_pool'] = false

###! **Can be: 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'**
###! Docs: http://api.rubyonrails.org/classes/ActionMailer/Base.html
# gitlab_rails['smtp_openssl_verify_mode'] = 'none'

# gitlab_rails['smtp_ca_path'] = "/etc/ssl/certs"
# gitlab_rails['smtp_ca_file'] = "/etc/ssl/certs/ca-certificates.crt"

### Email Settings

# gitlab_rails['gitlab_email_enabled'] = true

##! If your SMTP server does not like the default 'From: gitlab@gitlab.example.com'
##! can change the 'From' with this setting.
# gitlab_rails['gitlab_email_from'] = 'example@example.com'
# gitlab_rails['gitlab_email_display_name'] = 'Example'
# gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
# gitlab_rails['gitlab_email_subject_suffix'] = ''
# gitlab_rails['gitlab_email_smime_enabled'] = false
# gitlab_rails['gitlab_email_smime_key_file'] = '/etc/gitlab/ssl/gitlab_smime.key'
# gitlab_rails['gitlab_email_smime_cert_file'] = '/etc/gitlab/ssl/gitlab_smime.crt'
# gitlab_rails['gitlab_email_smime_ca_certs_file'] = '/etc/gitlab/ssl/gitlab_smime_cas.crt'

### GitLab user privileges
# gitlab_rails['gitlab_default_can_create_group'] = true
# gitlab_rails['gitlab_username_changing_enabled'] = true

### Default Theme
### Available values:
##! `1`  for Indigo
##! `2`  for Dark
##! `3`  for Light
##! `4`  for Blue
##! `5`  for Green
##! `6`  for Light Indigo
##! `7`  for Light Blue
##! `8`  for Light Green
##! `9`  for Red
##! `10` for Light Red
# gitlab_rails['gitlab_default_theme'] = 2

### Default project feature settings
# gitlab_rails['gitlab_default_projects_features_issues'] = true
# gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
# gitlab_rails['gitlab_default_projects_features_wiki'] = true
# gitlab_rails['gitlab_default_projects_features_snippets'] = true
# gitlab_rails['gitlab_default_projects_features_builds'] = true
# gitlab_rails['gitlab_default_projects_features_container_registry'] = true

### Automatic issue closing
###! See https://docs.gitlab.com/ee/customization/issue_closing.html for more
###! information about this pattern.
# gitlab_rails['gitlab_issue_closing_pattern'] = "\b((?:[Cc]los(?:e[sd]?|ing)|\b[Ff]ix(?:e[sd]|ing)?|\b[Rr]esolv(?:e[sd]?|ing)|\b[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)"

### Download location
###! When a user clicks e.g. 'Download zip' on a project, a temporary zip file
###! is created in the following directory.
###! Should not be the same path, or a sub directory of any of the `git_data_dirs`
# gitlab_rails['gitlab_repository_downloads_path'] = 'tmp/repositories'

### Gravatar Settings
# gitlab_rails['gravatar_plain_url'] = 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
# gitlab_rails['gravatar_ssl_url'] = 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'

### Auxiliary jobs
###! Periodically executed jobs, to self-heal Gitlab, do external
###! synchronizations, etc.
###! Docs: https://github.com/ondrejbartas/sidekiq-cron#adding-cron-job
###!       https://docs.gitlab.com/ee/ci/yaml/index.html#artifactsexpire_in
# gitlab_rails['stuck_ci_jobs_worker_cron'] = "0 0 * * *"
# gitlab_rails['expire_build_artifacts_worker_cron'] = "*/7 * * * *"
# gitlab_rails['environments_auto_stop_cron_worker_cron'] = "24 * * * *"
# gitlab_rails['pipeline_schedule_worker_cron'] = "19 * * * *"
# gitlab_rails['ci_archive_traces_cron_worker_cron'] = "17 * * * *"
# gitlab_rails['repository_check_worker_cron'] = "20 * * * *"
# gitlab_rails['admin_email_worker_cron'] = "0 0 * * 0"
# gitlab_rails['personal_access_tokens_expiring_worker_cron'] = "0 1 * * *"
# gitlab_rails['personal_access_tokens_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['repository_archive_cache_worker_cron'] = "0 * * * *"
# gitlab_rails['pages_domain_verification_cron_worker'] = "*/15 * * * *"
# gitlab_rails['pages_domain_ssl_renewal_cron_worker'] = "*/10 * * * *"
# gitlab_rails['pages_domain_removal_cron_worker'] = "47 0 * * *"
# gitlab_rails['remove_unaccepted_member_invites_cron_worker'] = "10 15 * * *"
# gitlab_rails['schedule_migrate_external_diffs_worker_cron'] = "15 * * * *"
# gitlab_rails['ci_platform_metrics_update_cron_worker'] = '47 9 * * *'
# gitlab_rails['analytics_usage_trends_count_job_trigger_worker_cron'] = "50 23 */1 * *"
# gitlab_rails['member_invitation_reminder_emails_worker_cron'] = "0 0 * * *"
# gitlab_rails['user_status_cleanup_batch_worker_cron'] = "* * * * *"
# gitlab_rails['namespaces_in_product_marketing_emails_worker_cron'] = "0 9 * * *"
# gitlab_rails['ssh_keys_expired_notification_worker_cron'] = "0 2 * * *"
# gitlab_rails['ssh_keys_expiring_soon_notification_worker_cron'] = "0 1 * * *"
# gitlab_rails['loose_foreign_keys_cleanup_worker_cron'] = "*/5 * * * *"
# gitlab_rails['ci_runner_versions_reconciliation_worker_cron'] = "@daily"
# gitlab_rails['ci_runners_stale_machines_cleanup_worker_cron'] = "36 4 * * *"

### Webhook Settings
###! Number of seconds to wait for HTTP response after sending webhook HTTP POST
###! request (default: 10)
# gitlab_rails['webhook_timeout'] = 10

### GraphQL Settings
###! Tells the rails application how long it has to complete a GraphQL request.
###! We suggest this value to be higher than the database timeout value
###! and lower than the worker timeout set in puma. (default: 30)
# gitlab_rails['graphql_timeout'] = 30

### Trusted proxies
###! Customize if you have GitLab behind a reverse proxy which is running on a
###! different machine.
###! **Add the IP address for your reverse proxy to the list, otherwise users
###!   will appear signed in from that address.**
# gitlab_rails['trusted_proxies'] = []

### Content Security Policy
####! Customize if you want to enable the Content-Security-Policy header, which
####! can help thwart JavaScript cross-site scripting (XSS) attacks.
####! See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# gitlab_rails['content_security_policy'] = {
#  'enabled' => false,
#  'report_only' => false,
#  # Each directive is a String (e.g. "'self'").
#  'directives' => {
#    'base_uri' => nil,
#    'child_src' => nil,
#    'connect_src' => nil,
#    'default_src' => nil,
#    'font_src' => nil,
#    'form_action' => nil,
#    'frame_ancestors' => nil,
#    'frame_src' => nil,
#    'img_src' => nil,
#    'manifest_src' => nil,
#    'media_src' => nil,
#    'object_src' => nil,
#    'script_src' => nil,
#    'style_src' => nil,
#    'worker_src' => nil,
#    'report_uri' => nil,
#  }
# }

### Allowed hosts
###! Customize the `host` headers that should be catered by the Rails
###! application. By default, everything is allowed.
# gitlab_rails['allowed_hosts'] = []

### Monitoring settings
###! IP whitelist controlling access to monitoring endpoints
# gitlab_rails['monitoring_whitelist'] = ['127.0.0.0/8', '::1/128']

### Shutdown settings
###! Defines an interval to block healthcheck,
###! but continue accepting application requests.
# gitlab_rails['shutdown_blackout_seconds'] = 10

### Microsoft Graph Mailer
###! Allows delivery of emails using Microsoft Graph API with OAuth 2.0 client
###! credentials flow.
###! Docs: https://docs.gitlab.com/omnibus/settings/microsoft_graph_mailer.html
# gitlab_rails['microsoft_graph_mailer_enabled'] = false
# gitlab_rails['microsoft_graph_mailer_user_id'] = "YOUR-USER-ID"
# gitlab_rails['microsoft_graph_mailer_tenant'] = "YOUR-TENANT-ID"
# gitlab_rails['microsoft_graph_mailer_client_id'] = "YOUR-CLIENT-ID"
# gitlab_rails['microsoft_graph_mailer_client_secret'] = "YOUR-CLIENT-SECRET-ID"
# gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
# gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"

### Reply by email
###! Allow users to comment on issues and merge requests by replying to
###! notification emails.
###! Docs: https://docs.gitlab.com/ee/administration/reply_by_email.html
# gitlab_rails['incoming_email_enabled'] = true

#### Incoming Email Address
####! The email address including the `%{key}` placeholder that will be replaced
####! to reference the item being replied to.
####! **The placeholder can be omitted but if present, it must appear in the
####!   "user" part of the address (before the `@`).**
# gitlab_rails['incoming_email_address'] = "gitlab-incoming+%{key}@gmail.com"

#### Email account username
####! **With third party providers, this is usually the full email address.**
####! **With self-hosted email servers, this is usually the user part of the
####!   email address.**
# gitlab_rails['incoming_email_email'] = "gitlab-incoming@gmail.com"

#### Email account password
# gitlab_rails['incoming_email_password'] = "[REDACTED]"

#### IMAP Settings
# gitlab_rails['incoming_email_host'] = "imap.gmail.com"
# gitlab_rails['incoming_email_port'] = 993
# gitlab_rails['incoming_email_ssl'] = true
# gitlab_rails['incoming_email_start_tls'] = false

#### Incoming Mailbox Settings (via `mail_room`)
####! The mailbox where incoming mail will end up. Usually "inbox".
# gitlab_rails['incoming_email_mailbox_name'] = "inbox"
####! The IDLE command timeout.
# gitlab_rails['incoming_email_idle_timeout'] = 60
####! The file name for internal `mail_room` JSON logfile
# gitlab_rails['incoming_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"
####! This marks incoming messages deleted after delivery.
####! If you are using Microsoft Graph API instead of IMAP, set this to false to retain
####! messages in the inbox since deleted messages are auto-expunged after some time.
# gitlab_rails['incoming_email_delete_after_delivery'] = true
####! Permanently remove messages from the mailbox when they are marked as deleted after delivery
####! Only applies to IMAP. Microsoft Graph will auto-expunge any deleted messages.
# gitlab_rails['incoming_email_expunge_deleted'] = false

#### Inbox options (for Microsoft Graph)
# gitlab_rails['incoming_email_inbox_method'] = 'microsoft_graph'
# gitlab_rails['incoming_email_inbox_options'] = {
#    'tenant_id': 'YOUR-TENANT-ID',
#    'client_id': 'YOUR-CLIENT-ID',
#    'client_secret': 'YOUR-CLIENT-SECRET',
#    'poll_interval': 60  # Optional
# }

#### How incoming emails are delivered to Rails process. Accept either sidekiq
#### or webhook. The default config is webhook.
# gitlab_rails['incoming_email_delivery_method'] = "webhook"

#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
#### encoded with base64
# gitlab_rails['incoming_email_auth_token'] = nil

####! The format of mail_room crash logs
# mailroom['exit_log_format'] = "plain"

### Consolidated (simplified) object storage configuration
###! This uses a single credential for object storage with multiple buckets.
###! It also enables Workhorse to upload files directly with its own S3 client
###! instead of using pre-signed URLs.
###!
###! This configuration will only take effect if the object_store
###! sections are not defined within the types. For example, enabling
###! gitlab_rails['artifacts_object_store_enabled'] or
###! gitlab_rails['lfs_object_store_enabled'] will prevent the
###! consolidated settings from being used.
###!
###! Be sure to use different buckets for each type of object.
###! Docs: https://docs.gitlab.com/ee/administration/object_storage.html
# gitlab_rails['object_store']['enabled'] = false
# gitlab_rails['object_store']['connection'] = {}
# gitlab_rails['object_store']['storage_options'] = {}
# gitlab_rails['object_store']['proxy_download'] = false
# gitlab_rails['object_store']['objects']['artifacts']['bucket'] = nil
# gitlab_rails['object_store']['objects']['external_diffs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['lfs']['bucket'] = nil
# gitlab_rails['object_store']['objects']['uploads']['bucket'] = nil
# gitlab_rails['object_store']['objects']['packages']['bucket'] = nil
# gitlab_rails['object_store']['objects']['dependency_proxy']['bucket'] = nil
# gitlab_rails['object_store']['objects']['terraform_state']['bucket'] = nil
# gitlab_rails['object_store']['objects']['ci_secure_files']['bucket'] = nil
# gitlab_rails['object_store']['objects']['pages']['bucket'] = nil

### Job Artifacts
# gitlab_rails['artifacts_enabled'] = true
# gitlab_rails['artifacts_path'] = "/var/opt/gitlab/gitlab-rails/shared/artifacts"
####! Job artifacts Object Store
####! Docs: https://docs.gitlab.com/ee/administration/job_artifacts.html#using-object-storage
# gitlab_rails['artifacts_object_store_enabled'] = false
# gitlab_rails['artifacts_object_store_proxy_download'] = false
# gitlab_rails['artifacts_object_store_remote_directory'] = "artifacts"
# gitlab_rails['artifacts_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### External merge request diffs
# gitlab_rails['external_diffs_enabled'] = false
# gitlab_rails['external_diffs_when'] = nil
# gitlab_rails['external_diffs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/external-diffs"
# gitlab_rails['external_diffs_object_store_enabled'] = false
# gitlab_rails['external_diffs_object_store_proxy_download'] = false
# gitlab_rails['external_diffs_object_store_remote_directory'] = "external-diffs"
# gitlab_rails['external_diffs_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### Git LFS
# gitlab_rails['lfs_enabled'] = true
# gitlab_rails['lfs_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/lfs-objects"
# gitlab_rails['lfs_object_store_enabled'] = false
# gitlab_rails['lfs_object_store_proxy_download'] = false
# gitlab_rails['lfs_object_store_remote_directory'] = "lfs-objects"
# gitlab_rails['lfs_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'host' => 's3.amazonaws.com',
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### GitLab uploads
###! Docs: https://docs.gitlab.com/ee/administration/uploads.html
# gitlab_rails['uploads_directory'] = "/var/opt/gitlab/gitlab-rails/uploads"
# gitlab_rails['uploads_storage_path'] = "/opt/gitlab/embedded/service/gitlab-rails/public"
# gitlab_rails['uploads_base_dir'] = "uploads/-/system"
# gitlab_rails['uploads_object_store_enabled'] = false
# gitlab_rails['uploads_object_store_proxy_download'] = false
# gitlab_rails['uploads_object_store_remote_directory'] = "uploads"
# gitlab_rails['uploads_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### Terraform state
###! Docs: https://docs.gitlab.com/ee/administration/terraform_state
# gitlab_rails['terraform_state_enabled'] = true
# gitlab_rails['terraform_state_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/terraform_state"
# gitlab_rails['terraform_state_object_store_enabled'] = false
# gitlab_rails['terraform_state_object_store_remote_directory'] = "terraform"
# gitlab_rails['terraform_state_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### CI Secure Files
# gitlab_rails['ci_secure_files_enabled'] = false
# gitlab_rails['ci_secure_files_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/ci_secure_files"
# gitlab_rails['ci_secure_files_object_store_enabled'] = false
# gitlab_rails['ci_secure_files_object_store_remote_directory'] = "ci-secure-files"
# gitlab_rails['ci_secure_files_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

### GitLab Pages
# gitlab_rails['pages_object_store_enabled'] = false
# gitlab_rails['pages_object_store_remote_directory'] = "pages"
# gitlab_rails['pages_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }
# gitlab_rails['pages_local_store_enabled'] = true
# gitlab_rails['pages_local_store_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"

### Impersonation settings
# gitlab_rails['impersonation_enabled'] = true

### Disable jQuery and CSS animations
# gitlab_rails['disable_animations'] = false

### Application settings cache expiry in seconds. (default: 60)
# gitlab_rails['application_settings_cache_seconds'] = 60

### Usage Statistics
# gitlab_rails['usage_ping_enabled'] = true

### GitLab Mattermost
###! These settings are void if Mattermost is installed on the same omnibus
###! install
# gitlab_rails['mattermost_host'] = "https://mattermost.example.com"

### LDAP Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/ldap.html
###! **Be careful not to break the indentation in the ldap_servers block. It is
###!   in yaml format and the spaces must be retained. Using tabs will not work.**

# gitlab_rails['ldap_enabled'] = false
# gitlab_rails['prevent_ldap_sign_in'] = false

###! **remember to close this block with 'EOS' below**
# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
#     port: 389
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
#     smartcard_auth: false
#     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
#
#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
#     label: 'LDAP'
#     host: '_your_ldap_server'
#     port: 389
#     uid: 'sAMAccountName'
#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
#     password: '_the_password_of_the_bind_user'
#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
#     verify_certificates: true
#     smartcard_auth: false
#     active_directory: true
#     allow_username_or_email_login: false
#     lowercase_usernames: false
#     block_auto_created_users: false
#     base: ''
#     user_filter: ''
#     ## EE only
#     group_base: ''
#     admin_group: ''
#     sync_ssh_keys: false
# EOS

### Smartcard authentication settings
###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
# gitlab_rails['smartcard_enabled'] = false
# gitlab_rails['smartcard_ca_file'] = "/etc/gitlab/ssl/CA.pem"
# gitlab_rails['smartcard_client_certificate_required_host'] = 'smartcard.gitlab.example.com'
# gitlab_rails['smartcard_client_certificate_required_port'] = 3444
# gitlab_rails['smartcard_required_for_git_access'] = false
# gitlab_rails['smartcard_san_extensions'] = false

### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
# gitlab_rails['omniauth_enabled'] = nil
# gitlab_rails['omniauth_allow_single_sign_on'] = ['saml']
# gitlab_rails['omniauth_sync_email_from_provider'] = 'saml'
# gitlab_rails['omniauth_sync_profile_from_provider'] = ['saml']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
# gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'saml'
# gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = false
# gitlab_rails['omniauth_auto_link_user'] = ['twitter']
# gitlab_rails['omniauth_external_providers'] = ['twitter', 'google_oauth2']
# gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
# gitlab_rails['omniauth_providers'] = [
#   {
#     "name" => "google_oauth2",
#     "app_id" => "YOUR APP ID",
#     "app_secret" => "YOUR APP SECRET",
#     "args" => { "access_type" => "offline", "approval_prompt" => "" }
#   }
# ]
# gitlab_rails['omniauth_cas3_session_duration'] = 28800
# gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000

### FortiAuthenticator authentication settings
# gitlab_rails['forti_authenticator_enabled'] = false
# gitlab_rails['forti_authenticator_host'] = 'forti_authenticator.example.com'
# gitlab_rails['forti_authenticator_port'] = 443
# gitlab_rails['forti_authenticator_username'] = 'admin'
# gitlab_rails['forti_authenticator_access_token'] = 's3cr3t'

### FortiToken Cloud authentication settings
# gitlab_rails['forti_token_cloud_enabled'] = false
# gitlab_rails['forti_token_cloud_client_id'] = 'forti_token_cloud_client_id'
# gitlab_rails['forti_token_cloud_client_secret'] = 's3cr3t'

### DuoAuth authentication settings
# gitlab_rails['duo_auth_enabled'] = false
# gitlab_rails['duo_auth_integration_key'] = 'duo_auth_integration_key'
# gitlab_rails['duo_auth_secret_key'] = 'duo_auth_secret_key'
# gitlab_rails['duo_auth_hostname'] = 'duo_auth.example.com'

### Backup Settings
###! Docs: https://docs.gitlab.com/omnibus/settings/backups.html

# gitlab_rails['manage_backup_path'] = true
# gitlab_rails['backup_path'] = "/var/opt/gitlab/backups"
# gitlab_rails['backup_gitaly_backup_path'] = "/opt/gitlab/embedded/bin/gitaly-backup"

###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#backup-archive-permissions
# gitlab_rails['backup_archive_permissions'] = 0644

# gitlab_rails['backup_pg_schema'] = 'public'

###! The duration in seconds to keep backups before they are allowed to be deleted
# gitlab_rails['backup_keep_time'] = 604800

# gitlab_rails['backup_upload_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AKIAKIAKI',
#   'aws_secret_access_key' => 'secret123',
#   # # If IAM profile use is enabled, remove aws_access_key_id and aws_secret_access_key
#   'use_iam_profile' => false
# }
# gitlab_rails['backup_upload_remote_directory'] = 'my.s3.bucket'
# gitlab_rails['backup_multipart_chunk_size'] = 104857600

###! **Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for
###!   backups**
# gitlab_rails['backup_encryption'] = 'AES256'
###! The encryption key to use with AWS Server-Side Encryption.
###! Setting this value will enable Server-Side Encryption with customer provided keys;
###!   otherwise S3-managed keys are used.
# gitlab_rails['backup_encryption_key'] = '<base64-encoded encryption key>'

###! **Turns on AWS Server-Side Encryption with Amazon SSE-KMS (AWS managed but customer-master key)
# gitlab_rails['backup_upload_storage_options'] = {
#  'server_side_encryption' => 'aws:kms',
#  'server_side_encryption_kms_key_id' => 'arn:aws:kms:YOUR-KEY-ID-HERE'
# }

###! **Specifies Amazon S3 storage class to use for backups. Valid values
###!   include 'STANDARD', 'STANDARD_IA', and 'REDUCED_REDUNDANCY'**
# gitlab_rails['backup_storage_class'] = 'STANDARD'

###! Skip parts of the backup. Comma separated.
###! Docs: https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup
#gitlab_rails['env'] = {
#    "SKIP" => "db,uploads,repositories,builds,artifacts,lfs,registry,pages"
#}

### For setting up different data storing directory
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#store-git-data-in-an-alternative-directory
###! **If you want to use a single non-default directory to store git data use a
###!   path that doesn't contain symlinks.**
# git_data_dirs({
#   "default" => {
#     "path" => "/mnt/nfs-01/git-data"
#    }
# })

### Gitaly settings
# gitlab_rails['gitaly_token'] = 'secret token'

### For storing GitLab application uploads, eg. LFS objects, build artifacts
###! Docs: https://docs.gitlab.com/ee/development/shared_files.html
# gitlab_rails['shared_path'] = '/var/opt/gitlab/gitlab-rails/shared'

### For storing encrypted configuration files
###! Docs: https://docs.gitlab.com/ee/administration/encrypted_configuration.html
# gitlab_rails['encrypted_settings_path'] = '/var/opt/gitlab/gitlab-rails/shared/encrypted_settings'

### Wait for file system to be mounted
###! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#only-start-omnibus-gitlab-services-after-a-given-file-system-is-mounted
# high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]

### GitLab Shell settings for GitLab
# gitlab_rails['gitlab_shell_ssh_port'] = 22
# gitlab_rails['gitlab_shell_git_timeout'] = 800

### Extra customization
# gitlab_rails['extra_google_analytics_id'] = '_your_tracking_id'
# gitlab_rails['extra_google_tag_manager_id'] = '_your_tracking_id'
# gitlab_rails['extra_one_trust_id'] = '_your_one_trust_id'
# gitlab_rails['extra_google_tag_manager_nonce_id'] = '_your_google_tag_manager_id'
# gitlab_rails['extra_bizible'] = false
# gitlab_rails['extra_matomo_url'] = '_your_matomo_url'
# gitlab_rails['extra_matomo_site_id'] = '_your_matomo_site_id'
# gitlab_rails['extra_matomo_disable_cookies'] = false
# gitlab_rails['extra_maximum_text_highlight_size_kilobytes'] = 512

##! Docs: https://docs.gitlab.com/omnibus/settings/environment-variables.html
# gitlab_rails['env'] = {
#   'BUNDLE_GEMFILE' => "/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin"
# }

# gitlab_rails['rack_attack_git_basic_auth'] = {
#   'enabled' => false,
#   'ip_whitelist' => ["127.0.0.1"],
#   'maxretry' => 10,
#   'findtime' => 60,
#   'bantime' => 3600
# }

# gitlab_rails['dir'] = "/var/opt/gitlab/gitlab-rails"
# gitlab_rails['log_directory'] = "/var/log/gitlab/gitlab-rails"

#### Change the initial default admin password and shared runner registration tokens.
####! **Only applicable on initial setup, changing these settings after database
####!   is created and seeded won't yield any change.**
# gitlab_rails['initial_root_password'] = "password"
# gitlab_rails['initial_shared_runners_registration_token'] = "token"

#### Toggle if root password should be printed to STDOUT during initialization
# gitlab_rails['display_initial_root_password'] = false

#### Toggle if initial root password should be written to /etc/gitlab/initial_root_password
# gitlab_rails['store_initial_root_password'] = true

#### Set path to an initial license to be used while bootstrapping GitLab.
####! **Only applicable on initial setup, future license updates need to be done via UI.
####! Updating the file specified in this path won't yield any change after the first reconfigure run.
# gitlab_rails['initial_license_file'] = '/etc/gitlab/company.gitlab-license'

#### Enable or disable automatic database migrations
# gitlab_rails['auto_migrate'] = true

#### This is advanced feature used by large gitlab deployments where loading
#### whole RAILS env takes a lot of time.
# gitlab_rails['rake_cache_clear'] = true

### GitLab database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
###! **Only needed if you use an external database.**
# gitlab_rails['db_adapter'] = "postgresql"
# gitlab_rails['db_encoding'] = "unicode"
# gitlab_rails['db_collation'] = nil
# gitlab_rails['db_database'] = "gitlabhq_production"
# gitlab_rails['db_username'] = "gitlab"
# gitlab_rails['db_password'] = nil
# gitlab_rails['db_host'] = nil
# gitlab_rails['db_port'] = 5432
# gitlab_rails['db_socket'] = nil
# gitlab_rails['db_sslmode'] = nil
# gitlab_rails['db_sslcompression'] = 0
# gitlab_rails['db_sslrootcert'] = nil
# gitlab_rails['db_sslcert'] = nil
# gitlab_rails['db_sslkey'] = nil
# gitlab_rails['db_prepared_statements'] = false
# gitlab_rails['db_statements_limit'] = 1000
# gitlab_rails['db_connect_timeout'] = nil
# gitlab_rails['db_keepalives'] = nil
# gitlab_rails['db_keepalives_idle'] = nil
# gitlab_rails['db_keepalives_interval'] = nil
# gitlab_rails['db_keepalives_count'] = nil
# gitlab_rails['db_tcp_user_timeout'] = nil
# gitlab_rails['db_application_name'] = nil
# gitlab_rails['db_database_tasks'] = true

### Gitlab decomposed database settings
###! Docs: https://docs.gitlab.com/omnibus/settings/database.html
# gitlab_rails['databases']['ci']['enable'] = false
# gitlab_rails['databases']['ci']['db_database'] = 'gitlabhq_production'
# gitlab_rails['databases']['ci']['database_tasks'] = false

### GitLab Redis settings
###! Connect to your own Redis instance
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html

#### Redis TCP connection
# gitlab_rails['redis_host'] = "127.0.0.1"
# gitlab_rails['redis_port'] = 6379
# gitlab_rails['redis_ssl'] = false
# gitlab_rails['redis_password'] = nil
# gitlab_rails['redis_database'] = 0
# gitlab_rails['redis_enable_client'] = true

#### Redis local UNIX socket (will be disabled if TCP method is used)
# gitlab_rails['redis_socket'] = "/var/opt/gitlab/redis/redis.socket"

#### Sentinel support
####! To have Sentinel working, you must enable Redis TCP connection support
####! above and define a few Sentinel hosts below (to get a reliable setup
####! at least 3 hosts).
####! **You don't need to list every sentinel host, but the ones not listed will
####!   not be used in a fail-over situation to query for the new master.**
# gitlab_rails['redis_sentinels'] = [
#   {'host' => '127.0.0.1', 'port' => 26379},
# ]


#### Cluster support
####! Cluster support is only available for selected Redis instances. `resque.yml` will not
####! support cluster mode to maintain full-compatibility with the GitLab rails application.
####!
####! To have Redis Cluster working, you must declare `redis_{instance}_cluster_nodes`
####! `redis_{instance}_username` and `redis_{instance}_password` are required if ACL
####! is enabled for the Redis servers.
# gitlab_rails['redis_xxxx_cluster_nodes'] = [
#    {'host' => '127.0.0.1', 'port' => 6379},
# ]

#### Separate instances support
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html#running-with-multiple-redis-instances
# gitlab_rails['redis_cache_instance'] = nil
# gitlab_rails['redis_cache_sentinels'] = nil
# gitlab_rails['redis_cache_username'] = nil
# gitlab_rails['redis_cache_password'] = nil
# gitlab_rails['redis_cache_cluster_nodes'] = nil
# gitlab_rails['redis_queues_instance'] = nil
# gitlab_rails['redis_queues_sentinels'] = nil
# gitlab_rails['redis_queues_username'] = nil
# gitlab_rails['redis_queues_password'] = nil
# gitlab_rails['redis_queues_cluster_nodes'] = nil
# gitlab_rails['redis_shared_state_instance'] = nil
# gitlab_rails['redis_shared_state_sentinels'] = nil
# gitlab_rails['redis_shared_state_username'] = nil
# gitlab_rails['redis_shared_state_password'] = nil
# gitlab_rails['redis_shared_state_cluster_nodes'] = nil
# gitlab_rails['redis_trace_chunks_instance'] = nil
# gitlab_rails['redis_trace_chunks_sentinels'] = nil
# gitlab_rails['redis_trace_chunks_username'] = nil
# gitlab_rails['redis_trace_chunks_password'] = nil
# gitlab_rails['redis_trace_chunks_cluster_nodes'] = nil
# gitlab_rails['redis_actioncable_instance'] = nil
# gitlab_rails['redis_actioncable_sentinels'] = nil
# gitlab_rails['redis_actioncable_username'] = nil
# gitlab_rails['redis_actioncable_password'] = nil
# gitlab_rails['redis_actioncable_cluster_nodes'] = nil
# gitlab_rails['redis_rate_limiting_instance'] = nil
# gitlab_rails['redis_rate_limiting_sentinels'] = nil
# gitlab_rails['redis_rate_limiting_username'] = nil
# gitlab_rails['redis_rate_limiting_password'] = nil
# gitlab_rails['redis_rate_limiting_cluster_nodes'] = nil
# gitlab_rails['redis_sessions_instance'] = nil
# gitlab_rails['redis_sessions_sentinels'] = nil
# gitlab_rails['redis_sessions_username'] = nil
# gitlab_rails['redis_sessions_password'] = nil
# gitlab_rails['redis_sessions_cluster_nodes'] = nil
# gitlab_rails['redis_cluster_rate_limiting_instance'] = nil
# gitlab_rails['redis_cluster_rate_limiting_sentinels'] = nil
# gitlab_rails['redis_cluster_rate_limiting_username'] = nil
# gitlab_rails['redis_cluster_rate_limiting_password'] = nil
# gitlab_rails['redis_cluster_rate_limiting_cluster_nodes'] = nil
# gitlab_rails['redis_repository_cache_instance'] = nil
# gitlab_rails['redis_repository_cache_sentinels'] = nil
# gitlab_rails['redis_repository_cache_username'] = nil
# gitlab_rails['redis_repository_cache_password'] = nil
# gitlab_rails['redis_repository_cache_cluster_nodes'] = nil


# gitlab_rails['redis_yml_override'] = nil

################################################################################
## Container Registry settings
##! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html
################################################################################

# registry_external_url 'https://registry.example.com'

### Settings used by GitLab application
# gitlab_rails['registry_enabled'] = true
# gitlab_rails['registry_host'] = "registry.gitlab.example.com"
# gitlab_rails['registry_port'] = "5005"
# gitlab_rails['registry_path'] = "/var/opt/gitlab/gitlab-rails/shared/registry"

# Notification secret, it's used to authenticate notification requests to GitLab application
# You only need to change this when you use external Registry service, otherwise
# it will be taken directly from notification settings of your Registry
# gitlab_rails['registry_notification_secret'] = nil

###! **Do not change the following 3 settings unless you know what you are
###!   doing**
# gitlab_rails['registry_api_url'] = "http://127.0.0.1:5000"
# gitlab_rails['registry_key_path'] = "/var/opt/gitlab/gitlab-rails/certificate.key"
# gitlab_rails['registry_issuer'] = "omnibus-gitlab-issuer"

### Settings used by Registry application
# registry['enable'] = true
# registry['username'] = "registry"
# registry['group'] = "registry"
# registry['uid'] = nil
# registry['gid'] = nil
# registry['dir'] = "/var/opt/gitlab/registry"
# registry['registry_http_addr'] = "127.0.0.1:5000"
# registry['debug_addr'] = "localhost:5001"
# registry['log_directory'] = "/var/log/gitlab/registry"
# registry['env_directory'] = "/opt/gitlab/etc/registry/env"
# registry['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# registry['log_level'] = "info"
# registry['log_formatter'] = "text"
# registry['rootcertbundle'] = "/var/opt/gitlab/registry/certificate.crt"
# registry['health_storagedriver_enabled'] = true
# registry['middleware'] = nil
# registry['storage_delete_enabled'] = true
# registry['validation_enabled'] = false
# registry['autoredirect'] = false
# registry['compatibility_schema1_enabled'] = false

### Registry backend storage
###! Docs: https://docs.gitlab.com/ee/administration/packages/container_registry.html#configure-storage-for-the-container-registry
# registry['storage'] = {
#   's3' => {
#     'accesskey' => 's3-access-key',
#     'secretkey' => 's3-secret-key-for-access-key',
#     'bucket' => 'your-s3-bucket',
#     'region' => 'your-s3-region',
#     'regionendpoint' => 'your-s3-regionendpoint'
#   },
#   'redirect' => {
#     'disable' => false
#   }
# }

### Registry notifications endpoints
# registry['notifications'] = [
#   {
#     'name' => 'test_endpoint',
#     'url' => 'https://gitlab.example.com/notify2',
#     'timeout' => '500ms',
#     'threshold' => 5,
#     'backoff' => '1s',
#     'headers' => {
#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
#     }
#   }
# ]
### Default registry notifications
# registry['default_notifications_timeout'] = "500ms"
# registry['default_notifications_threshold'] = 5
# registry['default_notifications_backoff'] = "1s"
# registry['default_notifications_headers'] = {}

################################################################################
## Error Reporting and Logging with Sentry
################################################################################
# gitlab_rails['sentry_enabled'] = false
# gitlab_rails['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_rails['sentry_clientside_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_rails['sentry_environment'] = 'production'

################################################################################
## CI_JOB_JWT
################################################################################
##! RSA private key used to sign CI_JOB_JWT
# gitlab_rails['ci_jwt_signing_key'] = nil # Will be generated if not set.

################################################################################
## GitLab Workhorse
##! Docs: https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/README.md
################################################################################

# gitlab_workhorse['enable'] = true
# gitlab_workhorse['ha'] = false
# gitlab_workhorse['alt_document_root'] = nil

##! Duration to wait for all requests to finish (e.g. "10s" for 10
##! seconds). By default this is disabled to preserve the existing
##! behavior of fast shutdown. This should not be set higher than 30
##! seconds, since gitlab-ctl will wait up to 30 seconds (as defined by
##! the SVWAIT variable) and report a timeout error if the process has
##! not shut down.
# gitlab_workhorse['shutdown_timeout'] = nil
# gitlab_workhorse['listen_network'] = "unix"
# gitlab_workhorse['listen_umask'] = 000
# gitlab_workhorse['listen_addr'] = "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
# gitlab_workhorse['auth_backend'] = "http://localhost:8080"

##! Enable Redis keywatcher, if this setting is not present it defaults to true
# gitlab_workhorse['workhorse_keywatcher'] = true

##! the empty string is the default in gitlab-workhorse option parser
# gitlab_workhorse['auth_socket'] = "''"

##! put an empty string on the command line
# gitlab_workhorse['pprof_listen_addr'] = "''"

# gitlab_workhorse['prometheus_listen_addr'] = "localhost:9229"

# gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"
# gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
# gitlab_workhorse['proxy_headers_timeout'] = "1m0s"

##! limit number of concurrent API requests, defaults to 0 which is unlimited
# gitlab_workhorse['api_limit'] = 0

##! limit number of API requests allowed to be queued, defaults to 0 which
##! disables queuing
# gitlab_workhorse['api_queue_limit'] = 0

##! duration after which we timeout requests if they sit too long in the queue
# gitlab_workhorse['api_queue_duration'] = "30s"

##! Long polling duration for job requesting for runners
# gitlab_workhorse['api_ci_long_polling_duration'] = "60s"

##! Propagate X-Request-Id if available. Workhorse will generate a random value otherwise.
# gitlab_workhorse['propagate_correlation_id'] = false

##! A list of CIDR blocks to allow for propagation of correlation ID.
##! propagate_correlation_id should also be set to true.
##! For example: %w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_propagation'] = nil

##! A list of CIDR blocks that must match remote IP addresses to use
##! X-Forwarded-For HTTP header for the actual client IP. Used in
##! conjuction with propagate_correlation_id and
##! trusted_cidrs_for_propagation.
##! For example: %w(127.0.0.1/32 192.168.0.1/32)
# gitlab_workhorse['trusted_cidrs_for_x_forwarded_for'] = nil

##! Log format: default is json, can also be text or none.
# gitlab_workhorse['log_format'] = "json"

# gitlab_workhorse['env_directory'] = "/opt/gitlab/etc/gitlab-workhorse/env"
# gitlab_workhorse['env'] = {
#   'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Resource limitations for the dynamic image scaler.
##! Exceeding these thresholds will cause Workhorse to serve images in their original size.
##!
##! Maximum number of scaler processes that are allowed to execute concurrently.
##! It is recommended for this not to exceed the number of CPUs available.
# gitlab_workhorse['image_scaler_max_procs'] = 4
##!
##! Maximum file size in bytes for an image to be considered eligible for rescaling
# gitlab_workhorse['image_scaler_max_filesize'] = 250000

##! Service name used to register GitLab Workhorse as a Consul service
# gitlab_workhorse['consul_service_name'] = 'workhorse'
##! Semantic metadata used when registering GitLab Workhorse as a Consul service
# gitlab_workhorse['consul_service_meta'] = {}

################################################################################
## GitLab User Settings
##! Modify default git user.
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#change-the-name-of-the-git-user-or-group
################################################################################

# user['username'] = "git"
# user['group'] = "git"
# user['uid'] = nil
# user['gid'] = nil

##! The shell for the git user
# user['shell'] = "/bin/sh"

##! The home directory for the git user
# user['home'] = "/var/opt/gitlab"

# user['git_user_name'] = "GitLab"
# user['git_user_email'] = "gitlab@#{node['fqdn']}"

################################################################################
## GitLab Puma
##! Tweak puma settings.
##! Docs: https://docs.gitlab.com/ee/administration/operations/puma.html
################################################################################

# puma['enable'] = true
# puma['ha'] = false
# puma['worker_timeout'] = 60
# puma['worker_processes'] = 2
# puma['min_threads'] = 4
# puma['max_threads'] = 4

### Advanced settings
# puma['listen'] = '127.0.0.1'
# puma['port'] = 8080
# puma['socket'] = '/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# puma['somaxconn'] = 1024

### SSL settings
# puma['ssl_listen'] = nil
# puma['ssl_port'] = nil
# puma['ssl_certificate'] = nil
# puma['ssl_certificate_key'] = nil
# puma['ssl_client_certificate'] = nil
# puma['ssl_cipher_filter'] = nil
# puma['ssl_verify_mode'] = 'none'

# puma['pidfile'] = '/opt/gitlab/var/puma/puma.pid'
# puma['state_path'] = '/opt/gitlab/var/puma/puma.state'

###! **We do not recommend changing this setting**
# puma['log_directory'] = "/var/log/gitlab/puma"

### **Only change these settings if you understand well what they mean**
###! Docs: https://github.com/schneems/puma_worker_killer
# puma['per_worker_max_memory_mb'] = 1024

# puma['exporter_enabled'] = false
# puma['exporter_address'] = "127.0.0.1"
# puma['exporter_port'] = 8083
# puma['exporter_tls_enabled'] = false
# puma['exporter_tls_cert_path'] = ""
# puma['exporter_tls_key_path'] = ""

# puma['prometheus_scrape_scheme'] = 'http'
# puma['prometheus_scrape_tls_server_name'] = 'localhost'
# puma['prometheus_scrape_tls_skip_verification'] = false

##! Service name used to register Puma as a Consul service
# puma['consul_service_name'] = 'rails'
##! Semantic metadata used when registering Puma as a Consul service
# puma['consul_service_meta'] = {}

################################################################################
## GitLab Sidekiq
################################################################################

##! GitLab allows one to start multiple sidekiq processes. These
##! processes can be used to consume a dedicated set of queues. This
##! can be used to ensure certain queues are able to handle additional workload.
##! https://docs.gitlab.com/ee/administration/operations/extra_sidekiq_processes.html

# sidekiq['log_directory'] = "/var/log/gitlab/sidekiq"
# sidekiq['log_format'] = "json"
# sidekiq['shutdown_timeout'] = 4
# sidekiq['interval'] = nil
# sidekiq['max_concurrency'] = 20
# sidekiq['min_concurrency'] = nil

##! GitLab allows route a job to a particular queue determined by an array of ##! routing rules.
##! Each routing rule is a tuple of queue selector query and corresponding queue. By default,
##! the routing rules are not configured (empty array)

# sidekiq['routing_rules'] = []

##! Each entry in the queue_groups array denotes a group of queues that have to be processed by a
##! Sidekiq process. Multiple queues can be processed by the same process by
##! separating them with a comma within the group entry, a `*` will process all queues

# sidekiq['queue_groups'] = ['*']

##! Specifies where Prometheus metrics endpoints should be made available for Sidekiq processes.
# sidekiq['metrics_enabled'] = true
# sidekiq['exporter_log_enabled'] = false
# sidekiq['exporter_tls_enabled'] = false
# sidekiq['exporter_tls_cert_path'] = ""
# sidekiq['exporter_tls_key_path'] = ""
# sidekiq['listen_address'] = "localhost"
# sidekiq['listen_port'] = 8082

##! Specifies where health-check endpoints should be made available for Sidekiq processes.
##! Defaults to the same settings as for Prometheus metrics (see above).
# sidekiq['health_checks_enabled'] = true
# sidekiq['health_checks_listen_address'] = "localhost"
# sidekiq['health_checks_listen_port'] = 8092

##! Service name used to register Sidekiq as a Consul service
# sidekiq['consul_service_name'] = 'sidekiq'
##! Semantic metadata used when registering Sidekiq as a Consul service
# sidekiq['consul_service_meta'] = {}

################################################################################
## gitlab-shell
################################################################################

# gitlab_shell['audit_usernames'] = false
# gitlab_shell['log_level'] = 'INFO'
# gitlab_shell['log_format'] = 'json'
# gitlab_shell['http_settings'] = { user: 'username', password: 'password', ca_file: '/etc/ssl/cert.pem', ca_path: '/etc/pki/tls/certs'}
# gitlab_shell['log_directory'] = "/var/log/gitlab/gitlab-shell/"

# gitlab_shell['auth_file'] = "/var/opt/gitlab/.ssh/authorized_keys"

### Migration to Go feature flags
###! Docs: https://gitlab.com/gitlab-org/gitlab-shell#migration-to-go-feature-flags
# gitlab_shell['migration'] = { enabled: true, features: [] }

### Git trace log file.
###! If set, git commands receive GIT_TRACE* environment variables
###! Docs: https://git-scm.com/book/es/v2/Git-Internals-Environment-Variables#Debugging
###! An absolute path starting with / – the trace output will be appended to
###! that file. It needs to exist so we can check permissions and avoid
###! throwing warnings to the users.
# gitlab_shell['git_trace_log_file'] = "/var/log/gitlab/gitlab-shell/gitlab-shell-git-trace.log"

##! **We do not recommend changing this directory.**
# gitlab_shell['dir'] = "/var/opt/gitlab/gitlab-shell"

################################################################################
## gitlab-sshd
################################################################################

# gitlab_sshd['enable'] = false
# gitlab_sshd['generate_host_keys'] = true
# gitlab_sshd['dir'] = "/var/opt/gitlab/gitlab-sshd"

# gitlab-sshd outputs most logs to /var/log/gitlab/gitlab-shell/gitlab-shell.log.
# This directory only stores stdout/stderr output from the daemon.
# gitlab_sshd['log_directory'] = "/var/log/gitlab/gitlab-sshd/"

# gitlab_sshd['env_directory'] = '/opt/gitlab/etc/gitlab-sshd/env'
# gitlab_sshd['listen_address'] = 'localhost:2222'
# gitlab_sshd['metrics_address'] = 'localhost:9122'
# gitlab_sshd['concurrent_sessions_limit'] = 100
# gitlab_sshd['proxy_protocol'] = false
# gitlab_sshd['proxy_policy'] = 'use'
# gitlab_sshd['proxy_header_timeout'] = '500ms'
# gitlab_sshd['grace_period'] = 55
# gitlab_sshd['client_alive_interval'] = nil
# gitlab_sshd['ciphers'] = nil
# gitlab_sshd['kex_algorithms'] = nil
# gitlab_sshd['macs'] = nil
# gitlab_sshd['login_grace_time'] = 60
# gitlab_sshd['host_keys_dir'] = '/var/opt/gitlab/gitlab-sshd'
# gitlab_sshd['host_keys_glob'] = 'ssh_host_*_key'
# gitlab_sshd['host_certs_dir'] = '/var/opt/gitlab/gitlab-sshd'
# gitlab_sshd['host_certs_glob'] = 'ssh_host_*-cert.pub'

################################################################
## GitLab PostgreSQL
################################################################

###! Changing any of these settings requires a restart of postgresql.
###! By default, reconfigure reloads postgresql if it is running. If you
###! change any of these settings, be sure to run `gitlab-ctl restart postgresql`
###! after reconfigure in order for the changes to take effect.
# postgresql['enable'] = true
# postgresql['listen_address'] = nil
# postgresql['port'] = 5432

## Only used when Patroni is enabled. This is the port that PostgreSQL responds to other
## cluster members. This port is used by Patroni to advertize the PostgreSQL connection
## endpoint to the cluster. By default it is the same as postgresql['port'].
# postgresql['connect_port'] = 5432

##! **recommend value is 1/4 of total RAM, up to 14GB.**
# postgresql['shared_buffers'] = "256MB"

### Advanced settings
# postgresql['ha'] = false
# postgresql['dir'] = "/var/opt/gitlab/postgresql"
# postgresql['log_directory'] = "/var/log/gitlab/postgresql"
# postgresql['log_destination'] = nil
# postgresql['logging_collector'] = nil
# postgresql['log_truncate_on_rotation'] = nil
# postgresql['log_rotation_age'] = nil
# postgresql['log_rotation_size'] = nil
##! 'username' affects the system and PostgreSQL user accounts created during installation and cannot be changed
##! on an existing installation. See https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/3606 for more details.
# postgresql['username'] = "gitlab-psql"
# postgresql['group'] = "gitlab-psql"
##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
# postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# postgresql['uid'] = nil
# postgresql['gid'] = nil
# postgresql['shell'] = "/bin/sh"
# postgresql['home'] = "/var/opt/gitlab/postgresql"
# postgresql['user_path'] = "/opt/gitlab/embedded/bin:/opt/gitlab/bin:$PATH"
# postgresql['sql_user'] = "gitlab"
# postgresql['max_connections'] = 400
# postgresql['md5_auth_cidr_addresses'] = []
# postgresql['trust_auth_cidr_addresses'] = []
# postgresql['wal_buffers'] = "-1"
# postgresql['autovacuum_max_workers'] = "3"
# postgresql['autovacuum_freeze_max_age'] = "200000000"
# postgresql['log_statement'] = nil
# postgresql['track_activity_query_size'] = "1024"
# postgresql['shared_preload_libraries'] = nil
# postgresql['dynamic_shared_memory_type'] = nil
# postgresql['hot_standby'] = "off"

### SSL settings
# See https://www.postgresql.org/docs/12/static/runtime-config-connection.html#GUC-SSL-CERT-FILE for more details
# postgresql['ssl'] = 'on'
# postgresql['hostssl'] = false
# postgresql['ssl_ciphers'] = 'HIGH:MEDIUM:+3DES:!aNULL:!SSLv3:!TLSv1'
# postgresql['ssl_cert_file'] = 'server.crt'
# postgresql['ssl_key_file'] = 'server.key'
# postgresql['ssl_ca_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# postgresql['ssl_crl_file'] = nil
# postgresql['cert_auth_addresses'] = {
#   'ADDRESS' => {
#     database: 'gitlabhq_production',
#     user: 'gitlab'
#   }
# }

### Replication settings
###! Note, some replication settings do not require a full restart. They are documented below.
# postgresql['wal_level'] = "hot_standby"
# postgresql['wal_log_hints'] = 'off'
# postgresql['max_wal_senders'] = 5
# postgresql['max_replication_slots'] = 0
# postgresql['max_locks_per_transaction'] = 128

# Backup/Archive settings
# postgresql['archive_mode'] = "off"

###! Changing any of these settings only requires a reload of postgresql. You do not need to
###! restart postgresql if you change any of these and run reconfigure.
# postgresql['work_mem'] = "16MB"
# postgresql['maintenance_work_mem'] = "16MB"
# postgresql['checkpoint_timeout'] = "5min"
# postgresql['checkpoint_completion_target'] = 0.9
# postgresql['effective_io_concurrency'] = 1
# postgresql['checkpoint_warning'] = "30s"
# postgresql['effective_cache_size'] = "1MB"
# postgresql['shmmax'] =  17179869184 # or 4294967295
# postgresql['shmall'] =  4194304 # or 1048575
# postgresql['autovacuum'] = "on"
# postgresql['log_autovacuum_min_duration'] = "-1"
# postgresql['autovacuum_naptime'] = "1min"
# postgresql['autovacuum_vacuum_threshold'] = "50"
# postgresql['autovacuum_analyze_threshold'] = "50"
# postgresql['autovacuum_vacuum_scale_factor'] = "0.02"
# postgresql['autovacuum_analyze_scale_factor'] = "0.01"
# postgresql['autovacuum_vacuum_cost_delay'] = "20ms"
# postgresql['autovacuum_vacuum_cost_limit'] = "-1"
# postgresql['statement_timeout'] = "60000"
# postgresql['idle_in_transaction_session_timeout'] = "60000"
# postgresql['log_line_prefix'] = "%a"
# postgresql['max_worker_processes'] = 8
# postgresql['max_parallel_workers_per_gather'] = 0
# postgresql['log_lock_waits'] = 1
# postgresql['deadlock_timeout'] = '5s'
# postgresql['track_io_timing'] = 0
# postgresql['default_statistics_target'] = 1000

### Available in PostgreSQL 9.6 and later
# postgresql['min_wal_size'] = "80MB"
# postgresql['max_wal_size'] = "1GB"

# Backup/Archive settings
# postgresql['archive_command'] = nil
# postgresql['archive_timeout'] = "0"

### Replication settings
# postgresql['sql_replication_user'] = "gitlab_replicator"
# postgresql['sql_replication_password'] = "md5 hash of postgresql password" # You can generate with `gitlab-ctl pg-password-md5 <dbuser>`
# postgresql['wal_keep_segments'] = 10
# postgresql['max_standby_archive_delay'] = "30s"
# postgresql['max_standby_streaming_delay'] = "30s"
# postgresql['synchronous_commit'] = on
# postgresql['synchronous_standby_names'] = ''
# postgresql['hot_standby_feedback'] = 'off'
# postgresql['random_page_cost'] = 2.0
# postgresql['log_temp_files'] = -1
# postgresql['log_checkpoints'] = 'off'
# To add custom entries to pg_hba.conf use the following
# postgresql['custom_pg_hba_entries'] = {
#   APPLICATION: [ # APPLICATION should identify what the settings are used for
#     {
#       type: example,
#       database: example,
#       user: example,
#       cidr: example,
#       method: example,
#       option: example
#     }
#   ]
# }
# See https://www.postgresql.org/docs/12/static/auth-pg-hba-conf.html for an explanation
# of the values

### Version settings
# Set this if you have disabled the bundled PostgreSQL but still want to use the backup rake tasks
# postgresql['version'] = 10


##! Automatically restart PostgreSQL service when version changes.
# postgresql['auto_restart_on_version_change'] = true

################################################################################
## GitLab Redis
##! **Can be disabled if you are using your own Redis instance.**
##! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
################################################################################

# redis['enable'] = true
# redis['ha'] = false
# redis['start_down'] = false
# redis['set_replicaof'] = false
# redis['hz'] = 10
# redis['dir'] = "/var/opt/gitlab/redis"
# redis['log_directory'] = "/var/log/gitlab/redis"
# redis['username'] = "gitlab-redis"
# redis['group'] = "gitlab-redis"
# redis['maxclients'] = "10000"
# redis['maxmemory'] = "0"
# redis['maxmemory_policy'] = "noeviction"
# redis['maxmemory_samples'] = "5"
# redis['stop_writes_on_bgsave_error'] = true
# redis['tcp_backlog'] = 511
# redis['tcp_timeout'] = "60"
# redis['tcp_keepalive'] = "300"
# redis['uid'] = nil
# redis['gid'] = nil

### Redis TLS settings
###! To run Redis over TLS, specify values for the following settings
# redis['tls_port'] = nil
# redis['tls_cert_file'] = nil
# redis['tls_key_file'] = nil

###! Other TLS related optional settings
# redis['tls_dh_params_file'] = nil
# redis['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# redis['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# redis['tls_auth_clients'] = 'optional'
# redis['tls_replication'] = nil
# redis['tls_cluster'] = nil
# redis['tls_protocols'] = nil
# redis['tls_ciphers'] = nil
# redis['tls_ciphersuites'] = nil
# redis['tls_prefer_server_ciphers'] = nil
# redis['tls_session_caching'] = nil
# redis['tls_session_cache_size'] = nil
# redis['tls_session_cache_timeout'] = nil

### Disable or obfuscate unnecessary redis command names
### Uncomment and edit this block to add or remove entries.
### See https://docs.gitlab.com/omnibus/settings/redis.html#renamed-commands
### for detailed usage
###
# redis['rename_commands'] = {
#   'KEYS': ''
#}
#

###! **To enable only Redis service in this machine, uncomment
###!   one of the lines below (choose master or replica instance types).**
###! Docs: https://docs.gitlab.com/omnibus/settings/redis.html
###!       https://docs.gitlab.com/ee/administration/high_availability/redis.html
# redis_master_role['enable'] = true
# redis_replica_role['enable'] = true

### Redis TCP support (will disable UNIX socket transport)
# redis['bind'] = '0.0.0.0' # or specify an IP to bind to a single one
# redis['port'] = 6379
# redis['password'] = 'redis-password-goes-here'

### Redis Sentinel support
###! **You need a master replica Redis replication to be able to do failover**
###! **Please read the documentation before enabling it to understand the
###!   caveats:**
###! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html

### Replication support
#### Replica Redis instance
# redis['master'] = false # by default this is true

#### Replica and Sentinel shared configuration
####! **Both need to point to the master Redis instance to get replication and
####!   heartbeat monitoring**
# redis['master_name'] = 'gitlab-redis'
# redis['master_ip'] = nil
# redis['master_port'] = 6379

#### Support to run redis replicas in a Docker or NAT environment
####! Docs: https://redis.io/topics/replication#configuring-replication-in-docker-and-nat
# redis['announce_ip'] = nil
# redis['announce_port'] = nil
# redis['announce_ip_from_hostname'] = false

####! **Master password should have the same value defined in
####!   redis['password'] to enable the instance to transition to/from
####!   master/replica in a failover event.**
# redis['master_password'] = 'redis-password-goes-here'

####! Increase these values when your replicas can't catch up with master
# redis['client_output_buffer_limit_normal'] = '0 0 0'
# redis['client_output_buffer_limit_replica'] = '256mb 64mb 60'
# redis['client_output_buffer_limit_pubsub'] = '32mb 8mb 60'

#####! Redis snapshotting frequency
#####! Set to [] to disable
#####! Set to [''] to clear previously set values
# redis['save'] = [ '900 1', '300 10', '60 10000' ]

#####! Redis lazy freeing
#####! Defaults to false
# redis['lazyfree_lazy_eviction'] = true
# redis['lazyfree_lazy_expire'] = true
# redis['lazyfree_lazy_server_del'] = true
# redis['replica_lazy_flush'] = true

#####! Redis threaded I/O
#####! Defaults to disabled
# redis['io_threads'] = 4
# redis['io_threads_do_reads'] = true

################################################################################
## GitLab Web server
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
################################################################################

##! When bundled nginx is disabled we need to add the external webserver user to
##! the GitLab webserver group.
# web_server['external_users'] = []
# web_server['username'] = 'gitlab-www'
# web_server['group'] = 'gitlab-www'
# web_server['uid'] = nil
# web_server['gid'] = nil
# web_server['shell'] = '/bin/false'
# web_server['home'] = '/var/opt/gitlab/nginx'

################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################

# nginx['enable'] = true
# nginx['client_max_body_size'] = '250m'
# nginx['redirect_http_to_https'] = false
# nginx['redirect_http_to_https_port'] = 80

##! Most root CA's are included by default
# nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"

##! enable/disable 2-way SSL client authentication
# nginx['ssl_verify_client'] = "off"

##! if ssl_verify_client on, verification depth in the client certificates chain
# nginx['ssl_verify_depth'] = "1"

# nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
# nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
# nginx['ssl_ciphers'] = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
# nginx['ssl_prefer_server_ciphers'] = "off"

##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##!                   https://cipherli.st/**
# nginx['ssl_protocols'] = "TLSv1.2 TLSv1.3"

##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_cache'] = "shared:SSL:10m"

##! **Recommended in: https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6**
# nginx['ssl_session_tickets'] = "off"

##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
# nginx['ssl_session_timeout'] = "1d"

# nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
# nginx['ssl_password_file'] = nil # Path to file with passphrases for ssl certificate secret keys
# nginx['listen_addresses'] = ['*', '[::]']

##! **Defaults to forcing web browsers to always communicate using only HTTPS**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
# nginx['hsts_max_age'] = 63072000
# nginx['hsts_include_subdomains'] = false

##! Defaults to stripping path information when making cross-origin requests
# nginx['referrer_policy'] = 'strict-origin-when-cross-origin'

##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
# nginx['gzip_enabled'] = true

##! **Override only if you use a reverse proxy**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
# nginx['listen_port'] = nil

##! **Override only if your reverse proxy internally communicates over HTTP**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
# nginx['listen_https'] = nil

##! **Override only if you use a reverse proxy with proxy protocol enabled**
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#configuring-proxy-protocol
# nginx['proxy_protocol'] = false

# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
# nginx['proxy_read_timeout'] = 3600
# nginx['proxy_connect_timeout'] = 300
# nginx['proxy_set_headers'] = {
#  "Host" => "$http_host_with_default",
#  "X-Real-IP" => "$remote_addr",
#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
#  "X-Forwarded-Proto" => "https",
#  "X-Forwarded-Ssl" => "on",
#  "Upgrade" => "$http_upgrade",
#  "Connection" => "$connection_upgrade"
# }
# nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
# nginx['proxy_cache'] = 'gitlab'
# nginx['proxy_custom_buffer_size'] = '4k'
# nginx['http2_enabled'] = true
# nginx['real_ip_trusted_addresses'] = []
# nginx['real_ip_header'] = nil
# nginx['real_ip_recursive'] = nil
# nginx['custom_error_pages'] = {
#   '404' => {
#     'title' => 'Example title',
#     'header' => 'Example header',
#     'message' => 'Example message'
#   }
# }

### Advanced settings
# nginx['dir'] = "/var/opt/gitlab/nginx"
# nginx['log_directory'] = "/var/log/gitlab/nginx"
# nginx['error_log_level'] = "error"
# nginx['worker_processes'] = 4
# nginx['worker_connections'] = 10240
# nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent" $gzip_ratio'
# nginx['sendfile'] = 'on'
# nginx['tcp_nopush'] = 'on'
# nginx['tcp_nodelay'] = 'on'
# nginx['hide_server_tokens'] = 'off'
# nginx['gzip_http_version'] = "1.0"
# nginx['gzip_comp_level'] = "2"
# nginx['gzip_proxied'] = "any"
# nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "application/json" ]
# nginx['keepalive_timeout'] = 65
# nginx['keepalive_time'] = '1h'
# nginx['cache_max_size'] = '5000m'
# nginx['server_names_hash_bucket_size'] = 64
##! These paths have proxy_request_buffering disabled
# nginx['request_buffering_off_path_regex'] = "/api/v\\d/jobs/\\d+/artifacts$|/import/gitlab_project$|\\.git/git-receive-pack$|\\.git/gitlab-lfs/objects|\\.git/info/lfs/objects/batch$"

### Nginx status
# nginx['status'] = {
#  "enable" => true,
#  "listen_addresses" => ["127.0.0.1"],
#  "fqdn" => "dev.example.com",
#  "port" => 9999,
#  "vts_enable" => true,
#  "options" => {
#    "server_tokens" => "off", # Don't show the version of NGINX
#    "access_log" => "off", # Disable logs for stats
#    "allow" => "127.0.0.1", # Only allow access from localhost
#    "deny" => "all" # Deny access to anyone else
#  }
# }

##! Service name used to register Nginx as a Consul service
# nginx['consul_service_name'] = 'nginx'
##! Semantic metadata used when registering NGINX as a Consul service
# nginx['consul_service_meta'] = {}

################################################################################
## GitLab Logging
##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html
################################################################################

# logging['svlogd_size'] = 200 * 1024 * 1024 # rotate after 200 MB of log data
# logging['svlogd_num'] = 30 # keep 30 rotated log files
# logging['svlogd_timeout'] = 24 * 60 * 60 # rotate after 24 hours
# logging['svlogd_filter'] = "gzip" # compress logs with gzip
# logging['svlogd_udp'] = nil # transmit log messages via UDP
# logging['svlogd_prefix'] = nil # custom prefix for log messages
# logging['logrotate_frequency'] = "daily" # rotate logs daily
# logging['logrotate_maxsize'] = nil # rotate logs when they grow bigger than size bytes even before the specified time interval (daily, weekly, monthly, or yearly)
# logging['logrotate_size'] = nil # do not rotate by size by default
# logging['logrotate_rotate'] = 30 # keep 30 rotated logs
# logging['logrotate_compress'] = "compress" # see 'man logrotate'
# logging['logrotate_method'] = "copytruncate" # see 'man logrotate'
# logging['logrotate_postrotate'] = nil # no postrotate command by default
# logging['logrotate_dateformat'] = nil # use date extensions for rotated files rather than numbers e.g. a value of "-%Y-%m-%d" would give rotated files like production.log-2016-03-09.gz

### UDP log forwarding
##! Docs: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding

##! remote host to ship log messages to via UDP
# logging['udp_log_shipping_host'] = nil

##! override the hostname used when logs are shipped via UDP,
##  by default the system hostname will be used.
# logging['udp_log_shipping_hostname'] = nil

##! remote port to ship log messages to via UDP
# logging['udp_log_shipping_port'] = 514

################################################################################
## Logrotate
##! Docs: https://docs.gitlab.com/omnibus/settings/logs.html#logrotate
##! You can disable built in logrotate feature.
################################################################################
# logrotate['enable'] = true
# logrotate['log_directory'] = "/var/log/gitlab/logrotate"

################################################################################
## Users and groups accounts
##! Disable management of users and groups accounts.
##! **Set only if creating accounts manually**
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-user-and-group-account-management
################################################################################

# manage_accounts['enable'] = true

################################################################################
## Storage directories
##! Disable managing storage directories
##! Docs: https://docs.gitlab.com/omnibus/settings/configuration.html#disable-storage-directories-management
################################################################################

##! **Set only if the select directories are created manually**
# manage_storage_directories['enable'] = false
# manage_storage_directories['manage_etc'] = false

################################################################################
## Runtime directory
##! Docs: https://docs.gitlab.com//omnibus/settings/configuration.html#configuring-runtime-directory
################################################################################

# runtime_dir '/run'

################################################################################
## Git
##! Advanced setting for configuring git system settings for omnibus-gitlab
##! internal git
################################################################################

##! The format of the Omnibus gitconfig is:
##! { "section" => ["subsection = value"] }
##! For example:
##! { "pack" => ["threads = 1"] }
##! For multiple options under one header use array of comma separated values,
##! eg.:
##! { "receive" => ["fsckObjects = true"], "alias" => ["st = status", "co = checkout"] }
# omnibus_gitconfig['system'] = {}

################################################################################
## GitLab Pages
##! Docs: https://docs.gitlab.com/ee/administration/pages/
################################################################################

##! Define to enable GitLab Pages
# pages_external_url "http://pages.example.com/"
# gitlab_pages['enable'] = false

##! Configure to expose GitLab Pages on external IP address, serving the HTTP
# gitlab_pages['external_http'] = []

##! Configure to expose GitLab Pages on external IP address, serving the HTTPS
# gitlab_pages['external_https'] = []

##! Configure to expose GitLab Pages on external IP address, serving the HTTPS over PROXYv2
# gitlab_pages['external_https_proxyv2'] = []

##! Configure cert when using external IP address
# gitlab_pages['cert'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.crt"
# gitlab_pages['cert_key'] = "/etc/gitlab/ssl/#{Gitlab['gitlab_pages']['domain']}.key"

##! Configure to use the default list of cipher suites
# gitlab_pages['insecure_ciphers'] = false

##! Configure to enable health check endpoint on GitLab Pages
# gitlab_pages['status_uri'] = "/@status"

##! Tune the maximum number of concurrent connections GitLab Pages will handle.
##! Default to 0 for unlimited connections.
# gitlab_pages['max_connections'] = 0

##! Configure the maximum length of URIs accepted by GitLab Pages
##! By default is limited for security reasons. Set 0 for unlimited
# gitlab_pages['max_uri_length'] = 1024

##! Setting the propagate_correlation_id to true allows installations behind a reverse proxy
##! generate and set a correlation ID to requests sent to GitLab Pages. If a reverse proxy
##! sets the header value X-Request-ID, the value will be propagated in the request chain.
# gitlab_pages['propagate_correlation_id'] = false

##! Configure to use JSON structured logging in GitLab Pages
# gitlab_pages['log_format'] = "json"

##! Configure verbose logging for GitLab Pages
# gitlab_pages['log_verbose'] = false

##! Error Reporting and Logging with Sentry
# gitlab_pages['sentry_enabled'] = false
# gitlab_pages['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_pages['sentry_environment'] = 'production'

##! Listen for requests forwarded by reverse proxy
# gitlab_pages['listen_proxy'] = "localhost:8090"

# gitlab_pages['redirect_http'] = true
# gitlab_pages['use_http2'] = true
# gitlab_pages['dir'] = "/var/opt/gitlab/gitlab-pages"
# gitlab_pages['log_directory'] = "/var/log/gitlab/gitlab-pages"

# gitlab_pages['artifacts_server'] = true
# gitlab_pages['artifacts_server_url'] = nil # Defaults to external_url + '/api/v4'
# gitlab_pages['artifacts_server_timeout'] = 10

##! Prometheus metrics for Pages docs: https://gitlab.com/gitlab-org/gitlab-pages/#enable-prometheus-metrics
# gitlab_pages['metrics_address'] = ":9235"

##! Specifies the minimum TLS version ("tls1.2" or "tls1.3")
# gitlab_pages['tls_min_version'] = "tls1.2"

##! Specifies the maximum TLS version ("tls1.2" or "tls1.3")
# gitlab_pages['tls_max_version'] = "tls1.3"

##! Pages access control
# gitlab_pages['access_control'] = false
# gitlab_pages['gitlab_id'] = nil # Automatically generated if not present
# gitlab_pages['gitlab_secret'] = nil # Generated if not present
# gitlab_pages['auth_redirect_uri'] = nil # Defaults to projects subdomain of pages_external_url and + '/auth'
# gitlab_pages['gitlab_server'] = nil # Defaults to external_url
# gitlab_pages['internal_gitlab_server'] = nil # Defaults to gitlab_server, can be changed to internal load balancer
# gitlab_pages['auth_secret'] = nil # Generated if not present
# gitlab_pages['auth_scope'] = nil # Defaults to api, can be changed to read_api to increase security
# gitlab_pages['auth_cookie_session_timeout'] = "10m" # Authentication cookie session timeout (truncated to seconds). A zero value means the cookie will be deleted after the browser session ends

##! GitLab Pages Server Shutdown Timeout
##! Duration ("30s" for 30 seconds)
# gitlab_pages['server_shutdown_timeout'] = "30s"

##! GitLab API HTTP client connection timeout
# gitlab_pages['gitlab_client_http_timeout'] = "10s"

##! GitLab API JWT Token expiry time
# gitlab_pages['gitlab_client_jwt_expiry'] = "30s"

##! Advanced settings for API-based configuration for GitLab Pages.
##! The recommended default values are set inside GitLab Pages.
##! Should be changed only if absolutely needed.

##! The maximum time a domain's configuration is stored in the cache.
# gitlab_pages['gitlab_cache_expiry'] = "600s"
##! The interval at which a domain's configuration is set to be due to refresh (default: 60s).
# gitlab_pages['gitlab_cache_refresh'] = "60s"
##! The interval at which expired items are removed from the cache (default: 60s).
# gitlab_pages['gitlab_cache_cleanup'] = "60s"
##! The maximum time to wait for a response from the GitLab API per request.
# gitlab_pages['gitlab_retrieval_timeout'] = "30s"
##! The interval to wait before retrying to resolve a domain's configuration via the GitLab API.
# gitlab_pages['gitlab_retrieval_interval'] = "1s"
##! The maximum number of times to retry to resolve a domain's configuration via the API
# gitlab_pages['gitlab_retrieval_retries'] = 3

##! Define custom gitlab-pages HTTP headers for the whole instance
# gitlab_pages['headers'] = []

##! Shared secret used for authentication between Pages and GitLab
# gitlab_pages['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

##! Advanced settings for serving GitLab Pages from zip archives.
##! The recommended default values are set inside GitLab Pages.
##! Should be changed only if absolutely needed.

##! The maximum time an archive will be cached in memory.
# gitlab_pages['zip_cache_expiration'] = "60s"
##! Zip archive cache cleaning interval.
# gitlab_pages['zip_cache_cleanup'] = "30s"
##! The interval to refresh a cache archive if accessed before expiring.
# gitlab_pages['zip_cache_refresh'] = "30s"
##! The maximum amount of time it takes to open a zip archive from the file system or object storage.
# gitlab_pages['zip_open_timeout'] = "30s"
##! Zip HTTP Client timeout
# gitlab_pages['zip_http_client_timeout'] = "30m"

##! ReadTimeout is the maximum duration for reading the entire request, including the body. A zero or negative value means there will be no timeout.
# gitlab_pages['server_read_timeout'] = "5s"
##! ReadHeaderTimeout is the amount of time allowed to read request headers. A zero or negative value means there will be no timeout.
# gitlab_pages['server_read_header_timeout'] = "1s"
##! WriteTimeout is the maximum duration before timing out writes of the response. A zero or negative value means there will be no timeout.
# gitlab_pages['server_write_timeout'] = "5m"
##! KeepAlive specifies the keep-alive period for network connections accepted by this listener. If zero, keep-alives are enabled if supported by the protocol and operating system. If negative, keep-alives are disabled.
# gitlab_pages['server_keep_alive'] = "15s"

##! Enable serving content from disk instead of Object Storage
# gitlab_pages['enable_disk'] = nil

##! Rate-limiting options below work in report-only mode:
##! they only count rejected requests, but don't reject them
##! enable `FF_ENABLE_RATE_LIMITER=true` environment variable to
##! reject requests.

##! Rate limits as described in https://docs.gitlab.com/ee/administration/pages/#rate-limits

##! Rate limit HTTP requests per second from a single IP, 0 means is disabled
# gitlab_pages['rate_limit_source_ip'] = 50.0
##! Rate limit HTTP requests from a single IP, maximum burst allowed per second
# gitlab_pages['rate_limit_source_ip_burst'] = 600
##! Rate limit HTTP requests per second to a single domain, 0 means is disabled
# gitlab_pages['rate_limit_domain'] = 0
##! Rate limit HTTP requests to a single domain, maximum burst allowed per second
# gitlab_pages['rate_limit_domain_burst'] = 10000

##! Rate limit new TLS connections per second from a single IP, 0 means is disabled
# gitlab_pages['rate_limit_tls_source_ip'] = 50.0
##! Rate limit new TLS connections from a single IP, maximum burst allowed per second
# gitlab_pages['rate_limit_tls_source_ip_burst'] = 600
##!Rate limit new TLS connections per second from to a single domain, 0 means is disabled
# gitlab_pages['rate_limit_tls_domain'] = 0
##! Rate limit new TLS connections to a single domain, maximum burst allowed per second
# gitlab_pages['rate_limit_tls_domain_burst'] = 10000

##! The maximum size of the _redirects file, in bytes
# gitlab_pages['redirects_max_config_size'] = 65536
##! The maximum number of path segments allowed in _redirects rules URLs
# gitlab_pages['redirects_max_path_segments'] = 25
##! The maximum number of rules allowed in _redirects
# gitlab_pages['redirects_max_rule_count'] = 1000

# gitlab_pages['env_directory'] = "/opt/gitlab/etc/gitlab-pages/env"
# gitlab_pages['env'] = {
#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
# }

################################################################################
## GitLab Pages NGINX
################################################################################

# All the settings defined in the "GitLab Nginx" section are also available in
# this "GitLab Pages NGINX" section, using the key `pages_nginx`.  However,
# those settings should be explicitly set. That is, settings given as
# `nginx['some_setting']` WILL NOT be automatically replicated as
# `pages_nginx['some_setting']` and should be set separately.

# Below you can find settings that are exclusive to "GitLab Pages NGINX"
# pages_nginx['enable'] = true

# gitlab_rails['pages_path'] = "/var/opt/gitlab/gitlab-rails/shared/pages"

################################################################################
## GitLab CI
##! Docs: https://docs.gitlab.com/ee/ci/quick_start/
################################################################################

# gitlab_ci['gitlab_ci_all_broken_builds'] = true
# gitlab_ci['gitlab_ci_add_pusher'] = true
# gitlab_ci['builds_directory'] = '/var/opt/gitlab/gitlab-ci/builds'

################################################################################
## GitLab Kubernetes Agent Server
##! Docs: https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent/blob/master/README.md
################################################################################

##! Settings used by the GitLab application
# gitlab_rails['gitlab_kas_enabled'] = true
# gitlab_rails['gitlab_kas_external_url'] = 'ws://gitlab.example.com/-/kubernetes-agent/'
# gitlab_rails['gitlab_kas_internal_url'] = 'grpc://localhost:8153'
# gitlab_rails['gitlab_kas_external_k8s_proxy_url'] = 'https://gitlab.example.com/-/kubernetes-agent/k8s-proxy/'

##! Define to enable GitLab KAS
# gitlab_kas_external_url "ws://gitlab.example.com/-/kubernetes-agent/"
# gitlab_kas['enable'] = true

##! Agent configuration for GitLab KAS
# gitlab_kas['agent_configuration_poll_period'] = 20
# gitlab_kas['agent_gitops_poll_period'] = 20
# gitlab_kas['agent_gitops_project_info_cache_ttl'] = 300
# gitlab_kas['agent_gitops_project_info_cache_error_ttl'] = 60
# gitlab_kas['agent_info_cache_ttl'] = 300
# gitlab_kas['agent_info_cache_error_ttl'] = 60

##! Shared secret used for authentication between KAS and GitLab
# gitlab_kas['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

##! Shared secret used for authentication between different KAS instances in a multi-node setup
# gitlab_kas['private_api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

##! Listen configuration for GitLab KAS
# gitlab_kas['listen_address'] = 'localhost:8150'
# gitlab_kas['listen_network'] = 'tcp'
# gitlab_kas['listen_websocket'] = true
# gitlab_kas['certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['key_file'] = "/path/to/key.pem"
# gitlab_kas['observability_listen_network'] = 'tcp'
# gitlab_kas['observability_listen_address'] = 'localhost:8151'
# gitlab_kas['internal_api_listen_network'] = 'tcp'
# gitlab_kas['internal_api_listen_address'] = 'localhost:8153'
# gitlab_kas['internal_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['internal_api_key_file'] = "/path/to/key.pem"
# gitlab_kas['kubernetes_api_listen_address'] = 'localhost:8154'
# gitlab_kas['kubernetes_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['kubernetes_api_key_file'] = "/path/to/key.pem"
# gitlab_kas['private_api_listen_network'] = 'tcp'
# gitlab_kas['private_api_listen_address'] = 'localhost:8155'
# gitlab_kas['private_api_certificate_file'] = "/path/to/certificate.pem"
# gitlab_kas['private_api_key_file'] = "/path/to/key.pem"

##! Metrics configuration for GitLab KAS
# gitlab_kas['metrics_usage_reporting_period'] = 60

##! Log configuration for GitLab KAS
# gitlab_kas['log_level'] = 'info'

##! Environment variables for GitLab KAS
# gitlab_kas['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
#   # In a multi-node setup, this address MUST be reachable from other KAS instances. In a single-node setup, it can be on localhost for simplicity
#   'OWN_PRIVATE_API_URL' => 'grpc://localhost:8155'
# }

##! Error Reporting and Logging with Sentry
# gitlab_kas['sentry_dsn'] = 'https://<key>@sentry.io/<project>'
# gitlab_kas['sentry_environment'] = 'production'

##! Directories for GitLab KAS
# gitlab_kas['dir'] = '/var/opt/gitlab/gitlab-kas'
# gitlab_kas['log_directory'] = '/var/log/gitlab/gitlab-kas'
# gitlab_kas['env_directory'] = '/opt/gitlab/etc/gitlab-kas/env'

################################################################################
## GitLab Suggested Reviewers (EE Only)
##! Docs: https://docs.gitlab.com/ee/user/project/merge_requests/reviews/#suggested-reviewers
################################################################################

##! Shared secret used for authentication between Suggested Reviewers and GitLab
# suggested_reviewers['api_secret_key'] = nil # Will be generated if not set. Base64 encoded and exactly 32 bytes long.

################################################################################
## GitLab Mattermost
##! Docs: https://docs.gitlab.com/omnibus/gitlab-mattermost
################################################################################

# mattermost_external_url 'http://mattermost.example.com'

# mattermost['enable'] = false
# mattermost['username'] = 'mattermost'
# mattermost['group'] = 'mattermost'
# mattermost['uid'] = nil
# mattermost['gid'] = nil
# mattermost['home'] = '/var/opt/gitlab/mattermost'
# mattermost['database_name'] = 'mattermost_production'
# mattermost['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# mattermost['service_address'] = "127.0.0.1"
# mattermost['service_port'] = "8065"
# mattermost['service_site_url'] = nil
# mattermost['service_allowed_untrusted_internal_connections'] = ""
# mattermost['service_enable_api_team_deletion'] = true
# mattermost['team_site_name'] = "GitLab Mattermost"
# mattermost['sql_driver_name'] = 'mysql'
# mattermost['sql_data_source'] = "mmuser:mostest@tcp(dockerhost:3306)/mattermost_test?charset=utf8mb4,utf8"
# mattermost['log_file_directory'] = '/var/log/gitlab/mattermost/'
# mattermost['gitlab_enable'] = false
# mattermost['gitlab_id'] = "12345656"
# mattermost['gitlab_secret'] = "123456789"
# mattermost['gitlab_scope'] = ""
# mattermost['gitlab_auth_endpoint'] = "http://gitlab.example.com/oauth/authorize"
# mattermost['gitlab_token_endpoint'] = "http://gitlab.example.com/oauth/token"
# mattermost['gitlab_user_api_endpoint'] = "http://gitlab.example.com/api/v4/user"
# mattermost['file_directory'] = "/var/opt/gitlab/mattermost/data"
# mattermost['plugin_directory'] = "/var/opt/gitlab/mattermost/plugins"
# mattermost['plugin_client_directory'] = "/var/opt/gitlab/mattermost/client-plugins"

################################################################################
## Mattermost NGINX
################################################################################

# All the settings defined in the "GitLab Nginx" section are also available in
# this "Mattermost NGINX" section, using the key `mattermost_nginx`.  However,
# those settings should be explicitly set. That is, settings given as
# `nginx['some_setting']` WILL NOT be automatically replicated as
# `mattermost_nginx['some_setting']` and should be set separately.

# Below you can find settings that are exclusive to "Mattermost NGINX"
# mattermost_nginx['enable'] = false

# mattermost_nginx['custom_gitlab_mattermost_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
# mattermost_nginx['proxy_set_headers'] = {
#   "Host" => "$http_host",
#   "X-Real-IP" => "$remote_addr",
#   "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
#   "X-Frame-Options" => "SAMEORIGIN",
#   "X-Forwarded-Proto" => "https",
#   "X-Forwarded-Ssl" => "on",
#   "Upgrade" => "$http_upgrade",
#   "Connection" => "$connection_upgrade"
# }


################################################################################
## Registry NGINX
################################################################################

# All the settings defined in the "GitLab Nginx" section are also available in
# this "Registry NGINX" section, using the key `registry_nginx`.  However, those
# settings should be explicitly set. That is, settings given as
# `nginx['some_setting']` WILL NOT be automatically replicated as
# `registry_nginx['some_setting']` and should be set separately.

# Below you can find settings that are exclusive to "Registry NGINX"
# registry_nginx['enable'] = false

# registry_nginx['proxy_set_headers'] = {
#  "Host" => "$http_host",
#  "X-Real-IP" => "$remote_addr",
#  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
#  "X-Forwarded-Proto" => "https",
#  "X-Forwarded-Ssl" => "on"
# }

# When the registry is automatically enabled using the same domain as `external_url`,
# it listens on this port
# registry_nginx['listen_port'] = 5050

################################################################################
## Prometheus
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/
################################################################################

###! **To enable only Monitoring service in this machine, uncomment
###!   the line below.**
###! Docs: https://docs.gitlab.com/ee/administration/high_availability
# monitoring_role['enable'] = true

# prometheus['enable'] = true
# prometheus['monitor_kubernetes'] = true
# prometheus['username'] = 'gitlab-prometheus'
# prometheus['group'] = 'gitlab-prometheus'
# prometheus['uid'] = nil
# prometheus['gid'] = nil
# prometheus['shell'] = '/bin/sh'
# prometheus['home'] = '/var/opt/gitlab/prometheus'
# prometheus['log_directory'] = '/var/log/gitlab/prometheus'
# prometheus['rules_files'] = ['/var/opt/gitlab/prometheus/rules/*.rules']
# prometheus['scrape_interval'] = 15
# prometheus['scrape_timeout'] = 15
# prometheus['external_labels'] = { }
# prometheus['env_directory'] = '/opt/gitlab/etc/prometheus/env'
# prometheus['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
#
### Custom scrape configs
#
# Prometheus can scrape additional jobs via scrape_configs.  The default automatically
# includes all of the exporters supported by the omnibus config.
#
# See: https://prometheus.io/docs/operating/configuration/#<scrape_config>
#
# Example:
#
# prometheus['scrape_configs'] = [
#   {
#     'job_name': 'example',
#     'static_configs' => [
#       'targets' => ['hostname:port'],
#     ],
#   },
# ]
#
### Custom alertmanager config
#
# To configure external alertmanagers, create an alertmanager config.
#
# See: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alertmanager_config
#
# prometheus['alertmanagers'] = [
#   {
#     'static_configs' => [
#       {
#         'targets' => [
#           'hostname:port'
#         ]
#       }
#     ]
#   }
# ]
#
### Custom Prometheus flags
#
# prometheus['flags'] = {
#   'storage.tsdb.path' => "/var/opt/gitlab/prometheus/data",
#   'storage.tsdb.retention.time' => "15d",
#   'config.file' => "/var/opt/gitlab/prometheus/prometheus.yml"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# prometheus['listen_address'] = 'localhost:9090'
#

##! Service name used to register Prometheus as a Consul service
# prometheus['consul_service_name'] = 'prometheus'
##! Semantic metadata used when registering Prometheus as a Consul service
# prometheus['consul_service_meta'] = {}

################################################################################
###! **Only needed if Prometheus and Rails are not on the same server.**
### For example, in a multi-node architecture, Prometheus will be installed on the monitoring node, while Rails will be on the Rails node.
### https://docs.gitlab.com/ee/administration/monitoring/prometheus/index.html#using-an-external-prometheus-server
### This value should be the address at which Prometheus is available to a GitLab Rails(Puma, Sidekiq) node.
################################################################################
# gitlab_rails['prometheus_address'] = 'your.prom:9090'

################################################################################
## Prometheus Alertmanager
################################################################################

# alertmanager['enable'] = true
# alertmanager['home'] = '/var/opt/gitlab/alertmanager'
# alertmanager['log_directory'] = '/var/log/gitlab/alertmanager'
# alertmanager['admin_email'] = 'admin@example.com'
# alertmanager['flags'] = {
#   'web.listen-address' => "localhost:9093",
#   'storage.path' => "/var/opt/gitlab/alertmanager/data",
#   'config.file' => "/var/opt/gitlab/alertmanager/alertmanager.yml"
# }
# alertmanager['env_directory'] = '/opt/gitlab/etc/alertmanager/env'
# alertmanager['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# alertmanager['listen_address'] = 'localhost:9093'
# alertmanager['global'] = {}

################################################################################
## Prometheus Node Exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/node_exporter.html
################################################################################

# node_exporter['enable'] = true
# node_exporter['home'] = '/var/opt/gitlab/node-exporter'
# node_exporter['log_directory'] = '/var/log/gitlab/node-exporter'
# node_exporter['flags'] = {
#   'collector.textfile.directory' => "/var/opt/gitlab/node-exporter/textfile_collector"
# }
# node_exporter['env_directory'] = '/opt/gitlab/etc/node-exporter/env'
# node_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# node_exporter['listen_address'] = 'localhost:9100'

##! Service name used to register Node Exporter as a Consul service
# node_exporter['consul_service_name'] = 'node-exporter'
##! Semantic metadata used when registering Node Exporter as a Consul service
# node_exporter['consul_service_meta'] = {}

################################################################################
## Prometheus Redis exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/redis_exporter.html
################################################################################

# redis_exporter['enable'] = true
# redis_exporter['log_directory'] = '/var/log/gitlab/redis-exporter'
# redis_exporter['flags'] = {
#   'redis.addr' => "unix:///var/opt/gitlab/redis/redis.socket",
# }
# redis_exporter['env_directory'] = '/opt/gitlab/etc/redis-exporter/env'
# redis_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

##! Advanced settings. Should be changed only if absolutely needed.
# redis_exporter['listen_address'] = 'localhost:9121'

##! Service name used to register Redis Exporter as a Consul service
# redis_exporter['consul_service_name'] = 'redis-exporter'
##! Semantic metadata used when registering Redis Exporter as a Consul service
# redis_exporter['consul_service_meta'] = {}

################################################################################
## Prometheus Postgres exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/postgres_exporter.html
################################################################################

# postgres_exporter['enable'] = true
# postgres_exporter['home'] = '/var/opt/gitlab/postgres-exporter'
# postgres_exporter['log_directory'] = '/var/log/gitlab/postgres-exporter'
# postgres_exporter['flags'] = {}
# postgres_exporter['listen_address'] = 'localhost:9187'
# postgres_exporter['env_directory'] = '/opt/gitlab/etc/postgres-exporter/env'
# postgres_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# postgres_exporter['sslmode'] = nil
# postgres_exporter['per_table_stats'] = false

##! Service name used to register Postgres Exporter as a Consul service
# postgres_exporter['consul_service_name'] = 'postgres-exporter'
##! Semantic metadata used when registering Postgres Exporter as a Consul service
# postgres_exporter['consul_service_meta'] = {}

################################################################################
## Prometheus PgBouncer exporter (EE only)
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/pgbouncer_exporter.html
################################################################################

# pgbouncer_exporter['enable'] = false
# pgbouncer_exporter['log_directory'] = "/var/log/gitlab/pgbouncer-exporter"
# pgbouncer_exporter['listen_address'] = 'localhost:9188'
# pgbouncer_exporter['env_directory'] = '/opt/gitlab/etc/pgbouncer-exporter/env'
# pgbouncer_exporter['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }

################################################################################
## Prometheus Gitlab exporter
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/gitlab_exporter.html
################################################################################


# gitlab_exporter['enable'] = true
# gitlab_exporter['log_directory'] = "/var/log/gitlab/gitlab-exporter"
# gitlab_exporter['home'] = "/var/opt/gitlab/gitlab-exporter"

##! Advanced settings. Should be changed only if absolutely needed.
# gitlab_exporter['server_name'] = 'webrick'
# gitlab_exporter['listen_address'] = 'localhost'
# gitlab_exporter['listen_port'] = '9168'

##! TLS settings.
# gitlab_exporter['tls_enabled'] = false
# gitlab_exporter['tls_cert_path'] = '/etc/gitlab/ssl/gitlab-exporter.crt'
# gitlab_exporter['tls_key_path'] = '/etc/gitlab/ssl/gitlab-exporter.key'

##! Prometheus scrape related configs
# gitlab_exporter['prometheus_scrape_scheme'] = 'http'
# gitlab_exporter['prometheus_scrape_tls_server_name'] = 'localhost'
# gitlab_exporter['prometheus_scrape_tls_skip_verification'] = false

##! Manage gitlab-exporter sidekiq probes. false by default when Sentinels are
##! found.
# gitlab_exporter['probe_sidekiq'] = true

##! Manage gitlab-exporter elasticsearch probes. Add authorization header if security
##! is enabled.
# gitlab_exporter['probe_elasticsearch'] = false
# gitlab_exporter['elasticsearch_url'] = 'http://localhost:9200'
# gitlab_exporter['elasticsearch_authorization'] = 'Basic <yourbase64encodedcredentials>'

##! Service name used to register GitLab Exporter as a Consul service
# gitlab_exporter['consul_service_name'] = 'gitlab-exporter'
##! Semantic metadata used when registering GitLab Exporter as a Consul service
# gitlab_exporter['consul_service_meta'] = {}

# To completely disable prometheus, and all of it's exporters, set to false
# prometheus_monitoring['enable'] = true

################################################################################
## Grafana Dashboards
##! Docs: https://docs.gitlab.com/ee/administration/monitoring/prometheus/#prometheus-as-a-grafana-data-source
################################################################################

# grafana['enable'] = false
# grafana['log_directory'] = '/var/log/gitlab/grafana'
# grafana['home'] = '/var/opt/gitlab/grafana'
# grafana['admin_password'] = 'admin'
# grafana['allow_user_sign_up'] = false
# grafana['basic_auth_enabled'] = false
# grafana['disable_login_form'] = true
# grafana['gitlab_application_id'] = 'GITLAB_APPLICATION_ID'
# grafana['gitlab_secret'] = 'GITLAB_SECRET'
# grafana['env_directory'] = '/opt/gitlab/etc/grafana/env'
# grafana['allowed_groups'] = []
# grafana['gitlab_auth_sign_up'] = true
# grafana['env'] = {
#   'SSL_CERT_DIR' => "#{node['package']['install-dir']}/embedded/ssl/certs/"
# }
# grafana['metrics_enabled'] = false
# grafana['metrics_basic_auth_username'] = 'grafana_metrics' # default: nil
# grafana['metrics_basic_auth_password'] = 'please_set_a_unique_password' # default: nil
# grafana['alerting_enabled'] = false

### SMTP Configuration
#
# See: http://docs.grafana.org/administration/configuration/#smtp
#
# grafana['smtp'] = {
#   'enabled' => true,
#   'host' => 'localhost:25',
#   'user' => nil,
#   'password' => nil,
#   'cert_file' => nil,
#   'key_file' => nil,
#   'skip_verify' => false,
#   'from_address' => 'admin@grafana.localhost',
#   'from_name' => 'Grafana',
#   'ehlo_identity' => 'dashboard.example.com',
#   'startTLS_policy' => nil
# }

# Grafana usage reporting defaults to gitlab_rails['usage_ping_enabled']
# grafana['reporting_enabled'] = true

### Dashboards
#
# See: http://docs.grafana.org/administration/provisioning/#dashboards
#
# NOTE: Setting this will override the default.
#
# grafana['dashboards'] = [
#   {
#     'name' => 'GitLab Omnibus',
#     'orgId' => 1,
#     'folder' => 'GitLab Omnibus',
#     'type' => 'file',
#     'disableDeletion' => true,
#     'updateIntervalSeconds' => 600,
#     'options' => {
#       'path' => '/opt/gitlab/embedded/service/grafana-dashboards',
#     }
#   }
# ]

### Datasources
#
# See: http://docs.grafana.org/administration/provisioning/#example-datasource-config-file
#
# NOTE: Setting this will override the default.
#
# grafana['datasources'] = [
#   {
#     'name' => 'GitLab Omnibus',
#     'type' => 'prometheus',
#     'access' => 'proxy',
#     'url' => 'http://localhost:9090'
#   }
# ]

##! Advanced settings. Should be changed only if absolutely needed.
# grafana['http_addr'] = 'localhost'
# grafana['http_port'] = 3000

################################################################################
## Gitaly
##! Docs: https://docs.gitlab.com/ee/administration/gitaly/configure_gitaly.html
################################################################################

# The gitaly['enable'] option exists for the purpose of cluster
# deployments, see https://docs.gitlab.com/ee/administration/gitaly/index.html .
# gitaly['enable'] = true
# gitaly['dir'] = "/var/opt/gitlab/gitaly"
# gitaly['log_directory'] = "/var/log/gitlab/gitaly"
# gitaly['bin_path'] = "/opt/gitlab/embedded/bin/gitaly"
# gitaly['env_directory'] = "/opt/gitlab/etc/gitaly/env"
# gitaly['env'] = {
#  'PATH' => "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/bin:/usr/bin",
#  'HOME' => '/var/opt/gitlab',
#  'TZ' => ':/etc/localtime',
#  'PYTHONPATH' => "/opt/gitlab/embedded/lib/python3.9/site-packages",
#  'ICU_DATA' => "/opt/gitlab/embedded/share/icu/current",
#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
#  'WRAPPER_JSON_LOGGING' => true
# }

# gitaly['open_files_ulimit'] = 15000 # Maximum number of open files allowed for the gitaly process
##! Service name used to register Gitaly as a Consul service
# gitaly['consul_service_name'] = 'gitaly'
##! Semantic metadata used when registering Gitaly as a Consul service
# gitaly['consul_service_meta'] = {}
# gitaly['configuration'] = {
#   socket_path: '/var/opt/gitlab/gitaly/gitaly.socket',
#   runtime_dir: '/var/opt/gitlab/gitaly/run',
#   listen_addr: 'localhost:8075',
#   prometheus_listen_addr: 'localhost:9236',
#   tls_listen_addr: 'localhost:9075',
#   tls: {
#     certificate_path: '/var/opt/gitlab/gitaly/certificate.pem',
#     key_path: '/var/opt/gitlab/gitaly/key.pem',
#   },
#   graceful_restart_timeout: '1m', # Grace time for a gitaly process to finish ongoing requests
#   logging: {
#     level: 'warn',
#     format: 'json',
#     sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
#     ruby_sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
#     sentry_environment: 'production',
#   },
#   prometheus: {
#     grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
#   },
#   auth: {
#     token: '<secret>',
#     transitioning: false, # When true, auth is logged to Prometheus but NOT enforced
#   },
#   git: {
#     catfile_cache_size: 100, # Number of 'git cat-file' processes kept around for re-use
#     bin_path: '/opt/gitlab/embedded/bin/git', # A custom path for the 'git' executable
#     use_bundled_binaries: true, # Whether to use bundled Git.
#     signing_key: '/var/opt/gitlab/gitaly/signing_key.gpg',
#     ## Gitaly knows to set up the required default configuration for spawned Git
#     ## commands automatically. It should thus not be required to configure anything
#     ## here, except in very special situations where you must e.g. tweak specific
#     ## performance-related settings or enable debugging facilities. It is not safe in
#     ## general to set Git configuration that may change Git output in ways that are
#     ## unexpected by Gitaly.
#     config: [
#       { key: 'pack.threads', value: '4' },
#       { key: 'http.http://example.com.proxy', value: 'http://example.proxy.com' },
#     ],
#   },
#   'gitaly-ruby': {
#     max_rss: 300000000, # RSS threshold in bytes for triggering a gitaly-ruby restart
#     graceful_restart_timeout: '10m', # Grace time for a gitaly-ruby process to finish ongoing requests
#     restart_delay: '5m', # Period of sustained high RSS that needs to be observed before restarting gitaly-ruby
#     num_workers: 3, # Number of gitaly-ruby worker processes. Minimum 2, default 2.
#   },
#   hooks: {
#     custom_hooks_dir: '/var/opt/gitlab/gitaly/custom_hooks',
#   },
#   daily_maintenance: {
#     disabled: false,
#     start_hour: 22,
#     start_minute: 30,
#     duration: '30m',
#     storages: ['default'],
#   },
#   cgroups: {
#     mountpoint: '/sys/fs/cgroup',
#     hierarchy_root: 'gitaly',
#     memory_bytes: 1048576,
#     cpu_shares: 512,
#     cpu_quota_us: 400000
#     repositories: {
#       count: 1000,
#       memory_bytes: 12884901888,
#       cpu_shares: 128,
#       cpu_quota_us: 200000
#     },
#   },
#   concurrency: [
#     {
#       rpc: '/gitaly.SmartHTTPService/PostReceivePack',
#       max_per_repo: 20,
#     },
#     {
#       rpc: '/gitaly.SSHService/SSHUploadPack',
#       max_per_repo: 5,
#     },
#   ],
#   rate_limiting: [
#     {
#       rpc: '/gitaly.SmartHTTPService/PostReceivePack',
#       interval: '1m',
#       burst: 10,
#     },
#     {
#       rpc: '/gitaly.SSHService/SSHUploadPack',
#       interval: '1m',
#       burst: 5,
#     },
#   ],
#   pack_objects_cache: {
#     enabled: true,
#     dir: '/var/opt/gitlab/git-data/repositories/+gitaly/PackObjectsCache',
#     max_age: '5m',
#   },
# }

################################################################################
## Praefect
##! Docs: https://docs.gitlab.com/ee/administration/gitaly/praefect.html
################################################################################

# praefect['enable'] = false
# praefect['dir'] = "/var/opt/gitlab/praefect"
# praefect['log_directory'] = "/var/log/gitlab/praefect"
# praefect['env_directory'] = "/opt/gitlab/etc/praefect/env"
# praefect['env'] = {
#  'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/",
#  'GITALY_PID_FILE' => "/var/opt/gitlab/praefect/praefect.pid",
#  'WRAPPER_JSON_LOGGING' => true
# }
# praefect['wrapper_path'] = "/opt/gitlab/embedded/bin/gitaly-wrapper"
# praefect['auto_migrate'] = true
##! Service name used to register Praefect as a Consul service
# praefect['consul_service_name'] = 'praefect'
##! Semantic metadata used when registering Praefect as a Consul service
# praefect['consul_service_meta'] = {}
# praefect['configuration'] = {
#   listen_addr: 'localhost:2305',
#   prometheus_listen_addr: 'localhost:9652',
#   tls_listen_addr: 'localhost:3305',
#   auth: {
#     token: '',
#     transitioning: false,
#   },
#   logging: {
#     format: 'json',
#     level: 'warn',
#   },
#   failover: {
#     enabled: true,
#   },
#   background_verification: {
#     delete_invalid_records: false,
#     verification_interval: '72h',
#   },
#   reconciliation: {
#     scheduling_interval: '5m',
#     histogram_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0],
#   },
#   tls: {
#     certificate_path: '/var/opt/gitlab/prafect/certificate.pem',
#     key_path: '/var/opt/gitlab/prafect/key.pem',
#   },
#   database: {
#     host: 'postgres.external',
#     port: 6432,
#     user: 'praefect',
#     password: 'secret',
#     dbname: 'praefect_production',
#     sslmode: 'disable',
#     sslcert: '/path/to/client-cert',
#     sslkey: '/path/to/client-key',
#     sslrootcert: '/path/to/rootcert',
#     session_pooled: {
#       host: 'postgres.internal',
#       port: 5432,
#       user: 'praefect',
#       password: 'secret',
#       dbname: 'praefect_production_direct',
#       sslmode: 'disable',
#       sslcert: '/path/to/client-cert',
#       sslkey: '/path/to/client-key',
#       sslrootcert: '/path/to/rootcert',
#     },
#   },
#   sentry: {
#     sentry_dsn: 'https://<key>:<secret>@sentry.io/<project>',
#     sentry_environment: 'production',
#   },
#   prometheus: {
#     grpc_latency_buckets: [0.001, 0.005, 0.025, 0.1, 0.5, 1.0, 10.0, 30.0, 60.0, 300.0, 1500.0],
#   },
#   graceful_stop_timeout: '1m',
#   virtual_storage: [
#     {
#       name: 'default',
#       default_replication_factor: 3,
#       node: [
#         {
#           storage: 'praefect-internal-0',
#           address: 'tcp://10.23.56.78:8075',
#           token: 'abc123',
#         },
#         {
#           storage: 'praefect-internal-1',
#           address: 'tcp://10.76.23.31:8075',
#           token: 'xyz456',
#         },
#       ],
#   	},
#     {
#       name: 'alternative',
#       node: [
#         {
#           storage: 'praefect-internal-2',
#           address: 'tcp://10.34.1.16:8075',
#           token: 'abc321',
#         },
#         {
#           storage: 'praefect-internal-3',
#           address: 'tcp://10.23.18.6:8075',
#           token: 'xyz890',
#         },
#       ],
#     },
#   ],
# }

################################################################################
# Storage check
################################################################################
# storage_check['enable'] = false
# storage_check['target'] = 'unix:///var/opt/gitlab/gitlab-rails/sockets/gitlab.socket'
# storage_check['log_directory'] = '/var/log/gitlab/storage-check'

################################################################################
# Let's Encrypt integration
################################################################################
# letsencrypt['enable'] = nil
# letsencrypt['contact_emails'] = [] # This should be an array of email addresses to add as contacts
# letsencrypt['group'] = 'root'
# letsencrypt['key_size'] = 2048
# letsencrypt['owner'] = 'root'
# letsencrypt['wwwroot'] = '/var/opt/gitlab/nginx/www'
# See http://docs.gitlab.com/omnibus/settings/ssl.html#automatic-renewal for more on these sesttings
# letsencrypt['auto_renew'] = true
# letsencrypt['auto_renew_hour'] = 0
# letsencrypt['auto_renew_minute'] = nil # Should be a number or cron expression, if specified.
# letsencrypt['auto_renew_day_of_month'] = "*/4"
# letsencrypt['auto_renew_log_directory'] = '/var/log/gitlab/lets-encrypt'

##! Turn off automatic init system detection. To skip init detection in
##! non-docker containers. Recommended not to change.
# package['detect_init'] = true

##! Attempt to modify kernel paramaters. To skip this in containers where the
##! relevant file system is read-only, set the value to false.
# package['modify_kernel_parameters'] = true

##! Specify maximum number of tasks that can be created by the systemd unit
##! Will be populated as TasksMax value to the unit file if user is on a systemd
##! version that supports it (>= 227). Will be a no-op if user is not on systemd.
# package['systemd_tasks_max'] = 4915

##! Settings to configure order of GitLab's systemd unit.
##! Note: We do not recommend changing these values unless absolutely necessary
# package['systemd_after'] = 'multi-user.target'
# package['systemd_wanted_by'] = 'multi-user.target'
################################################################################
################################################################################
##                  Configuration Settings for GitLab EE only                 ##
################################################################################
################################################################################


################################################################################
## Auxiliary cron jobs applicable to GitLab EE only
################################################################################
#
# gitlab_rails['geo_repository_sync_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_secondary_registry_consistency_worker'] = "* * * * *"
# gitlab_rails['geo_secondary_usage_data_cron_worker'] = "0 0 * * 0"
# gitlab_rails['geo_prune_event_log_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_repository_verification_primary_batch_worker_cron'] = "*/5 * * * *"
# gitlab_rails['geo_repository_verification_secondary_scheduler_worker_cron'] = "*/5 * * * *"
# gitlab_rails['ldap_sync_worker_cron'] = "30 1 * * *"
# gitlab_rails['ldap_group_sync_worker_cron'] = "0 * * * *"
# gitlab_rails['historical_data_worker_cron'] = "0 12 * * *"
# gitlab_rails['elastic_index_bulk_cron'] = "*/1 * * * *"
# gitlab_rails['analytics_devops_adoption_create_all_snapshots_worker_cron'] = "0 4 * * 0"
# gitlab_rails['ci_runners_stale_group_runners_prune_worker_cron'] = "30 * * * *"

################################################################################
## Kerberos (EE Only)
##! Docs: https://docs.gitlab.com/ee/integration/kerberos.html#http-git-access
################################################################################

# gitlab_rails['kerberos_enabled'] = true
# gitlab_rails['kerberos_keytab'] = /etc/http.keytab
# gitlab_rails['kerberos_service_principal_name'] = HTTP/gitlab.example.com@EXAMPLE.COM
# gitlab_rails['kerberos_simple_ldap_linking_allowed_realms'] = ['example.com','kerberos.example.com']
# gitlab_rails['kerberos_use_dedicated_port'] = true
# gitlab_rails['kerberos_port'] = 8443
# gitlab_rails['kerberos_https'] = true

################################################################################
## Package repository
##! Docs: https://docs.gitlab.com/ee/administration/packages/
################################################################################

# gitlab_rails['packages_enabled'] = true
# gitlab_rails['packages_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/packages"
# gitlab_rails['packages_object_store_enabled'] = false
# gitlab_rails['packages_object_store_proxy_download'] = false
# gitlab_rails['packages_object_store_remote_directory'] = "packages"
# gitlab_rails['packages_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

################################################################################
## Dependency proxy
##! Docs: https://docs.gitlab.com/ee/administration/packages/dependency_proxy.html
################################################################################

# gitlab_rails['dependency_proxy_enabled'] = true
# gitlab_rails['dependency_proxy_storage_path'] = "/var/opt/gitlab/gitlab-rails/shared/dependency_proxy"
# gitlab_rails['dependency_proxy_object_store_enabled'] = false
# gitlab_rails['dependency_proxy_object_store_proxy_download'] = false
# gitlab_rails['dependency_proxy_object_store_remote_directory'] = "dependency_proxy"
# gitlab_rails['dependency_proxy_object_store_connection'] = {
#   'provider' => 'AWS',
#   'region' => 'eu-west-1',
#   'aws_access_key_id' => 'AWS_ACCESS_KEY_ID',
#   'aws_secret_access_key' => 'AWS_SECRET_ACCESS_KEY',
#   # # The below options configure an S3 compatible host instead of AWS
#   # 'host' => 's3.amazonaws.com',
#   # 'aws_signature_version' => 4, # For creation of signed URLs. Set to 2 if provider does not support v4.
#   # 'endpoint' => 'https://s3.amazonaws.com', # default: nil - Useful for S3 compliant services such as DigitalOcean Spaces
#   # 'path_style' => false # Use 'host/bucket_name/object' instead of 'bucket_name.host/object'
# }

################################################################################
## GitLab Sentinel (EE Only)
##! Docs: http://docs.gitlab.com/ce/administration/high_availability/redis.html#high-availability-with-sentinel
################################################################################

##! **Make sure you configured all redis['master_*'] keys above before
##!   continuing.**

##! To enable Sentinel and disable all other services in this machine,
##! uncomment the line below (if you've enabled Redis role, it will keep it).
##! Docs: https://docs.gitlab.com/ee/administration/high_availability/redis.html
# redis_sentinel_role['enable'] = true

# sentinel['enable'] = true

##! Bind to all interfaces, uncomment to specify an IP and bind to a single one
# sentinel['bind'] = '0.0.0.0'

##! Uncomment to change default port
# sentinel['port'] = 26379

#### Support to run sentinels in a Docker or NAT environment
#####! Docs: https://redis.io/topics/sentinel#sentinel-docker-nat-and-possible-issues
# In an standard case, Sentinel will run in the same network service as Redis, so the same IP will be announce for Redis and Sentinel
# Only define these values if it is needed to announce for Sentinel a differen IP service than Redis
# sentinel['announce_ip'] = nil # If not defined, its value will be taken from redis['announce_ip'] or nil if not present
# sentinel['announce_port'] = nil # If not defined, its value will be taken from sentinel['port'] or nil if redis['announce_ip'] not present

##! Quorum must reflect the amount of voting sentinels it take to start a
##! failover.
##! **Value must NOT be greater then the amount of sentinels.**
##! The quorum can be used to tune Sentinel in two ways:
##! 1. If a the quorum is set to a value smaller than the majority of Sentinels
##!    we deploy, we are basically making Sentinel more sensible to master
##!    failures, triggering a failover as soon as even just a minority of
##!    Sentinels is no longer able to talk with the master.
##! 2. If a quorum is set to a value greater than the majority of Sentinels, we
##!    are making Sentinel able to failover only when there are a very large
##!    number (larger than majority) of well connected Sentinels which agree
##!    about the master being down.
# sentinel['quorum'] = 1

### Consider unresponsive server down after x amount of ms.
# sentinel['down_after_milliseconds'] = 10000

### Specifies the failover timeout in milliseconds.
##! It is used in many ways:
##!
##! - The time needed to re-start a failover after a previous failover was
##!   already tried against the same master by a given Sentinel, is two
##!   times the failover timeout.
##!
##! - The time needed for a replica replicating to a wrong master according
##!   to a Sentinel current configuration, to be forced to replicate
##!   with the right master, is exactly the failover timeout (counting since
##!   the moment a Sentinel detected the misconfiguration).
##!
##! - The time needed to cancel a failover that is already in progress but
##!   did not produced any configuration change (REPLICAOF NO ONE yet not
##!   acknowledged by the promoted replica).
##!
##! - The maximum time a failover in progress waits for all the replicas to be
##!   reconfigured as replicas of the new master. However even after this time
##!   the replicas will be reconfigured by the Sentinels anyway, but not with
##!   the exact parallel-syncs progression as specified.
# sentinel['failover_timeout'] = 60000

### Sentinel TLS settings
###! To run Sentinel over TLS, specify values for the following settings
# sentinel['tls_port'] = nil
# sentinel['tls_cert_file'] = nil
# sentinel['tls_key_file'] = nil

###! Other TLS related optional settings
# sentinel['tls_dh_params_file'] = nil
# sentinel['tls_ca_cert_dir'] = '/opt/gitlab/embedded/ssl/certs/'
# sentinel['tls_ca_cert_file'] = '/opt/gitlab/embedded/ssl/certs/cacert.pem'
# sentinel['tls_auth_clients'] = 'optional'
# sentinel['tls_replication'] = nil
# sentinel['tls_cluster'] = nil
# sentinel['tls_protocols'] = nil
# sentinel['tls_ciphers'] = nil
# sentinel['tls_ciphersuites'] = nil
# sentinel['tls_prefer_server_ciphers'] = nil
# sentinel['tls_session_caching'] = nil
# sentinel['tls_session_cache_size'] = nil
# sentinel['tls_session_cache_timeout'] = nil

### Sentinel hostname support
###! When enabled, Redis will leverage hostname support
###! Generally this does not need to be changed as we determine this based on
###! the provided input from `redis['announce_ip']`
###! * This is configured to `true` when a fully qualified hostname is provided
###! * This is configured to `false` when an IP address is provided
# sentinel['use_hostnames'] = <calculated>

################################################################################
## Additional Database Settings (EE only)
##! Docs: https://docs.gitlab.com/ee/administration/database_load_balancing.html
################################################################################
# gitlab_rails['db_load_balancing'] = { 'hosts' => ['secondary1.example.com'] }

################################################################################
## GitLab Geo
##! Docs: https://docs.gitlab.com/ee/gitlab-geo
################################################################################
##! Geo roles 'geo_primary_role' and 'geo_secondary_role' are set above with
##! other roles. For more information, see: https://docs.gitlab.com/omnibus/roles/index.html#roles.

# This is an optional identifier which Geo nodes can use to identify themselves.
# For example, if external_url is the same for two secondaries, you must specify
# a unique Geo node name for those secondaries.
#
# If it is blank, it defaults to external_url.
# gitlab_rails['geo_node_name'] = nil

# gitlab_rails['geo_registry_replication_enabled'] = true
# gitlab_rails['geo_registry_replication_primary_api_url'] = 'https://example.com:5050'


################################################################################
## GitLab Geo Secondary (EE only)
################################################################################
# geo_secondary['auto_migrate'] = true
# geo_secondary['db_adapter'] = "postgresql"
# geo_secondary['db_encoding'] = "unicode"
# geo_secondary['db_collation'] = nil
# geo_secondary['db_database'] = "gitlabhq_geo_production"
# geo_secondary['db_username'] = "gitlab_geo"
# geo_secondary['db_password'] = nil
# geo_secondary['db_host'] = "/var/opt/gitlab/geo-postgresql"
# geo_secondary['db_port'] = 5431
# geo_secondary['db_socket'] = nil
# geo_secondary['db_sslmode'] = nil
# geo_secondary['db_sslcompression'] = 0
# geo_secondary['db_sslrootcert'] = nil
# geo_secondary['db_sslca'] = nil
# geo_secondary['db_prepared_statements'] = false
# geo_secondary['db_database_tasks'] = true

################################################################################
## GitLab Geo Secondary Tracking Database (EE only)
################################################################################

# geo_postgresql['enable'] = false
# geo_postgresql['ha'] = false
# geo_postgresql['dir'] = '/var/opt/gitlab/geo-postgresql'
# geo_postgresql['pgbouncer_user'] = nil
# geo_postgresql['pgbouncer_user_password'] = nil
##! `SQL_USER_PASSWORD_HASH` can be generated using the command `gitlab-ctl pg-password-md5 gitlab`
# geo_postgresql['sql_user_password'] = 'SQL_USER_PASSWORD_HASH'
# geo_postgresql['log_directory'] = '/var/log/gitlab/geo-postgresql'

##! Automatically restart PostgreSQL service when version changes.
# geo_postgresql['auto_restart_on_version_change'] = true

################################################################################
## GitLab Geo Log Cursor Daemon (EE only)
################################################################################

# geo_logcursor['log_directory'] = '/var/log/gitlab/geo-logcursor'

################################################################################
## Unleash
##! These settings are for GitLab internal use.
##! They are used to control feature flags during GitLab development.
##! Docs: https://docs.gitlab.com/ee/development/feature_flags
################################################################################
# gitlab_rails['feature_flags_unleash_enabled'] = false
# gitlab_rails['feature_flags_unleash_url'] = nil
# gitlab_rails['feature_flags_unleash_app_name'] = nil
# gitlab_rails['feature_flags_unleash_instance_id'] = nil

################################################################################
# Pgbouncer (EE only)
# See [GitLab PgBouncer documentation](http://docs.gitlab.com/omnibus/settings/database.html#enabling-pgbouncer-ee-only)
# See the [PgBouncer page](https://pgbouncer.github.io/config.html) for details
################################################################################
# pgbouncer['enable'] = false
# pgbouncer['log_directory'] = '/var/log/gitlab/pgbouncer'
# pgbouncer['data_directory'] = '/var/opt/gitlab/pgbouncer'
# pgbouncer['env_directory'] = '/opt/gitlab/etc/pgbouncer/env'
# pgbouncer['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# pgbouncer['listen_addr'] = '0.0.0.0'
# pgbouncer['listen_port'] = '6432'
# pgbouncer['pool_mode'] = 'transaction'
# pgbouncer['server_reset_query'] = 'DISCARD ALL'
# pgbouncer['application_name_add_host'] = '1'
# pgbouncer['max_client_conn'] = '2048'
# pgbouncer['default_pool_size'] = '100'
# pgbouncer['min_pool_size'] = '0'
# pgbouncer['reserve_pool_size'] = '5'
# pgbouncer['reserve_pool_timeout'] = '5.0'
# pgbouncer['server_round_robin'] = '0'
# pgbouncer['log_connections'] = '0'
# pgbouncer['server_idle_timeout'] = '30'
# pgbouncer['dns_max_ttl'] = '15.0'
# pgbouncer['dns_zone_check_period'] = '0'
# pgbouncer['dns_nxdomain_ttl'] = '15.0'
# pgbouncer['admin_users'] = %w(gitlab-psql postgres pgbouncer)
# pgbouncer['stats_users'] = %w(gitlab-psql postgres pgbouncer)
# pgbouncer['ignore_startup_parameters'] = 'extra_float_digits'
# pgbouncer['databases'] = {
#   DATABASE_NAME: {
#     host: HOSTNAME,
#     port: PORT
#     user: USERNAME,
#     password: PASSWORD
###! generate this with `echo -n '$password + $username' | md5sum`
#   }
#   ...
# }
# pgbouncer['logfile'] = nil
# pgbouncer['unix_socket_dir'] = nil
# pgbouncer['unix_socket_mode'] = '0777'
# pgbouncer['unix_socket_group'] = nil
# pgbouncer['auth_type'] = 'md5'
# pgbouncer['auth_hba_file'] = nil
# pgbouncer['auth_query'] = 'SELECT username, password FROM public.pg_shadow_lookup($1)'
# pgbouncer['users'] = {
#   USERNAME: {
#     'password': MD5_PASSWORD_HASH,
#   }
# }
# postgresql['pgbouncer_user'] = nil
# postgresql['pgbouncer_user_password'] = nil
# pgbouncer['server_reset_query_always'] = 0
# pgbouncer['server_check_query'] = 'select 1'
# pgbouncer['server_check_delay'] = 30
# pgbouncer['max_db_connections'] = nil
# pgbouncer['max_user_connections'] = nil
# pgbouncer['syslog'] = 0
# pgbouncer['syslog_facility'] = 'daemon'
# pgbouncer['syslog_ident'] = 'pgbouncer'
# pgbouncer['log_disconnections'] = 1
# pgbouncer['log_pooler_errors'] = 1
# pgbouncer['stats_period'] = 60
# pgbouncer['verbose'] = 0
# pgbouncer['server_lifetime'] = 3600
# pgbouncer['server_connect_timeout'] = 15
# pgbouncer['server_login_retry'] = 15
# pgbouncer['query_timeout'] = 0
# pgbouncer['query_wait_timeout'] = 120
# pgbouncer['client_idle_timeout'] = 0
# pgbouncer['client_login_timeout'] = 60
# pgbouncer['autodb_idle_timeout'] = 3600
# pgbouncer['suspend_timeout'] = 10
# pgbouncer['idle_transaction_timeout'] = 0
# pgbouncer['pkt_buf'] = 4096
# pgbouncer['listen_backlog'] = 128
# pgbouncer['sbuf_loopcnt'] = 5
# pgbouncer['max_packet_size'] = 2147483647
# pgbouncer['tcp_defer_accept'] = 0
# pgbouncer['tcp_socket_buffer'] = 0
# pgbouncer['tcp_keepalive'] = 1
# pgbouncer['tcp_keepcnt'] = 0
# pgbouncer['tcp_keepidle'] = 0
# pgbouncer['tcp_keepintvl'] = 0
# pgbouncer['disable_pqexec'] = 0

## Pgbouncer client TLS options
# pgbouncer['client_tls_sslmode'] = 'disable'
# pgbouncer['client_tls_ca_file'] = nil
# pgbouncer['client_tls_key_file'] = nil
# pgbouncer['client_tls_cert_file'] = nil
# pgbouncer['client_tls_protocols'] = 'all'
# pgbouncer['client_tls_dheparams'] = 'auto'
# pgbouncer['client_tls_ecdhcurve'] = 'auto'
#
## Pgbouncer server  TLS options
# pgbouncer['server_tls_sslmode'] = 'disable'
# pgbouncer['server_tls_ca_file'] = nil
# pgbouncer['server_tls_key_file'] = nil
# pgbouncer['server_tls_cert_file'] = nil
# pgbouncer['server_tls_protocols'] = 'all'
# pgbouncer['server_tls_ciphers'] = 'fast'

################################################################################
# Patroni (EE only)
################################################################################
# patroni['enable'] = false

# patroni['dir'] = '/var/opt/gitlab/patroni'
# patroni['ctl_command'] = '/opt/gitlab/embedded/bin/patronictl'

## Patroni dynamic configuration settings
# patroni['loop_wait'] = 10
# patroni['ttl'] = 30
# patroni['retry_timeout'] = 10
# patroni['maximum_lag_on_failover'] = 1_048_576
# patroni['max_timelines_history'] = 0
# patroni['master_start_timeout'] = 300
# patroni['use_pg_rewind'] = true
# patroni['remove_data_directory_on_rewind_failure'] = false
# patroni['remove_data_directory_on_diverged_timelines'] = false
# patroni['use_slots'] = true
# patroni['replication_password'] = nil
# patroni['replication_slots'] = {}
# patroni['callbacks'] = {}
# patroni['recovery_conf'] = {}
# patroni['tags'] = {}

## Standby cluster replication settings
# patroni['standby_cluster']['enable'] = false
# patroni['standby_cluster']['host'] = nil
# patroni['standby_cluster']['port'] = 5432
# patroni['standby_cluster']['primary_slot_name'] = nil

## Global/Universal settings
# patroni['scope'] = 'gitlab-postgresql-ha'
# patroni['name'] = nil

## Log settings
# patroni['log_directory'] = '/var/log/gitlab/patroni'
# patroni['log_level'] = 'INFO'

## Consul specific settings
# patroni['consul']['url'] = 'http://127.0.0.1:8500'
# patroni['consul']['service_check_interval'] = '10s'
# patroni['consul']['register_service'] = true
# patroni['consul']['checks'] = []

## PostgreSQL configuration override
# patroni['postgresql']['hot_standby'] = 'on'

## The following must hold the same values on all nodes.
## Leave unassined to use PostgreSQL's default values.
# patroni['postgresql']['wal_level'] = 'replica'
# patroni['postgresql']['wal_log_hints'] = 'on'
# patroni['postgresql']['max_worker_processes'] = 8
# patroni['postgresql']['max_locks_per_transaction'] = 64
# patroni['postgresql']['max_connections'] = 400
# patroni['postgresql']['checkpoint_timeout'] = 30

## The following can hold different values on all nodes.
## Leave unassined to use PostgreSQL's default values.
# patroni['postgresql']['wal_keep_segments'] = 8
# patroni['postgresql']['max_wal_senders'] = 5
# patroni['postgresql']['max_replication_slots'] = 5

## Permanent replication slots for Streaming Replication
# patroni['replication_slots'] = {
#   'geo_secondary' => { 'type' => 'physical' }
# }

## The address and port that Patroni API binds to and listens on.
# patroni['listen_address'] = nil
# patroni['port'] = '8008'

## The address of the Patroni node that is advertized to other cluster
## members to communicate with its API and PostgreSQL. If it is not specified,
## it tries to use the first available private IP and falls back to the default
## network interface.
# patroni['connect_address'] = nil

## The port that Patroni API responds to other cluster members. This port is
## advertized and by default is the same as patroni['port'].
# patroni['connect_port'] = '8008'

## Specifies the set of hosts that are allowed to call unsafe REST API endpoints.
## Each item can be an hostname, IP address, or CIDR address.
## All hosts are allowed if this is unset.
# patroni['allowlist'] = []
# patroni['allowlist_include_members'] = false

## The username and password to use for basic auth on write commands to the
## Patroni API. If not specified then the API does not use basic auth.
# patroni['username'] = nil
# patroni['password'] = nil

## TLS configuration for Patroni API. Both certificate and key files are
## required to enable TLS. If not specified then the API uses plain HTTP.
# patroni['tls_certificate_file'] = nil
# patroni['tls_key_file'] = nil
# patroni['tls_key_password'] = nil
# patroni['tls_ca_file'] = nil
# patroni['tls_ciphers'] = nil
# patroni['tls_client_mode'] = nil
# patroni['tls_client_certificate_file'] = nil
# patroni['tls_client_key_file'] = nil
# patroni['tls_verify'] = true

################################################################################
# Consul (EEP only)
################################################################################
# consul['enable'] = false
# consul['dir'] = '/var/opt/gitlab/consul'
# consul['username'] = 'gitlab-consul'
# consul['group'] = 'gitlab-consul'
# consul['config_file'] = '/var/opt/gitlab/consul/config.json'
# consul['config_dir'] = '/var/opt/gitlab/consul/config.d'
# consul['data_dir'] = '/var/opt/gitlab/consul/data'
# consul['log_directory'] = '/var/log/gitlab/consul'
# consul['env_directory'] = '/opt/gitlab/etc/consul/env'
# consul['env'] = {
#   'SSL_CERT_DIR' => "/opt/gitlab/embedded/ssl/certs/"
# }
# consul['monitoring_service_discovery'] = false
# consul['node_name'] = nil
# consul['script_directory'] = '/var/opt/gitlab/consul/scripts'
# consul['configuration'] = {
#   'client_addr' => nil,
#   'datacenter' => 'gitlab_consul',
#   'enable_script_checks' => true,
#   'server' => false
# }
# consul['services'] = []
# consul['service_config'] = {
#   'postgresql' => {
#     'service' => {
#       'name' => "postgresql",
#       'address' => '',
#       'port' => 5432,
#       'checks' => [
#         {
#           'script' => "/var/opt/gitlab/consul/scripts/check_postgresql",
#           'interval' => "10s"
#         }
#       ]
#     }
#   }
# }
# consul['watchers'] = []
#
# consul['custom_config_dir'] = '/path/to/service/configs/directory'
#

#### HTTP API ports
# consul['http_port'] = nil
# consul['https_port'] = nil

#### Gossip encryption
# consul['encryption_key'] = nil
# consul['encryption_verify_incoming'] = nil
# consul['encryption_verify_outgoing'] = nil

#### TLS settings
# consul['use_tls'] = false
# consul['tls_ca_file'] = nil
# consul['tls_certificate_file'] = nil
# consul['tls_key_file'] = nil
# consul['tls_verify_client'] = nil

################################################################################
# Service desk email settings
################################################################################
### Service desk email
###! Allow users to create new service desk issues by sending an email to
###! service desk address.
###! Docs: https://docs.gitlab.com/ee/user/project/service_desk.html
# gitlab_rails['service_desk_email_enabled'] = false

#### Service Desk Mailbox Settings (via `mail_room`)
#### Service Desk Email Address
####! The email address including the `%{key}` placeholder that will be replaced
####! to reference the item being replied to.
####! **The placeholder can be omitted but if present, it must appear in the
####!   "user" part of the address (before the `@`).**
# gitlab_rails['service_desk_email_address'] = "contact_project+%{key}@gmail.com"

#### Service Desk Email account username
####! **With third party providers, this is usually the full email address.**
####! **With self-hosted email servers, this is usually the user part of the
####!   email address.**
# gitlab_rails['service_desk_email_email'] = "contact_project@gmail.com"

#### Service Desk Email account password
# gitlab_rails['service_desk_email_password'] = "[REDACTED]"

####! The mailbox where service desk mail will end up. Usually "inbox".
# gitlab_rails['service_desk_email_mailbox_name'] = "inbox"
####! The IDLE command timeout.
# gitlab_rails['service_desk_email_idle_timeout'] = 60
####! The file name for internal `mail_room` JSON logfile
# gitlab_rails['service_desk_email_log_file'] = "/var/log/gitlab/mailroom/mail_room_json.log"

#### Service Desk IMAP Settings
# gitlab_rails['service_desk_email_host'] = "imap.gmail.com"
# gitlab_rails['service_desk_email_port'] = 993
# gitlab_rails['service_desk_email_ssl'] = true
# gitlab_rails['service_desk_email_start_tls'] = false

#### Inbox options (for Microsoft Graph)
# gitlab_rails['service_desk_email_inbox_method'] = 'microsoft_graph'
# gitlab_rails['service_desk_email_inbox_options'] = {
#    'tenant_id': 'YOUR-TENANT-ID',
#    'client_id': 'YOUR-CLIENT-ID',
#    'client_secret': 'YOUR-CLIENT-SECRET',
#    'poll_interval': 60  # Optional
# }

#### How service desk emails are delivered to Rails process. Accept either
#### sidekiq or webhook. The default config is webhook.
# gitlab_rails['service_desk_email_delivery_method'] = "webhook"

#### Token to authenticate webhook requests. The token must be exactly 32 bytes,
#### encoded with base64
# gitlab_rails['service_desk_email_auth_token'] = nil

################################################################################
## Spamcheck (EE only)
#################################################################################

# spamcheck['enable'] = false
# spamcheck['dir'] = '/var/opt/gitlab/spamcheck'
# spamcheck['port'] = 8001
# spamcheck['external_port'] = nil
# spamcheck['monitoring_address'] = ':8003'
# spamcheck['log_level'] = 'info'
# spamcheck['log_format'] = 'json'
# spamcheck['log_output'] = 'stdout'
# spamcheck['monitor_mode'] = false
# spamcheck['allowlist'] = {}
# spamcheck['denylist'] = {}
# spamcheck['log_directory'] = "/var/log/gitlab/spamcheck"
# spamcheck['env_directory'] = "/opt/gitlab/etc/spamcheck/env"
# spamcheck['env'] = {
#   'SSL_CERT_DIR' => '/opt/gitlab/embedded/ssl/cers'
# }
# spamcheck['classifier']['log_directory'] = "/var/log/gitlab/spam-classifier"
srv/gitlab/config/config/ssh_host_rsa_key.pub0000644000000000000000000000110514434463302020421 0ustar  rootrootssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRpm7va6eAN66GqAwoU656I8Ed6WX8U8d7ELWWRRzuTyrlTjq0TuHY6s+aqtD8WNraO1Pe+gQyp4M+BNKIV0btNafDhiqR7mXMBZGl+ruxuhnZPq4GmC8TRlRVNOEz5CXtAWsBYDPp7zfyKZjUGgExpY3X8oi6kV5uWnym7Uug0Kim8gExiziWVTFIIbNK5ycXnDLyuyDAlTbDR9GDWxrNj2twuABA8/LaD+QSfofjPB4XO37DppqFcpmoDs6eoBhTPnhOGtDLYHKEB1r19/A1ADzsIFF8JS4RN7v6VHwGfro2s02hXOfArkyQRMLWkIgv0UaGACnQi1grST4BnnBkNVwZvwTl5UJnuSBVGEMlhWdbRTNHNmC4a43dLJhAiF156qgGtlIJgALRH87O+P/ETgdm95s4J6Uw7W3+SqOpVff+Qfaj0hjDieLuBKRcIf/cVkxCIOViFVZzvOuxz8ml5ub+caNQPY3b2Q/DrglJ4obN72N6lNkj9E0eOkvpIU= root@git.dcpltechnology.com
srv/gitlab/config/config/ssh_host_ed25519_key0000600000000000000000000000064314434463302020043 0ustar  rootroot-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC0UkfEpZprGyvhZFoW8bT+XOlmFvEICQFUNLNCE7+NrgAAAKDvHObu7xzm
7gAAAAtzc2gtZWQyNTUxOQAAACC0UkfEpZprGyvhZFoW8bT+XOlmFvEICQFUNLNCE7+Nrg
AAAEBDxpdxGmFtZYjzX99TyUhObPr/SZsM2IA5FCAzj9v8T7RSR8SlmmsbK+FkWhbxtP5c
6WYW8QgJAVQ0s0ITv42uAAAAG3Jvb3RAZ2l0LmRjcGx0ZWNobm9sb2d5LmNvbQEC
-----END OPENSSH PRIVATE KEY-----
srv/gitlab/config/config/trusted-certs/0000755000000000000000000000000014434463325017162 5ustar  rootrootsrv/gitlab/config/config/ssh_host_ecdsa_key.pub0000644000000000000000000000027514434463302020722 0ustar  rootrootecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM3seqAvRK78U1RvYp62B43tl8SmnosvFze+qKxK1VuC2lY58U+Vi3vGzeMP3NO1VVkY8lXRIIgKPHIzBaevqfw= root@git.dcpltechnology.com
srv/gitlab/config/config/ssh_host_ecdsa_key0000600000000000000000000000101514434463302020116 0ustar  rootroot-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTN7HqgL0Su/FNUb2KetgeN7ZfEpp6L
Lxc3vqisStVbgtpWOfFPlYt7xs3jD9zTtVVZGPJV0SCICjxyMwWnr6n8AAAAuO8EpkvvBK
ZLAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM3seqAvRK78U1Rv
Yp62B43tl8SmnosvFze+qKxK1VuC2lY58U+Vi3vGzeMP3NO1VVkY8lXRIIgKPHIzBaevqf
wAAAAgShjN3bqmdM3pV+/Irz+cLzAm/JqRNZwj8ig0BaWAjnIAAAAbcm9vdEBnaXQuZGNw
bHRlY2hub2xvZ3kuY29tAQIDBAU=
-----END OPENSSH PRIVATE KEY-----