diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-08-04 23:35:22 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-04 23:35:22 +0200 |
commit | 792f96fbc7d792157d14f34694774270420f6265 (patch) | |
tree | 24d0442f644e76ae00ec864ae5d0fbdbf9bc8df8 /nixos | |
parent | 2ea72fa9c811622bdbf93e866cd68db756d45986 (diff) | |
parent | 8a8971788c47f4b2f5173cd5b71082fdfd79bf49 (diff) |
Merge pull request #17489 from mayflower/pkg/gitlab-8-10
gitlab: 8.5.12 -> 8.10.3, update module
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1609.xml | 7 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 155 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.xml | 63 |
3 files changed, 147 insertions, 78 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml index 8dbf03ee42b46..7a85d5cd5cbcc 100644 --- a/nixos/doc/manual/release-notes/rl-1609.xml +++ b/nixos/doc/manual/release-notes/rl-1609.xml @@ -42,10 +42,15 @@ following incompatible changes:</para> </listitem> <listitem> - <para>Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default + <para>Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default behavior of Redis 3.2</para> </listitem> + <listitem> + <para>Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer + gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI.</para> + </listitem> + </itemizedlist> diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 267442bd1f8b4..ac2e94c25c330 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -57,42 +57,23 @@ let issues = true; merge_requests = true; wiki = true; - snippets = false; + snippets = true; builds = true; + container_registry = true; }; }; - artifacts = { - enabled = true; - }; - lfs = { - enabled = true; - }; - gravatar = { - enabled = true; - }; - cron_jobs = { - stuck_ci_builds_worker = { - cron = "0 0 * * *"; - }; - }; - gitlab_ci = { - builds_path = "${cfg.statePath}/builds"; - }; - ldap = { - enabled = false; - }; - omniauth = { - enabled = false; - }; - shared = { - path = "${cfg.statePath}/shared"; - }; - backup = { - path = "${cfg.backupPath}"; - }; + repositories.storages.default = "${cfg.statePath}/repositories"; + artifacts.enabled = true; + lfs.enabled = true; + gravatar.enabled = true; + cron_jobs = { }; + gitlab_ci.builds_path = "${cfg.statePath}/builds"; + ldap.enabled = false; + omniauth.enabled = false; + shared.path = "${cfg.statePath}/shared"; + backup.path = "${cfg.backupPath}"; gitlab_shell = { path = "${cfg.packages.gitlab-shell}"; - repos_path = "${cfg.statePath}/repositories"; hooks_path = "${cfg.statePath}/shell/hooks"; secret_file = "${cfg.statePath}/config/gitlab_shell_secret"; upload_pack = true; @@ -125,21 +106,42 @@ let unicornConfig = builtins.readFile ./defaultUnicornConfig.rb; - gitlab-runner = pkgs.stdenv.mkDerivation rec { - name = "gitlab-runner"; - buildInputs = [ cfg.packages.gitlab bundler pkgs.makeWrapper ]; + gitlab-rake = pkgs.stdenv.mkDerivation rec { + name = "gitlab-rake"; + buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.env pkgs.makeWrapper ]; phases = "installPhase fixupPhase"; buildPhase = ""; installPhase = '' mkdir -p $out/bin - makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner \ - ${concatStrings (mapAttrsToList (name: value: "--set ${name} '\"${value}\"' ") gitlabEnv)} \ - --set GITLAB_CONFIG_PATH '"${cfg.statePath}/config"' \ - --set PATH '"${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH"' \ - --set RAKEOPT '"-f ${cfg.packages.gitlab}/share/gitlab/Rakefile"' - ''; + makeWrapper ${cfg.packages.gitlab.env}/bin/bundle $out/bin/gitlab-bundle \ + ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ + --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ + --set PATH '${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH' \ + --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ + --run 'cd ${cfg.packages.gitlab}/share/gitlab' + makeWrapper $out/bin/gitlab-bundle $out/bin/gitlab-rake \ + --add-flags "exec rake" + ''; }; + smtpSettings = pkgs.writeText "gitlab-smtp-settings.rb" '' + if Rails.env.production? + Rails.application.config.action_mailer.delivery_method = :smtp + + ActionMailer::Base.delivery_method = :smtp + ActionMailer::Base.smtp_settings = { + address: "${cfg.smtp.address}", + port: ${toString cfg.smtp.port}, + ${optionalString (cfg.smtp.username != null) ''user_name: "${cfg.smtp.username}",''} + ${optionalString (cfg.smtp.password != null) ''password: "${cfg.smtp.password}",''} + domain: "${cfg.smtp.domain}", + ${optionalString (cfg.smtp.authentication != null) "authentication: :${cfg.smtp.authentication},"} + enable_starttls_auto: ${toString cfg.smtp.enableStartTLSAuto}, + openssl_verify_mode: '${cfg.smtp.opensslVerifyMode}' + } + end + ''; + in { options = { @@ -255,6 +257,62 @@ in { ''; }; + smtp = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable gitlab mail delivery over SMTP."; + }; + + address = mkOption { + type = types.str; + default = "localhost"; + description = "Address of the SMTP server for Gitlab."; + }; + + port = mkOption { + type = types.int; + default = 465; + description = "Port of the SMTP server for Gitlab."; + }; + + username = mkOption { + type = types.nullOr types.str; + default = null; + description = "Username of the SMTP server for Gitlab."; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + description = "Password of the SMTP server for Gitlab."; + }; + + domain = mkOption { + type = types.str; + default = "localhost"; + description = "HELO domain to use for outgoing mail."; + }; + + authentication = mkOption { + type = types.nullOr types.str; + default = null; + description = "Authentitcation type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html"; + }; + + enableStartTLSAuto = mkOption { + type = types.bool; + default = true; + description = "Whether to try to use StartTLS."; + }; + + opensslVerifyMode = mkOption { + type = types.str; + default = "peer"; + description = "How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html"; + }; + }; + extraConfig = mkOption { type = types.attrs; default = {}; @@ -275,7 +333,7 @@ in { config = mkIf cfg.enable { - environment.systemPackages = [ pkgs.git gitlab-runner cfg.packages.gitlab-shell ]; + environment.systemPackages = [ pkgs.git gitlab-rake cfg.packages.gitlab-shell ]; assertions = [ { assertion = cfg.databasePassword != ""; @@ -308,6 +366,7 @@ in { systemd.services.gitlab-sidekiq = { after = [ "network.target" "redis.service" ]; wantedBy = [ "multi-user.target" ]; + partOf = [ "gitlab.service" ]; environment = gitlabEnv; path = with pkgs; [ config.services.postgresql.package @@ -322,7 +381,7 @@ in { Group = cfg.group; TimeoutSec = "300"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; - ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\""; + ExecStart="${cfg.packages.gitlab.env}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\""; }; }; @@ -397,6 +456,9 @@ in { chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME}/ cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config + ${optionalString cfg.smtp.enable '' + ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb + ''} ln -sf ${cfg.statePath}/config /run/gitlab/config cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION @@ -420,14 +482,14 @@ in { touch "${cfg.statePath}/db-created" # The gitlab:setup task is horribly broken somehow, these two tasks will do the same for setting up the initial database - ${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production - ${gitlab-runner}/bin/gitlab-runner exec rake db:seed_fu RAILS_ENV=production \ + ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production + ${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \ GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}"; fi fi # Always do the db migrations just to be sure the database is up-to-date - ${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production + ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production # Change permissions in the last step because some of the # intermediary scripts like to create directories as root. @@ -441,8 +503,9 @@ in { User = cfg.user; Group = cfg.group; TimeoutSec = "300"; + Restart = "on-failure"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab"; - ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\""; + ExecStart = "${cfg.packages.gitlab.env}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\""; }; }; diff --git a/nixos/modules/services/misc/gitlab.xml b/nixos/modules/services/misc/gitlab.xml index b630fe4211308..a8147b3a74f92 100644 --- a/nixos/modules/services/misc/gitlab.xml +++ b/nixos/modules/services/misc/gitlab.xml @@ -14,29 +14,22 @@ <literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a webserver to proxy HTTP requests to the socket.</para> -<para>For instance, this could be used for Nginx: +<para>For instance, the following configuration could be used to use nginx as + frontend proxy: <programlisting> -services.nginx.httpConfig = '' - server { - server_name git.example.com; - listen 443 ssl spdy; - listen [::]:443 ssl spdy; - - ssl_certificate /var/lib/acme/git.example.com/fullchain.pem; - ssl_certificate_key /var/lib/acme/git.example.com/key.pem; - - location / { - proxy_http_version 1.1; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_pass http://unix:/run/gitlab/gitlab-workhorse.socket; - } - } + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.example.com" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; + }; + }; ''; </programlisting> </para> @@ -49,10 +42,10 @@ services.nginx.httpConfig = '' both services. In the case of PostgreSQL, a database and a role will be created. </para> -<para>The default state dir is /var/gitlab/state. This is where all data like -the repositories and uploads will be stored.</para> +<para>The default state dir is <literal>/var/gitlab/state</literal>. This is where +all data like the repositories and uploads will be stored.</para> -<para>A basic configuration could look like this: +<para>A basic configuration with some custom settings could look like this: <programlisting> services.gitlab = { @@ -64,8 +57,16 @@ services.gitlab = { port = 443; user = "git"; group = "git"; + smtp = { + enable = true; + address = "localhost"; + port = 25; + }; extraConfig = { gitlab = { + email_from = "gitlab-no-reply@example.com"; + email_display_name = "Example GitLab"; + email_reply_to = "gitlab-no-reply@example.com"; default_projects_features = { builds = false; }; }; }; @@ -80,21 +81,21 @@ options for the <literal>services.gitlab</literal> module.</para> <section><title>Maintenance</title> -<para>You can run all Gitlab related commands like rake tasks with -<literal>gitlab-runner</literal> which will be available on the system -when gitlab is enabled. You will have to run the commands as the user that -you configured to run gitlab.</para> +<para>You can run Gitlab's rake tasks with <literal>gitlab-rake</literal> +which will be available on the system when gitlab is enabled. You will +have to run the command as the user that you configured to run gitlab +with.</para> -<para>For instance, to backup a Gitlab instance: +<para>For example, to backup a Gitlab instance: <programlisting> -$ sudo -u git -H gitlab-runner exec rake gitlab:backup:create +$ sudo -u git -H gitlab-rake gitlab:backup:create </programlisting> A list of all availabe rake tasks can be obtained by running: <programlisting> -$ sudo -u git -H gitlab-runner exec rake -T +$ sudo -u git -H gitlab-rake -T </programlisting> </para> |