diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 43568f29dd376..7b96a182f0d94 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -18,6 +18,8 @@ let gitalySocket = "${cfg.statePath}/tmp/sockets/gitaly.socket"; pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url; + gitlabVersionAtLeast = version: lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) version; + databaseConfig = let val = { adapter = "postgresql"; @@ -27,10 +29,16 @@ let encoding = "utf8"; pool = cfg.databasePool; } // cfg.extraDatabaseConfig; - in if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then { - production.main = val; - } else { - production = val; + in { + production = ( + if (gitlabVersionAtLeast "15.0") + then { main = val; } + else val + ) // lib.optionalAttrs (gitlabVersionAtLeast "15.9") { + ci = val // { + database_tasks = false; + }; + }; }; # We only want to create a database if we're actually going to connect to it. @@ -1168,7 +1176,7 @@ in { set -eu PSQL() { - psql --port=${toString pgsql.port} "$@" + psql --port=${toString pgsql.settings.port} "$@" } PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"' @@ -1348,7 +1356,7 @@ in { rm -f '${cfg.statePath}/config/database.yml' - ${if cfg.databasePasswordFile != null then '' + ${lib.optionalString (cfg.databasePasswordFile != null) '' db_password="$(<'${cfg.databasePasswordFile}')" export db_password @@ -1356,16 +1364,24 @@ in { >&2 echo "Database password was an empty string!" exit 1 fi + ''} - jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - '.${if lib.versionAtLeast (lib.getVersion cfg.packages.gitlab) "15.0" then "production.main" else "production"}.password = $ENV.db_password' \ - >'${cfg.statePath}/config/database.yml' - '' - else '' - jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \ - >'${cfg.statePath}/config/database.yml' - '' - } + # GitLab expects the `production.main` section to be the first entry in the file. + jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} '{ + production: [ + ${lib.optionalString (cfg.databasePasswordFile != null) ( + builtins.concatStringsSep "\n " ( + [ ".production${lib.optionalString (gitlabVersionAtLeast "15.0") ".main"}.password = $ENV.db_password" ] + ++ lib.optional (gitlabVersionAtLeast "15.9") "| .production.ci.password = $ENV.db_password" + ++ [ "|" ] + ) + )} .production + | to_entries[] + ] + | sort_by(.key) + | reverse + | from_entries + }' >'${cfg.statePath}/config/database.yml' ${utils.genJqSecretsReplacementSnippet gitlabConfig |