ChristianLempa_Boilerplates/library/compose/gitlab/template.yaml

kind: compose
metadata:
  name: GitLab
  description: 'A **complete DevOps platform** that provides Git repository management,
    CI/CD pipelines,

    issue tracking, and container registry in a single application.

    ## Prerequisites

    - ...

    **Performance Presets**:

    - `homelab`: Optimized for low-resource environments (limited workers, reduced
    PostgreSQL buffers)

    - `default`: Standard server configuration for production use

    **External URL**:

    - Set to your public domain (e.g., `https://gitlab.example.com`) for proper clone
    URLs

    - Affects SSH clone URLs and web links in emails/notifications

    **Container Registry**:

    - Enable if you need private Docker image hosting

    - Requires separate external URL (e.g., `https://registry.example.com`)

    ## Resources

    - **Project**: https://about.gitlab.com/

    - **Documentation**: https://docs.gitlab.com/

    - **Community**: https://forum.gitlab.com/'
  icon:
    provider: selfh
    id: gitlab
  version: 18.8.4-ce.0
  author: Christian Lempa
  date: '2026-02-10'
  tags:
  - traefik
  next_steps: "## Post-Installation Steps\n1. **Start GitLab**:\n  ```bash\n  docker\
    \ compose up -d\n  ```\n2. **Wait for\\\n  \\ initialization** (2-5 minutes):\n\
    \    ```bash\n    docker compose logs -f gitlab\n    ```\n    Wait for message:\
    \ `gitlab\\\n  \\ Reconfigured!`\n  3. **Access the web interface**:\n    {% if\
    \ traefik_enabled -%}\n    - Via Traefik: https://{{ traefik_host\\\n  \\ }}\n\
    \    {% if not traefik_enabled and network_mode == 'bridge' %}- Direct access:\
    \ http://localhost:{{ ports_http }}{%\\\n  \\ endif %}\n    {%- else -%}\n   \
    \ - Open {{ external_url }} in your browser\n    {% if network_mode == 'bridge'\
    \ %}- Or: http://localhost:{{\\\n  \\ ports_http }}{% endif %}\n    {%- endif\
    \ %}\n  4. **Initial login credentials**:\n    - **Username**: `root`\n    - **Password**:\\\
    \n  \\ `{{ root_password }}`\n    > **Important**: This password only works on\
    \ FIRST initialization.\n    > Change it immediately\\\n  \\ after first login\
    \ via GitLab's web interface!\n  5. **Configure SSH** (optional):\n    - SSH clone\
    \ URLs will use port `{{\\\n  \\ ports_ssh }}`\n    - Update your Git remote if\
    \ needed\n  ## Additional Resources\n  - Documentation: https://docs.gitlab.com/\n\
    \  \\\n  - GitLab Runner: https://docs.gitlab.com/runner/"
schema: '1.2'
spec:
  general:
    vars:
      service_name:
        type: str
        description: Docker service name
        default: gitlab
      external_url:
        type: str
        description: External URL for GitLab
        default: http://localhost
      root_email:
        type: str
        description: Initial root user email address
        default: admin@example.com
      root_password:
        type: str
        description: Initial root user password (only used on first initialization)
        sensitive: true
        autogenerated: true
        extra: 'Leave empty to auto-generate. WARNING: Only sets password on FIRST
          startup!'
      default_theme:
        type: int
        description: Default GitLab UI theme (2 = dark mode)
        default: 2
        extra: 1 = Indigo, 2 = Dark, 3 = Light, 4 = Blue, 5 = Green
      default_color_mode:
        type: int
        description: Default color mode (2 = dark mode)
        default: 2
        extra: 1 = Light, 2 = Dark
      disable_usage_data:
        type: bool
        description: Disable product usage metrics upload to GitLab
        default: true
      restart_policy:
        type: enum
        options:
        - unless-stopped
        - always
        - on-failure
        - 'no'
        default: unless-stopped
        required: true
  advanced:
    title: Advanced Settings
    description: Performance tuning and advanced configuration options
    vars:
      performance_preset:
        type: enum
        description: Performance optimization profile
        options:
        - homelab
        - default
        default: homelab
        extra: homelab is optimized for low-resource environments, default is for
          standard servers
      prometheus_enabled:
        type: bool
        description: Enable Prometheus monitoring
        default: false
        extra: Disabling saves ~200-400MB RAM. GitLab UI metrics will be unavailable.
    toggle: prometheus_enabled
  ports:
    vars:
      ports_http:
        default: 80
      ports_ssh:
        default: 2424
      ports_registry:
        type: int
        description: Container Registry port
        default: 5000
  registry:
    description: GitLab Container Registry configuration
    toggle: registry_enabled
    vars:
      registry_enabled:
        type: bool
        description: Enable GitLab Container Registry
        default: false
      registry_external_url:
        type: str
        description: External URL for Container Registry
        default: http://localhost:5000
  traefik:
    vars:
      traefik_host:
        default: gitlab.home.arpa
      traefik_registry_host:
        needs:
        - registry_enabled=true
        default: registry.home.arpa
        type: str
        description: Hostname for Container Registry in Traefik (if enabled)
      traefik_network:
        default: traefik
        type: str
        required: true
      traefik_domain:
        default: home.arpa
        type: str
        required: true
      traefik_enabled:
        type: bool
        default: false
        description: Enable Traefik integration
    toggle: traefik_enabled
    title: Traefik
    description: Configure Traefik reverse proxy integration
  traefik_tls:
    vars:
      traefik_tls_certresolver:
        type: str
        default: cloudflare
        required: true
      traefik_tls_enabled:
        type: bool
        default: false
        description: Enable Traefik TLS
    toggle: traefik_tls_enabled
    title: Traefik TLS
    description: Configure Traefik TLS/SSL certificates
    needs: traefik
  email:
    toggle: email_enabled
    vars:
      email_enabled:
        type: bool
        default: false
        description: Enable email server configuration
      email_host:
        type: str
        default: ''
        description: SMTP server hostname
      email_port:
        type: int
        default: 587
        description: SMTP server port
      email_username:
        type: str
        default: ''
        description: SMTP username
      email_password:
        type: str
        sensitive: true
        default: ''
        description: SMTP password
      email_from:
        type: str
        default: ''
        description: From email address
      email_use_tls:
        type: bool
        default: true
        description: Use TLS encryption
      email_use_ssl:
        type: bool
        default: false
        description: Use SSL encryption
  authentik:
    toggle: authentik_enabled
    vars:
      authentik_enabled:
        type: bool
        default: false
        description: Enable Authentik SSO integration
      authentik_url:
        type: str
        default: https://auth.home.arpa
        description: Authentik base URL (e.g., https://auth.example.com)
      authentik_slug:
        type: str
        default: gitlab
        description: Authentik application slug
      authentik_client_id:
        type: str
        default: ''
        description: OAuth client ID from Authentik provider
      authentik_client_secret:
        type: str
        sensitive: true
        default: ''
        description: OAuth client secret from Authentik provider