Gitlab: Difference between revisions

(4 intermediate revisions by 2 users not shown)

Line 40:

A safer solution is to put them somewhere in the file system with the right chmod and owner set and include them using <code>./<filename></code> or to use a [[Comparison of secret managing schemes|secret managment tool]]

{{Note|Since the version 15.7 GitLab blocks weak passwords<ref>https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/user/profile/user_passwords.md#block-weak-passwords</ref> on self-managed instances by default and providing one in initialRootPasswordFile results in a silent failure to create root user.}}

{{Note|Since the version 15.7 GitLab blocks weak passwords<ref>https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/user/profile/user_passwords.md#block-weak-passwords</ref> on self-managed instances by default and providing one in initialRootPasswordFile results in a silent failure to create root user.}}{{Note|Depending on the setup, access from another system than localhost might be required. In that case, it's necessary to open the ports, since NixOS defaults to having all ports closed. Look up networking.firewall.allowedTCPPorts.}}

== Maintenance ==

Line 66:

host = "git.example.org";

};

</syntaxhighlight>

=== Feature Flags ===

You can declaratively enable [https://gitlab-docs-d6a9bb.gitlab.io/ee/user/feature_flags.html Gitlab Feature Flags] using <code>extraGitlabRb</code>:<syntaxhighlight lang="nix">

{

services.gitlab = {

enable = true;

extraGitlabRb = ''

Feature.enable(:issue_date_filter)

'';

# Other configuration...

};

}

</syntaxhighlight>

=== Migrating an existing Gitlab to a Nixos installation ===

Make a backup ~~on the~~ on the old installation following the [https://docs.gitlab.com/ee/~~raketasks~~/backup_gitlab~~.html~~ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.

Make a backup on the old installation following the [https://docs.gitlab.com/administration/backup_restore/backup_gitlab/ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.

Then install a Gitlab on the NixOS. Make sure you set the same secrets like on the old installation.

Line 118:

Line 131:

</syntaxHighlight>

=== Login page accessible, but root login fails after fresh install ===

Apparently, it can happen that no root user is created (or at least not fully created in the database) when building the system with a newly configured Gitlab service.

In this case, it can help to stop the Gitlab service, drop the postgres database and reboot the system. This sequence instantiates the Gitlab root user. With that, it's possible to log in with user "root" and the password configured in "initialRootPasswordFile".<syntaxhighlight lang="bash">

# stop the gitlab stack

systemctl stop gitlab.service

# drop the database

sudo -u postgres dropdb gitlab

# reboot (just starting the gitlab service again seems not to be sufficient)

sudo reboot

</syntaxhighlight>

==Notes==

@@ Line 40: / Line 40: @@
 A safer solution is to put them somewhere in the file system with the right chmod and owner set and include them using <code>./<filename></code> or to use a [[Comparison of secret managing schemes|secret managment tool]]
-{{Note|Since the version 15.7 GitLab blocks weak passwords<ref>https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/user/profile/user_passwords.md#block-weak-passwords</ref> on self-managed instances by default and providing one in initialRootPasswordFile results in a silent failure to create root user.}}
+{{Note|Since the version 15.7 GitLab blocks weak passwords<ref>https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/user/profile/user_passwords.md#block-weak-passwords</ref> on self-managed instances by default and providing one in initialRootPasswordFile results in a silent failure to create root user.}}{{Note|Depending on the setup, access from another system than localhost might be required. In that case, it's necessary to open the ports, since NixOS defaults to having all ports closed. Look up networking.firewall.allowedTCPPorts.}}
 == Maintenance ==
@@ Line 66: / Line 66: @@
    host = "git.example.org";
 };
+</syntaxhighlight>
+=== Feature Flags ===
+You can declaratively enable [https://gitlab-docs-d6a9bb.gitlab.io/ee/user/feature_flags.html Gitlab Feature Flags] using <code>extraGitlabRb</code>:<syntaxhighlight lang="nix">
+{
+  services.gitlab = {
+    enable = true;
+    extraGitlabRb = ''
+      Feature.enable(:issue_date_filter)
+    '';
+    # Other configuration...
+  };
+}
 </syntaxhighlight>
 === Migrating an existing Gitlab to a Nixos installation ===
-Make a backup on the on the old installation following the [https://docs.gitlab.com/ee/raketasks/backup_gitlab.html Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.
+Make a backup on the old installation following the [https://docs.gitlab.com/administration/backup_restore/backup_gitlab/ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.
 Then install a Gitlab on the NixOS. Make sure you set the same secrets like on the old installation.
@@ Line 118: / Line 131: @@
 </syntaxHighlight>
+=== Login page accessible, but root login fails after fresh install ===
+Apparently, it can happen that no root user is created (or at least not fully created in the database) when building the system with a newly configured Gitlab service.
+In this case, it can help to stop the Gitlab service, drop the postgres database and reboot the system. This sequence instantiates the Gitlab root user. With that, it's possible to log in with user "root" and the password configured in "initialRootPasswordFile".<syntaxhighlight lang="bash">
+# stop the gitlab stack
+systemctl stop gitlab.service
+# drop the database
+sudo -u postgres dropdb gitlab
+# reboot (just starting the gitlab service again seems not to be sufficient)
+sudo reboot
+</syntaxhighlight>
 ==Notes==