delete custom config file for the entrypoint logic

Reviewed-on: #4

.drone.yml

@@ -32,7 +32,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag

.env.sample

@@ -3,7 +3,7 @@ TYPE=gitlab
 DOMAIN=gitlab.example.com
 
 REGISTRY_DOMAIN=registry.gitlab.example.com
-# The Gitlab Pages domain must not be a subdomain of the main Gitlab domain
+# The GitLab Pages domain must not be a subdomain of the main GitLab domain
 PAGES_DOMAIN=pages.example.com
 
 # Prevent public signups
@@ -12,17 +12,17 @@ POST_DEPLOY_CMDS=disable_signups
 ## Domain aliases
 EXTRA_DOMAINS=", `$REGISTRY_DOMAIN`, `$PAGES_DOMAIN`"
 
+GITLAB_SSH_PORT=2222
 LETS_ENCRYPT_ENV=production
 
-GITLAB_CONF_VERSION=v1
-ENTRYPOINT_VERSION=v1
-
 GITLAB_ROOT_EMAIL="gitlab_admin@example.com"
 SECRET_INITIAL_ROOT_PASSWORD_VERSION=v1
 SECRET_RUNNER_TOKEN_VERSION=v1
+SECRET_REGISTRATION_TOKEN_VERSION=v1
 
 SSO=false
 ## Authentik Configuration
+
 # SSO=true
 # ORG_NAME="My Organization"
 # SSO_PROVIDER_URL="https://authentik.mydomain.com/application/o/gitlab/"

README.md

@@ -1,6 +1,6 @@
 # gitlab
 
-> GitLab server, using GitLab omnibus
+> A git, CI/CD, and project management platform using GitLab omnibus
 
 <!-- metadata -->
 
@@ -28,6 +28,17 @@
 
 GitLab is configured to accept ssh:// git connections on the non-standard port 2222. This is because by default the Coop Cloud host server also must accept SSH connections for server management, so port 22 is already occupied and can't be used by GitLab.
 
+To allow Traefik to accept connections on port 2222, edit the configuration of your Traefik app:
+`abra app config traefik.yourserver.com`
+Uncomment the following section:
+```
+COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
+GITEA_SSH_ENABLED=1
+```
+Redeploy Traefik
+`abra app undeploy traefik.yourserver.com`
+`abra app deploy traefik.yourserver.com`
+
 To configure your local git client to use the non-standard port by default, modify your local client's ~/.ssh/config file to include the following:
 ```
 Host: git.yourserver.org
@@ -35,6 +46,21 @@ Host: git.yourserver.org
   Port 2222
 ```
 
+## Management Commands
+The following commands for managing GitLab are available by running `abra app command <your gitlab app> app <command>`
+
+`disable_basic_login` - Disables standard email/password based login to the server (for example, to allow only SSO login)
+
+`enable_basic_login` - Re-enables standard email/password based login (enabled by default)
+
+`disable_signups` - Prevents public signups to create accounts on the server
+
+`enable_signups` - Re-enables public signups (signups are enabled by default)
+
+`run_rails_command` - Run a command on GitLab's rails console. For more information: https://docs.gitlab.com/ee/administration/operations/rails_console.html
+
+`reconfigure` - Reload the GitLab configuration (usually necessary after using `run_rails_command`)
+
 ## SSO Configuration
 
 - Create a Provider and Application in Authentik: https://docs.goauthentik.io/integrations/services/gitlab/#openid-connect-auth

abra.sh

@@ -1,4 +1,8 @@
 #!/bin/bash
+GITLAB_CONF_VERSION=v1
+ENTRYPOINT_VERSION=v1
+RUNNER_ENTRYPOINT_VERSION=v1
+RUNNER_CONF_VERSION=v1
 
 run_rails_command() {
     su -p root -s /bin/sh -c "gitlab-rails runner '$@'"
@@ -27,3 +31,9 @@ enable_signups () {
     run_rails_command 'Gitlab::CurrentSettings.update!(signup_enabled: true)'
     reconfigure
 }
+
+register_runner() {
+    RUNNER_TOKEN="$1"
+
+    gitlab-runner register --non-interactive --url "https://$CI_SERVER_URL" --token "$RUNNER_TOKEN" --executor "docker"
+}

compose.runner.yml

@@ -0,0 +1,83 @@
+---
+version: "3.8"
+
+services:
+  runner:
+    image: registry.gitlab.com/gitlab-org/gitlab-runner:alpine
+    depends_on:
+      - dind
+    environment:
+      - CI_SERVER_URL=${DOMAIN}
+      - DOCKER_HOST=tcp://socket-proxy:2375
+      - RUNNER_TIMEOUT
+      - RUNNER_CONCURENCY
+    configs:
+      - source: runner_conf
+        target: /etc/gitlab-runner/config.toml
+      - source: entrypoint
+        target: /custom-entrypoint.sh
+        mode: 0555
+    volumes:
+      - "runnner_config:/etc/gitlab-runner"
+    networks:
+      - internal
+    deploy:
+      restart_policy:
+        condition: on-failure
+    entrypoint: /custom-entrypoint.sh
+
+  socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:3.2.6
+    environment:
+      - PROXY_READ_TIMEOUT=5000
+      - ALLOW_START=1
+      - ALLOW_STOP=1
+      - ALLOW_RESTARTS=1
+      - AUTH=1
+      - BUILD=1
+      - COMMIT=1
+      - CONFIGS=1
+      - CONTAINERS=1
+      - DISABLE_IPV6=0
+      - DISTRIBUTION=0
+      - EVENTS=1
+      - EXEC=1
+      - IMAGES=1
+      - INFO=1
+      - NETWORKS=1
+      - NODES=1
+      - PING=1
+      - POST=1
+      - PLUGINS=1
+      - SECRETS=1
+      - SERVICES=1
+      - SESSION=1
+      - SWARM=1
+      - SYSTEM=1
+      - TASKS=1
+      - VERSION=1
+      - VOLUMES=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - internal
+    ports:
+      - "2375:2375"
+
+volumes:
+  runnner_config:
+
+secrets:
+  registration_token:
+    name: ${STACK_NAME}_registration_token_${SECRET_REGISTRATION_TOKEN_VERSION}
+    external: true
+
+configs:
+  runner_conf:
+    name: ${STACK_NAME}_runner_config_${RUNNER_CONF_VERSION}
+    file: runner-config.toml.tmpl
+    template_driver: golang
+  entrypoint:
+    name: ${STACK_NAME}_runner_entrypoint_${RUNNER_ENTRYPOINT_VERSION}
+    file: runner-entrypoint.sh.tmpl
+    template_driver: golang

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: 'gitlab/gitlab-ce:17.7.0-ce.0'
+    image: 'gitlab/gitlab-ce:18.3.0-ce.0'
     networks:
       - proxy
       - internal
@@ -13,8 +13,6 @@ services:
       - source: entrypoint
         target: /entrypoint.sh
         mode: 0555
-    ports:
-      - '0.0.0.0:2222:2222'
     entrypoint:
       /entrypoint.sh
     volumes:
@@ -30,14 +28,13 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        ## Redirect from EXTRA_DOMAINS to DOMAIN
-        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
-        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+        - "traefik.tcp.routers.${STACK_NAME}-ssh.rule=HostSNI(`*`)"
+        - "traefik.tcp.routers.${STACK_NAME}-ssh.entrypoints=gitea-ssh"
+        - "traefik.tcp.services.${STACK_NAME}-ssh.loadbalancer.server.port=${GITLAB_SSH_PORT}"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/etc/gitlab/,/var/log/gitlab/,/var/opt/gitlab/"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-240}"
-        - "coop-cloud.${STACK_NAME}.version=0.1.1+17.7.0-ce.0"
+        - "coop-cloud.${STACK_NAME}.version=0.2.2+18.3.0-ce.0"
     secrets:
       - initial_root_password
       - runner_token

entrypoint.sh.tmpl

@@ -6,4 +6,4 @@ echo "Copying custom Gitlab config to /etc/gitlab/"
 cp /gitlab.rb /etc/gitlab/gitlab.rb
 
 echo "Entrypoint finished, launching Gitlab"
-exec "/assets/wrapper"
+exec "/assets/init-container"

gitlab.rb.tmpl

@@ -678,7 +678,7 @@ gitlab_rails['omniauth_providers'] = [
 # high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]
 
 ### GitLab Shell settings for GitLab
-# gitlab_rails['gitlab_shell_ssh_port'] = 22
+gitlab_rails['gitlab_shell_ssh_port'] = {{ env "GITLAB_SSH_PORT" }}
 # gitlab_rails['gitlab_shell_git_timeout'] = 800
 
 ### Enable gitlab-sshd on a different port than OpenSSH

release/0.1.3+17.7.3-ce.0

@@ -0,0 +1 @@
+Fixes bug where GITLAB_SSH_PORT was not set in the Gitlab config

release/0.2.0+18.2.4-ce.0

@@ -0,0 +1 @@
+Starting with 18.0, GitLab will collect event-level product usage data from Self-Managed and Dedicated instances — while ensuring privacy, transparency, and customer control. GitLab administrators can turn off the data collection toggle before any data is collected in version 18.0. For more information about this change and how you can opt out, see the documentation: https://docs.gitlab.com/17.11/administration/settings/event_data/

runner-entrypoint.sh.tmpl

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+while [ ! -s /etc/gitlab-runner/config.toml ]
+do
+  echo "The runner was not registered yet. Next try in 5 seconds."
+  sleep 5
+done
+