gitlab/gitlab-shell-config.yml: Slapos'ify it

Convert gitlab-shell configuration file to slapos:

    - convert to jinja2,
    - connect gitlab-shell to unicorn & redis unix sockets

NOTE

    - http_settings are left to be default (empty) ones - as that works ok.
    - `auth_file` is still configured to point to wont-be-used sshkeys
      file, as without it gitlab-shell check will fail.
    - support for audit_usernames and git_annex is disabled and
      remains not configurable.

/cc @kazuhiko, @jerome

software/gitlab/instance-gitlab.cfg.in

@@ -164,6 +164,13 @@ context-extra =
 <= etc-template
 template= {{ gitlab_shell_config_yml_in }}
 rendered= ${gitlab-shell:etc}/config.yml
+context-extra =
+    import  urllib                  urllib
+    section gitlab                  gitlab
+    section gitlab_shell            gitlab-shell
+    section unicorn                 unicorn
+    section service_redis           service-redis
+    raw     redis_binprefix         {{ redis_binprefix }}
 
 [gitlab.yml]
 <= gitlab-etc-template

software/gitlab/template/gitlab-shell-config.yml.in

@@ -5,13 +5,15 @@
 # (last updated for omnibus-gitlab 8.2.3+ce.0-0-g8eda093)
 
 # GitLab user. git by default
-user: <%= @user %>
+user: {{ backend_info.user }}
 
 # Url to gitlab instance. Used for api calls. Should end with a slash.
-gitlab_url: "<%= @api_url %>"
+gitlab_url: "http+unix://{{ urllib.quote_plus(unicorn.socket) }}/"
 
 http_settings:
+{# we don't need any
   <%= @http_settings.to_json if @http_settings %>
+#}
 #  user: someone
 #  password: somepass
 #  ca_file: /etc/ssl/cert.pem
@@ -22,36 +24,37 @@ http_settings:
 # Give the canonicalized absolute pathname,
 # REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
 # Check twice that none of the components is a symlink, including "/home".
-repos_path: "<%= @repositories_path %>"
+repos_path: "{{ gitlab.repositories }}"
 
 # File used as authorized_keys for gitlab user
-auth_file: "<%= @authorized_keys %>"
+# NOTE not used in slapos version (all access via https only)
+auth_file: "{{ gitlab.var }}/sshkeys-notused"
 
 # Redis settings used for pushing commit notices to gitlab
 redis:
-  bin: /opt/gitlab/embedded/bin/redis-cli
-  host: <%= @redis_host %>
-  port: <%= @redis_port %>
-<% if @redis_socket %>
-  socket: <%= @redis_socket %>
-<% end %>
+  bin: {{ redis_binprefix }}/redis-cli
+  host: {# <%= @redis_host %> #}
+  port: {# <%= @redis_port %> #}
+  socket: {{ service_redis.unixsocket }}
+{# we don't use password for redis
 <% if @redis_password %>
   pass: <%= @redis_password %>
 <% end %>
-  database: <%= @redis_database %>
+#}
+  database: {# <%= @redis_database %> #}
   namespace: resque:gitlab
 
 # Log file.
 # Default is gitlab-shell.log in the root directory.
-log_file: "<%= @log_file %>"
+log_file: "{{ gitlab_shell.log }}/gitlab-shell.log"
 
 # Log level. INFO by default
-log_level: <%= @log_level %>
+log_level:
 
 # Audit usernames.
 # Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
 # incurs an extra API call on every gitlab-shell command.
-audit_usernames: <%= @audit_usernames %>
+audit_usernames:
 
 # Enable git-annex support
 # git-annex allows managing files with git, without checking the file contents into git
@@ -59,4 +62,4 @@ audit_usernames: <%= @audit_usernames %>
 # If enabled, git-annex needs to be installed on the server where gitlab-shell is setup
 # For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex
 # For CentOS: sudo yum install epel-release && sudo yum install git-annex
-git_annex_enabled: <%= @git_annex_enabled %>
+git_annex_enabled: