# Vimium GitLab

Self hosted [GitLab](https://about.gitlab.com/install) instance on Vimium.com. Deployed on Hetzner Cloud in the Nuremberg datacentre.

## Prerequisites
Create an API key in the Hetzner Cloud GUI (Project -> Security -> API Tokens) with the name `gitlab`. This may already be accessible via `pass api/hetzner/gitlab`.

### SSH key
Replace :bearer with your API token from above and :sshkey with your SSH key.
```
POST https://api.hetzner.cloud/v1/ssh_keys HTTP/1.1
Authorization: Bearer :bearer
Content-Type: application/json

{
  "name": "jordan",
  "public_key": ":sshkey"
}
```

### Create the primary server
This instance will run GitLab CE.
```
POST https://api.hetzner.cloud/v1/servers HTTP/1.1
Authorization: Bearer :bearer
Content-Type: application/json

{
  "name": "gitlab-nbg1-1",
  "server_type": "cx31",
  "location": "nbg1",
  "start_after_create": true,
  "image": "debian-10",
  "labels": {"gitlab-role": "primary"},
  "ssh_keys": [
    "jordan"
  ],
  "automount": false
}
```

### Create the GitLab Runner instance
```
POST https://api.hetzner.cloud/v1/servers HTTP/1.1
Authorization: Bearer :bearer
Content-Type: application/json

{
  "name": "gitlab-runner-nbg1-1",
  "server_type": "cpx11",
  "location": "nbg1",
  "start_after_create": true,
  "image": "debian-10",
  "labels": {"gitlab-role": "runner"},
  "ssh_keys": [
    "jordan"
  ],
  "automount": false
}
```

## Deployment
Ansible is used to provision both the primary GitLab instance and the GitLab runner.

Run:
```bash
ansible-galaxy -r requirements.yml
ansible-playbook main.yml --ask-vault-pass
```

The vault password can be obtained from `pass ansible/infrastructure`.

## First time setup
SSH onto the GitLab instance and run:
```bash
grep 'Password:' /etc/gitlab/initial_root_password
```

Then login to the web interface with the username `root` and the password from above.

1. Change admin password
1. Disable sign ups

## Resources
- https://github.com/geerlingguy/ansible-role-gitlab
- https://github.com/riemers/ansible-gitlab-runner
- https://wyssmann.com/blog/2021/04/dynamic-inventory-with-ansible-and-hetzner-robot-and-hetzner-cloud/