services: {{ service_name }}: image: docker.io/gitlab/gitlab-ce:18.5.1-ce.0 {% if not swarm_enabled %} restart: {{ restart_policy }} container_name: {{ container_name }} {% endif %} hostname: {{ container_hostname }} shm_size: '256m' {% if network_mode == 'host' %} network_mode: host {% else %} networks: {% if traefik_enabled %} {{ traefik_network }}: {% endif %} {% if network_mode == 'macvlan' %} {{ network_name }}: ipv4_address: {{ network_macvlan_ipv4_address }} {% elif network_mode == 'bridge' %} {{ network_name }}: {% endif %} {% endif %} env_file: - ./.env {% if swarm_enabled %} configs: - source: gitlab_config target: /etc/gitlab/gitlab.rb {% endif %} {% if network_mode == 'bridge' %} ports: {% if not traefik_enabled %} {% if swarm_enabled %} - target: 80 published: {{ ports_http }} protocol: tcp mode: host {% else %} - "{{ ports_http }}:80" {% endif %} {% endif %} - "{{ ports_ssh }}:22" {% if registry_enabled %} - "{{ ports_registry }}:5000" {% endif %} {% endif %} volumes: {% if not swarm_enabled %} - ./config/gitlab.rb:/etc/gitlab/gitlab.rb:ro {% endif %} {% if volume_mode == 'mount' %} - {{ volume_mount_path }}/config:/etc/gitlab - {{ volume_mount_path }}/logs:/var/log/gitlab - {{ volume_mount_path }}/data:/var/opt/gitlab {% else %} - gitlab-config:/etc/gitlab - gitlab-logs:/var/log/gitlab - gitlab-data:/var/opt/gitlab {% endif %} {% if traefik_enabled and not swarm_enabled %} labels: - traefik.enable=true - traefik.docker.network={{ traefik_network }} - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=80 - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }} {% if traefik_tls_enabled %} - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }} - traefik.http.routers.{{ service_name }}-https.tls=true - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }} {% endif %} {% if registry_enabled %} - traefik.http.services.{{ service_name }}-registry.loadBalancer.server.port=5000 - traefik.http.routers.{{ service_name }}-registry-http.service={{ service_name }}-registry - traefik.http.routers.{{ service_name }}-registry-http.rule=Host(`{{ traefik_registry_host }}`) - traefik.http.routers.{{ service_name }}-registry-http.entrypoints={{ traefik_entrypoint }} {% if traefik_tls_enabled %} - traefik.http.routers.{{ service_name }}-registry-https.service={{ service_name }}-registry - traefik.http.routers.{{ service_name }}-registry-https.rule=Host(`{{ traefik_registry_host }}`) - traefik.http.routers.{{ service_name }}-registry-https.entrypoints={{ traefik_tls_entrypoint }} - traefik.http.routers.{{ service_name }}-registry-https.tls=true - traefik.http.routers.{{ service_name }}-registry-https.tls.certresolver={{ traefik_tls_certresolver }} {% endif %} {% endif %} {% endif %} {% if swarm_enabled %} secrets: - source: {{ gitlab_root_password_secret_name }} target: /run/secrets/gitlab_root_password mode: 0400 {% if registry_enabled %} - source: {{ gitlab_registry_secret_name }} target: /run/secrets/gitlab_registry_secret mode: 0400 {% endif %} deploy: mode: {{ swarm_placement_mode }} {% if swarm_placement_mode == 'replicated' %} replicas: {{ swarm_replicas }} {% endif %} {% if swarm_placement_host %} placement: constraints: - node.hostname == {{ swarm_placement_host }} {% endif %} restart_policy: condition: on-failure {% if resources_enabled %} resources: limits: cpus: '{{ resources_cpu_limit }}' memory: {{ resources_memory_limit }} {% if swarm_enabled %} reservations: cpus: '{{ resources_cpu_reservation }}' memory: {{ resources_memory_reservation }} {% endif %} {% endif %} {% if swarm_enabled and traefik_enabled %} labels: - traefik.enable=true - traefik.docker.network={{ traefik_network }} - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=80 - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }} {% if traefik_tls_enabled %} - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`) - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }} - traefik.http.routers.{{ service_name }}-https.tls=true - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }} {% endif %} {% if registry_enabled %} - traefik.http.services.{{ service_name }}-registry.loadBalancer.server.port=5000 - traefik.http.routers.{{ service_name }}-registry-http.service={{ service_name }}-registry - traefik.http.routers.{{ service_name }}-registry-http.rule=Host(`{{ traefik_registry_host }}`) - traefik.http.routers.{{ service_name }}-registry-http.entrypoints={{ traefik_entrypoint }} {% if traefik_tls_enabled %} - traefik.http.routers.{{ service_name }}-registry-https.service={{ service_name }}-registry - traefik.http.routers.{{ service_name }}-registry-https.rule=Host(`{{ traefik_registry_host }}`) - traefik.http.routers.{{ service_name }}-registry-https.entrypoints={{ traefik_tls_entrypoint }} - traefik.http.routers.{{ service_name }}-registry-https.tls=true - traefik.http.routers.{{ service_name }}-registry-https.tls.certresolver={{ traefik_tls_certresolver }} {% endif %} {% endif %} {% endif %} {% endif %} {% if volume_mode == 'local' %} volumes: gitlab-config: driver: local gitlab-logs: driver: local gitlab-data: driver: local {% elif volume_mode == 'nfs' %} volumes: gitlab-config: driver: local driver_opts: type: nfs o: addr={{ volume_nfs_server }},{{ volume_nfs_options }} device: ":{{ volume_nfs_path }}/config" gitlab-logs: driver: local driver_opts: type: nfs o: addr={{ volume_nfs_server }},{{ volume_nfs_options }} device: ":{{ volume_nfs_path }}/logs" gitlab-data: driver: local driver_opts: type: nfs o: addr={{ volume_nfs_server }},{{ volume_nfs_options }} device: ":{{ volume_nfs_path }}/data" {% endif %} {% if swarm_enabled %} configs: gitlab_config: file: ./config/gitlab.rb secrets: {{ gitlab_root_password_secret_name }}: file: ./.env.secret {% if registry_enabled %} {{ gitlab_registry_secret_name }}: file: ./.env.registry.secret {% endif %} {% endif %} {% if network_mode != 'host' %} networks: {{ network_name }}: {% if network_external %} external: true {% else %} {% if network_mode == 'macvlan' %} driver: macvlan driver_opts: parent: {{ network_macvlan_parent_interface }} ipam: config: - subnet: {{ network_macvlan_subnet }} gateway: {{ network_macvlan_gateway }} name: {{ network_name }} {% elif swarm_enabled %} driver: overlay attachable: true {% else %} driver: bridge {% endif %} {% endif %} {% if traefik_enabled %} {{ traefik_network }}: external: true {% endif %} {% endif %}