Add SSL support for gitlab

saw-leipzig · Mar 11, 2017 · 07ab00b · 07ab00b
1 parent a537bcb
commit 07ab00b
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 0 deletions.
diff --git a/gitlab/defaults.yaml b/gitlab/defaults.yaml
@@ -5,3 +5,6 @@ gitlab:
     pidfile: /var/run/gitsshd.pid
     user: git
     port: 22448
+  pki:
+    certificate_file: /etc/gitlab/ssl.crt
+    key_file: /etc/gitlab/ssl.key
diff --git a/gitlab/files/file_template b/gitlab/files/file_template
@@ -0,0 +1 @@
+{{ content }}
diff --git a/gitlab/init.sls b/gitlab/init.sls
@@ -63,6 +63,26 @@ mattermost-url:
       - pkg: gitlab
 {% endif %}
 
+{% if 'pki' in gitlab %}
+gitlab-ssl-cert:
+  file.managed:
+    - name: {{ gitlab.pki.certificate_file }}
+    - mode: 600
+    - source: salt://gitlab/files/file_template
+    - template: jinja
+    - context:
+        content: {{ gitlab.pki.certificate|yaml_encode }}
+
+gitlab-ssl-key:
+  file.managed:
+    - name: {{ gitlab.pki.key_file }}
+    - mode: 600
+    - source: salt://gitlab/files/file_template
+    - template: jinja
+    - context:
+        content: {{ gitlab.pki.key|yaml_encode }}
+{% endif %}
+
 gitlab-config:
   file.blockreplace:
     - name: {{ gitlab.config_file }}

diff --git a/pillar.example b/pillar.example
@@ -14,3 +14,13 @@ gitlab:
           "app_secret" => "example_app_secret",
           "args" => { "access_type" => "offline", "approval_prompt" => "" }
         }]
+  pki:
+    certificate: |
+      -----BEGIN CERTIFICATE-----
+      ..
+      -----END CERTIFICATE-----
+    key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      ...
+      -----END RSA PRIVATE KEY-----
+