public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #13396 from mayflower/pkg/gitlab 

gitlab: 8.0.5 -> 8.5.1, service improvements
This commit is contained in:
zimbatm 2016-02-26 11:19:28 +00:00
parent a469681a51 cd0f14f23e
commit 8d4c2340d3
19 changed files with 3943 additions and 3635 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/doc/manual/configuration/configuration.xml
View File

@ -26,6 +26,7 @@ effect after you run <command>nixos-rebuild</command>.</para>
<!-- FIXME: auto-include NixOS module docs --> <!-- FIXME: auto-include NixOS module docs -->
<xi:include href="postgresql.xml" /> <xi:include href="postgresql.xml" />
<xi:include href="gitlab.xml" />
<xi:include href="acme.xml" /> <xi:include href="acme.xml" />
<xi:include href="nixos.xml" /> <xi:include href="nixos.xml" />

1
nixos/doc/manual/default.nix
View File

@ -56,6 +56,7 @@ let
cp -prd $sources/* . # */ cp -prd $sources/* . # */
chmod -R u+w . chmod -R u+w .
cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml cp ${../../modules/services/databases/postgresql.xml} configuration/postgresql.xml
cp ${../../modules/services/misc/gitlab.xml} configuration/gitlab.xml
cp ${../../modules/security/acme.xml} configuration/acme.xml cp ${../../modules/security/acme.xml} configuration/acme.xml
cp ${../../modules/misc/nixos.xml} configuration/nixos.xml cp ${../../modules/misc/nixos.xml} configuration/nixos.xml
ln -s ${optionsDocBook} options-db.xml ln -s ${optionsDocBook} options-db.xml

8
nixos/doc/manual/release-notes/rl-unstable.xml
View File

@ -231,6 +231,14 @@ programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
overriden by anything else.</para> overriden by anything else.</para>
</listitem> </listitem>
<listitem>
<para>Large parts of the <literal>services.gitlab</literal> module has been
been rewritten. There are new configuration options available. The
<literal>stateDir</literal> option was renamned to
<literal>statePath</literal> and the <literal>satellitesDir</literal> option
was removed. Please review the currently available options.</para>
</listitem>
</itemizedlist> </itemizedlist>

3
nixos/modules/rename.nix
View File

@ -28,6 +28,9 @@ with lib;
(mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ]) (mkRenamedOptionModule [ "services" "subsonic" "host" ] [ "services" "subsonic" "listenAddress" ])
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ]) (mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ])
# Old Grub-related options. # Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ]) (mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
(mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ]) (mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])

1
nixos/modules/services/misc/defaultUnicornConfig.rb
View File

@ -187,7 +187,6 @@ working_directory ENV["GITLAB_PATH"]
pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid" pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"
listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024 listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024
listen "127.0.0.1:8080", :tcp_nopush => true
timeout 60 timeout 60

384
nixos/modules/services/misc/gitlab.nix
View File

@ -7,10 +7,13 @@ with lib;
let let
cfg = config.services.gitlab; cfg = config.services.gitlab;
ruby = pkgs.gitlab.ruby; ruby = cfg.packages.gitlab.ruby;
bundler = pkgs.bundler; bundler = pkgs.bundler;
gemHome = "${pkgs.gitlab.env}/${ruby.gemPath}"; gemHome = "${cfg.packages.gitlab.env}/${ruby.gemPath}";
gitlabSocket = "${cfg.statePath}/tmp/sockets/gitlab.socket";
pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url;
databaseYml = '' databaseYml = ''
production: production:
@ -21,14 +24,15 @@ let
username: ${cfg.databaseUsername} username: ${cfg.databaseUsername}
encoding: utf8 encoding: utf8
''; '';
gitlabShellYml = '' gitlabShellYml = ''
user: gitlab user: ${cfg.user}
gitlab_url: "http://${cfg.host}:${toString cfg.port}/" gitlab_url: "http+unix://${pathUrlQuote gitlabSocket}"
http_settings: http_settings:
self_signed_cert: false self_signed_cert: false
repos_path: "${cfg.stateDir}/repositories" repos_path: "${cfg.statePath}/repositories"
secret_file: "${cfg.stateDir}/config/gitlab_shell_secret" secret_file: "${cfg.statePath}/config/gitlab_shell_secret"
log_file: "${cfg.stateDir}/log/gitlab-shell.log" log_file: "${cfg.statePath}/log/gitlab-shell.log"
redis: redis:
bin: ${pkgs.redis}/bin/redis-cli bin: ${pkgs.redis}/bin/redis-cli
host: 127.0.0.1 host: 127.0.0.1
@ -37,33 +41,102 @@ let
namespace: resque:gitlab namespace: resque:gitlab
''; '';
gitlabConfig = {
# These are the default settings from config/gitlab.example.yml
production = flip recursiveUpdate cfg.extraConfig {
gitlab = {
host = cfg.host;
port = cfg.port;
https = cfg.https;
user = cfg.user;
email_enabled = true;
email_display_name = "GitLab";
email_reply_to = "noreply@localhost";
default_theme = 2;
default_projects_features = {
issues = true;
merge_requests = true;
wiki = true;
snippets = false;
builds = true;
};
};
artifacts = {
enabled = true;
};
lfs = {
enabled = true;
};
gravatar = {
enabled = true;
};
cron_jobs = {
stuck_ci_builds_worker = {
cron = "0 0 * * *";
};
};
gitlab_ci = {
builds_path = "${cfg.statePath}/builds";
};
ldap = {
enabled = false;
};
omniauth = {
enabled = false;
};
shared = {
path = "${cfg.statePath}/shared";
};
backup = {
path = "${cfg.backupPath}";
};
gitlab_shell = {
path = "${cfg.packages.gitlab-shell}";
repos_path = "${cfg.statePath}/repositories";
hooks_path = "${cfg.statePath}/shell/hooks";
secret_file = "${cfg.statePath}/config/gitlab_shell_secret";
upload_pack = true;
receive_pack = true;
};
git = {
bin_path = "git";
max_size = 20971520; # 20MB
timeout = 10;
};
extra = {};
};
};
gitlabEnv = {
HOME = "${cfg.statePath}/home";
GEM_HOME = gemHome;
BUNDLE_GEMFILE = "${cfg.packages.gitlab}/share/gitlab/Gemfile";
UNICORN_PATH = "${cfg.statePath}/";
GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/";
GITLAB_STATE_PATH = "${cfg.statePath}";
GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads";
GITLAB_LOG_PATH = "${cfg.statePath}/log";
GITLAB_SHELL_PATH = "${cfg.packages.gitlab-shell}";
GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml";
GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret";
GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/shell/hooks";
RAILS_ENV = "production";
};
unicornConfig = builtins.readFile ./defaultUnicornConfig.rb; unicornConfig = builtins.readFile ./defaultUnicornConfig.rb;
gitlab-runner = pkgs.stdenv.mkDerivation rec { gitlab-runner = pkgs.stdenv.mkDerivation rec {
name = "gitlab-runner"; name = "gitlab-runner";
buildInputs = [ pkgs.gitlab pkgs.bundler pkgs.makeWrapper ]; buildInputs = [ cfg.packages.gitlab bundler pkgs.makeWrapper ];
phases = "installPhase fixupPhase"; phases = "installPhase fixupPhase";
buildPhase = ""; buildPhase = "";
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner\ makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner \
--set RAKEOPT '"-f ${pkgs.gitlab}/share/gitlab/Rakefile"'\ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '\"${value}\"' ") gitlabEnv)} \
--set GEM_HOME '${gemHome}'\ --set GITLAB_CONFIG_PATH '"${cfg.statePath}/config"' \
--set UNICORN_PATH "${cfg.stateDir}/"\ --set PATH '"${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH"' \
--set GITLAB_PATH "${pkgs.gitlab}/share/gitlab/"\ --set RAKEOPT '"-f ${cfg.packages.gitlab}/share/gitlab/Rakefile"'
--set GITLAB_APPLICATION_LOG_PATH "${cfg.stateDir}/log/application.log"\
--set GITLAB_SATELLITES_PATH "${cfg.stateDir}/satellites"\
--set GITLAB_SHELL_PATH "${pkgs.gitlab-shell}"\
--set GITLAB_REPOSITORIES_PATH "${cfg.stateDir}/repositories"\
--set GITLAB_SHELL_HOOKS_PATH "${cfg.stateDir}/shell/hooks"\
--set BUNDLE_GEMFILE "${pkgs.gitlab}/share/gitlab/Gemfile"\
--set GITLAB_EMAIL_FROM "${cfg.emailFrom}"\
--set GITLAB_SHELL_CONFIG_PATH "${cfg.stateDir}/shell/config.yml"\
--set GITLAB_SHELL_SECRET_PATH "${cfg.stateDir}/config/gitlab_shell_secret"\
--set GITLAB_HOST "${cfg.host}"\
--set GITLAB_PORT "${toString cfg.port}"\
--set GITLAB_BACKUP_PATH "${cfg.backupPath}"\
--set RAILS_ENV "production"
''; '';
}; };
@ -79,13 +152,25 @@ in {
''; '';
}; };
satelliteDir = mkOption { packages.gitlab = mkOption {
type = types.str; type = types.package;
default = "/var/gitlab/git-satellites"; default = pkgs.gitlab;
description = "Gitlab directory to store checked out git trees requires for operation."; description = "Reference to the gitlab package";
}; };
stateDir = mkOption { packages.gitlab-shell = mkOption {
type = types.package;
default = pkgs.gitlab-shell;
description = "Reference to the gitlab-shell package";
};
packages.gitlab-workhorse = mkOption {
type = types.package;
default = pkgs.gitlab-workhorse;
description = "Reference to the gitlab-workhorse package";
};
statePath = mkOption {
type = types.str; type = types.str;
default = "/var/gitlab/state"; default = "/var/gitlab/state";
description = "Gitlab state directory, logs are stored here."; description = "Gitlab state directory, logs are stored here.";
@ -93,7 +178,7 @@ in {
backupPath = mkOption { backupPath = mkOption {
type = types.str; type = types.str;
default = cfg.stateDir + "/backup"; default = cfg.statePath + "/backup";
description = "Gitlab path for backups."; description = "Gitlab path for backups.";
}; };
@ -136,14 +221,67 @@ in {
port = mkOption { port = mkOption {
type = types.int; type = types.int;
default = 8080; default = 8080;
description = "Gitlab server listening port."; description = ''
Gitlab server port for copy-paste URLs, e.g. 80 or 443 if you're
service over https.
'';
};
https = mkOption {
type = types.bool;
default = false;
description = "Whether gitlab prints URLs with https as scheme.";
};
user = mkOption {
type = types.str;
default = "gitlab";
description = "User to run gitlab and all related services.";
};
group = mkOption {
type = types.str;
default = "gitlab";
description = "Group to run gitlab and all related services.";
};
initialRootEmail = mkOption {
type = types.str;
default = "admin@local.host";
description = ''
Initial email address of the root account if this is a new install.
'';
};
initialRootPassword = mkOption {
type = types.str;
default = "UseNixOS!";
description = ''
Initial password of the root account if this is a new install.
'';
};
extraConfig = mkOption {
type = types.attrs;
default = {};
example = {
gitlab = {
default_projects_features = {
builds = false;
};
};
};
description = ''
Extra options to be merged into config/gitlab.yml as nix
attribute set.
'';
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.git gitlab-runner pkgs.gitlab-shell ]; environment.systemPackages = [ pkgs.git gitlab-runner cfg.packages.gitlab-shell ];
assertions = [ assertions = [
{ assertion = cfg.databasePassword != ""; { assertion = cfg.databasePassword != "";
@ -159,39 +297,24 @@ in {
services.postfix.enable = mkDefault true; services.postfix.enable = mkDefault true;
users.extraUsers = [ users.extraUsers = [
{ name = "gitlab"; { name = cfg.user;
group = "gitlab"; group = cfg.group;
home = "${cfg.stateDir}/home"; home = "${cfg.statePath}/home";
shell = "${pkgs.bash}/bin/bash"; shell = "${pkgs.bash}/bin/bash";
uid = config.ids.uids.gitlab; uid = config.ids.uids.gitlab;
} ]; }
];
users.extraGroups = [ users.extraGroups = [
{ name = "gitlab"; { name = cfg.group;
gid = config.ids.gids.gitlab; gid = config.ids.gids.gitlab;
} ]; }
];
systemd.services.gitlab-sidekiq = { systemd.services.gitlab-sidekiq = {
after = [ "network.target" "redis.service" ]; after = [ "network.target" "redis.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.stateDir}/home"; environment = gitlabEnv;
environment.GEM_HOME = gemHome;
environment.UNICORN_PATH = "${cfg.stateDir}/";
environment.GITLAB_PATH = "${pkgs.gitlab}/share/gitlab/";
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
environment.GITLAB_EMAIL_FROM = "${cfg.emailFrom}";
environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
environment.GITLAB_HOST = "${cfg.host}";
environment.GITLAB_PORT = "${toString cfg.port}";
environment.GITLAB_DATABASE_HOST = "${cfg.databaseHost}";
environment.GITLAB_DATABASE_PASSWORD = "${cfg.databasePassword}";
environment.RAILS_ENV = "production";
path = with pkgs; [ path = with pkgs; [
config.services.postgresql.package config.services.postgresql.package
gitAndTools.git gitAndTools.git
@ -201,116 +324,131 @@ in {
]; ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "gitlab"; User = cfg.user;
Group = "gitlab"; Group = cfg.group;
TimeoutSec = "300"; TimeoutSec = "300";
WorkingDirectory = "${pkgs.gitlab}/share/gitlab"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.stateDir}/tmp/sidekiq.pid\""; ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
}; };
}; };
systemd.services.gitlab-git-http-server = { systemd.services.gitlab-workhorse = {
after = [ "network.target" "gitlab.service" ]; after = [ "network.target" "gitlab.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.stateDir}/home"; environment.HOME = gitlabEnv.HOME;
environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH;
path = with pkgs; [ path = with pkgs; [
gitAndTools.git gitAndTools.git
openssh openssh
]; ];
preStart = ''
mkdir -p /run/gitlab
chown ${cfg.user}:${cfg.group} /run/gitlab
'';
serviceConfig = { serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
Type = "simple"; Type = "simple";
User = "gitlab"; User = cfg.user;
Group = "gitlab"; Group = cfg.group;
TimeoutSec = "300"; TimeoutSec = "300";
ExecStart = "${pkgs.gitlab-git-http-server}/bin/gitlab-git-http-server -listenUmask 0 -listenNetwork unix -listenAddr ${cfg.stateDir}/tmp/sockets/gitlab-git-http-server.socket -authBackend http://localhost:8080 ${cfg.stateDir}/repositories"; ExecStart =
"${cfg.packages.gitlab-workhorse}/bin/gitlab-workhorse "
+ "-listenUmask 0 "
+ "-listenNetwork unix "
+ "-listenAddr /run/gitlab/gitlab-workhorse.socket "
+ "-authSocket ${gitlabSocket} "
+ "-documentRoot ${cfg.packages.gitlab}/share/gitlab/public";
}; };
}; };
systemd.services.gitlab = { systemd.services.gitlab = {
after = [ "network.target" "postgresql.service" "redis.service" ]; after = [ "network.target" "postgresql.service" "redis.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.HOME = "${cfg.stateDir}/home"; environment = gitlabEnv;
environment.GEM_HOME = gemHome;
environment.UNICORN_PATH = "${cfg.stateDir}/";
environment.GITLAB_PATH = "${pkgs.gitlab}/share/gitlab/";
environment.GITLAB_APPLICATION_LOG_PATH = "${cfg.stateDir}/log/application.log";
environment.GITLAB_SATELLITES_PATH = "${cfg.stateDir}/satellites";
environment.GITLAB_SHELL_PATH = "${pkgs.gitlab-shell}";
environment.GITLAB_SHELL_CONFIG_PATH = "${cfg.stateDir}/shell/config.yml";
environment.GITLAB_SHELL_SECRET_PATH = "${cfg.stateDir}/config/gitlab_shell_secret";
environment.GITLAB_REPOSITORIES_PATH = "${cfg.stateDir}/repositories";
environment.GITLAB_SHELL_HOOKS_PATH = "${cfg.stateDir}/shell/hooks";
environment.BUNDLE_GEMFILE = "${pkgs.gitlab}/share/gitlab/Gemfile";
environment.GITLAB_EMAIL_FROM = "${cfg.emailFrom}";
environment.GITLAB_HOST = "${cfg.host}";
environment.GITLAB_PORT = "${toString cfg.port}";
environment.GITLAB_DATABASE_HOST = "${cfg.databaseHost}";
environment.GITLAB_DATABASE_PASSWORD = "${cfg.databasePassword}";
environment.RAILS_ENV = "production";
path = with pkgs; [ path = with pkgs; [
config.services.postgresql.package config.services.postgresql.package
gitAndTools.git gitAndTools.git
ruby
openssh openssh
nodejs nodejs
]; ];
preStart = '' preStart = ''
# TODO: use env vars mkdir -p ${cfg.backupPath}
mkdir -p ${cfg.stateDir} mkdir -p ${cfg.statePath}/builds
mkdir -p ${cfg.stateDir}/log mkdir -p ${cfg.statePath}/repositories
mkdir -p ${cfg.stateDir}/satellites mkdir -p ${gitlabConfig.production.shared.path}/artifacts
mkdir -p ${cfg.stateDir}/repositories mkdir -p ${gitlabConfig.production.shared.path}/lfs-objects
mkdir -p ${cfg.stateDir}/shell/hooks mkdir -p ${cfg.statePath}/log
mkdir -p ${cfg.stateDir}/tmp/pids mkdir -p ${cfg.statePath}/shell
mkdir -p ${cfg.stateDir}/tmp/sockets mkdir -p ${cfg.statePath}/tmp/pids
rm -rf ${cfg.stateDir}/config mkdir -p ${cfg.statePath}/tmp/sockets
mkdir -p ${cfg.stateDir}/config
rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks
mkdir -p ${cfg.statePath}/config ${cfg.statePath}/shell
# TODO: What exactly is gitlab-shell doing with the secret? # TODO: What exactly is gitlab-shell doing with the secret?
tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.stateDir}/config/gitlab_shell_secret tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 20 > ${cfg.statePath}/config/gitlab_shell_secret
mkdir -p ${cfg.stateDir}/home/.ssh
touch ${cfg.stateDir}/home/.ssh/authorized_keys
cp -rf ${pkgs.gitlab}/share/gitlab/config ${cfg.stateDir}/ # The uploads directory is hardcoded somewhere deep in rails. It is
cp ${pkgs.gitlab}/share/gitlab/VERSION ${cfg.stateDir}/VERSION # symlinked in the gitlab package to /run/gitlab/uploads to make it
# configurable
mkdir -p /run/gitlab
mkdir -p ${cfg.statePath}/uploads
ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads
chown -R ${cfg.user}:${cfg.group} /run/gitlab
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.stateDir}/config/database.yml # Prepare home directory
ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.stateDir}/config/unicorn.rb mkdir -p ${gitlabEnv.HOME}/.ssh
touch ${gitlabEnv.HOME}/.ssh/authorized_keys
chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/
chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME}/
chown -R gitlab:gitlab ${cfg.stateDir}/ cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
chmod -R 755 ${cfg.stateDir}/ ln -sf ${cfg.statePath}/config /run/gitlab/config
cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
# JSON is a subset of YAML
ln -fs ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml
ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.statePath}/config/database.yml
ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.statePath}/config/unicorn.rb
chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}/
chmod -R ug+rwX,o-rwx+X ${cfg.statePath}/
# Install the shell required to push repositories
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} "$GITLAB_SHELL_CONFIG_PATH"
ln -fs ${cfg.packages.gitlab-shell}/hooks "$GITLAB_SHELL_HOOKS_PATH"
${cfg.packages.gitlab-shell}/bin/install
if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then
if ! test -e "${cfg.stateDir}/db-created"; then if ! test -e "${cfg.statePath}/db-created"; then
psql postgres -c "CREATE ROLE gitlab WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER ENCRYPTED PASSWORD '${cfg.databasePassword}'" psql postgres -c "CREATE ROLE gitlab WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER ENCRYPTED PASSWORD '${cfg.databasePassword}'"
${config.services.postgresql.package}/bin/createdb --owner gitlab gitlab || true ${config.services.postgresql.package}/bin/createdb --owner gitlab gitlab || true
touch "${cfg.stateDir}/db-created" touch "${cfg.statePath}/db-created"
# force=yes disables the manual-interaction yes/no prompt # The gitlab:setup task is horribly broken somehow, these two tasks will do the same for setting up the initial database
# which breaks without an stdin. ${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production
force=yes ${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile gitlab:setup RAILS_ENV=production ${gitlab-runner}/bin/gitlab-runner exec rake db:seed_fu RAILS_ENV=production \
GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}";
fi fi
fi fi
${bundler}/bin/bundle exec rake -f ${pkgs.gitlab}/share/gitlab/Rakefile db:migrate RAILS_ENV=production # Always do the db migrations just to be sure the database is up-to-date
# Install the shell required to push repositories ${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production
ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} ${cfg.stateDir}/shell/config.yml
export GITLAB_SHELL_CONFIG_PATH=""${cfg.stateDir}/shell/config.yml
${pkgs.gitlab-shell}/bin/install
# Change permissions in the last step because some of the # Change permissions in the last step because some of the
# intermediary scripts like to create directories as root. # intermediary scripts like to create directories as root.
chown -R gitlab:gitlab ${cfg.stateDir}/ chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}
chmod -R 755 ${cfg.stateDir}/ chmod -R u+rwX,go-rwx+X ${cfg.statePath}
''; '';
serviceConfig = { serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root PermissionsStartOnly = true; # preStart must be run as root
Type = "simple"; Type = "simple";
User = "gitlab"; User = cfg.user;
Group = "gitlab"; Group = cfg.group;
TimeoutSec = "300"; TimeoutSec = "300";
WorkingDirectory = "${pkgs.gitlab}/share/gitlab"; WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.stateDir}/config/unicorn.rb -E production\""; ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
}; };
}; };

103
nixos/modules/services/misc/gitlab.xml Normal file
View File

@ -0,0 +1,103 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="module-services-gitlab">
<title>Gitlab</title>
<para>Gitlab is a feature-rich git hosting service.</para>
<section><title>Prerequisites</title>
<para>The gitlab service exposes only an Unix socket at
<literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a
webserver to proxy HTTP requests to the socket.</para>
<para>For instance, this could be used for Nginx:
<programlisting>
services.nginx.httpConfig = ''
server {
server_name git.example.com;
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_certificate /var/lib/acme/git.example.com/fullchain.pem;
ssl_certificate_key /var/lib/acme/git.example.com/key.pem;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://unix:/run/gitlab/gitlab-workhorse.socket;
}
}
'';
</programlisting>
</para>
</section>
<section><title>Configuring</title>
<para>Gitlab depends on both PostgreSQL and Redis and will automatically enable
both services. In the case of PostgreSQL, a database and a role will be created.
</para>
<para>The default state dir is /var/gitlab/state. This is where all data like
the repositories and uploads will be stored.</para>
<para>A basic configuration could look like this:
<programlisting>
services.gitlab = {
enable = true;
databasePassword = "eXaMpl3";
initialRootPassword = "UseNixOS!";
https = true;
host = "git.example.com";
port = 443;
user = "git";
group = "git";
extraConfig = {
gitlab = {
default_projects_features = { builds = false; };
};
};
};
</programlisting>
</para>
<para>Refer to <xref linkend="ch-options" /> for all available configuration
options for the <literal>services.gitlab</literal> module.</para>
</section>
<section><title>Maintenance</title>
<para>You can run all Gitlab related commands like rake tasks with
<literal>gitlab-runner</literal> which will be available on the system
when gitlab is enabled. You will have to run the commands as the user that
you configured to run gitlab.</para>
<para>For instance, to backup a Gitlab instance:
<programlisting>
$ sudo -u git -H gitlab-runner exec rake gitlab:backup:create
</programlisting>
A list of all availabe rake tasks can be obtained by running:
<programlisting>
$ sudo -u git -H gitlab-runner exec rake -T
</programlisting>
</para>
</section>
</chapter>

23
pkgs/applications/version-management/gitlab-git-http-server/default.nix
View File

@ -1,23 +0,0 @@
{ stdenv, fetchgit, git, go }:
stdenv.mkDerivation rec {
version = "0.2.14";
name = "gitlab-git-http-server-${version}";
srcs = fetchgit {
url = "https://gitlab.com/gitlab-org/gitlab-git-http-server.git";
rev = "7c63f08f7051348e56b903fc0bbefcfed398fc1c";
sha256 = "557d63a90c61371598b971a06bc056993610b58c2ef5762d9ef145ec2fdada78";
};
buildInputs = [ git go ];
buildPhase = ''
make PREFIX=$out
'';
installPhase = ''
mkdir -p $out/bin
make install PREFIX=$out
'';
}

15
pkgs/applications/version-management/gitlab-shell/default.nix
View File

@ -1,19 +1,22 @@
{ stdenv, ruby, bundler, fetchgit }: { stdenv, ruby, bundler, fetchFromGitLab }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
version = "2.1.0"; version = "2.6.10";
name = "gitlab-shell-${version}"; name = "gitlab-shell-${version}";
srcs = fetchgit { srcs = fetchFromGitLab {
url = "https://gitlab.com/gitlab-org/gitlab-shell.git"; owner = "gitlab-org";
rev = "ebbb9d80811c23d49a7d1b75d7a7d2b8ffe7437b"; repo = "gitlab-shell";
sha256 = "fe69ab85d75a3871b4afa11ebc17f43008d135bbdbd6c581f6bebee2a4a3c75d"; rev = "v${version}";
sha256 = "1f1ma49xpkan2iksnw9amzjdw6i0bxnzdbsk0329m7if4987vcqd";
}; };
buildInputs = [ buildInputs = [
ruby bundler ruby bundler
]; ];
patches = [ ./remove-hardcoded-locations.patch ];
installPhase = '' installPhase = ''
mkdir -p $out/ mkdir -p $out/
cp -R . $out/ cp -R . $out/

13
pkgs/applications/version-management/gitlab-shell/remove-hardcoded-locations.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/lib/gitlab_projects.rb b/lib/gitlab_projects.rb
index c1d175a..7f7fd2f 100644
--- a/lib/gitlab_projects.rb
+++ b/lib/gitlab_projects.rb
@@ -5,7 +5,7 @@ require_relative 'gitlab_config'
require_relative 'gitlab_logger'
class GitlabProjects
- GLOBAL_HOOKS_DIRECTORY = File.join(ROOT_PATH, 'hooks')
+ GLOBAL_HOOKS_DIRECTORY = ENV['GITLAB_SHELL_HOOKS_PATH'] || File.join(ROOT_PATH, 'hooks')
# Project name is a directory name for repository with .git at the end
# It may be namespaced or not. Like repo.git or gitlab/repo.git

26
pkgs/applications/version-management/gitlab-workhorse/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ stdenv, fetchFromGitLab, git, go }:
stdenv.mkDerivation rec {
version = "0.6.4";
name = "gitlab-workhorse-${version}";
srcs = fetchFromGitLab {
owner = "gitlab-org";
repo = "gitlab-workhorse";
rev = version;
sha256 = "09bs3kdmqi6avdak2nqma141y4fhfv050zwqqx7qh9a9hgkgwjxw";
};
buildInputs = [ git go ];
patches = [ ./remove-hardcoded-paths.patch ];
buildPhase = ''
make PREFIX=$out
'';
installPhase = ''
mkdir -p $out/bin
make install PREFIX=$out
'';
}

12
pkgs/applications/version-management/gitlab-workhorse/remove-hardcoded-paths.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/internal/git/command.go b/internal/git/command.go
index 0e5496c..5778294 100644
--- a/internal/git/command.go
+++ b/internal/git/command.go
@@ -16,6 +16,7 @@ func gitCommand(gl_id string, name string, args ...string) *exec.Cmd {
cmd.Env = []string{
fmt.Sprintf("HOME=%s", os.Getenv("HOME")),
fmt.Sprintf("PATH=%s", os.Getenv("PATH")),
+ fmt.Sprintf("GITLAB_SHELL_CONFIG_PATH=%s", os.Getenv("GITLAB_SHELL_CONFIG_PATH")),
fmt.Sprintf("LD_LIBRARY_PATH=%s", os.Getenv("LD_LIBRARY_PATH")),
fmt.Sprintf("GL_ID=%s", gl_id),
}

187
pkgs/applications/version-management/gitlab/Gemfile
View File

@ -1,14 +1,10 @@
source "https://rubygems.org" source "https://rubygems.org"
def darwin_only(require_as) gem 'rails', '4.2.5.1'
RUBY_PLATFORM.include?('darwin') && require_as gem 'rails-deprecated_sanitizer', '~> 1.0.3'
end
def linux_only(require_as) # Responders respond_to and respond_with
RUBY_PLATFORM.include?('linux') && require_as gem 'responders', '~> 2.0'
end
gem 'rails', '4.1.12'
# Specify a sprockets version due to security issue # Specify a sprockets version due to security issue
# See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY # See https://groups.google.com/forum/#!topic/rubyonrails-security/doAVp0YaTqY
@ -22,20 +18,27 @@ gem "mysql2", '~> 0.3.16', group: :mysql
gem "pg", '~> 0.18.2', group: :postgres gem "pg", '~> 0.18.2', group: :postgres
# Authentication libraries # Authentication libraries
gem "devise", '~> 3.5.2' gem 'devise', '~> 3.5.4'
gem "devise-async", '~> 0.9.0' gem 'devise-async', '~> 0.9.0'
gem 'omniauth', "~> 1.2.2" gem 'doorkeeper', '~> 2.2.0'
gem 'omniauth-google-oauth2', '~> 0.2.5' gem 'omniauth', '~> 1.3.1'
gem 'omniauth-twitter', '~> 1.0.1' gem 'omniauth-azure-oauth2', '~> 0.0.6'
gem 'omniauth-github', '~> 1.1.1' gem 'omniauth-bitbucket', '~> 0.0.2'
gem 'omniauth-shibboleth', '~> 1.1.1' gem 'omniauth-cas3', '~> 1.1.2'
gem 'omniauth-kerberos', '~> 0.2.0', group: :kerberos gem 'omniauth-facebook', '~> 3.0.0'
gem 'omniauth-gitlab', '~> 1.0.0' gem 'omniauth-github', '~> 1.1.1'
gem 'omniauth-bitbucket', '~> 0.0.2' gem 'omniauth-gitlab', '~> 1.0.0'
gem 'omniauth-saml', '~> 1.4.0' gem 'omniauth-google-oauth2', '~> 0.2.0'
gem 'doorkeeper', '~> 2.1.3' gem 'omniauth-kerberos', '~> 0.3.0', group: :kerberos
gem 'omniauth_crowd' gem 'omniauth-saml', '~> 1.4.2'
gem "rack-oauth2", "~> 1.0.5" gem 'omniauth-shibboleth', '~> 1.2.0'
gem 'omniauth-twitter', '~> 1.2.0'
gem 'omniauth_crowd', '~> 2.2.0'
gem 'rack-oauth2', '~> 1.2.1'
# Spam and anti-bot protection
gem 'recaptcha', require: 'recaptcha/rails'
gem 'akismet', '~> 2.0'
# Two-factor authentication # Two-factor authentication
gem 'devise-two-factor', '~> 2.0.0' gem 'devise-two-factor', '~> 2.0.0'
@ -47,7 +50,7 @@ gem "browser", '~> 1.0.0'
# Extracting information from a git repository # Extracting information from a git repository
# Provide access to Gitlab::Git library # Provide access to Gitlab::Git library
gem "gitlab_git", '~> 7.2.15' gem "gitlab_git", '~> 8.2'
# LDAP Auth # LDAP Auth
# GitLab fork with several improvements to original library. For full list of changes # GitLab fork with several improvements to original library. For full list of changes
@ -55,32 +58,21 @@ gem "gitlab_git", '~> 7.2.15'
gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: "omniauth-ldap" gem 'gitlab_omniauth-ldap', '~> 1.2.1', require: "omniauth-ldap"
# Git Wiki # Git Wiki
gem 'gollum-lib', '~> 4.0.2' gem 'gollum-lib', '~> 4.1.0'
# Language detection # Language detection
# GitLab fork of linguist does not require pygments/python dependency. gem "github-linguist", "~> 4.7.0", require: "linguist"
# New version of original gem also dropped pygments support but it has strict
# dependency to unstable rugged version. We have internal issue for replacing
# fork with original gem when we meet on same rugged version - https://dev.gitlab.org/gitlab/gitlabhq/issues/2052.
gem "gitlab-linguist", "~> 3.0.1", require: "linguist"
# API # API
gem "grape", "~> 0.6.1" gem 'grape', '~> 0.13.0'
gem "grape-entity", "~> 0.4.2" gem 'grape-entity', '~> 0.4.2'
gem 'rack-cors', '~> 0.2.9', require: 'rack/cors' gem 'rack-cors', '~> 0.4.0', require: 'rack/cors'
# Format dates and times
# based on human-friendly examples
gem "stamp", '~> 0.5.0'
# Enumeration fields
gem 'enumerize', '~> 0.7.0'
# Pagination # Pagination
gem "kaminari", "~> 0.15.1" gem "kaminari", "~> 0.16.3"
# HAML # HAML
gem "haml-rails", '~> 0.5.3' gem "haml-rails", '~> 0.9.0'
# Files attachments # Files attachments
gem "carrierwave", '~> 0.9.0' gem "carrierwave", '~> 0.9.0'
@ -89,7 +81,7 @@ gem "carrierwave", '~> 0.9.0'
gem 'dropzonejs-rails', '~> 0.7.1' gem 'dropzonejs-rails', '~> 0.7.1'
# for aws storage # for aws storage
gem "fog", "~> 1.25.0" gem "fog", "~> 1.36.0"
gem "unf", '~> 0.1.4' gem "unf", '~> 0.1.4'
# Authorization # Authorization
@ -102,13 +94,18 @@ gem "seed-fu", '~> 2.3.5'
gem 'html-pipeline', '~> 1.11.0' gem 'html-pipeline', '~> 1.11.0'
gem 'task_list', '~> 1.0.2', require: 'task_list/railtie' gem 'task_list', '~> 1.0.2', require: 'task_list/railtie'
gem 'github-markup', '~> 1.3.1' gem 'github-markup', '~> 1.3.1'
gem 'redcarpet', '~> 3.3.2' gem 'redcarpet', '~> 3.3.3'
gem 'RedCloth', '~> 4.2.9' gem 'RedCloth', '~> 4.2.9'
gem 'rdoc', '~>3.6' gem 'rdoc', '~>3.6'
gem 'org-ruby', '~> 0.9.12' gem 'org-ruby', '~> 0.9.12'
gem 'creole', '~>0.3.6' gem 'creole', '~> 0.5.0'
gem 'wikicloth', '0.8.1' gem 'wikicloth', '0.8.1'
gem 'asciidoctor', '~> 1.5.2' gem 'asciidoctor', '~> 1.5.2'
gem 'rouge', '~> 1.10.1'
# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
# and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
gem 'nokogiri', '~> 1.6.7', '>= 1.6.7.2'
# Diffs # Diffs
gem 'diffy', '~> 3.0.3' gem 'diffy', '~> 3.0.3'
@ -120,7 +117,7 @@ group :unicorn do
end end
# State machine # State machine
gem "state_machine", '~> 1.2.0' gem "state_machines-activerecord", '~> 0.3.0'
# Run events after state machine commits # Run events after state machine commits
gem 'after_commit_queue' gem 'after_commit_queue'
@ -128,17 +125,16 @@ gem 'after_commit_queue'
gem 'acts-as-taggable-on', '~> 3.4' gem 'acts-as-taggable-on', '~> 3.4'
# Background jobs # Background jobs
gem 'slim', '~> 2.0.2'
gem 'sinatra', '~> 1.4.4', require: nil gem 'sinatra', '~> 1.4.4', require: nil
gem 'sidekiq', '3.3.0' gem 'sidekiq', '~> 4.0'
gem 'sidetiq', '~> 0.6.3' gem 'sidekiq-cron', '~> 0.4.0'
gem 'redis-namespace'
# HTTP requests # HTTP requests
gem "httparty", '~> 0.13.3' gem "httparty", '~> 0.13.3'
# Colored output to console # Colored output to console
gem "colored", '~> 1.2' gem "colorize", '~> 0.7.0'
gem "colorize", '~> 0.5.8'
# GitLab settings # GitLab settings
gem 'settingslogic', '~> 2.0.9' gem 'settingslogic', '~> 2.0.9'
@ -151,7 +147,7 @@ gem 'version_sorter', '~> 2.0.0'
gem "redis-rails", '~> 4.0.0' gem "redis-rails", '~> 4.0.0'
# Campfire integration # Campfire integration
gem 'tinder', '~> 1.9.2' gem 'tinder', '~> 1.10.0'
# HipChat integration # HipChat integration
gem 'hipchat', '~> 1.5.0' gem 'hipchat', '~> 1.5.0'
@ -163,28 +159,32 @@ gem "gitlab-flowdock-git-hook", "~> 1.0.1"
gem "gemnasium-gitlab-service", "~> 0.2" gem "gemnasium-gitlab-service", "~> 0.2"
# Slack integration # Slack integration
gem "slack-notifier", "~> 1.0.0" gem "slack-notifier", "~> 1.2.0"
# Asana integration # Asana integration
gem 'asana', '~> 0.0.6' gem 'asana', '~> 0.4.0'
# FogBugz integration # FogBugz integration
gem 'ruby-fogbugz', '~> 0.2.1' gem 'ruby-fogbugz', '~> 0.2.1'
# d3 # d3
gem 'd3_rails', '~> 3.5.5' gem 'd3_rails', '~> 3.5.0'
#cal-heatmap #cal-heatmap
gem "cal-heatmap-rails", "~> 0.0.1" gem 'cal-heatmap-rails', '~> 3.5.0'
# underscore-rails # underscore-rails
gem "underscore-rails", "~> 1.4.4" gem "underscore-rails", "~> 1.8.0"
# Sanitize user input # Sanitize user input
gem "sanitize", '~> 2.0' gem "sanitize", '~> 2.0'
gem 'babosa', '~> 1.0.2'
# Sanitizes SVG input
gem "loofah", "~> 2.0.3"
# Protect against bruteforcing # Protect against bruteforcing
gem "rack-attack", '~> 4.3.0' gem "rack-attack", '~> 4.3.1'
# Ace editor # Ace editor
gem 'ace-rails-ap', '~> 2.0.1' gem 'ace-rails-ap', '~> 2.0.1'
@ -193,38 +193,52 @@ gem 'ace-rails-ap', '~> 2.0.1'
gem 'mousetrap-rails', '~> 1.4.6' gem 'mousetrap-rails', '~> 1.4.6'
# Detect and convert string character encoding # Detect and convert string character encoding
gem 'charlock_holmes', '~> 0.6.9.4' gem 'charlock_holmes', '~> 0.7.3'
gem "sass-rails", '~> 4.0.5' gem "sass-rails", '~> 5.0.0'
gem "coffee-rails", '~> 4.1.0' gem "coffee-rails", '~> 4.1.0'
gem "uglifier", '~> 2.3.2' gem "uglifier", '~> 2.7.2'
gem 'turbolinks', '~> 2.5.0' gem 'turbolinks', '~> 2.5.0'
gem 'jquery-turbolinks', '~> 2.0.1' gem 'jquery-turbolinks', '~> 2.1.0'
gem 'addressable', '~> 2.3.8' gem 'addressable', '~> 2.3.8'
gem 'bootstrap-sass', '~> 3.0' gem 'bootstrap-sass', '~> 3.3.0'
gem 'font-awesome-rails', '~> 4.2' gem 'font-awesome-rails', '~> 4.2'
gem 'gitlab_emoji', '~> 0.1' gem 'gitlab_emoji', '~> 0.3.0'
gem 'gon', '~> 5.0.0' gem 'gon', '~> 6.0.1'
gem 'jquery-atwho-rails', '~> 1.0.0' gem 'jquery-atwho-rails', '~> 1.3.2'
gem 'jquery-rails', '~> 3.1.3' gem 'jquery-rails', '~> 4.0.0'
gem 'jquery-scrollto-rails', '~> 1.4.3' gem 'jquery-scrollto-rails', '~> 1.4.3'
gem 'jquery-ui-rails', '~> 4.2.1' gem 'jquery-ui-rails', '~> 5.0.0'
gem 'nprogress-rails', '~> 0.1.2.3' gem 'nprogress-rails', '~> 0.1.6.7'
gem 'raphael-rails', '~> 2.1.2' gem 'raphael-rails', '~> 2.1.2'
gem 'request_store', '~> 1.2.0' gem 'request_store', '~> 1.2.0'
gem 'select2-rails', '~> 3.5.9' gem 'select2-rails', '~> 3.5.9'
gem 'virtus', '~> 1.0.1' gem 'virtus', '~> 1.0.1'
gem 'net-ssh', '~> 3.0.1'
# Sentry integration
gem 'sentry-raven', '~> 0.15'
# Metrics
group :metrics do
gem 'allocations', '~> 1.0', require: false, platform: :mri
gem 'method_source', '~> 0.8', require: false
gem 'influxdb', '~> 0.2', require: false
gem 'connection_pool', '~> 2.0', require: false
end
group :development do group :development do
gem "foreman" gem "foreman"
gem 'brakeman', '3.0.1', require: false gem 'brakeman', '~> 3.1.0', require: false
gem "annotate", "~> 2.6.0" gem "annotate", "~> 2.6.0"
gem "letter_opener", '~> 1.1.2' gem "letter_opener", '~> 1.1.2'
gem 'quiet_assets', '~> 1.0.2' gem 'quiet_assets', '~> 1.0.2'
gem 'rack-mini-profiler', '~> 0.9.0', require: false gem 'rerun', '~> 0.11.0'
gem 'rerun', '~> 0.10.0' gem 'bullet', require: false
gem 'rblineprof', platform: :mri, require: false
gem 'web-console', '~> 2.0'
# Better errors handler # Better errors handler
gem 'better_errors', '~> 1.0.1' gem 'better_errors', '~> 1.0.1'
@ -241,7 +255,7 @@ group :development, :test do
gem 'byebug', platform: :mri gem 'byebug', platform: :mri
gem 'pry-rails' gem 'pry-rails'
gem 'awesome_print', '~> 1.2.0' gem 'awesome_print', '~> 1.2.0', require: false
gem 'fuubar', '~> 2.0.0' gem 'fuubar', '~> 2.0.0'
gem 'database_cleaner', '~> 1.4.0' gem 'database_cleaner', '~> 1.4.0'
@ -257,7 +271,7 @@ group :development, :test do
gem 'capybara', '~> 2.4.0' gem 'capybara', '~> 2.4.0'
gem 'capybara-screenshot', '~> 1.0.0' gem 'capybara-screenshot', '~> 1.0.0'
gem 'poltergeist', '~> 1.6.0' gem 'poltergeist', '~> 1.8.1'
gem 'teaspoon', '~> 1.0.0' gem 'teaspoon', '~> 1.0.0'
gem 'teaspoon-jasmine', '~> 2.2.0' gem 'teaspoon-jasmine', '~> 2.2.0'
@ -267,16 +281,21 @@ group :development, :test do
gem 'spring-commands-spinach', '~> 1.0.0' gem 'spring-commands-spinach', '~> 1.0.0'
gem 'spring-commands-teaspoon', '~> 0.0.2' gem 'spring-commands-teaspoon', '~> 0.0.2'
gem 'rubocop', '~> 0.28.0', require: false gem 'rubocop', '~> 0.35.0', require: false
gem 'coveralls', '~> 0.8.2', require: false gem 'coveralls', '~> 0.8.2', require: false
gem 'simplecov', '~> 0.10.0', require: false gem 'simplecov', '~> 0.10.0', require: false
gem 'flog', require: false
gem 'flay', require: false
gem 'bundler-audit', require: false
gem 'benchmark-ips', require: false
end end
group :test do group :test do
gem 'shoulda-matchers', '~> 2.8.0', require: false gem 'shoulda-matchers', '~> 2.8.0', require: false
gem 'email_spec', '~> 1.6.0' gem 'email_spec', '~> 1.6.0'
gem 'webmock', '~> 1.21.0' gem 'webmock', '~> 1.21.0'
gem 'test_after_commit', '~> 0.2.2' gem 'test_after_commit', '~> 0.4.2'
gem 'sham_rack' gem 'sham_rack'
end end
@ -284,12 +303,11 @@ group :production do
gem "gitlab_meta", '7.0' gem "gitlab_meta", '7.0'
end end
gem "newrelic_rpm", '~> 3.9.4.245' gem "newrelic_rpm", '~> 3.14'
gem 'newrelic-grape'
gem 'octokit', '~> 3.7.0' gem 'octokit', '~> 3.8.0'
gem "mail_room", "~> 0.5.2" gem "mail_room", "~> 0.6.1"
gem 'email_reply_parser', '~> 0.5.8' gem 'email_reply_parser', '~> 0.5.8'
@ -298,19 +316,10 @@ gem 'activerecord-deprecated_finders', '~> 1.0.3'
gem 'activerecord-session_store', '~> 0.1.0' gem 'activerecord-session_store', '~> 0.1.0'
gem "nested_form", '~> 0.3.2' gem "nested_form", '~> 0.3.2'
# Scheduled
gem 'whenever', '~> 0.8.4', require: false
# OAuth # OAuth
gem 'oauth2', '~> 1.0.0' gem 'oauth2', '~> 1.0.0'
# Soft deletion # Soft deletion
gem "paranoia", "~> 2.0" gem "paranoia", "~> 2.0"
group :development, :test do gem "activerecord-nulldb-adapter"
gem 'guard-rspec', '~> 4.2.0'
gem 'rb-fsevent', require: darwin_only('rb-fsevent')
gem 'growl', require: darwin_only('growl')
gem 'rb-inotify', require: linux_only('rb-inotify')
end

749
pkgs/applications/version-management/gitlab/Gemfile.lock
View File

File diff suppressed because it is too large Load Diff

34
pkgs/applications/version-management/gitlab/default.nix
View File

@ -1,7 +1,10 @@
{ stdenv, lib, bundler, fetchgit, bundlerEnv, defaultGemConfig, libiconv, ruby { stdenv, lib, bundler, fetchFromGitHub, bundlerEnv, defaultGemConfig, libiconv, ruby
, tzdata, git, nodejs, procps , tzdata, git, nodejs, procps
}: }:
/* When updating the Gemfile add `gem "activerecord-nulldb-adapter"`
to allow building the assets without a database */
let let
env = bundlerEnv { env = bundlerEnv {
name = "gitlab"; name = "gitlab";
@ -21,19 +24,23 @@ in
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "gitlab-${version}"; name = "gitlab-${version}";
version = "8.0.5"; version = "8.5.1";
buildInputs = [ ruby bundler tzdata git nodejs procps ]; buildInputs = [ ruby bundler tzdata git nodejs procps ];
src = fetchgit {
url = "https://github.com/gitlabhq/gitlabhq.git"; src = fetchFromGitHub {
rev = "2866c501b5a5abb69d101cc07261a1d684b4bd4c"; owner = "gitlabhq";
fetchSubmodules = false; repo = "gitlabhq";
sha256 = "edc6bedd5e79940189355d8cb343d20b0781b69fcef56ccae5906fa5e81ed521"; rev = "v${version}";
sha256 = "1pn5r4axzjkgdjr59y3wgxsd2n83zfd5bry1g2w4c2qw0wcw7zqb";
}; };
patches = [ patches = [
./remove-hardcoded-locations.patch ./remove-hardcoded-locations.patch
./disable-dump-schema-after-migration.patch ./disable-dump-schema-after-migration.patch
./nulladapter.patch
]; ];
postPatch = '' postPatch = ''
# For reasons I don't understand "bundle exec" ignores the # For reasons I don't understand "bundle exec" ignores the
# RAILS_ENV causing tests to be executed that fail because we're # RAILS_ENV causing tests to be executed that fail because we're
@ -41,7 +48,6 @@ stdenv.mkDerivation rec {
# tests works though.: # tests works though.:
rm lib/tasks/test.rake rm lib/tasks/test.rake
mv config/gitlab.yml.example config/gitlab.yml
rm config/initializers/gitlab_shell_secret_token.rb rm config/initializers/gitlab_shell_secret_token.rb
substituteInPlace app/controllers/admin/background_jobs_controller.rb \ substituteInPlace app/controllers/admin/background_jobs_controller.rb \
@ -50,7 +56,7 @@ stdenv.mkDerivation rec {
# required for some gems: # required for some gems:
cat > config/database.yml <<EOF cat > config/database.yml <<EOF
production: production:
adapter: postgresql adapter: <%= ENV["GITLAB_DATABASE_ADAPTER"] || sqlite %>
database: gitlab database: gitlab
host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %> host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %>
password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %> password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %>
@ -58,14 +64,22 @@ stdenv.mkDerivation rec {
encoding: utf8 encoding: utf8
EOF EOF
''; '';
buildPhase = '' buildPhase = ''
export GEM_HOME=${env}/${ruby.gemPath} export GEM_HOME=${env}/${ruby.gemPath}
bundle exec rake assets:precompile RAILS_ENV=production mv config/gitlab.yml.example config/gitlab.yml
GITLAB_DATABASE_ADAPTER=nulldb bundle exec rake assets:precompile RAILS_ENV=production
mv config/gitlab.yml config/gitlab.yml.example
mv config config.dist
''; '';
installPhase = '' installPhase = ''
mkdir -p $out/share mkdir -p $out/share
cp -r . $out/share/gitlab cp -r . $out/share/gitlab
ln -sf /run/gitlab/uploads $out/share/gitlab/public/uploads
ln -sf /run/gitlab/config $out/share/gitlab/config
''; '';
passthru = { passthru = {
inherit env; inherit env;
inherit ruby; inherit ruby;

5815
pkgs/applications/version-management/gitlab/gemset.nix
View File

File diff suppressed because it is too large Load Diff

29
pkgs/applications/version-management/gitlab/nulladapter.patch Normal file
View File

@ -0,0 +1,29 @@
index acd1874..f493451 100644
--- a/Gemfile
+++ b/Gemfile
@@ -318,3 +318,5 @@ gem 'oauth2', '~> 1.0.0'
# Soft deletion
gem "paranoia", "~> 2.0"
+
+gem "activerecord-nulldb-adapter"
index 14d2c76..7a010f0 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -34,6 +34,8 @@ GEM
activesupport (= 4.2.5.1)
arel (~> 6.0)
activerecord-deprecated_finders (1.0.4)
+ activerecord-nulldb-adapter (0.3.2)
+ activerecord (>= 2.0.0)
activerecord-session_store (0.1.2)
actionpack (>= 4.0.0, < 5)
activerecord (>= 4.0.0, < 5)
@@ -880,6 +882,7 @@ DEPENDENCIES
RedCloth (~> 4.2.9)
ace-rails-ap (~> 2.0.1)
activerecord-deprecated_finders (~> 1.0.3)
+ activerecord-nulldb-adapter
activerecord-session_store (~> 0.1.0)
acts-as-taggable-on (~> 3.4)
addressable (~> 2.3.8)

168
pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch
View File

@ -1,8 +1,8 @@
diff --git a/config/environments/production.rb b/config/environments/production.rb diff --git a/config/environments/production.rb b/config/environments/production.rb
index 3316ece..c34dec0 100644 index 9095266..694a4c5 100644
--- a/config/environments/production.rb --- a/config/environments/production.rb
+++ b/config/environments/production.rb +++ b/config/environments/production.rb
@@ -67,10 +67,10 @@ Gitlab::Application.configure do @@ -67,10 +67,10 @@ Rails.application.configure do
config.action_mailer.delivery_method = :sendmail config.action_mailer.delivery_method = :sendmail
# Defaults to: # Defaults to:
@ -18,74 +18,10 @@ index 3316ece..c34dec0 100644
config.action_mailer.raise_delivery_errors = true config.action_mailer.raise_delivery_errors = true
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 15930fc..bdb423c 100644 index 05f127d..6a4ae68 100644
--- a/config/gitlab.yml.example --- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example +++ b/config/gitlab.yml.example
@@ -29,8 +29,8 @@ production: &base @@ -423,7 +423,7 @@ production: &base
## GitLab settings
gitlab:
## Web server settings (note: host is the FQDN, do not include http://)
- host: localhost
- port: 80 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
+ host: <%= ENV['GITLAB_HOST'] || 'localhost' %>
+ port: <%= ENV['GITLAB_PORT'] || 80 %>
https: false # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details
# Uncommment this line below if your ssh host is different from HTTP/HTTPS one
@@ -43,7 +43,7 @@ production: &base
# relative_url_root: /gitlab
# Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
- # user: git
+ user: gitlab
## Date & Time settings
# Uncomment and customize if you want to change the default time zone of GitLab application.
@@ -54,7 +54,7 @@ production: &base
# Uncomment and set to false if you need to disable email sending from GitLab (default: true)
# email_enabled: true
# Email address used in the "From" field in mails sent by GitLab
- email_from: example@example.com
+ email_from: <%= ENV['GITLAB_EMAIL_FROM'] %>
email_display_name: GitLab
email_reply_to: noreply@example.com
@@ -298,12 +298,12 @@ production: &base
# GitLab Satellites
satellites:
# Relative paths are relative to Rails.root (default: tmp/repo_satellites/)
- path: /home/git/gitlab-satellites/
+ path: <%= ENV['GITLAB_SATELLITES_PATH'] %>
timeout: 30
## Backup settings
backup:
- path: "tmp/backups" # Relative paths are relative to Rails.root (default: tmp/backups/)
+ path: <%= ENV['GITLAB_BACKUP_PATH'] %>
# archive_permissions: 0640 # Permissions for the resulting backup.tar file (default: 0600)
# keep_time: 604800 # default: 0 (forever) (in seconds)
# pg_schema: public # default: nil, it means that all schemas will be backed up
@@ -322,15 +322,15 @@ production: &base
## GitLab Shell settings
gitlab_shell:
- path: /home/git/gitlab-shell/
+ path: <%= ENV['GITLAB_SHELL_PATH'] %>
# REPOS_PATH MUST NOT BE A SYMLINK!!!
- repos_path: /home/git/repositories/
- hooks_path: /home/git/gitlab-shell/hooks/
+ repos_path: <%= ENV['GITLAB_REPOSITORIES_PATH'] %>
+ hooks_path: <%= ENV['GITLAB_SHELL_HOOKS_PATH'] %>
# File that contains the secret key for verifying access for gitlab-shell.
# Default is '.gitlab_shell_secret' relative to Rails.root (i.e. root of the GitLab app).
- # secret_file: /home/git/gitlab/.gitlab_shell_secret
+ secret_file: <%= ENV['GITLAB_SHELL_SECRET_PATH'] %>
# Git over HTTP
upload_pack: true
@@ -343,7 +343,7 @@ production: &base
# CAUTION! # CAUTION!
# Use the default values unless you really know what you are doing # Use the default values unless you really know what you are doing
git: git:
@ -94,25 +30,81 @@ index 15930fc..bdb423c 100644
# The next value is the maximum memory size grit can use # The next value is the maximum memory size grit can use
# Given in number of bytes per git object (e.g. a commit) # Given in number of bytes per git object (e.g. a commit)
# This value can be increased if you have very large commits # This value can be increased if you have very large commits
@@ -388,7 +388,7 @@ test: diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb
gravatar: index 59b2114..4f4a39a 100644
enabled: true --- a/lib/gitlab/logger.rb
gitlab: +++ b/lib/gitlab/logger.rb
- host: localhost @@ -13,20 +13,20 @@ module Gitlab
+ host: <%= ENV['GITLAB_HOST'] %>
port: 80
# When you run tests we clone and setup gitlab-shell
diff --git a/lib/gitlab/app_logger.rb b/lib/gitlab/app_logger.rb
index dddcb25..d61f10a 100644
--- a/lib/gitlab/app_logger.rb
+++ b/lib/gitlab/app_logger.rb
@@ -1,7 +1,7 @@
module Gitlab
class AppLogger < Gitlab::Logger
def self.file_name_noext
- 'application'
+ ENV["GITLAB_APPLICATION_LOG_PATH"]
end end
def format_message(severity, timestamp, progname, msg) def self.read_latest
- path = Rails.root.join("log", file_name)
+ path = File.join(ENV["GITLAB_LOG_PATH"], file_name)
self.build unless File.exist?(path)
tail_output, _ = Gitlab::Popen.popen(%W(tail -n 2000 #{path}))
tail_output.split("\n")
end
def self.read_latest_for(filename)
- path = Rails.root.join("log", filename)
+ path = File.join(ENV["GITLAB_LOG_PATH"], filename)
tail_output, _ = Gitlab::Popen.popen(%W(tail -n 2000 #{path}))
tail_output.split("\n")
end
def self.build
- new(Rails.root.join("log", file_name))
+ new(File.join(ENV["GITLAB_LOG_PATH"], file_name))
end
end
end
diff --git a/lib/gitlab/uploads_transfer.rb b/lib/gitlab/uploads_transfer.rb
index be8fcc7..7642d74 100644
--- a/lib/gitlab/uploads_transfer.rb
+++ b/lib/gitlab/uploads_transfer.rb
@@ -29,7 +29,7 @@ module Gitlab
end
def root_dir
- File.join(Rails.root, "public", "uploads")
+ ENV['GITLAB_UPLOADS_PATH'] || File.join(Rails.root, "public", "uploads")
end
end
end
diff --git a/lib/tasks/gitlab/check.rake b/lib/tasks/gitlab/check.rake
index d59872d..0b8007f 100644
--- a/lib/tasks/gitlab/check.rake
+++ b/lib/tasks/gitlab/check.rake
@@ -223,7 +223,7 @@ namespace :gitlab do
def check_log_writable
print "Log directory writable? ... "
- log_path = Rails.root.join("log")
+ log_path = ENV["GITLAB_LOG_PATH"]
if File.writable?(log_path)
puts "yes".green
@@ -263,10 +263,12 @@ namespace :gitlab do
def check_uploads
print "Uploads directory setup correctly? ... "
- unless File.directory?(Rails.root.join('public/uploads'))
+ uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')
+
+ unless File.directory?(uploads_dir)
puts "no".red
try_fixing_it(
- "sudo -u #{gitlab_user} mkdir #{Rails.root}/public/uploads"
+ "sudo -u #{gitlab_user} mkdir #{uploads_dir}"
)
for_more_information(
see_installation_guide_section "GitLab"
@@ -275,7 +277,7 @@ namespace :gitlab do
return
end
- upload_path = File.realpath(Rails.root.join('public/uploads'))
+ upload_path = File.realpath(Rails.root.join(uploads_dir))
upload_path_tmp = File.join(upload_path, 'tmp')
if File.stat(upload_path).mode == 040700

6
pkgs/top-level/all-packages.nix
View File

@ -1703,14 +1703,14 @@ let
gitinspector = callPackage ../applications/version-management/gitinspector { }; gitinspector = callPackage ../applications/version-management/gitinspector { };
gitlab = callPackage ../applications/version-management/gitlab { gitlab = callPackage ../applications/version-management/gitlab {
ruby = ruby_2_2_2; ruby = ruby_2_2;
}; };
gitlab-shell = callPackage ../applications/version-management/gitlab-shell { gitlab-shell = callPackage ../applications/version-management/gitlab-shell {
ruby = ruby_2_2_2; ruby = ruby_2_2;
}; };
gitlab-git-http-server = callPackage ../applications/version-management/gitlab-git-http-server { }; gitlab-workhorse = callPackage ../applications/version-management/gitlab-workhorse { };
git-latexdiff = callPackage ../tools/typesetting/git-latexdiff { }; git-latexdiff = callPackage ../tools/typesetting/git-latexdiff { };