gitlab: Import gitlab-ce & gitlab-shell configs from omnibus-gitlab

Pristine import of template configuration files from omnibus GitLab package. All files were imported as-is in their ERB form and filenames from omnibus-gitlab 8.2.3+ce.0-0-g8eda093 from here: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/8eda093/files/gitlab-cookbooks/gitlab/templates/default We will convert the templates to jinja2 and adjust them to slapos version in the following patches. Scheme for synchronizing with future upstream changes is envisioned as this: - checkout latest commit which updated pristine erb files - copy updated files from omnibus-gitlab, and commit the updates - checkout slapos master - merge commit that updated erb That should reasonably work with not too-many conflicts and even those should be not hard to resolve (with `git mergetool` e.g. in kdiff3) /cc @kazuhiko, @jerome

gitlab: Import gitlab-ce & gitlab-shell configs from omnibus-gitlab
Pristine import of template configuration files from omnibus GitLab package. All files were imported as-is in their ERB form and filenames from omnibus-gitlab 8.2.3+ce.0-0-g8eda093 from here: https://gitlab.com/gitlab-org/omnibus-gitlab/tree/8eda093/files/gitlab-cookbooks/gitlab/templates/default We will convert the templates to jinja2 and adjust them to slapos version in the following patches. Scheme for synchronizing with future upstream changes is envisioned as this: - checkout latest commit which updated pristine erb files - copy updated files from omnibus-gitlab, and commit the updates - checkout slapos master - merge commit that updated erb That should reasonably work with not too-many conflicts and even those should be not hard to resolve (with `git mergetool` e.g. in kdiff3) /cc @kazuhiko, @jerome
6fd7b987 · Kirill Smelkov · 2ddc5b0c · 6fd7b987 · 6fd7b987 · 6fd7b987
Commit 6fd7b987 authored Jan 07, 2016 by Kirill Smelkov
8 changed files
--- a/software/gitlab/template/database.yml.erb
+++ b/software/gitlab/template/database.yml.erb
+# This file is managed by gitlab-ctl. Manual changes will be
+# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
+# and run `sudo gitlab-ctl reconfigure`.
+
+production:
+  adapter: <%= @db_adapter %>
+  encoding: <%= @db_encoding %>
+  collation: <%= @db_collation %>
+  database: <%= @db_database %>
+  pool: <%= @db_pool %>
+  username: <%= single_quote(@db_username) %>
+  password: <%= single_quote(@db_password) %>
+  host: <%= single_quote(@db_host) %>
+  port: <%= @db_port %>
+  socket: <%= single_quote(@db_socket) %>
+  sslmode: <%= single_quote(@db_sslmode) %>
+  sslrootcert: <%= single_quote(@db_sslrootcert) %>
--- a/software/gitlab/template/gitlab-rails-config.ru.erb
+++ b/software/gitlab/template/gitlab-rails-config.ru.erb
+# This file is used by Rack-based servers to start the application.
+
+if defined?(Unicorn)
+  require 'unicorn'
+
+  if ENV['RAILS_ENV'] == 'production' || ENV['RAILS_ENV'] == 'staging'
+    # Unicorn self-process killer
+    require 'unicorn/worker_killer'
+
+    # Max memory size (RSS) per worker
+    use Unicorn::WorkerKiller::Oom, (<%= @worker_memory_limit_min %>), (<%= @worker_memory_limit_max %>)
+  end
+end
+
+require ::File.expand_path('../config/environment',  __FILE__)
+
+map ENV['RAILS_RELATIVE_URL_ROOT'] || "/" do
+  run Gitlab::Application
+end
--- a/software/gitlab/template/gitlab-shell-config.yml.erb
+++ b/software/gitlab/template/gitlab-shell-config.yml.erb
+# This file is managed by gitlab-ctl. Manual changes will be
+# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
+# and run `sudo gitlab-ctl reconfigure`.
+
+# GitLab user. git by default
+user: <%= @user %>
+
+# Url to gitlab instance. Used for api calls. Should end with a slash.
+gitlab_url: "<%= @api_url %>"
+
+http_settings:
+  <%= @http_settings.to_json if @http_settings %>
+#  user: someone
+#  password: somepass
+#  ca_file: /etc/ssl/cert.pem
+#  ca_path: /etc/pki/tls/certs
+#  self_signed_cert: false
+
+# Repositories path
+# Give the canonicalized absolute pathname,
+# REPOS_PATH MUST NOT CONTAIN ANY SYMLINK!!!
+# Check twice that none of the components is a symlink, including "/home".
+repos_path: "<%= @repositories_path %>"
+
+# File used as authorized_keys for gitlab user
+auth_file: "<%= @authorized_keys %>"
+
+# Redis settings used for pushing commit notices to gitlab
+redis:
+  bin: /opt/gitlab/embedded/bin/redis-cli
+  host: <%= @redis_host %>
+  port: <%= @redis_port %>
+<% if @redis_socket %>
+  socket: <%= @redis_socket %>
+<% end %>
+<% if @redis_password %>
+  pass: <%= @redis_password %>
+<% end %>
+  database: <%= @redis_database %>
+  namespace: resque:gitlab
+
+# Log file.
+# Default is gitlab-shell.log in the root directory.
+log_file: "<%= @log_file %>"
+
+# Log level. INFO by default
+log_level: <%= @log_level %>
+
+# Audit usernames.
+# Set to true to see real usernames in the logs instead of key ids, which is easier to follow, but
+# incurs an extra API call on every gitlab-shell command.
+audit_usernames: <%= @audit_usernames %>
+
+# Enable git-annex support
+# git-annex allows managing files with git, without checking the file contents into git
+# See https://git-annex.branchable.com/ for documentation
+# If enabled, git-annex needs to be installed on the server where gitlab-shell is setup
+# For Debian and Ubuntu systems this can be done with: sudo apt-get install git-annex
+# For CentOS: sudo yum install epel-release && sudo yum install git-annex
+git_annex_enabled: <%= @git_annex_enabled %>
--- a/software/gitlab/template/gitlab.yml.erb
+++ b/software/gitlab/template/gitlab.yml.erb
+# This file is managed by gitlab-ctl. Manual changes will be
+# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
+# and run `sudo gitlab-ctl reconfigure`.
+
+production: &base
+  #
+  # 1. GitLab app settings
+  # ==========================
+
+  ## GitLab settings
+  gitlab:
+    ## Web server settings (note: host is the FQDN, do not include http://)
+    host: <%= @gitlab_host %>
+    port: <%= @gitlab_port %>
+    https: <%= @gitlab_https %>
+
+    # Uncommment this line below if your ssh host is different from HTTP/HTTPS one
+    # (you'd obviously need to replace ssh.host_example.com with your own host).
+    # Otherwise, ssh host will be set to the `host:` value above
+    ssh_host: <%= @gitlab_ssh_host %>
+
+    # WARNING: See config/application.rb under "Relative url support" for the list of
+    # other files that need to be changed for relative url support
+    # relative_url_root: /gitlab
+
+    # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
+    user: <%= node['gitlab']['user']['username'] %>
+
+    ## Date & Time settings
+    time_zone: <%= single_quote(@time_zone) %>
+
+    ## Email settings
+    # Uncomment and set to false if you need to disable email sending from GitLab (default: true)
+    email_enabled: <%= @gitlab_email_enabled %>
+    # Email address used in the "From" field in mails sent by GitLab
+    email_from: <%= @gitlab_email_from %>
+    email_display_name: <%= @gitlab_email_display_name %>
+    email_reply_to: <%= @gitlab_email_reply_to %>
+
+    # Email server smtp settings are in [a separate file](initializers/smtp_settings.rb.sample).
+
+    ## User settings
+    default_can_create_group: <%= @gitlab_default_can_create_group %>  # default: true
+    username_changing_enabled: <%= @gitlab_username_changing_enabled %> # default: true - User can change her username/namespace
+    ## Default theme
+    ##   BASIC  = 1
+    ##   MARS   = 2
+    ##   MODERN = 3
+    ##   GRAY   = 4
+    ##   COLOR  = 5
+    default_theme: <%= @gitlab_default_theme %> # default: 2
+
+    # Restrict setting visibility levels for non-admin users.
+    # The default is to allow all levels.
+    restricted_visibility_levels: <%= @gitlab_restricted_visibility_levels unless @gitlab_restricted_visibility_levels.nil? %>
+
+    ## Automatic issue closing
+    # If a commit message matches this regular expression, all issues referenced from the matched text will be closed.
+    # This happens when the commit is pushed or merged into the default branch of a project.
+    # When not specified the default issue_closing_pattern as specified below will be used.
+    # Tip: you can test your closing pattern at http://rubular.com
+    issue_closing_pattern: <%= single_quote(@gitlab_issue_closing_pattern) %>
+
+    ## Default project features settings
+    default_projects_features:
+      issues: <%= @gitlab_default_projects_features_issues %>
+      merge_requests: <%= @gitlab_default_projects_features_merge_requests %>
+      wiki: <%= @gitlab_default_projects_features_wiki %>
+      snippets: <%= @gitlab_default_projects_features_snippets %>
+      visibility_level: <%= single_quote(@gitlab_default_projects_features_visibility_level) %>  # can be "private" | "internal" | "public"
+      builds: <%= @gitlab_default_projects_features_builds %>
+
+    ## Webhook settings
+    # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
+    webhook_timeout: <%= @webhook_timeout %>
+
+    ## Repository downloads directory
+    # When a user clicks e.g. 'Download zip' on a project, a temporary zip file is created in the following directory.
+    # The default is 'tmp/repositories' relative to the root of the Rails app.
+    repository_downloads_path: <%= @gitlab_repository_downloads_path %>
+
+  ## Reply by email
+  # Allow users to comment on issues and merge requests by replying to notification emails.
+  # For documentation on how to set this up, see http://doc.gitlab.com/ce/incoming_email/README.html
+  incoming_email:
+    enabled: <%= @incoming_email_enabled %>
+
+    # The email address including the `%{key}` placeholder that will be replaced to reference the item being replied to.
+    # The `%{key}` placeholder is added after the user part, after a `+` character, before the `@`.
+    address: <%= single_quote(@incoming_email_address) %>
+
+    # Email account username
+    # With third party providers, this is usually the full email address.
+    # With self-hosted email servers, this is usually the user part of the email address.
+    user: <%= single_quote(@incoming_email_email) %>
+    # Email account password
+    password: <%= single_quote(@incoming_email_password) %>
+
+    # IMAP server host
+    host: <%= single_quote(@incoming_email_host) %>
+    # IMAP server port
+    port: <%= @incoming_email_port %>
+    # Whether the IMAP server uses SSL
+    ssl: <%= @incoming_email_ssl %>
+    # Whether the IMAP server uses StartTLS
+    start_tls: <%= @incoming_email_start_tls %>
+
+    # The mailbox where incoming mail will end up. Usually "inbox".
+    mailbox: <%= single_quote(@incoming_email_mailbox_name) %>
+
+  ## Build Artifacts
+  artifacts:
+    enabled: <%= @artifacts_enabled %>
+    # The location where Build Artifacts are stored (default: shared/artifacts).
+    storage_path: <%= @artifacts_path %>
+
+  ## Git LFS
+  lfs:
+    enabled: <%= @lfs_enabled %>
+    # The location where LFS objects are stored (default: shared/lfs-objects).
+    storage_path: <%= @lfs_storage_path %>
+
+  ## Gravatar
+  ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
+  gravatar:
+    # gravatar urls: possible placeholders: %{hash} %{size} %{email}
+    plain_url: <%= single_quote(@gravatar_plain_url) %>     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
+    ssl_url:   <%= single_quote(@gravatar_ssl_url) %>    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
+
+  #
+  # 2. GitLab CI settings
+  # ==========================
+
+  gitlab_ci:
+    # Default project notifications settings:
+    #
+    # Send emails only on broken builds (default: true)
+    all_broken_builds: <%= @gitlab_ci_all_broken_builds %>
+    #
+    # Add pusher to recipients list (default: false)
+    add_pusher: <%= @gitlab_ci_add_pusher || @gitlab_ci_add_committer %>
+
+    # The location where build traces are stored (default: builds/). Relative paths are relative to Rails.root
+    builds_path: <%= @builds_directory %>
+
+  #
+  # 3. Auth settings
+  # ==========================
+
+  ## LDAP settings
+  # You can inspect a sample of the LDAP users with login access by running:
+  #   bundle exec rake gitlab:ldap:check RAILS_ENV=production
+  ldap:
+    enabled: <%= @ldap_enabled %>
+  <% if @ldap_servers.any? %>
+    servers:
+    <% @ldap_servers.each do |provider_id, settings| %>
+      <%= provider_id %>: <%= settings.to_json %>
+    <% end %>
+  <% else %>
+    host: <%= single_quote(@ldap_host) %>
+    port: <%= @ldap_port %>
+    uid: <%= single_quote(@ldap_uid) %>
+    method: <%= single_quote(@ldap_method) %> # "tls" or "ssl" or "plain"
+    bind_dn: <%= single_quote(@ldap_bind_dn) %>
+    password: <%= single_quote(@ldap_password) %>
+    active_directory: <%= @ldap_active_directory %>
+    allow_username_or_email_login: <%= @ldap_allow_username_or_email_login %>
+    base: <%= single_quote(@ldap_base) %>
+    user_filter: <%= single_quote(@ldap_user_filter) %>
+
+    ## EE only
+    group_base: <%= single_quote(@ldap_group_base) %>
+    admin_group: <%= single_quote(@ldap_admin_group) %>
+    sync_ssh_keys: <%= single_quote(@ldap_sync_ssh_keys) %>
+    sync_time: <%= @ldap_sync_time %>
+  <% end %>
+
+  ## Kerberos settings
+  kerberos:
+    # Allow the HTTP Negotiate authentication method for Git clients
+    enabled: <%= @kerberos_enabled %>
+
+    # Kerberos 5 keytab file. The keytab file must be readable by the GitLab user,
+    # and should be different from other keytabs in the system.
+    # (default: use default keytab from Krb5 config)
+    keytab: <%= @kerberos_keytab %>
+
+    # The Kerberos service name to be used by GitLab.
+    # (default: accept any service name in keytab file)
+    service_principal_name: <%= @kerberos_service_principal_name %>
+
+    # Dedicated port: Git before 2.4 does not fall back to Basic authentication if Negotiate fails.
+    # To support both Basic and Negotiate methods with older versions of Git, configure
+    # nginx to proxy GitLab on an extra port (e.g. 8443) and uncomment the following lines
+    # to dedicate this port to Kerberos authentication. (default: false)
+    use_dedicated_port: <%= @kerberos_use_dedicated_port %>
+    port: <%= @kerberos_port %>
+    https: <%= @kerberos_https %>
+
+
+  ## OmniAuth settings
+  omniauth:
+    # Allow login via Twitter, Google, etc. using OmniAuth providers
+    enabled: <%= @omniauth_enabled %>
+
+    # Uncomment this to automatically sign in with a specific omniauth provider's without
+    # showing GitLab's sign-in page (default: show the GitLab sign-in page)
+    auto_sign_in_with_provider: <%= @omniauth_auto_sign_in_with_provider %>
+
+    # CAUTION!
+    # This allows users to login without having a user account first (default: false).
+    # User accounts will be created automatically when authentication was successful.
+    allow_single_sign_on: <%= @omniauth_allow_single_sign_on %>
+    # Locks down those users until they have been cleared by the admin (default: true).
+    block_auto_created_users: <%= @omniauth_block_auto_created_users %>
+    # Look up new users in LDAP servers. If a match is found (same uid), automatically
+    # link the omniauth identity with the LDAP account. (default: false)
+    auto_link_ldap_user: <%= @omniauth_auto_link_ldap_user %>
+
+
+    ## Auth providers
+    # Uncomment the following lines and fill in the data of the auth provider you want to use
+    # If your favorite auth provider is not listed you can use others:
+    # see https://github.com/gitlabhq/gitlab-public-wiki/wiki/Custom-omniauth-provider-configurations
+    # The 'app_id' and 'app_secret' parameters are always passed as the first two
+    # arguments, followed by optional 'args' which can be either a hash or an array.
+    # Documentation for this is available at http://doc.gitlab.com/ce/integration/omniauth.html
+    providers:
+      # - { name: 'google_oauth2', app_id: 'YOUR APP ID',
+      #     app_secret: 'YOUR APP SECRET',
+      #     args: { access_type: 'offline', approval_prompt: '' } }
+      # - { name: 'twitter', app_id: 'YOUR APP ID',
+      #     app_secret: 'YOUR APP SECRET'}
+      # - { name: 'github', app_id: 'YOUR APP ID',
+      #     app_secret: 'YOUR APP SECRET',
+      #     args: { scope: 'user:email' } }
+<% @omniauth_providers.each do |provider| %>
+      - <%= provider.to_json %>
+<% end %>
+
+  # Shared file storage settings
+  shared:
+    path: <%= @shared_path %>
+
+
+  #
+  # 4. Advanced settings
+  # ==========================
+
+  # GitLab Satellites
+  # Important: keep the satellites.path setting until GitLab 9.0 at
+  # least. This setting is fed to 'rm -rf' in
+  # db/migrate/20151023144219_remove_satellites.rb
+  satellites:
+    # Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
+    path: <%= @satellites_path %>
+    timeout: <%= @satellites_timeout %>
+
+  ## Backup settings
+  backup:
+    path: "<%= @backup_path %>"   # Relative paths are relative to Rails.root (default: tmp/backups/)
+    archive_permissions: <%= @backup_archive_permissions %> # Permissions for the resulting backup.tar file (default: 0600)
+    keep_time: <%= @backup_keep_time %>   # default: 0 (forever) (in seconds)
+    pg_schema: <%= @backup_pg_schema %>   # default: nil, it means that all schemas will be backed up
+    upload:
+      # Fog storage connection settings, see http://fog.io/storage/ .
+      connection: <%= @backup_upload_connection.to_json if @backup_upload_connection %>
+      # The remote 'directory' to store your backups. For S3, this would be the bucket name.
+      remote_directory: <%= single_quote(@backup_upload_remote_directory) %>
+      multipart_chunk_size: <%= @backup_multipart_chunk_size %>
+      encryption: <%= @backup_encryption %>
+
+  ## GitLab Shell settings
+  gitlab_shell:
+    path: <%= @gitlab_shell_path %>
+
+    # REPOS_PATH MUST NOT BE A SYMLINK!!!
+    repos_path: <%= @gitlab_shell_repos_path %>
+    hooks_path: <%= @gitlab_shell_hooks_path %>
+
+    # Git over HTTP
+    upload_pack: <%= @gitlab_shell_upload_pack %>
+    receive_pack: <%= @gitlab_shell_receive_pack %>
+
+    # If you use non-standard ssh port you need to specify it
+    ssh_port: <%= @gitlab_shell_ssh_port %>
+
+  ## Git settings
+  # CAUTION!
+  # Use the default values unless you really know what you are doing
+  git:
+    bin_path: <%= @git_bin_path %>
+    # The next value is the maximum memory size grit can use
+    # Given in number of bytes per git object (e.g. a commit)
+    # This value can be increased if you have very large commits
+    max_size: <%= @git_max_size %>
+    # Git timeout to read a commit, in seconds
+    timeout: <%= @git_timeout %>
+
+  #
+  # 5. Extra customization
+  # ==========================
+
+  extra:
+    <% if @extra_google_analytics_id %>
+    ## Google analytics. Uncomment if you want it
+    google_analytics_id: <%= single_quote(@extra_google_analytics_id) %>
+    <% end %>
+
+    <% if @extra_piwik_url %>
+    ## Piwik analytics.
+    piwik_url: <%= single_quote(@extra_piwik_url) %>
+    piwik_site_id: <%= single_quote(@extra_piwik_site_id) %>
+    <% end %>
+
+    rack_attack:
+      git_basic_auth: <%= @rack_attack_git_basic_auth.to_json if @rack_attack_git_basic_auth %>
+
+
+development:
+  <<: *base
+
+test:
+  <<: *base
+  gravatar:
+    enabled: true
+  gitlab:
+    host: localhost
+    port: 80
+
+    # When you run tests we clone and setup gitlab-shell
+    # In order to setup it correctly you need to specify
+    # your system username you use to run GitLab
+    # user: YOUR_USERNAME
+  satellites:
+    path: tmp/tests/gitlab-satellites/
+  gitlab_shell:
+    path: tmp/tests/gitlab-shell/
+    repos_path: tmp/tests/repositories/
+    hooks_path: tmp/tests/gitlab-shell/hooks/
+  issues_tracker:
+    redmine:
+      title: "Redmine"
+      project_url: "http://redmine/projects/:issues_tracker_id"
+      issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
+      new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
+  ldap:
+    enabled: false
+    servers:
+      main:
+        label: ldap
+        host: 127.0.0.1
+        port: 3890
+        uid: 'uid'
+        method: 'plain' # "tls" or "ssl" or "plain"
+        base: 'dc=example,dc=com'
+        user_filter: ''
+        group_base: 'ou=groups,dc=example,dc=com'
+        admin_group: ''
+        sync_ssh_keys: false
+
+staging:
+  <<: *base
--- a/software/gitlab/template/rack_attack.rb.erb
+++ b/software/gitlab/template/rack_attack.rb.erb
+# This file is managed by gitlab-ctl. Manual changes will be
+# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
+# and run `sudo gitlab-ctl reconfigure`.
+
+# 1. Rename this file to rack_attack.rb
+# 2. Review the paths_to_be_protected and add any other path you need protecting
+#
+
+paths_to_be_protected = [
+  "#{Rails.application.config.relative_url_root}/users/password",
+  "#{Rails.application.config.relative_url_root}/users/sign_in",
+  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session.json",
+  "#{Rails.application.config.relative_url_root}/api/#{API::API.version}/session",
+  "#{Rails.application.config.relative_url_root}/users",
+  "#{Rails.application.config.relative_url_root}/users/confirmation",
+  "#{Rails.application.config.relative_url_root}/unsubscribes/"
+
+]
+
+# Create one big regular expression that matches strings starting with any of
+# the paths_to_be_protected.
+paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+
+unless Rails.env.test?
+  Rack::Attack.throttle('protected paths', limit: <%= @rate_limit_requests_per_period %>, period: <%= @rate_limit_period %>.seconds) do |req|
+    if req.post? && req.path =~ paths_regex
+      req.ip
+    end
+  end
+end
--- a/software/gitlab/template/resque.yml.erb
+++ b/software/gitlab/template/resque.yml.erb
+production: <%= @redis_url %>
--- a/software/gitlab/template/smtp_settings.rb.erb
+++ b/software/gitlab/template/smtp_settings.rb.erb
+# This file is managed by gitlab-ctl. Manual changes will be
+# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
+# and run `sudo gitlab-ctl reconfigure`.
+
+<% rails_app = @app == 'gitlab' ? 'Gitlab' : 'GitlabCi' %>
+<% container = @app == 'gitlab' ? 'gitlab-rails' : 'gitlab-ci' %>
+
+if Rails.env.production?
+  <%= rails_app %>::Application.config.action_mailer.delivery_method = :smtp
+
+  ActionMailer::Base.smtp_settings = {
+    authentication: <%= @smtp_authentication.to_s.to_sym.inspect %>,
+<% %w{ address port user_name password domain enable_starttls_auto tls openssl_verify_mode ca_path ca_file }.each do |key| %>
+  <% value = node['gitlab'][container]["smtp_#{key}"] %>
+    <%= "#{key}: #{value.inspect}," unless value.nil? %>
+<% end %>
+  }
+end
--- a/software/gitlab/template/unicorn.rb.erb
+++ b/software/gitlab/template/unicorn.rb.erb
+# This file is managed by gitlab-ctl. Manual changes will be
+# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
+# and run `sudo gitlab-ctl reconfigure`.
+
+
+# What ports/sockets to listen on, and what options for them.
+<%- @listen.each do |port, options| %>
+listen "<%= port %>", <%= options %>
+<%- end %>
+
+<%- if @working_directory %>
+working_directory '<%= @working_directory %>'
+<%- end %>
+
+# What the timeout for killing busy workers is, in seconds
+timeout <%= @worker_timeout %>
+
+# Whether the app should be pre-loaded
+preload_app <%= @preload_app %>
+
+# How many worker processes
+worker_processes <%= @worker_processes %>
+
+<%- if @before_fork %>
+# What to do before we fork a worker
+before_fork do |server, worker|
+  <%= @before_fork %>
+end
+
+<%- end %>
+<%- if @after_fork %>
+# What to do after we fork a worker
+after_fork do |server, worker|
+  <%= @after_fork %>
+end
+
+<%- end %>
+<%- if @pid %>
+# Where to drop a pidfile
+pid '<%= @pid %>'
+
+<%- end %>
+<%- if @stderr_path %>
+# Where stderr gets logged
+stderr_path '<%= @stderr_path %>'
+
+<%- end %>
+<%- if @stdout_path %>
+# Where stdout gets logged
+stdout_path '<%= @stdout_path %>'
+
+<%- end %>