Merge pull request #134 from williampiv/master

geerlingguy · web-flow · commit edde725737b5 · 2021-03-31T14:25:16.000-05:00
Add Variables to Allow GitLab to use LetsEncrypt
diff --git a/README.md b/README.md
@@ -60,6 +60,17 @@ GitLab SSL configuration; tells GitLab to redirect normal http requests to https
 
 Whether to create a self-signed certificate for serving GitLab over a secure connection. Set `gitlab_self_signed_cert_subj` according to your locality and organization.
 
+### LetsEncrypt Configuration.
+
+    gitlab_letsencrypt_enable: "false"
+    gitlab_letsencrypt_contact_emails: ["gitlab@example.com"]
+    gitlab_letsencrypt_auto_renew_hour: 1
+    gitlab_letsencrypt_auto_renew_minute: 30
+    gitlab_letsencrypt_auto_renew_day_of_month: "*/7"
+    gitlab_letsencrypt_auto_renew: true
+
+GitLab LetsEncrypt configuration; tells GitLab whether to request and use a certificate from LetsEncrypt, if `gitlab_letsencrypt_enable` is set to `"true"`. Multiple contact emails can be configured under `gitlab_letsencrypt_contact_emails` as a list.
+
     # LDAP Configuration.
     gitlab_ldap_enabled: "false"
     gitlab_ldap_host: "example.com"
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -73,3 +73,11 @@ gitlab_registry_enable: "false"
 gitlab_registry_external_url: "https://gitlab.example.com:4567"
 gitlab_registry_nginx_ssl_certificate: "/etc/gitlab/ssl/gitlab.crt"
 gitlab_registry_nginx_ssl_certificate_key: "/etc/gitlab/ssl/gitlab.key"
+
+# LetsEncrypt configuration.
+gitlab_letsencrypt_enable: "false"
+gitlab_letsencrypt_contact_emails: ["gitlab@example.com"]
+gitlab_letsencrypt_auto_renew_hour: 1
+gitlab_letsencrypt_auto_renew_minute: 30
+gitlab_letsencrypt_auto_renew_day_of_month: "*/7"
+gitlab_letsencrypt_auto_renew: true
diff --git a/templates/gitlab.rb.j2 b/templates/gitlab.rb.j2
@@ -19,6 +19,15 @@ nginx['redirect_http_to_https'] = {{ gitlab_redirect_http_to_https }}
 nginx['ssl_certificate'] = "{{ gitlab_ssl_certificate }}"
 nginx['ssl_certificate_key'] = "{{ gitlab_ssl_certificate_key }}"
 
+letsencrypt['enable'] = "{{ gitlab_letsencrypt_enable }}"
+{% if gitlab_letsencrypt_enable %}
+letsencrypt['contact_emails'] = "{{ gitlab_letsencrypt_contact_emails | to_json }}"
+letsencrypt['auto_renew_hour'] = "{{ gitlab_letsencrypt_auto_renew_hour }}"
+letsencrypt['auto_renew_minute'] = "{{ gitlab_letsencrypt_auto_renew_minute }}"
+letsencrypt['auto_renew_day_of_month'] = "{{ gitlab_letsencrypt_auto_renew_day_of_month }}"
+letsencrypt['auto_renew'] = "{{ gitlab_letsencrypt_auto_renew }}"
+{% endif %}
+
 # The directory where Git repositories will be stored.
 git_data_dirs({"default" => {"path" => "{{ gitlab_git_data_dir }}"} })
 
