Gitlab: Difference between revisions
m Added note about closed-by-default ports. |
m Correcting the owner + group here to match gitlab runner. |
||
| (6 intermediate revisions by 4 users not shown) | |||
| Line 5: | Line 5: | ||
== Installation == | == Installation == | ||
=== Generate Secrets === | |||
<syntaxhighlight lang="bash"> | |||
sudo install -d -m 0700 /var/lib/gitlab/secrets | |||
sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey' | |||
sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey' | |||
sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt' | |||
sudo chown -R gitlab:gitlab /var/lib/gitlab/secrets | |||
sudo chmod 700 /var/lib/gitlab/secrets | |||
sudo chmod 0600 /var/lib/gitlab/secrets/* | |||
</syntaxhighlight> | |||
< | === Nix Configuration === | ||
services.gitlab = { | <syntaxhighlight lang="nix">services.gitlab = { | ||
enable = true; | enable = true; | ||
databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l"; | databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l"; | ||
| Line 17: | Line 26: | ||
dbFile = pkgs.writeText "dbsecret" "we2quaeZ"; | dbFile = pkgs.writeText "dbsecret" "we2quaeZ"; | ||
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out"; | jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out"; | ||
activeRecordPrimaryKeyFile = "/var/lib/gitlab/secrets/activeRecordPrimaryKey"; | |||
activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey"; | |||
activeRecordSaltFile = "/var/lib/gitlab/secrets/activeRecordSalt"; | |||
}; | }; | ||
}; | }; | ||
| Line 32: | Line 44: | ||
services.openssh.enable = true; | services.openssh.enable = true; | ||
systemd.services.gitlab-backup.environment.BACKUP = "dump"; | systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight> | ||
</ | |||
After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>. | After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>. | ||
| Line 66: | Line 77: | ||
host = "git.example.org"; | host = "git.example.org"; | ||
}; | }; | ||
</syntaxhighlight> | |||
=== Feature Flags === | |||
You can declaratively enable [https://gitlab-docs-d6a9bb.gitlab.io/ee/user/feature_flags.html Gitlab Feature Flags] using <code>extraGitlabRb</code>:<syntaxhighlight lang="nix"> | |||
{ | |||
services.gitlab = { | |||
enable = true; | |||
extraGitlabRb = '' | |||
Feature.enable(:issue_date_filter) | |||
''; | |||
# Other configuration... | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Migrating an existing Gitlab to a Nixos installation === | === Migrating an existing Gitlab to a Nixos installation === | ||
Make a backup | Make a backup on the old installation following the [https://docs.gitlab.com/administration/backup_restore/backup_gitlab/ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server. | ||
Then install a Gitlab on the NixOS. Make sure you set the same secrets like on the old installation. | Then install a Gitlab on the NixOS. Make sure you set the same secrets like on the old installation. | ||
| Line 145: | Line 169: | ||
<references /> | <references /> | ||
== See also == | |||
* [[Gitea]], a web app, Git development repository and project management. | |||
* [[Forgejo]], a web application offers Git development repositories and project management. Community fork of Gitea. | |||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Web Applications]] | [[Category:Web Applications]] | ||
[[Category:NixOS Manual]] | [[Category:NixOS Manual]] | ||