nixos/gitlab: Update release notes and documentation (#69313)

nixos/gitlab: Update release notes and documentation
2019-09-24 13:00:35 +02:00 · 2019-09-24 13:00:35 +02:00 · e813eb2b65
commit e813eb2b65
parent 1b0771ac42 dfc43f7d0a
2 changed files with 38 additions and 1 deletions
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@ -484,6 +484,35 @@
       (<literal>citrix_workspace</literal>).
     </para>
   </listitem>
   <listitem>
     <para>
       The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>,
       <option>services.gitlab.databasePassword</option>,
       <option>services.gitlab.initialRootPassword</option>,
       <option>services.gitlab.secrets.secret</option>,
       <option>services.gitlab.secrets.db</option>,
       <option>services.gitlab.secrets.otp</option> and
       <option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>,
       <option>services.gitlab.databasePasswordFile</option>,
       <option>services.gitlab.initialRootPasswordFile</option>,
       <option>services.gitlab.secrets.secretFile</option>,
       <option>services.gitlab.secrets.dbFile</option>,
       <option>services.gitlab.secrets.otpFile</option> and
       <option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored
       in the world-readable nix store, but means that for each option you'll have to create a file with
       the same exact string, add "File" to the end of the option name, and change the definition to a
       string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal>
       becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the
       file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>.
     </para>
     <para>
       The state path (<option>services.gitlab.statePath</option>) now has the following restriction:
       no parent directory can be owned by any other user than <literal>root</literal> or the user
       specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option>
       is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
       must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
     </para>
   </listitem>
  </itemizedlist>
 </section>
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@ -223,7 +223,15 @@ in {
      statePath = mkOption {
        type = types.str;
        default = "/var/gitlab/state";
-        description = "Gitlab state directory, logs are stored here.";
+        description = ''
          Gitlab state directory. Configuration, repositories and
          logs, among other things, are stored here.
          The directory will be created automatically if it doesn't
          exist already. Its parent directories must be owned by
          either <literal>root</literal> or the user set in
          <option>services.gitlab.user</option>.
        '';
      };
      backupPath = mkOption {