ansible-nas/roles/gitlab/tasks/main.yml

---
# The gitlab uid/gid matches 'git:git' in the Gitlab Docker image.
- name: Create Gitlab group account
  group:
    name: gitlab
    gid: 998
    state: present

- name: Create Gitlab user account
  user:
    name: gitlab
    uid: 998
    state: present
    system: yes
    update_password: on_create
    create_home: no
    group: gitlab

- name: Create Gitlab user account
  user:
    name: gitlab
    uid: 998
    state: present
    system: yes
    update_password: on_create
    create_home: no
    group: gitlab

- name: Create Gitlab Directories
  file:
    path: "{{ item }}"
    state: directory
    owner: gitlab
    group: gitlab
  with_items:
    - "{{ gitlab_data_directory }}/config"
    - "{{ gitlab_data_directory }}/log"
    - "{{ gitlab_data_directory }}/data"

- name: Create Gitlab Docker Container
  docker_container:
    name: gitlab
    image: gitlab/gitlab-ce:latest
    pull: true
    volumes:
      - "{{ gitlab_data_directory }}/config:/etc/gitlab:rw"
      - "{{ gitlab_data_directory }}/log:/var/log/gitlab:rw"
      - "{{ gitlab_data_directory }}/data:/var/opt/gitlab:rw"
    network_mode: "bridge"
    ports:
      - "{{ gitlab_port_http }}:80"
      - "{{ gitlab_port_https }}:443"
      - "{{ gitlab_port_ssh }}:22"
    env:
      TZ: "{{ ansible_nas_timezone }}"
      PUID: "{{ gitlab_user_id }}"
      PGID: "{{ gitlab_group_id }}"
    restart_policy: unless-stopped
    hostname: "{{ gitlab_hostname }}.{{ ansible_nas_domain }}"
    memory: "{{ gitlab_memory }}"
    labels:
      traefik.enable: "{{ gitlab_available_externally }}"
      traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_hostname }}.{{ ansible_nas_domain }}`)"
      traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
      traefik.http.routers.gitlab.tls.domains[0].main: "{{ ansible_nas_domain }}"
      traefik.http.routers.gitlab.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
      traefik.http.services.gitlab.loadbalancer.server.port: "80"