diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 9ed5875a019..76d892b1681 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -500,7 +500,7 @@ in { Type = "simple"; User = cfg.user; Group = cfg.group; - TimeoutSec = "300"; + TimeoutSec = "infinity"; Restart = "on-failure"; WorkingDirectory = gitlabEnv.HOME; ExecStart = "${cfg.packages.gitaly}/bin/gitaly ${gitalyToml}"; @@ -580,6 +580,7 @@ in { ln -sf ${cfg.statePath}/log /run/gitlab/log ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp + ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml chown -R ${cfg.user}:${cfg.group} /run/gitlab # Prepare home directory diff --git a/pkgs/applications/version-management/gitlab-shell/default.nix b/pkgs/applications/version-management/gitlab-shell/default.nix index ab0ff74f03f..2d013ff7094 100644 --- a/pkgs/applications/version-management/gitlab-shell/default.nix +++ b/pkgs/applications/version-management/gitlab-shell/default.nix @@ -30,29 +30,9 @@ stdenv.mkDerivation rec { # code by default which doesn't work in nixos because it's a # read-only filesystem postPatch = '' - substituteInPlace lib/gitlab_config.rb --replace\ - "File.join(ROOT_PATH, 'config.yml')"\ - "ENV['GITLAB_SHELL_CONFIG_PATH']" - - # Note that we're running gitlab-shell from current-system/sw - # because otherwise updating gitlab-shell won't be reflected in - # the hardcoded path of the authorized-keys file: - substituteInPlace lib/gitlab_keys.rb --replace\ - "\"#{ROOT_PATH}/bin/gitlab-shell"\ - "\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} /run/current-system/sw/bin/gitlab-shell" - - # We're setting GITLAB_SHELL_CONFIG_PATH in the ssh authorized key - # environment because we need it in gitlab_configrb - # . unsetenv_others will remove that so we're not doing it for - # now. - # - # TODO: Are there any security implications? The commit adding - # unsetenv_others didn't mention anything... - # - # Kernel::exec({'PATH' => ENV['PATH'], 'LD_LIBRARY_PATH' => ENV['LD_LIBRARY_PATH'], 'GL_ID' => ENV['GL_ID']}, *args, unsetenv_others: true) - substituteInPlace lib/gitlab_shell.rb --replace\ - " *args, unsetenv_others: true)"\ - " *args)" + substituteInPlace lib/gitlab_config.rb --replace \ + "File.join(ROOT_PATH, 'config.yml')" \ + "'/run/gitlab/shell-config.yml'" ''; meta = with stdenv.lib; { diff --git a/pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch b/pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch index f28e74b88c5..d0e555b33df 100644 --- a/pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch +++ b/pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch @@ -34,7 +34,7 @@ index c57b4de..88cfc95 100644 cfg.RootDir = dir - configBytes, err := ioutil.ReadFile(path.Join(cfg.RootDir, configFile)) -+ configBytes, err := ioutil.ReadFile(os.Getenv("GITLAB_SHELL_CONFIG_PATH")) ++ configBytes, err := ioutil.ReadFile("/run/gitlab/shell-config.yml") if err != nil { return nil, err }