diff --git a/README.md b/README.md
index b71cab5..3716a42 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ It has been tested on :
   - Debian 9
   - Debian 10
   - Debian 11
+  - Debian 12
 
 Available services
 ------------------
@@ -19,6 +20,7 @@ Available services
   - Maildev
   - cadvisor
   - Redisinsight
+  - Gitlab
 
 Role variables
 ---------------
@@ -54,18 +56,24 @@ Example variables
     - maildev
     - cadvisor
     - redisinsight
+    - gitlab
 
-  traefik_domain: 'mydomain.com'
-  traefik_letsencrypt_email: 'cert@mydomain.com'
+  traefik_domain: 'example.com'
+  traefik_letsencrypt_email: 'cert@example.com'
   traefik_ipwhitelist: '42.42.42.42/32, 192.168.1.0/24, 127.0.0.1/32'
 
-  maildev_domain: 'maildev.mydomain.com'
+  maildev_domain: 'maildev.example.com'
 
-  redisinsight_domain: 'redisinsight.mydomain.com'
+  redisinsight_domain: 'redisinsight.example.com'
   redisinsight_whitelist:
 	- 192.168.1.0/24
 	- 31.15.24.XX
 	- 37.58.179.XX
+
+  gitlab_version: 'latest'
+  gitlab_root_password: 'vault-this-thingy'
+  gitlab_domain: gitlab.example.com
+  gitlab_registry_domain: registry.example.com
 ```
 
 TODO
diff --git a/defaults/main.yml b/defaults/main.yml
index 074d53e..095650d 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,7 +1,7 @@
 ---
-# grafana
+### Grafana
 grafana_auth_anonymous_enabled: true
-grafana_auth_anonymous_org_role: Editor # Viewer
+grafana_auth_anonymous_org_role: Viewer
 grafana_auth_anonymous_org_name: 'Main Org.'
 grafana_auth_disable_login_form: false
 grafana_editors_can_admin: false
@@ -10,43 +10,59 @@ grafana_log_level: error
 grafana_router_logging: false
 grafana_disable_sanitize_html: true
 
-
-# provisionning dashboards
-# see https://grafana.com/docs/administration/provisioning/#dashboards
-awh_services_grafana_provisionning_dashboards:
-  apiVersion: 1
-  providers:
-  - name: 'Grafana Dashboards'
-    orgId: 1
-    folder: ''
-    folderUid: ''
-    type: file
-    disableDeletion: false
-    editable: true
-    updateIntervalSeconds: 11
-    options:
-      path: /var/lib/grafana/dashboards
-
-# provisionning datasources.
-# see https://grafana.com/docs/administration/provisioning/#datasources
-awh_services_grafana_provisionning_datasources:
-  - name: loki
-    type: loki
-    access: proxy
-    url: http://loki:3100
-    jsonData:
-      httpMode: GET
-    editable: false
-    isDefault: false
-
-  #apiVersion: 1
-  #datasources:
-  - name: prometheus
-    type: prometheus
-    access: proxy
-    database: prometheus
-    url: http://10.0.226.252:9090
-    jsonData:
-      httpMode: GET
-    editable: false
-    isDefault: true
+### Gitlab
+# gitlab_root_password: required...
+gitlab_external_url: 'https://{{ gitlab_domain }}'
+gitlab_shell_ssh_port: 2221
+gitlab_ports:
+  - '{{ gitlab_shell_ssh_port }}:22'
+gitlab_smtp_from_name: Gitlab
+gitlab_smtp_authentication: false
+gitlab_smtp_openssl_verify_mode: none
+gitlab_nginx_client_max_body_size: 250m
+gitlab_time_zone: Paris
+gitlab_git_max_size: 152428800 # 150.megabytes
+gitlab_git_timeout: 300
+gitlab_backup_retention: 604800  # 7D
+gitlab_backup_cron: { hour: 12, minute: 0 }
+gitlab_prometheus_enable: false
+gitlab_alertmanager_enable: false
+gitlab_grafana_enable: false
+gitlab_redis_exporter: false
+gitlab_postgres_exporter: false
+gitlab_gitlab_exporter: false
+gitlab_node_exporter: false
+gitlab_omnibus_config: |
+  |
+  external_url '{{ gitlab_external_url }}'
+  nginx['listen_port'] = 80
+  nginx['listen_https'] = false
+  nginx['client_max_body_size'] = '{{ gitlab_nginx_client_max_body_size }}'
+  gitlab_rails['initial_root_password'] = File.read('/run/secrets/gitlab_root_password')
+  gitlab_rails['gitlab_shell_ssh_port'] = {{ gitlab_shell_ssh_port }}
+  gitlab_rails['time_zone'] = '{{ gitlab_time_zone }}'
+  gitlab_rails['git_max_size'] = {{ gitlab_git_max_size }}
+  gitlab_rails['git_timeout'] = {{ gitlab_git_timeout }}
+  gitlab_rails['gitlab_default_projects_features_issues'] = true
+  gitlab_rails['gitlab_default_projects_features_merge_requests'] = true
+  gitlab_rails['gitlab_default_projects_features_wiki'] = true
+  gitlab_rails['gitlab_default_projects_features_snippets'] = true
+  gitlab_rails['gitlab_default_projects_features_builds'] = true
+  gitlab_rails['artifacts_enabled'] = true
+  gitlab_rails['backup_path'] = "/backups_internal_mount"
+  gitlab_rails['backup_keep_time'] = {{ gitlab_backup_retention }}
+  gitlab_rails['smtp_enable'] = false
+  gitlab_rails['smtp_address'] = '127.0.0.1'
+  gitlab_rails['smtp_port'] = '25'
+  gitlab_rails['gitlab_email_from'] = 'gitlab@localhost'
+  gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
+  gitlab_rails['smtp_authentication'] = false
+  gitlab_rails['smtp_openssl_verify_mode'] = 'none'
+  prometheus['enable'] = {{ gitlab_prometheus_enable|string|lower }}
+  alertmanager['enable'] = {{ gitlab_alertmanager_enable|string|lower }}
+  grafana['enable'] = {{ gitlab_grafana_enable|string|lower }}
+  redis_exporter['enable'] = {{ gitlab_redis_exporter|string|lower }}
+  postgres_exporter['enable'] = {{ gitlab_postgres_exporter|string|lower }}
+  gitlab_exporter['enable'] = {{ gitlab_gitlab_exporter|string|lower }}
+  node_exporter['enable'] = {{ gitlab_node_exporter|string|lower }}
+  {{ gitlab_omnibus_config_extend|default() }}
diff --git a/handlers/main.yml b/handlers/main.yml
index 59ca7f1..1e8a5b7 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -41,3 +41,9 @@
   ignore_errors: '{{ ansible_check_mode }}'
   tags: ['docker_cadvisor']
 
+- name: gitlab-restart
+  systemd:
+    name: docker-compose@gitlab
+    state: restarted
+  ignore_errors: '{{ ansible_check_mode }}'
+  tags: ['docker_gitlab']
diff --git a/tasks/gitlab.yml b/tasks/gitlab.yml
new file mode 100644
index 0000000..3d10b38
--- /dev/null
+++ b/tasks/gitlab.yml
@@ -0,0 +1,50 @@
+---
+- name: gitlab | check vars are defined
+  assert:
+    that:
+      - gitlab_domain is defined
+      - gitlab_registry_domain
+      - gitlab_root_password
+  tags: ['docker_gitlab']
+
+- include_tasks: base.yml
+  tags: ['docker_gitlab']
+
+- name: 'gitlab | create docker volumes'
+  docker_volume:
+    name: '{{ item }}'
+  with_items:
+  - 'gitlab__etc_config'
+  - 'gitlab__var_log_gitlab'
+  - 'gitlab__var_opt_gitlab'
+  tags: ['docker_gitlab']
+
+- name: 'gitlab | create docker volume backup'
+  docker_volume:
+    name: 'gitlab__backups'
+  tags: ['docker_gitlab']
+
+- name: 'gitlab | create docker volume gitlab__run_secrets'
+  docker_volume:
+    name: 'gitlab__run_secrets'
+  register: 'register_docker_volume_gitlab_gitlab__run_secrets'
+  tags: ['docker_gitlab']
+
+- name: 'gitlab | configure secret gitlab_root_password'
+  copy:
+    dest: '{{ register_docker_volume_gitlab_gitlab__run_secrets.volume.Mountpoint }}/gitlab_root_password'
+    mode: '0600'
+    content: '{{ gitlab_root_password }}'
+  ignore_errors: '{{ ansible_check_mode }}'
+  tags: ['docker_gitlab']
+
+- name: 'gitlab : define cronjob backup'
+  cron:
+    name: 'docker_gitlab_backup'
+    job: '/usr/bin/docker exec -t gitlab gitlab-backup create CRON=1 2>&1 | /usr/bin/logger -t docker_gitlab'
+    minute: '{{ gitlab_backup_cron.minute | default(omit) }}'
+    hour: '{{ gitlab_backup_cron.hour | default(omit) }}'
+    day: '{{ gitlab_backup_cron.day | default(omit) }}'
+    month: '{{ gitlab_backup_cron.month | default(omit) }}'
+    weekday: '{{ gitlab_backup_cron.weekday | default(omit) }}'
+  tags: ['docker_gitlab']
diff --git a/tasks/grafana.yml b/tasks/grafana.yml
index 584d465..2e61f59 100644
--- a/tasks/grafana.yml
+++ b/tasks/grafana.yml
@@ -25,43 +25,3 @@
   docker_volume:
     name: grafana__etc_grafana_provisioning_datasources
   tags: ['docker_grafana']
-
-#- name: grafana | ensure data perms
-#  file:
-#    path: '{{ item }}'
-#    owner: '472'
-#    group: '472'
-#    state: directory
-#  with_items:
-#  - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}'
-#  - '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint }}/dashboards'
-#  - '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}'
-#  - '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}'
-#  notify: 'docker restart grafana'
-#  tags: ['grafana']
-#
-#- name: grafana | configure provisionning dashboards
-#  copy:
-#    dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_dashboards.ansible_facts.docker_volume.Mountpoint }}/local.yml'
-#    content: |
-#      {{ grafana_provisionning_dashboards|to_nice_yaml }}
-#  notify: 'docker restart grafana'
-#  tags: ['grafana']
-#
-#- name: grafana | configure provisionning datasources
-#  copy:
-#    dest: '{{ register_docker_volume_grafana__etc_grafana_provisioning_datasources.ansible_facts.docker_volume.Mountpoint }}/datasources.yml'
-#    content: |
-#      {{ grafana_provisionning_datasources|to_nice_yaml }}
-#  notify: 'docker restart grafana'
-#  tags: ['grafana']
-#
-#- name: grafana | download dashboard
-#  get_url:
-#    url: '{{ item.url }}'
-#    dest: '{{ register_docker_volume_grafana__var_lib_grafana.ansible_facts.docker_volume.Mountpoint + "/dashboards/" + item.name }}.json'
-#    force: '{{ item.force|default(grafana_dashboards_force|default("no")) }}'
-#  with_items: '{{ grafana_dashboards|default([]) }}'
-#  loop_control:
-#    label: '{{ item.name }}'
-#  tags: ['grafana']
diff --git a/tasks/main.yml b/tasks/main.yml
index c9d5a3b..9f4b9ce 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,5 +15,6 @@
     - docker_grafana
     - docker_maildev
     - docker_redisinsight
+    - docker_gitlab
   with_items: 
     - "{{ docker_services }}"
diff --git a/templates/compose/gitlab.yml.j2 b/templates/compose/gitlab.yml.j2
new file mode 100644
index 0000000..948d940
--- /dev/null
+++ b/templates/compose/gitlab.yml.j2
@@ -0,0 +1,52 @@
+version: '3.7'
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  gitlab__etc_config:
+    external: true
+  gitlab__var_log_gitlab:
+    external: true
+  gitlab__var_opt_gitlab:
+    external: true
+  gitlab__backups:
+    external: true
+  gitlab__run_secrets:
+    external: true
+
+services:
+  gitlab:
+    image: gitlab/gitlab-ce:{{ gitlab_version|default("latest") }}
+    container_name: gitlab
+    restart: 'unless-stopped'
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.gitlab.rule: "Host(`{{ gitlab_domain }}`) || Host(`{{ gitlab_registry_domain }}`)"
+      traefik.http.routers.gitlab.tls: true
+      traefik.http.routers.gitlab.tls.certresolver: "letsencrypt"
+      traefik.http.routers.gitlab.entrypoints: "websecure"
+{% if traefik_ipwhitelist is defined %}
+      traefik.http.routers.grafana.middlewares: "clientips@docker"
+{% endif %}
+      traefik.http.services.gitlab.loadbalancer.server.port: "80"
+    cap_add:
+      - SYS_ADMIN
+    environment:
+      GITLAB_SIGNUP_ENABLED: 'false'
+      GITLAB_OMNIBUS_CONFIG: |-
+        {{ gitlab_omnibus_config | indent(width=8)}}
+    ports: {{ gitlab_ports }}
+    volumes:
+      - 'gitlab__etc_config:/etc/gitlab'
+      - 'gitlab__var_log_gitlab:/var/log/gitlab'
+      - 'gitlab__var_opt_gitlab:/var/opt/gitlab'
+      - 'gitlab__run_secrets:/run/secrets'
+      - '{{ gitlab_backup_path|default("gitlab__backups") }}:/backups_internal_mount'
+    logging:
+      driver: syslog
+      options:
+        tag: docker_gitlab
+    networks:
+      - traefik