BigW Consortium Gitlab

1_settings.rb 19.2 KB
Newer Older
1
require_dependency Rails.root.join('lib/gitlab') # Load Gitlab as soon as possible
2

3
class Settings < Settingslogic
4
  source ENV.fetch('GITLAB_CONFIG') { "#{Rails.root}/config/gitlab.yml" }
5
  namespace Rails.env
6 7

  class << self
8 9
    def gitlab_on_standard_port?
      gitlab.port.to_i == (gitlab.https ? 443 : 80)
10
    end
11

12 13
    def host_without_www(url)
      host(url).sub('www.', '')
14
    end
15

Valery Sizov committed
16 17 18 19 20 21 22 23 24 25 26 27 28
    def build_gitlab_ci_url
      if gitlab_on_standard_port?
        custom_port = nil
      else
        custom_port = ":#{gitlab.port}"
      end
      [ gitlab.protocol,
        "://",
        gitlab.host,
        custom_port,
        gitlab.relative_url_root
      ].join('')
    end
29

30
    def build_gitlab_shell_ssh_path_prefix
31 32
      user_host = "#{gitlab_shell.ssh_user}@#{gitlab_shell.ssh_host}"

33
      if gitlab_shell.ssh_port != 22
34
        "ssh://#{user_host}:#{gitlab_shell.ssh_port}/"
35
      else
36
        if gitlab_shell.ssh_host.include? ':'
37
          "[#{user_host}]:"
38
        else
39
          "#{user_host}:"
40
        end
41 42 43
      end
    end

44 45 46 47
    def build_base_gitlab_url
      base_gitlab_url.join('')
    end

48
    def build_gitlab_url
49
      (base_gitlab_url + [gitlab.relative_url_root]).join('')
50
    end
51

52 53 54
    # check that values in `current` (string or integer) is a contant in `modul`.
    def verify_constant_array(modul, current, default)
      values = default || []
55
      unless current.nil?
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
        values = []
        current.each do |constant|
          values.push(verify_constant(modul, constant, nil))
        end
        values.delete_if { |value| value.nil? }
      end
      values
    end

    # check that `current` (string or integer) is a contant in `modul`.
    def verify_constant(modul, current, default)
      constant = modul.constants.find{ |name| modul.const_get(name) == current }
      value = constant.nil? ? default : modul.const_get(constant)
      if current.is_a? String
        value = modul.const_get(current.upcase) rescue default
      end
      value
    end
74 75 76 77 78 79 80 81 82 83 84

    private

    def base_gitlab_url
      custom_port = gitlab_on_standard_port? ? nil : ":#{gitlab.port}"
      [ gitlab.protocol,
        "://",
        gitlab.host,
        custom_port
      ]
    end
85 86 87 88 89 90 91 92 93 94 95

    # Extract the host part of the given +url+.
    def host(url)
      url = url.downcase
      url = "http://#{url}" unless url.start_with?('http')

      # Get rid of the path so that we don't even have to encode it
      url_without_path = url.sub(%r{(https?://[^\/]+)/?.*}, '\1')

      URI.parse(url_without_path).host
    end
96 97
  end
end
98 99 100

# Default settings
Settings['ldap'] ||= Settingslogic.new({})
101
Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil?
102

103 104 105
# backwards compatibility, we only have one host
if Settings.ldap['enabled'] || Rails.env.test?
  if Settings.ldap['host'].present?
106 107
    # We detected old LDAP configuration syntax. Update the config to make it
    # look like it was entered with the new syntax.
108
    server = Settings.ldap.except('sync_time')
109
    Settings.ldap['servers'] = {
110
      'main' => server
111
    }
112 113
  end

114
  Settings.ldap['servers'].each do |key, server|
115
    server['label'] ||= 'LDAP'
116
    server['timeout'] ||= 10.seconds
117
    server['block_auto_created_users'] = false if server['block_auto_created_users'].nil?
118 119
    server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil?
    server['active_directory'] = true if server['active_directory'].nil?
120
    server['attributes'] = {} if server['attributes'].nil?
121
    server['provider_name'] ||= "ldap#{key}".downcase
122 123 124
    server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name'])
  end
end
125 126

Settings['omniauth'] ||= Settingslogic.new({})
127
Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
128
Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
129
Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
130
Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil?
131 132
Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block_auto_created_users'].nil?
Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
133
Settings.omniauth['auto_link_saml_user'] = false if Settings.omniauth['auto_link_saml_user'].nil?
134

135
Settings.omniauth['providers'] ||= []
136 137 138 139
Settings.omniauth['cas3'] ||= Settingslogic.new({})
Settings.omniauth.cas3['session_duration'] ||= 8.hours
Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
Settings.omniauth.session_tickets['cas3'] = 'ticket'
140

141 142 143
# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.

github_default_url = "https://github.com"
144
github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github" }
145 146 147 148 149 150 151 152 153 154 155 156 157 158

if github_settings
  # For compatibility with old config files (before 7.8)
  # where people dont have url in github settings
  if github_settings['url'].blank?
    github_settings['url'] = github_default_url
  end

  github_settings["args"] ||= Settingslogic.new({})

  if github_settings["url"].include?(github_default_url)
    github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options]
  else
    github_settings["args"]["client_options"] = {
159
      "site"          => File.join(github_settings["url"], "api/v3"),
160
      "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
161
      "token_url"     => File.join(github_settings["url"], "login/oauth/access_token")
162 163 164
    }
  end
end
165

166 167 168
Settings['shared'] ||= Settingslogic.new({})
Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)

169
Settings['issues_tracker'] ||= {}
170

171 172 173
#
# GitLab
#
174
Settings['gitlab'] ||= Settingslogic.new({})
175
Settings.gitlab['default_projects_limit'] ||= 10
176
Settings.gitlab['default_branch_protection'] ||= 2
177
Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil?
178
Settings.gitlab['default_theme'] = Gitlab::Themes::APPLICATION_DEFAULT if Settings.gitlab['default_theme'].nil?
179
Settings.gitlab['host']       ||= ENV['GITLAB_HOST'] || 'localhost'
180
Settings.gitlab['ssh_host']   ||= Settings.gitlab.host
181
Settings.gitlab['https']        = false if Settings.gitlab['https'].nil?
182
Settings.gitlab['port']       ||= Settings.gitlab.https ? 443 : 80
183
Settings.gitlab['relative_url_root'] ||= ENV['RAILS_RELATIVE_URL_ROOT'] || ''
184
Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http"
185
Settings.gitlab['email_enabled'] ||= true if Settings.gitlab['email_enabled'].nil?
186 187 188
Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings.gitlab.host}"
Settings.gitlab['email_display_name'] ||= ENV['GITLAB_EMAIL_DISPLAY_NAME'] || 'GitLab'
Settings.gitlab['email_reply_to'] ||= ENV['GITLAB_EMAIL_REPLY_TO'] || "noreply@#{Settings.gitlab.host}"
189
Settings.gitlab['email_subject_suffix'] ||= ENV['GITLAB_EMAIL_SUBJECT_SUFFIX'] || ""
190
Settings.gitlab['base_url']   ||= Settings.send(:build_base_gitlab_url)
191
Settings.gitlab['url']        ||= Settings.send(:build_gitlab_url)
192
Settings.gitlab['user']       ||= 'git'
193 194 195 196 197
Settings.gitlab['user_home']  ||= begin
  Etc.getpwnam(Settings.gitlab['user']).dir
rescue ArgumentError # no user configured
  '/home/' + Settings.gitlab['user']
end
198
Settings.gitlab['time_zone'] ||= nil
199
Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
200
Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].nil?
201
Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
202
Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil?
Jacob Schatz committed
203
Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil?
204
Settings.gitlab['default_projects_features'] ||= {}
205
Settings.gitlab['webhook_timeout'] ||= 10
206
Settings.gitlab['max_attachment_size'] ||= 10
207
Settings.gitlab['session_expire_delay'] ||= 10080
208 209 210 211 212 213
Settings.gitlab.default_projects_features['issues']             = true if Settings.gitlab.default_projects_features['issues'].nil?
Settings.gitlab.default_projects_features['merge_requests']     = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
Settings.gitlab.default_projects_features['wiki']               = true if Settings.gitlab.default_projects_features['wiki'].nil?
Settings.gitlab.default_projects_features['snippets']           = false if Settings.gitlab.default_projects_features['snippets'].nil?
Settings.gitlab.default_projects_features['builds']             = true if Settings.gitlab.default_projects_features['builds'].nil?
Settings.gitlab.default_projects_features['container_registry'] = true if Settings.gitlab.default_projects_features['container_registry'].nil?
214
Settings.gitlab.default_projects_features['visibility_level']   = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
215
Settings.gitlab['domain_whitelist'] ||= []
216
Settings.gitlab['import_sources'] ||= %w[github bitbucket gitlab google_code fogbugz git gitlab_project gitea]
217
Settings.gitlab['trusted_proxies'] ||= []
218
Settings.gitlab['no_todos_messages'] ||= YAML.load_file(Rails.root.join('config', 'no_todos_messages.yml'))
219

Valery Sizov committed
220 221 222 223
#
# CI
#
Settings['gitlab_ci'] ||= Settingslogic.new({})
224 225 226 227
Settings.gitlab_ci['shared_runners_enabled'] = true if Settings.gitlab_ci['shared_runners_enabled'].nil?
Settings.gitlab_ci['all_broken_builds']     = true if Settings.gitlab_ci['all_broken_builds'].nil?
Settings.gitlab_ci['add_pusher']            = false if Settings.gitlab_ci['add_pusher'].nil?
Settings.gitlab_ci['builds_path']           = File.expand_path(Settings.gitlab_ci['builds_path'] || "builds/", Rails.root)
228
Settings.gitlab_ci['url']                 ||= Settings.send(:build_gitlab_ci_url)
Valery Sizov committed
229

Douwe Maan committed
230 231 232
#
# Reply by email
#
233
Settings['incoming_email'] ||= Settingslogic.new({})
234
Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled'].nil?
Douwe Maan committed
235

236 237 238 239 240 241
#
# Build Artifacts
#
Settings['artifacts'] ||= Settingslogic.new({})
Settings.artifacts['enabled']      = true if Settings.artifacts['enabled'].nil?
Settings.artifacts['path']         = File.expand_path(Settings.artifacts['path'] || File.join(Settings.shared['path'], "artifacts"), Rails.root)
242
Settings.artifacts['max_size']   ||= 100 # in megabytes
243

244 245 246 247
#
# Registry
#
Settings['registry'] ||= Settingslogic.new({})
248 249
Settings.registry['enabled']       ||= false
Settings.registry['host']          ||= "example.com"
250
Settings.registry['port']          ||= nil
251 252 253
Settings.registry['api_url']       ||= "http://localhost:5000/"
Settings.registry['key']           ||= nil
Settings.registry['issuer']        ||= nil
254
Settings.registry['host_port']     ||= [Settings.registry['host'], Settings.registry['port']].compact.join(':')
Kamil Trzcinski committed
255
Settings.registry['path']            = File.expand_path(Settings.registry['path'] || File.join(Settings.shared['path'], 'registry'), Rails.root)
256

257 258 259 260
#
# Git LFS
#
Settings['lfs'] ||= Settingslogic.new({})
Marin Jankovski committed
261
Settings.lfs['enabled']      = true if Settings.lfs['enabled'].nil?
262 263
Settings.lfs['storage_path'] = File.expand_path(Settings.lfs['storage_path'] || File.join(Settings.shared['path'], "lfs-objects"), Rails.root)

264 265 266 267
#
# Mattermost
#
Settings['mattermost'] ||= Settingslogic.new({})
Kamil Trzcinski committed
268 269
Settings.mattermost['enabled'] = false if Settings.mattermost['enabled'].nil?
Settings.mattermost['host'] = nil unless Settings.mattermost.enabled
270

271 272 273
#
# Gravatar
#
274
Settings['gravatar'] ||= Settingslogic.new({})
275
Settings.gravatar['enabled']      = true if Settings.gravatar['enabled'].nil?
276 277
Settings.gravatar['plain_url']  ||= 'http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
Settings.gravatar['ssl_url']    ||= 'https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon'
278
Settings.gravatar['host']         = Settings.host_without_www(Settings.gravatar['plain_url'])
279

280 281 282 283 284 285
#
# Cron Jobs
#
Settings['cron_jobs'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_ci_builds_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['stuck_ci_builds_worker']['cron'] ||= '0 0 * * *'
286
Settings.cron_jobs['stuck_ci_builds_worker']['job_class'] = 'StuckCiBuildsWorker'
287
Settings.cron_jobs['expire_build_artifacts_worker'] ||= Settingslogic.new({})
288
Settings.cron_jobs['expire_build_artifacts_worker']['cron'] ||= '50 * * * *'
289
Settings.cron_jobs['expire_build_artifacts_worker']['job_class'] = 'ExpireBuildArtifactsWorker'
290 291
Settings.cron_jobs['repository_check_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['repository_check_worker']['cron'] ||= '20 * * * *'
292
Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::BatchWorker'
Jacob Vosmaer committed
293
Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({})
294
Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0'
Jacob Vosmaer committed
295
Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
296 297 298
Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['repository_archive_cache_worker']['job_class'] = 'RepositoryArchiveCacheWorker'
299 300 301
Settings.cron_jobs['import_export_project_cleanup_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['import_export_project_cleanup_worker']['cron'] ||= '0 * * * *'
Settings.cron_jobs['import_export_project_cleanup_worker']['job_class'] = 'ImportExportProjectCleanupWorker'
302 303 304
Settings.cron_jobs['requests_profiles_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['requests_profiles_worker']['cron'] ||= '0 0 * * *'
Settings.cron_jobs['requests_profiles_worker']['job_class'] = 'RequestsProfilesWorker'
305 306 307
Settings.cron_jobs['remove_expired_members_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_expired_members_worker']['cron'] ||= '10 0 * * *'
Settings.cron_jobs['remove_expired_members_worker']['job_class'] = 'RemoveExpiredMembersWorker'
Douwe Maan committed
308 309 310
Settings.cron_jobs['remove_expired_group_links_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_expired_group_links_worker']['cron'] ||= '10 0 * * *'
Settings.cron_jobs['remove_expired_group_links_worker']['job_class'] = 'RemoveExpiredGroupLinksWorker'
311
Settings.cron_jobs['prune_old_events_worker'] ||= Settingslogic.new({})
312
Settings.cron_jobs['prune_old_events_worker']['cron'] ||= '0 */6 * * *'
313
Settings.cron_jobs['prune_old_events_worker']['job_class'] = 'PruneOldEventsWorker'
314

315 316 317
Settings.cron_jobs['trending_projects_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['trending_projects_worker']['cron'] = '0 1 * * *'
Settings.cron_jobs['trending_projects_worker']['job_class'] = 'TrendingProjectsWorker'
318 319 320
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker'] ||= Settingslogic.new({})
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['cron'] ||= '20 0 * * *'
Settings.cron_jobs['remove_unreferenced_lfs_objects_worker']['job_class'] = 'RemoveUnreferencedLfsObjectsWorker'
321

322 323 324 325
#
# GitLab Shell
#
Settings['gitlab_shell'] ||= Settingslogic.new({})
326
Settings.gitlab_shell['path']         ||= Settings.gitlab['user_home'] + '/gitlab-shell/'
327
Settings.gitlab_shell['hooks_path']   ||= Settings.gitlab['user_home'] + '/gitlab-shell/hooks/'
328
Settings.gitlab_shell['secret_file'] ||= Rails.root.join('.gitlab_shell_secret')
329 330
Settings.gitlab_shell['receive_pack']   = true if Settings.gitlab_shell['receive_pack'].nil?
Settings.gitlab_shell['upload_pack']    = true if Settings.gitlab_shell['upload_pack'].nil?
331
Settings.gitlab_shell['ssh_host']     ||= Settings.gitlab.ssh_host
332 333 334 335
Settings.gitlab_shell['ssh_port']     ||= 22
Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.send(:build_gitlab_shell_ssh_path_prefix)
336

337 338 339 340 341 342 343 344
#
# Repositories
#
Settings['repositories'] ||= Settingslogic.new({})
Settings.repositories['storages'] ||= {}
# Setting gitlab_shell.repos_path is DEPRECATED and WILL BE REMOVED in version 9.0
Settings.repositories.storages['default'] ||= Settings.gitlab_shell['repos_path'] || Settings.gitlab['user_home'] + '/repositories/'

345 346 347 348 349 350 351 352 353 354 355 356 357 358 359
#
# The repository_downloads_path is used to remove outdated repository
# archives, if someone has it configured incorrectly, and it points
# to the path where repositories are stored this can cause some
# data-integrity issue. In this case, we sets it to the default
# repository_downloads_path value.
#
repositories_storages_path     = Settings.repositories.storages.values
repository_downloads_path      = Settings.gitlab['repository_downloads_path'].to_s.gsub(/\/$/, '')
repository_downloads_full_path = File.expand_path(repository_downloads_path, Settings.gitlab['user_home'])

if repository_downloads_path.blank? || repositories_storages_path.any? { |path| [repository_downloads_path, repository_downloads_full_path].include?(path.gsub(/\/$/, '')) }
  Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive')
end

360 361 362
#
# Backup
#
363
Settings['backup'] ||= Settingslogic.new({})
364
Settings.backup['keep_time']  ||= 0
365
Settings.backup['pg_schema']    = nil
366
Settings.backup['path']         = File.expand_path(Settings.backup['path'] || "tmp/backups/", Rails.root)
367
Settings.backup['archive_permissions'] ||= 0600
368
Settings.backup['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil })
369 370 371 372
# Convert upload connection settings to use symbol keys, to make Fog happy
if Settings.backup['upload']['connection']
  Settings.backup['upload']['connection'] = Hash[Settings.backup['upload']['connection'].map { |k, v| [k.to_sym, v] }]
end
373
Settings.backup['upload']['multipart_chunk_size'] ||= 104857600
374
Settings.backup['upload']['encryption'] ||= nil
375

376 377 378
#
# Git
#
379
Settings['git'] ||= Settingslogic.new({})
380
Settings.git['max_size']  ||= 20971520 # 20.megabytes
381
Settings.git['bin_path']  ||= '/usr/bin/git'
382
Settings.git['timeout']   ||= 10
383

384 385 386
# Important: keep the satellites.path setting until GitLab 9.0 at
# least. This setting is fed to 'rm -rf' in
# db/migrate/20151023144219_remove_satellites.rb
387
Settings['satellites'] ||= Settingslogic.new({})
Riyad Preukschas committed
388
Settings.satellites['path'] = File.expand_path(Settings.satellites['path'] || "tmp/repo_satellites/", Rails.root)
389 390 391 392 393

#
# Extra customization
#
Settings['extra'] ||= Settingslogic.new({})
394

395 396 397 398 399
#
# Rack::Attack settings
#
Settings['rack_attack'] ||= Settingslogic.new({})
Settings.rack_attack['git_basic_auth'] ||= Settingslogic.new({})
400
Settings.rack_attack.git_basic_auth['enabled'] = true if Settings.rack_attack.git_basic_auth['enabled'].nil?
401
Settings.rack_attack.git_basic_auth['ip_whitelist'] ||= %w{127.0.0.1}
402 403 404 405
Settings.rack_attack.git_basic_auth['maxretry'] ||= 10
Settings.rack_attack.git_basic_auth['findtime'] ||= 1.minute
Settings.rack_attack.git_basic_auth['bantime'] ||= 1.hour

406 407 408 409 410 411
#
# Gitaly
#
Settings['gitaly'] ||= Settingslogic.new({})
Settings.gitaly['socket_path'] ||= ENV['GITALY_SOCKET_PATH']

412 413 414 415 416
#
# Testing settings
#
if Rails.env.test?
  Settings.gitlab['default_projects_limit']   = 42
417
  Settings.gitlab['default_can_create_group'] = true
418
  Settings.gitlab['default_can_create_team']  = false
Robert Speicher committed
419
end
420 421

# Force a refresh of application settings at startup
422 423 424 425 426 427 428
begin
  ApplicationSetting.expire
  Ci::ApplicationSetting.expire
rescue
  # Gracefully handle when Redis is not available. For example,
  # omnibus may fail here during assets:precompile.
end