I’ve started building a small decentralized, non commercial app with a Rust backend + Node.js frontend running on k8s. I would have my own dedicated server for this. Just mentioning the setup because it might grow and for git there seem to be only GitHub and GitLab around and I prefer GitLab.

I care a lot about security and was wondering if it makes sense to self-host GitLab. I‘m not afraid of doing it, but after setup it shouldn’t take more than 1-2 hours per week for me to maintain it in the long run and I’m wondering if that’s realistic.

Would love to hear about the experience of people who did what I’m planning to do.

EDIT: Thanks for all the answers, trying my best to reply. I want CI/CD, container registry and secrets management that’s what I was hoping to get out of GitLab.

  • liliumstar@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 days ago

    Gitlab uses a ton of resources and is a pain to setup. Once you get it going, it’s fine.

    Going to echo what others have said: Use Gitea or Forgejo instead if you can. Both have runners you can setup like gitlab, but they instead mimic github actions instead of gitlab ci/cd.

    I run a semi-private gitea instance, and have not had any problems past the initial setup in 2+ years.

  • kensand@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 days ago

    I tried hosting Gitlab for a while, but configuration and upgrades were difficult, and your really have to stay on top of updates due to vulnerabilities. It also used a lot of resources and wasn’t super responsive.

    I moved to Forgejo (a hard fork of Gitea), and haven’t looked back; I cant recommend it enough. It’s fast, doesn’t take a lot of resources, actively developed, and has all the features I need.

    Codeberg is a public instance of Forgejo if you want to try it out first.

  • Scott@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 days ago

    I run GitLab with docker compose and watchtower, all the updates are automated and have never caused any issues for me.

    That being said my setup uses about 7-8gb of ram.

      • Scott@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        2 days ago

        The VM is a 6 thread 16gb

        OS is currently Ubuntu 22.04.5 LTS (cloud image which is lightweight) just running a very simple docker engine install using the script (plus a few other options since I script the install)

        The load averages as of this current moment are 0.12, 0.15, 0.10 so not even a full thread is being used.

        I let the container run unmetered on the CPU and memory.

        I can provide both the compose and my install script (which is on the GitLab instance) if you are curious.

        • shaserlark@sh.itjust.worksOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          2 days ago

          Thanks! Super helpful and I’d love to have the compose and install script. I also looked into the Helm charts but still wondering if I should go down that route or not eventually.

          • Scott@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            16 hours ago

            Incoming wall of text

            Here is my install script to set up Ubuntu since it has a bit of extra steps for privileged ports https://gitlab.meme.beer/-/snippets/1

            Docker compose example, note that my config has a shared network with containers in another compose called nginx to keep traffic inside docker.

            name: "gitlab"
            services:
              gitlab:
                image: 'gitlab/gitlab-ce:latest'
                #command: update-permissions
                restart: always
                hostname: 'gitlab.example.com'
                environment:
                  GITLAB_OMNIBUS_CONFIG: |
                    external_url 'https://gitlab.example.com/'
            
                    pages_external_url 'https://pages.example.com/'
                    pages_nginx['enable'] = true
                    pages_nginx['listen_port'] = 6000
                    pages_nginx['listen_https'] = false
                    pages_nginx['redirect_http_to_https'] = false
            
                    #puma['per_worker_max_memory_mb'] = 2048 # 2GB
            
                    gitlab_rails['gitlab_email_from'] = '[email protected]'
                    gitlab_rails['gitlab_email_display_name'] = 'GitLab'
                    gitlab_rails['smtp_enable'] = true
                    gitlab_rails['smtp_address'] = "smtp.sendgrid.net"
                    gitlab_rails['smtp_port'] = 587
                    gitlab_rails['smtp_user_name'] = 'apikey'
                    gitlab_rails['smtp_password'] = '$SENDGRID_API_KEY_HERE'
                    gitlab_rails['smtp_domain'] = "smtp.sendgrid.net"
                    gitlab_rails['smtp_authentication'] = "login"
                    gitlab_rails['smtp_enable_starttls_auto'] = true
                    gitlab_rails['smtp_tls'] = false
            
                    gitlab_rails['gitlab_default_theme'] = 2
            
                    gitlab_rails['gitlab_shell_ssh_port'] = 2224
            
                    gitlab_rails['gitlab_default_projects_features_container_registry'] = true
                    gitlab_rails['registry_enabled'] = true
                    gitlab_rails['registry_api_url'] = 'https://registry.example.com/'
                    gitlab_rails['registry_issuer'] = 'gitlab-issuer'
                    registry['log_level'] = 'info'
                    registry_external_url 'https://registry.example.com/'
                    registry_nginx['enable'] = true
                    registry_nginx['listen_port'] = 5050
                    registry_nginx['listen_https'] = false
                    registry_nginx['redirect_http_to_https'] = false
            
                    gitlab_shell['log_level'] = 'INFO'
                    letsencrypt['enable'] = false
                    nginx['error_log_level'] = 'info'
                    nginx['listen_https'] = false
                    #nginx['proxy_protocol'] = true
                    #nginx['trusted_proxies'] = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
            
                    # Workhorse
                    gitlab_workhorse['enable'] = true
                    gitlab_workhorse['ha'] = false
                    gitlab_workhorse['listen_network'] = "tcp"
                    gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
                    gitlab_workhorse['log_directory'] = "/var/log/gitlab/gitlab-workhorse"
            
                    # Errors
            	# for sentry error logging the GitLab service
                    #gitlab_rails['sentry_enabled'] = true
                    #gitlab_rails['sentry_dsn'] = ''
                    #gitlab_rails['sentry_clientside_dsn'] = ''
                    #gitlab_rails['sentry_environment'] = 'production'
                    # Add any other gitlab.rb configuration here, each on its own line
                networks:
                  - nginx
                ports:
                  # gitlab loves https on 443
                  #- '80:80'
                  #- '443:443'
                  - '2224:22'
                volumes:
                  - ./config:/etc/gitlab
                  - ./logs:/var/log/gitlab
                  - ./data:/var/opt/gitlab
                shm_size: '256m'
                #deploy:
                #  resources:
                #    limits:
                #      cpus: '6'
                #      memory: 12G
                #    reservations:
                #      cpus: '4'
                #      memory: 6G
                # disable healthcheck for restoring backup
                #healthcheck:
                #  disable: true
            networks:
              nginx:
                external: true
                name: nginx