Gitlab: Difference between revisions

(8 intermediate revisions by 5 users not shown)

Line 5:

== Installation ==

~~A minimal local installation of Gitlab might look like this~~

=== Generate Secrets ===

sudo install -d -m 0700 /var/lib/gitlab/secrets

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey'

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey'

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt'

sudo chown -R gitlab:gitlab /var/lib/gitlab/secrets

sudo chmod 700 /var/lib/gitlab/secrets

sudo chmod 0600 /var/lib/gitlab/secrets/*

</syntaxhighlight>

<~~syntaxHighlight~~ lang="nix">

=== Nix Configuration ===

services.gitlab = {

<syntaxhighlight lang="nix">services.gitlab = {

enable = true;

databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";

Line 17:

Line 26:

dbFile = pkgs.writeText "dbsecret" "we2quaeZ";

jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";

activeRecordPrimaryKeyFile = "/var/lib/gitlab/secrets/activeRecordPrimaryKey";

activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey";

activeRecordSaltFile = "/var/lib/gitlab/secrets/activeRecordSalt";

};

Line 32:

Line 44:

services.openssh.enable = true;

systemd.services.gitlab-backup.environment.BACKUP = "dump";

systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight>

</~~syntaxHighlight~~>

After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>.

Line 66:

Line 77:

host = "git.example.org";

};

</syntaxhighlight>

=== Feature Flags ===

You can declaratively enable [https://gitlab-docs-d6a9bb.gitlab.io/ee/user/feature_flags.html Gitlab Feature Flags] using <code>extraGitlabRb</code>:<syntaxhighlight lang="nix">

{

services.gitlab = {

enable = true;

extraGitlabRb = ''

Feature.enable(:issue_date_filter)

'';

# Other configuration...

};

}

</syntaxhighlight>

=== Migrating an existing Gitlab to a Nixos installation ===

Make a backup ~~on the~~ on the old installation following the [https://docs.gitlab.com/ee/~~raketasks~~/backup_gitlab~~.html~~ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.

Make a backup on the old installation following the [https://docs.gitlab.com/administration/backup_restore/backup_gitlab/ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.

Then install a Gitlab on the NixOS. Make sure you set the same secrets like on the old installation.

Line 143:

Line 167:

IdentitiesOnly yes

PreferredAuthentications publickey

Note: If you want to just be able to copy the url from the clone Gitlab menu consider changing the git user to the generated "gitlab" user or create some other user yourself. See gitlabs reference [https://docs.gitlab.com/omnibus/settings/configuration/#change-the-name-of-the-git-user-or-group Change the name of the git user or group]

== See also ==

* [[Gitea]], a web app, Git development repository and project management.

* [[Forgejo]], a web application offers Git development repositories and project management. Community fork of Gitea.

[[Category:Server]]

[[Category:Web Applications]]

[[Category:NixOS Manual]]

@@ Line 5: / Line 5: @@
 == Installation ==
-A minimal local installation of Gitlab might look like this
+=== Generate Secrets ===
+<syntaxhighlight lang="bash">
+sudo install -d -m 0700 /var/lib/gitlab/secrets
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey'
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey'
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt'
+sudo chown -R gitlab:gitlab /var/lib/gitlab/secrets
+sudo chmod 700 /var/lib/gitlab/secrets
+sudo chmod 0600 /var/lib/gitlab/secrets/*
+</syntaxhighlight>
-<syntaxHighlight lang="nix">
+=== Nix Configuration ===
-services.gitlab = {
+<syntaxhighlight lang="nix">services.gitlab = {
    enable = true;
    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
@@ Line 17: / Line 26: @@
      dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
      jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
+    activeRecordPrimaryKeyFile       = "/var/lib/gitlab/secrets/activeRecordPrimaryKey";
+    activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey";
+    activeRecordSaltFile             = "/var/lib/gitlab/secrets/activeRecordSalt";
    };
 };
@@ Line 32: / Line 44: @@
 services.openssh.enable = true;
-systemd.services.gitlab-backup.environment.BACKUP = "dump";
+systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight>
-</syntaxHighlight>
 After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>.
@@ Line 66: / Line 77: @@
    host = "git.example.org";
 };
+</syntaxhighlight>
+=== Feature Flags ===
+You can declaratively enable [https://gitlab-docs-d6a9bb.gitlab.io/ee/user/feature_flags.html Gitlab Feature Flags] using <code>extraGitlabRb</code>:<syntaxhighlight lang="nix">
+{
+  services.gitlab = {
+    enable = true;
+    extraGitlabRb = ''
+      Feature.enable(:issue_date_filter)
+    '';
+    # Other configuration...
+  };
+}
 </syntaxhighlight>
 === Migrating an existing Gitlab to a Nixos installation ===
-Make a backup on the on the old installation following the [https://docs.gitlab.com/ee/raketasks/backup_gitlab.html Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.
+Make a backup on the old installation following the [https://docs.gitlab.com/administration/backup_restore/backup_gitlab/ Gitlab backup guide]. It is important to be on the same version and edition that you want to install on your new server.
 Then install a Gitlab on the NixOS. Make sure you set the same secrets like on the old installation.
@@ Line 143: / Line 167: @@
      IdentitiesOnly yes
      PreferredAuthentications publickey
+Note: If you want to just be able to copy the url from the clone Gitlab menu consider changing the git user to the generated "gitlab" user or create some other user yourself. See gitlabs reference [https://docs.gitlab.com/omnibus/settings/configuration/#change-the-name-of-the-git-user-or-group Change the name of the git user or group]
 <references />
+== See also ==
+* [[Gitea]], a web app, Git development repository and project management.
+* [[Forgejo]], a web application offers Git development repositories and project management. Community fork of Gitea.
 [[Category:Server]]
 [[Category:Web Applications]]
 [[Category:NixOS Manual]]