diff options
Diffstat (limited to 'config/initializers/1_settings.rb')
-rw-r--r-- | config/initializers/1_settings.rb | 165 |
1 files changed, 156 insertions, 9 deletions
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb index 9e74a67b73f..81433b620bc 100644 --- a/config/initializers/1_settings.rb +++ b/config/initializers/1_settings.rb @@ -1,10 +1,18 @@ require_relative '../settings' require_relative '../object_store_settings' +require_relative '../smime_signature_settings' # Default settings Settings['ldap'] ||= Settingslogic.new({}) Settings.ldap['enabled'] = false if Settings.ldap['enabled'].nil? +Gitlab.ee do + Settings.ldap['sync_time'] = 3600 if Settings.ldap['sync_time'].nil? + Settings.ldap['schedule_sync_daily'] = 1 if Settings.ldap['schedule_sync_daily'].nil? + Settings.ldap['schedule_sync_hour'] = 1 if Settings.ldap['schedule_sync_hour'].nil? + Settings.ldap['schedule_sync_minute'] = 30 if Settings.ldap['schedule_sync_minute'].nil? +end + # backwards compatibility, we only have one host if Settings.ldap['enabled'] || Rails.env.test? if Settings.ldap['host'].present? @@ -23,11 +31,14 @@ if Settings.ldap['enabled'] || Rails.env.test? server['timeout'] ||= 10.seconds server['block_auto_created_users'] = false if server['block_auto_created_users'].nil? server['allow_username_or_email_login'] = false if server['allow_username_or_email_login'].nil? + server['smartcard_auth'] = false unless %w[optional required].include?(server['smartcard_auth']) server['active_directory'] = true if server['active_directory'].nil? server['attributes'] = {} if server['attributes'].nil? server['lowercase_usernames'] = false if server['lowercase_usernames'].nil? server['provider_name'] ||= "ldap#{key}".downcase server['provider_class'] = OmniAuth::Utils.camelize(server['provider_name']) + server['external_groups'] = [] if server['external_groups'].nil? + server['sync_ssh_keys'] = 'sshPublicKey' if server['sync_ssh_keys'].to_s == 'true' # For backwards compatibility server['encryption'] ||= server['method'] @@ -45,7 +56,7 @@ if Settings.ldap['enabled'] || Rails.env.test? server['tls_options'] ||= {} if server['ssl_version'] || server['ca_file'] - Rails.logger.warn 'DEPRECATED: LDAP options `ssl_version` and `ca_file` should be nested within `tls_options`' + Rails.logger.warn 'DEPRECATED: LDAP options `ssl_version` and `ca_file` should be nested within `tls_options`' # rubocop:disable Gitlab/RailsLogger end if server['ssl_version'] @@ -62,10 +73,18 @@ if Settings.ldap['enabled'] || Rails.env.test? end end +Gitlab.ee do + Settings['smartcard'] ||= Settingslogic.new({}) + Settings.smartcard['enabled'] = false if Settings.smartcard['enabled'].nil? + Settings.smartcard['client_certificate_required_port'] = 3444 if Settings.smartcard['client_certificate_required_port'].nil? + Settings.smartcard['required_for_git_access'] = false if Settings.smartcard['required_for_git_access'].nil? +end + Settings['omniauth'] ||= Settingslogic.new({}) Settings.omniauth['enabled'] = true if Settings.omniauth['enabled'].nil? Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil? Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil? +Settings.omniauth['allow_bypass_two_factor'] = false if Settings.omniauth['allow_bypass_two_factor'].nil? Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil? Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block_auto_created_users'].nil? Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil? @@ -136,6 +155,7 @@ Settings['issues_tracker'] ||= {} # Settings['gitlab'] ||= Settingslogic.new({}) Settings.gitlab['default_project_creation'] ||= ::Gitlab::Access::DEVELOPER_MAINTAINER_PROJECT_ACCESS +Settings.gitlab['default_project_deletion_protection'] ||= false Settings.gitlab['default_projects_limit'] ||= 100000 Settings.gitlab['default_branch_protection'] ||= 2 Settings.gitlab['default_can_create_group'] = true if Settings.gitlab['default_can_create_group'].nil? @@ -153,6 +173,7 @@ Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings Settings.gitlab['email_display_name'] ||= ENV['GITLAB_EMAIL_DISPLAY_NAME'] || 'GitLab' Settings.gitlab['email_reply_to'] ||= ENV['GITLAB_EMAIL_REPLY_TO'] || "noreply@#{Settings.gitlab.host}" Settings.gitlab['email_subject_suffix'] ||= ENV['GITLAB_EMAIL_SUBJECT_SUFFIX'] || "" +Settings.gitlab['email_smime'] = SmimeSignatureSettings.parse(Settings.gitlab['email_smime']) Settings.gitlab['base_url'] ||= Settings.__send__(:build_base_gitlab_url) Settings.gitlab['url'] ||= Settings.__send__(:build_gitlab_url) Settings.gitlab['user'] ||= 'git' @@ -182,10 +203,27 @@ Settings.gitlab.default_projects_features['visibility_level'] = Settings.__sen Settings.gitlab['domain_whitelist'] ||= [] Settings.gitlab['import_sources'] ||= Gitlab::ImportSources.values Settings.gitlab['trusted_proxies'] ||= [] +Settings.gitlab['content_security_policy'] ||= Gitlab::ContentSecurityPolicy::ConfigLoader.default_settings_hash Settings.gitlab['no_todos_messages'] ||= YAML.load_file(Rails.root.join('config', 'no_todos_messages.yml')) Settings.gitlab['impersonation_enabled'] ||= true if Settings.gitlab['impersonation_enabled'].nil? Settings.gitlab['usage_ping_enabled'] = true if Settings.gitlab['usage_ping_enabled'].nil? +Gitlab.ee do + Settings.gitlab['mirror_max_delay'] ||= 300 + Settings.gitlab['mirror_max_capacity'] ||= 30 + Settings.gitlab['mirror_capacity_threshold'] ||= 15 +end + +# +# Elasticseacrh +# +Gitlab.ee do + Settings['elasticsearch'] ||= Settingslogic.new({}) + Settings.elasticsearch['enabled'] = false if Settings.elasticsearch['enabled'].nil? + Settings.elasticsearch['url'] = ENV['ELASTIC_URL'] || "http://localhost:9200" + Settings.elasticsearch['indexer_path'] ||= Gitlab::Utils.which('gitlab-elasticsearch-indexer') +end + # # CI # @@ -225,6 +263,7 @@ Settings.registry['key'] ||= nil Settings.registry['issuer'] ||= nil Settings.registry['host_port'] ||= [Settings.registry['host'], Settings.registry['port']].compact.join(':') Settings.registry['path'] = Settings.absolute(Settings.registry['path'] || File.join(Settings.shared['path'], 'registry')) +Settings.registry['notifications'] ||= [] # # Error Reporting and Logging with Sentry @@ -255,6 +294,21 @@ Settings.pages['admin'] ||= Settingslogic.new({}) Settings.pages.admin['certificate'] ||= '' # +# Geo +# +Gitlab.ee do + Settings['geo'] ||= Settingslogic.new({}) + # For backwards compatibility, default to gitlab_url and if so, ensure it ends with "/" + Settings.geo['node_name'] = Settings.geo['node_name'].presence || Settings.gitlab['url'].chomp('/').concat('/') + + # + # Registry replication + # + Settings.geo['registry_replication'] ||= Settingslogic.new({}) + Settings.geo.registry_replication['enabled'] ||= false +end + +# # External merge request diffs # Settings['external_diffs'] ||= Settingslogic.new({}) @@ -281,6 +335,32 @@ Settings.uploads['object_store'] = ObjectStoreSettings.parse(Settings.uploads['o Settings.uploads['object_store']['remote_directory'] ||= 'uploads' # +# Packages +# +Gitlab.ee do + Settings['packages'] ||= Settingslogic.new({}) + Settings.packages['enabled'] = true if Settings.packages['enabled'].nil? + Settings.packages['storage_path'] = Settings.absolute(Settings.packages['storage_path'] || File.join(Settings.shared['path'], "packages")) + Settings.packages['object_store'] = ObjectStoreSettings.parse(Settings.packages['object_store']) +end + +# +# Dependency Proxy +# +Gitlab.ee do + Settings['dependency_proxy'] ||= Settingslogic.new({}) + Settings.dependency_proxy['enabled'] = true if Settings.dependency_proxy['enabled'].nil? + Settings.dependency_proxy['storage_path'] = Settings.absolute(Settings.dependency_proxy['storage_path'] || File.join(Settings.shared['path'], "dependency_proxy")) + Settings.dependency_proxy['object_store'] = ObjectStoreSettings.parse(Settings.dependency_proxy['object_store']) + + # For first iteration dependency proxy uses Rails server to download blobs. + # To ensure acceptable performance we only allow feature to be used with + # multithreaded web-server Puma. This will be removed once download logic is moved + # to GitLab workhorse + Settings.dependency_proxy['enabled'] = false unless defined?(::Puma) +end + +# # Mattermost # Settings['mattermost'] ||= Settingslogic.new({}) @@ -341,7 +421,6 @@ Settings.cron_jobs['remove_expired_group_links_worker']['job_class'] = 'RemoveEx Settings.cron_jobs['prune_old_events_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['prune_old_events_worker']['cron'] ||= '0 */6 * * *' Settings.cron_jobs['prune_old_events_worker']['job_class'] = 'PruneOldEventsWorker' - Settings.cron_jobs['trending_projects_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['trending_projects_worker']['cron'] = '0 1 * * *' Settings.cron_jobs['trending_projects_worker']['job_class'] = 'TrendingProjectsWorker' @@ -354,34 +433,75 @@ Settings.cron_jobs['stuck_import_jobs_worker']['job_class'] = 'StuckImportJobsWo Settings.cron_jobs['gitlab_usage_ping_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['gitlab_usage_ping_worker']['cron'] ||= Settings.__send__(:cron_for_usage_ping) Settings.cron_jobs['gitlab_usage_ping_worker']['job_class'] = 'GitlabUsagePingWorker' - Settings.cron_jobs['stuck_merge_jobs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['stuck_merge_jobs_worker']['cron'] ||= '0 */2 * * *' Settings.cron_jobs['stuck_merge_jobs_worker']['job_class'] = 'StuckMergeJobsWorker' - Settings.cron_jobs['pages_domain_verification_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['pages_domain_verification_cron_worker']['cron'] ||= '*/15 * * * *' Settings.cron_jobs['pages_domain_verification_cron_worker']['job_class'] = 'PagesDomainVerificationCronWorker' - Settings.cron_jobs['pages_domain_removal_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['pages_domain_removal_cron_worker']['cron'] ||= '47 0 * * *' Settings.cron_jobs['pages_domain_removal_cron_worker']['job_class'] = 'PagesDomainRemovalCronWorker' - Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/10 * * * *' Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['job_class'] = 'PagesDomainSslRenewalCronWorker' - Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['issue_due_scheduler_worker']['cron'] ||= '50 00 * * *' Settings.cron_jobs['issue_due_scheduler_worker']['job_class'] = 'IssueDueSchedulerWorker' - Settings.cron_jobs['prune_web_hook_logs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['prune_web_hook_logs_worker']['cron'] ||= '0 */1 * * *' Settings.cron_jobs['prune_web_hook_logs_worker']['job_class'] = 'PruneWebHookLogsWorker' - Settings.cron_jobs['schedule_migrate_external_diffs_worker'] ||= Settingslogic.new({}) Settings.cron_jobs['schedule_migrate_external_diffs_worker']['cron'] ||= '15 * * * *' Settings.cron_jobs['schedule_migrate_external_diffs_worker']['job_class'] = 'ScheduleMigrateExternalDiffsWorker' +Settings.cron_jobs['namespaces_prune_aggregation_schedules_worker'] ||= Settingslogic.new({}) +Settings.cron_jobs['namespaces_prune_aggregation_schedules_worker']['cron'] ||= '5 1 * * *' +Settings.cron_jobs['namespaces_prune_aggregation_schedules_worker']['job_class'] = 'Namespaces::PruneAggregationSchedulesWorker' + +Gitlab.ee do + Settings.cron_jobs['clear_shared_runners_minutes_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['clear_shared_runners_minutes_worker']['cron'] ||= '0 0 1 * *' + Settings.cron_jobs['clear_shared_runners_minutes_worker']['job_class'] = 'ClearSharedRunnersMinutesWorker' + Settings.cron_jobs['geo_file_download_dispatch_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_file_download_dispatch_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_file_download_dispatch_worker']['job_class'] ||= 'Geo::FileDownloadDispatchWorker' + Settings.cron_jobs['geo_metrics_update_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_metrics_update_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_metrics_update_worker']['job_class'] ||= 'Geo::MetricsUpdateWorker' + Settings.cron_jobs['geo_migrated_local_files_clean_up_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_migrated_local_files_clean_up_worker']['cron'] ||= '15 */6 * * *' + Settings.cron_jobs['geo_migrated_local_files_clean_up_worker']['job_class'] ||= 'Geo::MigratedLocalFilesCleanUpWorker' + Settings.cron_jobs['geo_prune_event_log_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_prune_event_log_worker']['cron'] ||= '*/5 * * * *' + Settings.cron_jobs['geo_prune_event_log_worker']['job_class'] ||= 'Geo::PruneEventLogWorker' + Settings.cron_jobs['geo_repository_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_repository_sync_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_repository_sync_worker']['job_class'] ||= 'Geo::RepositorySyncWorker' + Settings.cron_jobs['geo_repository_verification_primary_batch_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_repository_verification_primary_batch_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_repository_verification_primary_batch_worker']['job_class'] ||= 'Geo::RepositoryVerification::Primary::BatchWorker' + Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_repository_verification_secondary_scheduler_worker']['job_class'] ||= 'Geo::RepositoryVerification::Secondary::SchedulerWorker' + Settings.cron_jobs['geo_container_repository_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['geo_container_repository_sync_worker']['cron'] ||= '*/1 * * * *' + Settings.cron_jobs['geo_container_repository_sync_worker']['job_class'] ||= 'Geo::ContainerRepositorySyncDispatchWorker' + Settings.cron_jobs['historical_data_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['historical_data_worker']['cron'] ||= '0 12 * * *' + Settings.cron_jobs['historical_data_worker']['job_class'] = 'HistoricalDataWorker' + Settings.cron_jobs['ldap_group_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['ldap_group_sync_worker']['cron'] ||= '0 * * * *' + Settings.cron_jobs['ldap_group_sync_worker']['job_class'] = 'LdapAllGroupsSyncWorker' + Settings.cron_jobs['ldap_sync_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['ldap_sync_worker']['cron'] ||= '30 1 * * *' + Settings.cron_jobs['ldap_sync_worker']['job_class'] = 'LdapSyncWorker' + Settings.cron_jobs['pseudonymizer_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['pseudonymizer_worker']['cron'] ||= '0 23 * * *' + Settings.cron_jobs['pseudonymizer_worker']['job_class'] ||= 'PseudonymizerWorker' + Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker'] ||= Settingslogic.new({}) + Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['cron'] ||= '0 12 * * *' + Settings.cron_jobs['update_max_seats_used_for_gitlab_com_subscriptions_worker']['job_class'] = 'UpdateMaxSeatsUsedForGitlabComSubscriptionsWorker' +end # # Sidekiq @@ -462,6 +582,16 @@ Settings.backup['upload']['encryption_key'] ||= ENV['GITLAB_BACKUP_ENCRYPTION_KE Settings.backup['upload']['storage_class'] ||= nil # +# Pseudonymizer +# +Gitlab.ee do + Settings['pseudonymizer'] ||= Settingslogic.new({}) + Settings.pseudonymizer['manifest'] = Settings.absolute(Settings.pseudonymizer['manifest'] || Rails.root.join("config/pseudonymizer.yml")) + Settings.pseudonymizer['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil }) + # Settings.pseudonymizer['upload']['multipart_chunk_size'] ||= 104857600 +end + +# # Git # Settings['git'] ||= Settingslogic.new({}) @@ -474,6 +604,23 @@ Settings['satellites'] ||= Settingslogic.new({}) Settings.satellites['path'] = Settings.absolute(Settings.satellites['path'] || "tmp/repo_satellites/") # +# Kerberos +# +Gitlab.ee do + Settings['kerberos'] ||= Settingslogic.new({}) + Settings.kerberos['enabled'] = false if Settings.kerberos['enabled'].nil? + Settings.kerberos['keytab'] = nil if Settings.kerberos['keytab'].blank? # nil means use default keytab + Settings.kerberos['service_principal_name'] = nil if Settings.kerberos['service_principal_name'].blank? # nil means any SPN in keytab + Settings.kerberos['use_dedicated_port'] = false if Settings.kerberos['use_dedicated_port'].nil? + Settings.kerberos['https'] = Settings.gitlab.https if Settings.kerberos['https'].nil? + Settings.kerberos['port'] ||= Settings.kerberos.https ? 8443 : 8088 + + if Settings.kerberos['enabled'] && !Settings.omniauth.providers.map(&:name).include?('kerberos_spnego') + Settings.omniauth.providers << Settingslogic.new({ 'name' => 'kerberos_spnego' }) + end +end + +# # Extra customization # Settings['extra'] ||= Settingslogic.new({}) |