diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-09-03 15:38:28 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-09-03 15:50:52 +0200 |
commit | 2f48144d0e365c83cb527dae0fbf87ebda608dd1 (patch) | |
tree | 8c8786b3fc2804cd0481f6a3577b7292d1fc87ca /nixos | |
parent | 83043c948e132291b2942e21732a3060281a2ed6 (diff) | |
download | nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.tar nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.tar.gz nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.tar.bz2 nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.tar.lz nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.tar.xz nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.tar.zst nixpkgs-2f48144d0e365c83cb527dae0fbf87ebda608dd1.zip |
gitlab: 9.4.5 -> 9.5.2
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index fcb7aaa6271..412355fb35b 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -10,7 +10,7 @@ let ruby = cfg.packages.gitlab.ruby; bundler = pkgs.bundler; - gemHome = "${cfg.packages.gitlab.ruby-env}/${ruby.gemPath}"; + gemHome = "${cfg.packages.gitlab.rubyEnv}/${ruby.gemPath}"; gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket"; gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket"; @@ -29,7 +29,13 @@ let gitalyToml = pkgs.writeText "gitaly.toml" '' socket_path = "${lib.escape ["\""] gitalySocket}" - # prometheus metrics + prometheus_listen_addr = "localhost:9236" + + [gitaly-ruby] + dir = "${cfg.packages.gitaly.ruby}" + + [gitlab-shell] + dir = "${cfg.packages.gitlab-shell}" ${concatStringsSep "\n" (attrValues (mapAttrs (k: v: '' [[storage]] @@ -54,6 +60,11 @@ let namespace: resque:gitlab ''; + redisYml = '' + production: + url: redis://localhost:6379/ + ''; + secretsYml = '' production: secret_key_base: ${cfg.secrets.secret} @@ -101,11 +112,22 @@ let upload_pack = true; receive_pack = true; }; + workhorse = { + secret_file = "${cfg.statePath}/.gitlab_workhorse_secret"; + }; git = { bin_path = "git"; max_size = 20971520; # 20MB timeout = 10; }; + monitoring = { + ip_whitelist = [ "127.0.0.0/8" "::1/128" ]; + sidekiq_exporter = { + enable = true; + address = "localhost"; + port = 3807; + }; + }; extra = {}; }; }; @@ -123,6 +145,8 @@ let GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/home/config.yml"; GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret"; GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/home/hooks"; + GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "gitlab-redis.yml" redisYml; + prometheus_multiproc_dir = "/run/gitlab"; RAILS_ENV = "production"; }; @@ -130,12 +154,12 @@ let gitlab-rake = pkgs.stdenv.mkDerivation rec { name = "gitlab-rake"; - buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.ruby-env pkgs.makeWrapper ]; + buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.rubyEnv pkgs.makeWrapper ]; phases = "installPhase fixupPhase"; buildPhase = ""; installPhase = '' mkdir -p $out/bin - makeWrapper ${cfg.packages.gitlab.ruby-env}/bin/bundle $out/bin/gitlab-bundle \ + makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/bundle $out/bin/gitlab-bundle \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package ]}:$PATH' \ @@ -455,6 +479,7 @@ in { ruby openssh nodejs + gnupg ]; serviceConfig = { Type = "simple"; @@ -463,7 +488,7 @@ in { TimeoutSec = "300"; Restart = "on-failure"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; - ExecStart="${cfg.packages.gitlab.ruby-env}/bin/bundle exec \"sidekiq -C \"${cfg.packages.gitlab}/share/gitlab/config/sidekiq_queues.yml\" -e production -P ${cfg.statePath}/tmp/sidekiq.pid\""; + ExecStart="${cfg.packages.gitlab.rubyEnv}/bin/bundle exec \"sidekiq -C \"${cfg.packages.gitlab}/share/gitlab/config/sidekiq_queues.yml\" -e production -P ${cfg.statePath}/tmp/sidekiq.pid\""; }; }; @@ -471,7 +496,7 @@ in { after = [ "network.target" "gitlab.service" ]; wantedBy = [ "multi-user.target" ]; environment.HOME = gitlabEnv.HOME; - path = with pkgs; [ gitAndTools.git ]; + path = with pkgs; [ gitAndTools.git cfg.packages.gitaly.rubyEnv ]; serviceConfig = { #PermissionsStartOnly = true; # preStart must be run as root Type = "simple"; @@ -515,7 +540,7 @@ in { + "-listenAddr /run/gitlab/gitlab-workhorse.socket " + "-authSocket ${gitlabSocket} " + "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public " - + "-secretPath ${cfg.packages.gitlab}/share/gitlab/.gitlab_workhorse_secret"; + + "-secretPath ${cfg.statePath}/.gitlab_workhorse_secret"; }; }; @@ -551,7 +576,8 @@ in { # symlinked in the gitlab package to /run/gitlab/uploads to make it # configurable mkdir -p /run/gitlab - mkdir -p ${cfg.statePath}/uploads + mkdir -p ${cfg.statePath}/{log,uploads} + ln -sf ${cfg.statePath}/log /run/gitlab/log ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads chown -R ${cfg.user}:${cfg.group} /run/gitlab @@ -599,7 +625,7 @@ in { # up the initial database if ! test -e "${cfg.statePath}/db-seeded"; then ${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \ - GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}" + GITLAB_ROOT_PASSWORD='${cfg.initialRootPassword}' GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' touch "${cfg.statePath}/db-seeded" fi @@ -618,7 +644,7 @@ in { TimeoutSec = "300"; Restart = "on-failure"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; - ExecStart = "${cfg.packages.gitlab.ruby-env}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\""; + ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\""; }; }; |