nixpkgs-suyu/nixos/modules/services/misc/gitlab.xml

117 lines
3.6 KiB
XML
Raw Normal View History

<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-gitlab">
<title>Gitlab</title>
<para>Gitlab is a feature-rich git hosting service.</para>
<section><title>Prerequisites</title>
<para>The gitlab service exposes only an Unix socket at
<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a
webserver to proxy HTTP requests to the socket.</para>
2016-08-04 02:23:08 +02:00
<para>For instance, the following configuration could be used to use nginx as
frontend proxy:
<programlisting>
2016-08-04 02:23:08 +02:00
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."git.example.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
'';
</programlisting>
</para>
</section>
<section><title>Configuring</title>
<para>Gitlab depends on both PostgreSQL and Redis and will automatically enable
both services. In the case of PostgreSQL, a database and a role will be created.
</para>
2016-08-04 02:23:08 +02:00
<para>The default state dir is <literal>/var/gitlab/state</literal>. This is where
all data like the repositories and uploads will be stored.</para>
2016-08-04 02:23:08 +02:00
<para>A basic configuration with some custom settings could look like this:
<programlisting>
services.gitlab = {
enable = true;
databasePassword = "eXaMpl3";
initialRootPassword = "UseNixOS!";
https = true;
host = "git.example.com";
port = 443;
user = "git";
group = "git";
2016-08-04 02:23:08 +02:00
smtp = {
enable = true;
address = "localhost";
port = 25;
};
2016-08-26 14:08:53 +02:00
secrets = {
db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";
secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";
otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";
};
extraConfig = {
gitlab = {
2016-08-04 02:23:08 +02:00
email_from = "gitlab-no-reply@example.com";
email_display_name = "Example GitLab";
email_reply_to = "gitlab-no-reply@example.com";
default_projects_features = { builds = false; };
};
};
};
</programlisting>
</para>
2016-08-26 14:08:53 +02:00
<para>If you're setting up a new Gitlab instance, generate new secrets. You
2016-08-26 15:47:23 +02:00
for instance use <literal>tr -dc A-Za-z0-9 &lt; /dev/urandom | head -c 128</literal>
2016-08-26 14:08:53 +02:00
to generate a new secret. Gitlab encrypts sensitive data stored in the database.
If you're restoring an existing Gitlab instance, you must specify the secrets
secret from <literal>config/secrets.yml</literal> located in your Gitlab state
folder.</para>
<para>Refer to <xref linkend="ch-options" /> for all available configuration
options for the <literal>services.gitlab</literal> module.</para>
</section>
<section><title>Maintenance</title>
<para>You can run Gitlab's rake tasks with <literal>gitlab-rake</literal>
which will be available on the system when gitlab is enabled. You will
have to run the command as the user that you configured to run gitlab
with.</para>
<para>For example, to backup a Gitlab instance:
<programlisting>
$ sudo -u git -H gitlab-rake gitlab:backup:create
</programlisting>
A list of all availabe rake tasks can be obtained by running:
<programlisting>
$ sudo -u git -H gitlab-rake -T
</programlisting>
</para>
</section>
</chapter>