| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| | |
This allows users to define custom environment variables for gitlab,
without having to modify the service file directly
|
| |\ \ |
|
| | | | |
|
| |\| | |
|
| | |/ |
|
| |/ |
|
| |
|
|
|
|
|
| |
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
|
| |\
| |
| | |
nixos/gitlab: Add options to tame GitLab's memory usage somewhat
|
| | |
| |
| |
| |
| |
| | |
This should reduce memory fragmentation drastically and is recommended
by both the Puma and the Sidekiq author. It's also the default value
for Ruby deployments on Heroku.
|
| | |
| |
| |
| |
| |
| | |
Restart sidekiq automatically when it consumes too much memory. See
https://docs.gitlab.com/ee/administration/operations/sidekiq_memory_killer.html
for details.
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream recommended minimum length for db_key_base is 30 bytes,
which our option descriptions repeated. Recently, however, upstream
has, in many places, moved to using aes-256-gcm, which requires a key
of exactly 32 bytes. To allow for shorter keys, the upstream code pads
the key in some places. However, in many others, it just truncates the
key if it's too long, leaving it too short if it was to begin
with. This adds a patch that fixes this and updates the descriptions
to recommend a key of at least 32 characters.
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53602
|
| | |
|
| | |
|
| |
|
|
|
| |
Add support for automatically backing up GitLab state, both locally
and to remote locations.
|
| | |
|
| |
|
|
|
|
|
| |
To make it easier to start and stop all GitLab services, introduce
`gitlab.target` which wants all services (meaning they will start with
it) and which all services are part of (meaning they will stop with
it).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make the config initialization script run in gitlab.service's PreStart
section into two new services, `gitlab-config.service` and
`gitlab-db-config.service`. Other services can then depend on the
config scripts they need instead of unnecessarily depending on
`gitlab.service`. This makes the reason for the configured service
dependencies much clearer and should also reduce the restart time of
the `gitlab` service quite a lot, when triggered manually.
Also, set up stricter service dependencies, using `bindsTo`, to ensure
that if a service fails or is stopped, its dependants are also
stopped. For example, if we're using the `postgresql` service and it's
stopped, `gitlab.service` and `gitlab-sidekiq.service`, which depend on
it to function, should also be stopped.
|
| |
|
|
|
|
|
|
|
| |
A function is more appropriate for this use. See
http://mywiki.wooledge.org/BashFAQ/050 for reference.
Also, we don't need to run the service as root: since we essentially
run all commands as `services.postgresql.superUser` anyway, the whole
service can just run as that user instead.
|
| |
|
|
|
|
|
|
|
| |
Change the default SMTP port to `25`, to better match the default
address `localhost`. This gets rid of some error outputs in the test,
where it fails to connect to localhost:465.
Also, don't enable postfix by default unless it's actually useful to
us.
|
| |
|
|
| |
Puma is the new upstream default server since GitLab 13.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes all the subdirectories in `config` on start.
From one version of GitLab to the next, the files in the `config`
directory changes. Since we're only overwriting the existing files
with ones from the repo, cruft sometimes gets left behind,
occationally causing issues.
Ideally, all configuration put in the `config` directory is declared
by NixOS options and we could just remove the whole directory on
start, but I'm not sure if that's the case. It would also require a
little bit of additional rework and testing. The subdirectories,
however, should seldom contain user configuration and the ones that
frequently does, `initializers`, is already removed on start.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The comment at the top of git-and-tools/default.nix said:
/* All git-relates tools live here, in a separate attribute set so that users
* can get a fast overview over what's available.
but unfortunately that hasn't actually held up in practice.
Git-related packages have continued to be added to the top level, or
into gitAndTools, or sometimes both, basically at random, so having
gitAndTools is just confusing. In fact, until I looked as part of
working on getting rid of gitAndTools, one program (ydiff) was
packaged twice independently, once in gitAndTools and once at the top
level (I fixed this in 98c34901969).
So I think it's for the best if we move away from gitAndTools, and
just put all the packages it previously contained at the top level.
I've implemented this here by just making gitAndTools an alias for the
top level -- this saves having loads of lines in aliases.nix. This
means that people can keep referring to gitAndTools in their
configuration, but it won't be allowed to be used within Nixpkgs, and
it won't be presented to new users by e.g. nix search.
The only other change here that I'm aware of is that
appendToName "minimal" is not longer called on the default git
package, because doing that would have necessitated having a private
gitBase variable like before. I think it makes more sense not to do
that anyway, and reserve the "minimal" suffix only for gitMinimal.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
nixos/gitlab: Support pages
|
| | |
| |
| |
| | |
Fixes #84525
|
| |\ \
| |/
|/| |
nixos/gitlab: Support incoming mail
|
| | |
| |
| |
| |
| | |
When incoming mails are enabled, an extra service is needed.
Closes #36125.
|
| |\ \
| |/
|/| |
|
| | | |
|
| |\ \
| | |
| | | |
nixos/gitlab: Fix extra-gitlab.rb
|
| | |/
| |
| |
| |
| |
| |
| | |
Line 794 removes the entire directory, rendering the tmpfiles rule
useless.
cc @bgamari @talyz
|
| | | |
|
| |\ \
| | |
| | | |
nixos/gitlab: Make redis URL configurable
|
| | |/
| |
| |
| | |
We run Redis via Unix socket
|
| |/
|
|
|
|
|
|
|
|
| |
> WARNING: PID file creation will be removed in Sidekiq 6.0, see #4045.
Please use a proper process supervisor to start and manage your
services
Since NixOS uses a proper process supervisor AND does not use the PID
file anywhere, we can just drop it to be upwards compatible and fix that
warning.
|
| |
|
|
|
|
|
|
|
| |
https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
https://about.gitlab.com/releases/2020/05/29/gitlab-13-0-3-released/
The gitaly gitlab-shell config has moved into gitaly.toml. See
https://gitlab.com/gitlab-org/gitaly/-/issues/2182 for more info.
|
| |
|
|
| |
According to https://gitlab.com/gitlab-org/gitlab/-/issues/211487
|
| |
|
|
|
|
|
| |
'toString false' results in an empty string, which, in this context,
is a syntax error. Use boolToString instead.
Fixes #86160
|
| | |
|
| |
|
|
|
|
|
|
| |
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
|
| |
|
|
|
| |
Also, remove the old and unused PermissionsStartOnly definition in the
gitlab-workhorse systemd service.
|