settings.yaml 4.76 KB
Newer Older
1
2
3
# Settings for primary Wikimedia production GitLab instance, gitlab1001,
# at https://gitlab.wikimedia.org/
#
4
5
6
7
# Settings reference: https://docs.gitlab.com/ce/api/settings.html
#
# True / false values here should be booleans - necessary type juggling to turn
# these into strings for the API is handled in the script.
8
9
10
#
# Settings not modeled here:
#
11
12
13
#   - Accept Let's Encrypt ToS: Admin Area, Settings, Preferences, Pages, I have
#     read and agree to the Let's Encrypt Terms of Service: checked

14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Disable public sign up: Admin Area, Settings, General, Sign-up restrictions,
# Sign-up enabled: unchecked
signup_enabled: false

# Set up logout redirection: Admin Area, Settings, General, Sign-in
# restrictions, After sign-out path: https://<IDP server>/logout, where <IDP
# server> is the base URL of the CAS server, like idp.wmcloud.org or
# idp.wikimedia.org
after_sign_out_path: "https://idp.wikimedia.org/logout"

# Set up private commit emails hostname: Admin Area, Settings, Preferences,
# Email, Custom hostname (for private commit emails):
# users.noreply.<gitlab.domain>, where <gitlab domain> is the base URL of the
# GitLab server, like gitlab.wikimedia.org
commit_email_hostname: "users.noreply.gitlab.wikimedia.org"

# Set up Password authentication: Admin Area, Settings, Sign-in restrictions,
# Password authentication enabled for web interface: unchecked
password_authentication_enabled_for_web: false

# Set up Git over https Password authentication: Admin Area, Settings, Sign-in
# restrictions, Password authentication enabled for Git over HTTP(S): unchecked
password_authentication_enabled_for_git: false

# Disable third party offers: Admin Area, Settings, General, Third party
# offers, Do not display offers from third parties within GitLab: checked
hide_third_party_offers: true

# Default branch name: Admin Area, Settings, Repository, Default initial branch name: set to main
default_branch_name: "main"

# Restrict unauthenticated requests: Admin Area, Settings, Network, User and IP
# Rate Limits, Enable unauthenticated request rate limit: checked
throttle_unauthenticated_enabled: false
throttle_unauthenticated_period_in_seconds: 3600
throttle_unauthenticated_requests_per_period: 3600

# Restrict outbound requests: Admin Area, Settings, Network, Outbound requests,
# Allow requests to the local network from web hooks and services: unchecked
allow_local_requests_from_hooks_and_services: false

# Restrict outbound requests: Admin Area, Settings, Network, Outbound requests,
# Allow requests to the local network from system hooks: unchecked
allow_local_requests_from_system_hooks: false

# Restrict protected paths: Admin Area, Settings, Network, Protected Paths,
# Enable protected paths rate limit: checked
throttle_protected_paths_enabled: true

# Enable Prometheus metrics: Admin Area, Settings, Metrics and profiling,
# Metrics - Prometheus, Enable Prometheus Metrics: checked
prometheus_metrics_enabled: true

# Disable Auto DevOps pipeline: Admin Area, Settings, CI/CD, Continuous
# Integration and Deployment, Default to Auto DevOps pipeline for all projects:
# unchecked
auto_devops_enabled: false

# Set abuse reports email: Admin Area, Settings, Reporting, Abuse reports,
# Abuse reports notification email: set to external abuse reports email
abuse_notification_email: "bbearnes@wikimedia.org"

# Set up RSA SSH keys: Admin Area, Settings, General, Visibility and access
# controls, RSA SSH keys: select must be at least 2048 bits
rsa_key_restriction: 2048

# Forbid DSA SSH keys: Admin Area, Settings, General, Visibility and access
# controls, DSA SSH keys: select are forbidden
dsa_key_restriction: -1

# Disable being OAuth provider: Admin Area, Settings, General, Account and
# limit, Allow users to register any application to use GitLab as an OAuth
# provider: unchecked
user_oauth_applications: false

# Turn off Gravatar for privacy / data exfiltration reasons:
# Admin Area, Settings, Account and Limit, Gravatar enabled unchecked
gravatar_enabled: false

93
94
95
96
# Set /explore as the default landing page for non-signed-in users - a better
# experience than being immediately sent to a login form:
home_page_url: "https://gitlab.wikimedia.org/explore"

97
98
99
100
101
# Restrict available visibility levels for new projection creation to public:
restricted_visibility_levels:
  - internal
  - private

102
103
104
105
106
# Set default project & group visibility to public:
# Admin area, Settings, Visibility and access controls
default_project_visibility: "public"
default_group_visibility: "public"

107
# Limit users to 250 projects by default:
Brennen Bearnes's avatar
Brennen Bearnes committed
108
default_projects_limit: 250
109

110
111
112
113
114
115
116
117
118
119
120
121
122
123
# List of accepted import sources: Admin Area, Settings, General, Visibility
# and access controls, Import sources:
import_sources:
  - github
  - bitbucket
  - bitbucket_server
  - gitlab
  - google_code
  - fogbugz
  - git
  - gitlab_project
  - gitea
  - manifest
  - phabricator