Loading maintainers/maintainer-list.nix +7 −0 Original line number Diff line number Diff line Loading @@ -9555,6 +9555,13 @@ githubId = 23743547; name = "Akshay Oppiliappan"; }; ners = { name = "ners"; email = "ners@gmx.ch"; matrix = "@ners:ners.ch"; github = "ners"; githubId = 50560955; }; nessdoor = { name = "Tomas Antonio Lopez"; email = "entropy.overseer@protonmail.com"; Loading nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +3 −1 Original line number Diff line number Diff line Loading @@ -520,7 +520,9 @@ <listitem> <para> <literal>pkgs.cosign</literal> does not provide the <literal>cosigned</literal> binary anymore. <literal>cosigned</literal> binary anymore. The <literal>sget</literal> binary has been moved into its own package. </para> </listitem> <listitem> Loading nixos/doc/manual/release-notes/rl-2211.section.md +1 −1 Original line number Diff line number Diff line Loading @@ -173,7 +173,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - PHP 7.4 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 22.11 release. - `pkgs.cosign` does not provide the `cosigned` binary anymore. - `pkgs.cosign` does not provide the `cosigned` binary anymore. The `sget` binary has been moved into its own package. - Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues. Users who still wish to remain using GTK can do so by using `emacs-gtk`. Loading nixos/lib/utils.nix +9 −5 Original line number Diff line number Diff line Loading @@ -102,7 +102,11 @@ rec { if item ? ${attr} then nameValuePair prefix item.${attr} else if isAttrs item then map (name: recurse (prefix + "." + name) item.${name}) (attrNames item) map (name: let escapedName = ''"${replaceChars [''"'' "\\"] [''\"'' "\\\\"] name}"''; in recurse (prefix + "." + escapedName) item.${name}) (attrNames item) else if isList item then imap0 (index: item: recurse (prefix + "[${toString index}]") item) item else Loading Loading @@ -182,13 +186,13 @@ rec { '') (attrNames secrets)) + "\n" + "${pkgs.jq}/bin/jq >'${output}' '" + concatStringsSep + "${pkgs.jq}/bin/jq >'${output}' " + lib.escapeShellArg (concatStringsSep " | " (imap1 (index: name: ''${name} = $ENV.secret${toString index}'') (attrNames secrets)) (attrNames secrets))) + '' ' <<'EOF' <<'EOF' ${builtins.toJSON set} EOF (( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit Loading nixos/modules/services/misc/gitlab.nix +80 −15 Original line number Diff line number Diff line Loading @@ -6,6 +6,9 @@ let cfg = config.services.gitlab; opt = options.services.gitlab; toml = pkgs.formats.toml {}; yaml = pkgs.formats.yaml {}; ruby = cfg.packages.gitlab.ruby; postgresqlPackage = if config.services.postgresql.enable then Loading Loading @@ -89,17 +92,18 @@ let repos_path = "${cfg.statePath}/repositories"; secret_file = "${cfg.statePath}/gitlab_shell_secret"; log_file = "${cfg.statePath}/log/gitlab-shell.log"; redis = { bin = "${pkgs.redis}/bin/redis-cli"; host = "127.0.0.1"; port = config.services.redis.servers.gitlab.port; database = 0; namespace = "resque:gitlab"; }; }; redisConfig.production.url = cfg.redisUrl; cableYml = yaml.generate "cable.yml" { production = { adapter = "redis"; url = cfg.redisUrl; channel_prefix = "gitlab_production"; }; }; pagesArgs = [ "-pages-domain" gitlabConfig.production.pages.host "-pages-root" "${gitlabConfig.production.shared.path}/pages" Loading Loading @@ -188,6 +192,17 @@ let MALLOC_ARENA_MAX = "2"; } // cfg.extraEnv; runtimeDeps = with pkgs; [ nodejs gzip git gnutar postgresqlPackage coreutils procps findutils # Needed for gitlab:cleanup:orphan_job_artifact_files ]; gitlab-rake = pkgs.stdenv.mkDerivation { name = "gitlab-rake"; nativeBuildInputs = [ pkgs.makeWrapper ]; Loading @@ -197,7 +212,7 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \ --set PATH '${lib.makeBinPath runtimeDeps}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --chdir '${cfg.packages.gitlab}/share/gitlab' ''; Loading @@ -212,7 +227,7 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \ --set PATH '${lib.makeBinPath runtimeDeps}:$PATH' \ --chdir '${cfg.packages.gitlab}/share/gitlab' ''; }; Loading Loading @@ -468,9 +483,9 @@ in { redisUrl = mkOption { type = types.str; default = "redis://localhost:${toString config.services.redis.servers.gitlab.port}/"; defaultText = literalExpression ''redis://localhost:''${toString config.services.redis.servers.gitlab.port}/''; description = lib.mdDoc "Redis URL for all GitLab services except gitlab-shell"; default = "unix:/run/gitlab/redis.sock"; example = "redis://localhost:6379/"; description = lib.mdDoc "Redis URL for all GitLab services."; }; extraGitlabRb = mkOption { Loading Loading @@ -867,8 +882,41 @@ in { }; }; workhorse.config = mkOption { type = toml.type; default = {}; example = literalExpression '' { object_storage.provider = "AWS"; object_storage.s3 = { aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX"; aws_secret_access_key = { _secret = "/var/keys/aws_secret_access_key"; }; }; }; ''; description = lib.mdDoc '' Configuration options to add to Workhorse's configuration file. See <https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/config.toml.example> and <https://docs.gitlab.com/ee/development/workhorse/configuration.html> for examples and option documentation. Options containing secret data should be set to an attribute set containing the attribute `_secret` - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting configuration file, the `object_storage.s3.aws_secret_access_key` key will be set to the contents of the {file}`/var/keys/aws_secret_access_key` file. ''; }; extraConfig = mkOption { type = types.attrs; type = yaml.type; default = {}; example = literalExpression '' { Loading Loading @@ -972,8 +1020,9 @@ in { # Redis is required for the sidekiq queue runner. services.redis.servers.gitlab = { enable = mkDefault true; port = mkDefault 31636; bind = mkDefault "127.0.0.1"; user = mkDefault cfg.user; unixSocket = mkDefault "/run/gitlab/redis.sock"; unixSocketPerm = mkDefault 770; }; # We use postgres as the main data store. Loading Loading @@ -1062,6 +1111,7 @@ in { # Ensure Docker Registry launches after the certificate generation job systemd.services.docker-registry = optionalAttrs cfg.registry.enable { wants = [ "gitlab-registry-cert.service" ]; after = [ "gitlab-registry-cert.service" ]; }; # Enable Docker Registry, if GitLab-Container Registry is enabled Loading Loading @@ -1115,6 +1165,7 @@ in { "d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/packages 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/registry 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/terraform_state 0750 ${cfg.user} ${cfg.group} -" "L+ /run/gitlab/config - - - - ${cfg.statePath}/config" "L+ /run/gitlab/log - - - - ${cfg.statePath}/log" Loading Loading @@ -1168,6 +1219,7 @@ in { cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db ln -sf ${extraGitlabRb} ${cfg.statePath}/config/initializers/extra-gitlab.rb ln -sf ${cableYml} ${cfg.statePath}/config/cable.yml ${cfg.packages.gitlab-shell}/bin/install Loading Loading @@ -1357,6 +1409,7 @@ in { wantedBy = [ "gitlab.target" ]; partOf = [ "gitlab.target" ]; path = with pkgs; [ remarshal exiftool gitPackage gnutar Loading @@ -1371,6 +1424,17 @@ in { TimeoutSec = "infinity"; Restart = "on-failure"; WorkingDirectory = gitlabEnv.HOME; ExecStartPre = pkgs.writeShellScript "gitlab-workhorse-pre-start" '' set -o errexit -o pipefail -o nounset shopt -s dotglob nullglob inherit_errexit ${utils.genJqSecretsReplacementSnippet cfg.workhorse.config "${cfg.statePath}/config/gitlab-workhorse.json"} json2toml "${cfg.statePath}/config/gitlab-workhorse.json" "${cfg.statePath}/config/gitlab-workhorse.toml" rm "${cfg.statePath}/config/gitlab-workhorse.json" ''; ExecStart = "${cfg.packages.gitlab-workhorse}/bin/workhorse " + "-listenUmask 0 " Loading @@ -1378,6 +1442,7 @@ in { + "-listenAddr /run/gitlab/gitlab-workhorse.socket " + "-authSocket ${gitlabSocket} " + "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public " + "-config ${cfg.statePath}/config/gitlab-workhorse.toml " + "-secretPath ${cfg.statePath}/.gitlab_workhorse_secret"; }; }; Loading Loading
maintainers/maintainer-list.nix +7 −0 Original line number Diff line number Diff line Loading @@ -9555,6 +9555,13 @@ githubId = 23743547; name = "Akshay Oppiliappan"; }; ners = { name = "ners"; email = "ners@gmx.ch"; matrix = "@ners:ners.ch"; github = "ners"; githubId = 50560955; }; nessdoor = { name = "Tomas Antonio Lopez"; email = "entropy.overseer@protonmail.com"; Loading
nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +3 −1 Original line number Diff line number Diff line Loading @@ -520,7 +520,9 @@ <listitem> <para> <literal>pkgs.cosign</literal> does not provide the <literal>cosigned</literal> binary anymore. <literal>cosigned</literal> binary anymore. The <literal>sget</literal> binary has been moved into its own package. </para> </listitem> <listitem> Loading
nixos/doc/manual/release-notes/rl-2211.section.md +1 −1 Original line number Diff line number Diff line Loading @@ -173,7 +173,7 @@ Available as [services.patroni](options.html#opt-services.patroni.enable). - PHP 7.4 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 22.11 release. - `pkgs.cosign` does not provide the `cosigned` binary anymore. - `pkgs.cosign` does not provide the `cosigned` binary anymore. The `sget` binary has been moved into its own package. - Emacs now uses the Lucid toolkit by default instead of GTK because of stability and compatibility issues. Users who still wish to remain using GTK can do so by using `emacs-gtk`. Loading
nixos/lib/utils.nix +9 −5 Original line number Diff line number Diff line Loading @@ -102,7 +102,11 @@ rec { if item ? ${attr} then nameValuePair prefix item.${attr} else if isAttrs item then map (name: recurse (prefix + "." + name) item.${name}) (attrNames item) map (name: let escapedName = ''"${replaceChars [''"'' "\\"] [''\"'' "\\\\"] name}"''; in recurse (prefix + "." + escapedName) item.${name}) (attrNames item) else if isList item then imap0 (index: item: recurse (prefix + "[${toString index}]") item) item else Loading Loading @@ -182,13 +186,13 @@ rec { '') (attrNames secrets)) + "\n" + "${pkgs.jq}/bin/jq >'${output}' '" + concatStringsSep + "${pkgs.jq}/bin/jq >'${output}' " + lib.escapeShellArg (concatStringsSep " | " (imap1 (index: name: ''${name} = $ENV.secret${toString index}'') (attrNames secrets)) (attrNames secrets))) + '' ' <<'EOF' <<'EOF' ${builtins.toJSON set} EOF (( ! $inherit_errexit_enabled )) && shopt -u inherit_errexit Loading
nixos/modules/services/misc/gitlab.nix +80 −15 Original line number Diff line number Diff line Loading @@ -6,6 +6,9 @@ let cfg = config.services.gitlab; opt = options.services.gitlab; toml = pkgs.formats.toml {}; yaml = pkgs.formats.yaml {}; ruby = cfg.packages.gitlab.ruby; postgresqlPackage = if config.services.postgresql.enable then Loading Loading @@ -89,17 +92,18 @@ let repos_path = "${cfg.statePath}/repositories"; secret_file = "${cfg.statePath}/gitlab_shell_secret"; log_file = "${cfg.statePath}/log/gitlab-shell.log"; redis = { bin = "${pkgs.redis}/bin/redis-cli"; host = "127.0.0.1"; port = config.services.redis.servers.gitlab.port; database = 0; namespace = "resque:gitlab"; }; }; redisConfig.production.url = cfg.redisUrl; cableYml = yaml.generate "cable.yml" { production = { adapter = "redis"; url = cfg.redisUrl; channel_prefix = "gitlab_production"; }; }; pagesArgs = [ "-pages-domain" gitlabConfig.production.pages.host "-pages-root" "${gitlabConfig.production.shared.path}/pages" Loading Loading @@ -188,6 +192,17 @@ let MALLOC_ARENA_MAX = "2"; } // cfg.extraEnv; runtimeDeps = with pkgs; [ nodejs gzip git gnutar postgresqlPackage coreutils procps findutils # Needed for gitlab:cleanup:orphan_job_artifact_files ]; gitlab-rake = pkgs.stdenv.mkDerivation { name = "gitlab-rake"; nativeBuildInputs = [ pkgs.makeWrapper ]; Loading @@ -197,7 +212,7 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \ --set PATH '${lib.makeBinPath runtimeDeps}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --chdir '${cfg.packages.gitlab}/share/gitlab' ''; Loading @@ -212,7 +227,7 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rails $out/bin/gitlab-rails \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar postgresqlPackage pkgs.coreutils pkgs.procps ]}:$PATH' \ --set PATH '${lib.makeBinPath runtimeDeps}:$PATH' \ --chdir '${cfg.packages.gitlab}/share/gitlab' ''; }; Loading Loading @@ -468,9 +483,9 @@ in { redisUrl = mkOption { type = types.str; default = "redis://localhost:${toString config.services.redis.servers.gitlab.port}/"; defaultText = literalExpression ''redis://localhost:''${toString config.services.redis.servers.gitlab.port}/''; description = lib.mdDoc "Redis URL for all GitLab services except gitlab-shell"; default = "unix:/run/gitlab/redis.sock"; example = "redis://localhost:6379/"; description = lib.mdDoc "Redis URL for all GitLab services."; }; extraGitlabRb = mkOption { Loading Loading @@ -867,8 +882,41 @@ in { }; }; workhorse.config = mkOption { type = toml.type; default = {}; example = literalExpression '' { object_storage.provider = "AWS"; object_storage.s3 = { aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX"; aws_secret_access_key = { _secret = "/var/keys/aws_secret_access_key"; }; }; }; ''; description = lib.mdDoc '' Configuration options to add to Workhorse's configuration file. See <https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/config.toml.example> and <https://docs.gitlab.com/ee/development/workhorse/configuration.html> for examples and option documentation. Options containing secret data should be set to an attribute set containing the attribute `_secret` - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting configuration file, the `object_storage.s3.aws_secret_access_key` key will be set to the contents of the {file}`/var/keys/aws_secret_access_key` file. ''; }; extraConfig = mkOption { type = types.attrs; type = yaml.type; default = {}; example = literalExpression '' { Loading Loading @@ -972,8 +1020,9 @@ in { # Redis is required for the sidekiq queue runner. services.redis.servers.gitlab = { enable = mkDefault true; port = mkDefault 31636; bind = mkDefault "127.0.0.1"; user = mkDefault cfg.user; unixSocket = mkDefault "/run/gitlab/redis.sock"; unixSocketPerm = mkDefault 770; }; # We use postgres as the main data store. Loading Loading @@ -1062,6 +1111,7 @@ in { # Ensure Docker Registry launches after the certificate generation job systemd.services.docker-registry = optionalAttrs cfg.registry.enable { wants = [ "gitlab-registry-cert.service" ]; after = [ "gitlab-registry-cert.service" ]; }; # Enable Docker Registry, if GitLab-Container Registry is enabled Loading Loading @@ -1115,6 +1165,7 @@ in { "d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/packages 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/registry 0750 ${cfg.user} ${cfg.group} -" "d ${gitlabConfig.production.shared.path}/terraform_state 0750 ${cfg.user} ${cfg.group} -" "L+ /run/gitlab/config - - - - ${cfg.statePath}/config" "L+ /run/gitlab/log - - - - ${cfg.statePath}/log" Loading Loading @@ -1168,6 +1219,7 @@ in { cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db ln -sf ${extraGitlabRb} ${cfg.statePath}/config/initializers/extra-gitlab.rb ln -sf ${cableYml} ${cfg.statePath}/config/cable.yml ${cfg.packages.gitlab-shell}/bin/install Loading Loading @@ -1357,6 +1409,7 @@ in { wantedBy = [ "gitlab.target" ]; partOf = [ "gitlab.target" ]; path = with pkgs; [ remarshal exiftool gitPackage gnutar Loading @@ -1371,6 +1424,17 @@ in { TimeoutSec = "infinity"; Restart = "on-failure"; WorkingDirectory = gitlabEnv.HOME; ExecStartPre = pkgs.writeShellScript "gitlab-workhorse-pre-start" '' set -o errexit -o pipefail -o nounset shopt -s dotglob nullglob inherit_errexit ${utils.genJqSecretsReplacementSnippet cfg.workhorse.config "${cfg.statePath}/config/gitlab-workhorse.json"} json2toml "${cfg.statePath}/config/gitlab-workhorse.json" "${cfg.statePath}/config/gitlab-workhorse.toml" rm "${cfg.statePath}/config/gitlab-workhorse.json" ''; ExecStart = "${cfg.packages.gitlab-workhorse}/bin/workhorse " + "-listenUmask 0 " Loading @@ -1378,6 +1442,7 @@ in { + "-listenAddr /run/gitlab/gitlab-workhorse.socket " + "-authSocket ${gitlabSocket} " + "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public " + "-config ${cfg.statePath}/config/gitlab-workhorse.toml " + "-secretPath ${cfg.statePath}/.gitlab_workhorse_secret"; }; }; Loading
![github-actions[bot]'s avatar](https://secure.gravatar.com/avatar/e7cd911927c7d1acf6281b69d385990d8fadcd26871048bbcdbff2e88da7f607?s=48&d=identicon "github-actions[bot]")