this post was submitted on 23 Nov 2024
45 points (97.9% liked)

Selfhosted

40383 readers
465 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I’ve started building a small decentralized, non commercial app with a Rust backend + Node.js frontend running on k8s. I would have my own dedicated server for this. Just mentioning the setup because it might grow and for git there seem to be only GitHub and GitLab around and I prefer GitLab.

I care a lot about security and was wondering if it makes sense to self-host GitLab. I‘m not afraid of doing it, but after setup it shouldn’t take more than 1-2 hours per week for me to maintain it in the long run and I’m wondering if that’s realistic.

Would love to hear about the experience of people who did what I’m planning to do.

EDIT: Thanks for all the answers, trying my best to reply. I want CI/CD, container registry and secrets management that's what I was hoping to get out of GitLab.

you are viewing a single comment's thread
view the rest of the comments
[–] scottmeme@sh.itjust.works 1 points 2 days ago* (last edited 2 days ago) (1 children)

The VM is a 6 thread 16gb

OS is currently Ubuntu 22.04.5 LTS (cloud image which is lightweight) just running a very simple docker engine install using the script (plus a few other options since I script the install)

The load averages as of this current moment are 0.12, 0.15, 0.10 so not even a full thread is being used.

I let the container run unmetered on the CPU and memory.

I can provide both the compose and my install script (which is on the GitLab instance) if you are curious.

[–] shaserlark@sh.itjust.works 1 points 1 day ago (1 children)

Thanks! Super helpful and I’d love to have the compose and install script. I also looked into the Helm charts but still wondering if I should go down that route or not eventually.

[–] scottmeme@sh.itjust.works 1 points 1 day ago* (last edited 1 day ago)

Incoming wall of text

Here is my install script to set up Ubuntu since it has a bit of extra steps for privileged ports https://gitlab.meme.beer/-/snippets/1

Docker compose example, note that my config has a shared network with containers in another compose called nginx to keep traffic inside docker.

name: "gitlab"
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    #command: update-permissions
    restart: always
    hostname: 'gitlab.example.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com/'

        pages_external_url 'https://pages.example.com/'
        pages_nginx['enable'] = true
        pages_nginx['listen_port'] = 6000
        pages_nginx['listen_https'] = false
        pages_nginx['redirect_http_to_https'] = false

        #puma['per_worker_max_memory_mb'] = 2048 # 2GB

        gitlab_rails['gitlab_email_from'] = 'gitlab@mailer.example.com'
        gitlab_rails['gitlab_email_display_name'] = 'GitLab'
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "smtp.sendgrid.net"
        gitlab_rails['smtp_port'] = 587
        gitlab_rails['smtp_user_name'] = 'apikey'
        gitlab_rails['smtp_password'] = '$SENDGRID_API_KEY_HERE'
        gitlab_rails['smtp_domain'] = "smtp.sendgrid.net"
        gitlab_rails['smtp_authentication'] = "login"
        gitlab_rails['smtp_enable_starttls_auto'] = true
        gitlab_rails['smtp_tls'] = false

        gitlab_rails['gitlab_default_theme'] = 2

        gitlab_rails['gitlab_shell_ssh_port'] = 2224

        gitlab_rails['gitlab_default_projects_features_container_registry'] = true
        gitlab_rails['registry_enabled'] = true
        gitlab_rails['registry_api_url'] = 'https://registry.example.com/'
        gitlab_rails['registry_issuer'] = 'gitlab-issuer'
        registry['log_level'] = 'info'
        registry_external_url 'https://registry.example.com/'
        registry_nginx['enable'] = true
        registry_nginx['listen_port'] = 5050
        registry_nginx['listen_https'] = false
        registry_nginx['redirect_http_to_https'] = false

        gitlab_shell['log_level'] = 'INFO'
        letsencrypt['enable'] = false
        nginx['error_log_level'] = 'info'
        nginx['listen_https'] = false
        #nginx['proxy_protocol'] = true
        #nginx['trusted_proxies'] = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]

        # Workhorse
        gitlab_workhorse['enable'] = true
        gitlab_workhorse['ha'] = false
        gitlab_workhorse['listen_network'] = "tcp"
        gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
        gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"

        # Errors
	# for sentry error logging the GitLab service
        #gitlab_rails['sentry_enabled'] = true
        #gitlab_rails['sentry_dsn'] = ''
        #gitlab_rails['sentry_clientside_dsn'] = ''
        #gitlab_rails['sentry_environment'] = 'production'
        # Add any other gitlab.rb configuration here, each on its own line
    networks:
      - nginx
    ports:
      # gitlab loves https on 443
      #- '80:80'
      #- '443:443'
      - '2224:22'
    volumes:
      - ./config:/etc/gitlab
      - ./logs:/var/log/gitlab
      - ./data:/var/opt/gitlab
    shm_size: '256m'
    #deploy:
    #  resources:
    #    limits:
    #      cpus: '6'
    #      memory: 12G
    #    reservations:
    #      cpus: '4'
    #      memory: 6G
    # disable healthcheck for restoring backup
    #healthcheck:
    #  disable: true
networks:
  nginx:
    external: true
    name: nginx