bcfa59bf82
Updates gitlab to the current stable version and fixes a lot of features that were broken, at least with the current version and our configuration. Quite a lot of sweat and tears has gone into testing nearly all features and reading/patching the Gitlab source as we're about to deploy gitlab for our whole company. Things to note: * The gitlab config is now written as a nix attribute set and will be converted to JSON. Gitlab uses YAML but JSON is a subset of YAML. The `extraConfig` opition is also an attribute set that will be merged with the default config. This way *all* Gitlab options are supported. * Some paths like uploads and configs are hardcoded in rails (at least after my study of the Gitlab source). This is why they are linked from the Gitlab root to /run/gitlab and then linked to the configurable `statePath`. * Backup & restore should work out of the box from another Gitlab instance. * gitlab-git-http-server has been replaced by gitlab-workhorse upstream. Push & pull over HTTPS works perfectly. Communication to gitlab is done over unix sockets. An HTTP server is required to proxy requests to gitlab-workhorse over another unix socket at `/run/gitlab/gitlab-workhorse.socket`. * The user & group running gitlab are now configurable. These can even be changed for live instances. * The initial email address & password of the root user can be configured. Fixes #8598.
59 lines
2 KiB
Nix
59 lines
2 KiB
Nix
{ stdenv, ruby, bundler, fetchFromGitLab }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
version = "2.6.10";
|
|
name = "gitlab-shell-${version}";
|
|
|
|
srcs = fetchFromGitLab {
|
|
owner = "gitlab-org";
|
|
repo = "gitlab-shell";
|
|
rev = "v${version}";
|
|
sha256 = "1f1ma49xpkan2iksnw9amzjdw6i0bxnzdbsk0329m7if4987vcqd";
|
|
};
|
|
|
|
buildInputs = [
|
|
ruby bundler
|
|
];
|
|
|
|
patches = [ ./remove-hardcoded-locations.patch ];
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/
|
|
cp -R . $out/
|
|
|
|
# Nothing to install ATM for non-development but keeping the
|
|
# install command anyway in case that changes in the future:
|
|
export HOME=$(pwd)
|
|
bundle install -j4 --verbose --local --deployment --without development test
|
|
'';
|
|
|
|
# gitlab-shell will try to read its config relative to the source
|
|
# code by default which doesn't work in nixos because it's a
|
|
# read-only filesystem
|
|
postPatch = ''
|
|
substituteInPlace lib/gitlab_config.rb --replace\
|
|
"File.join(ROOT_PATH, 'config.yml')"\
|
|
"ENV['GITLAB_SHELL_CONFIG_PATH']"
|
|
|
|
# Note that we're running gitlab-shell from current-system/sw
|
|
# because otherwise updating gitlab-shell won't be reflected in
|
|
# the hardcoded path of the authorized-keys file:
|
|
substituteInPlace lib/gitlab_keys.rb --replace\
|
|
"\"#{ROOT_PATH}/bin/gitlab-shell"\
|
|
"\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} /run/current-system/sw/bin/gitlab-shell"
|
|
|
|
# We're setting GITLAB_SHELL_CONFIG_PATH in the ssh authorized key
|
|
# environment because we need it in gitlab_configrb
|
|
# . unsetenv_others will remove that so we're not doing it for
|
|
# now.
|
|
#
|
|
# TODO: Are there any security implications? The commit adding
|
|
# unsetenv_others didn't mention anything...
|
|
#
|
|
# Kernel::exec({'PATH' => ENV['PATH'], 'LD_LIBRARY_PATH' => ENV['LD_LIBRARY_PATH'], 'GL_ID' => ENV['GL_ID']}, *args, unsetenv_others: true)
|
|
substituteInPlace lib/gitlab_shell.rb --replace\
|
|
" *args, unsetenv_others: true)"\
|
|
" *args)"
|
|
'';
|
|
|
|
}
|