Gitlab: Difference between revisions

Line 5:

== Installation ==

~~A minimal local installation of Gitlab might look like this~~

=== Generate Secrets ===

sudo install -d -m 0700 /var/lib/gitlab/secrets

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey'

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey'

sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt'

sudo chmod 0600 /var/lib/gitlab/secrets/*

</syntaxhighlight>

<~~syntaxHighlight~~ lang="nix">

=== Nix Configuration ===

services.gitlab = {

<syntaxhighlight lang="nix">services.gitlab = {

enable = true;

databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";

Line 17:

Line 24:

dbFile = pkgs.writeText "dbsecret" "we2quaeZ";

jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";

activeRecordPrimaryKeyFile = "/var/lib/gitlab/secrets/activeRecordPrimaryKey";

activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey";

activeRecordSaltFile = "/var/lib/gitlab/secrets/activeRecordSalt";

};

Line 32:

Line 42:

services.openssh.enable = true;

systemd.services.gitlab-backup.environment.BACKUP = "dump";

systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight>

</~~syntaxHighlight~~>

After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>.

@@ Line 5: / Line 5: @@
 == Installation ==
-A minimal local installation of Gitlab might look like this
+=== Generate Secrets ===
+<syntaxhighlight lang="bash">
+sudo install -d -m 0700 /var/lib/gitlab/secrets
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordPrimaryKey'
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordDeterministicKey'
+sudo sh -c 'openssl rand -hex 32 > /var/lib/gitlab/secrets/activeRecordSalt'
+sudo chmod 0600 /var/lib/gitlab/secrets/*
+</syntaxhighlight>
-<syntaxHighlight lang="nix">
+=== Nix Configuration ===
-services.gitlab = {
+<syntaxhighlight lang="nix">services.gitlab = {
    enable = true;
    databasePasswordFile = pkgs.writeText "dbPassword" "zgvcyfwsxzcwr85l";
@@ Line 17: / Line 24: @@
      dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
      jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
+    activeRecordPrimaryKeyFile       = "/var/lib/gitlab/secrets/activeRecordPrimaryKey";
+    activeRecordDeterministicKeyFile = "/var/lib/gitlab/secrets/activeRecordDeterministicKey";
+    activeRecordSaltFile             = "/var/lib/gitlab/secrets/activeRecordSalt";
    };
 };
@@ Line 32: / Line 42: @@
 services.openssh.enable = true;
-systemd.services.gitlab-backup.environment.BACKUP = "dump";
+systemd.services.gitlab-backup.environment.BACKUP = "dump";</syntaxhighlight>
-</syntaxHighlight>
 After applying the configuration head to http://localhost and login with username <code>root</code> and the password specified in <code>initialRootPasswordFile</code>.