JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/gitlab: Document the restriction introduced on statePath

Browse Source 
The state path now, since the transition from initialization in
preStart to using systemd-tmpfiles, has the following restriction: no
parent directory can be owned by any other user than root or the user
specified in services.gitlab.user. This is a potentially breaking
change and the cause of the error isn't immediately obvious, so
document it both in the release notes and statePath description.
This commit is contained in:
talyz 2019-09-20 18:04:03 +02:00
parent 7e325c2251
commit dfc43f7d0a
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/doc/manual/release-notes/rl-1909.xml
View File

@ -505,6 +505,13 @@
becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the
file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>.
</para>
<para>
The state path (<option>services.gitlab.statePath</option>) now has the following restriction:
no parent directory can be owned by any other user than <literal>root</literal> or the user
specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option>
is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
</para>
</listitem>
</itemizedlist>
</section>

10
nixos/modules/services/misc/gitlab.nix
View File

@ -223,7 +223,15 @@ in {
statePath = mkOption {
type = types.str;
default = "/var/gitlab/state";
description = "Gitlab state directory, logs are stored here.";
description = ''
Gitlab state directory. Configuration, repositories and
logs, among other things, are stored here.
The directory will be created automatically if it doesn't
exist already. Its parent directories must be owned by
either <literal>root</literal> or the user set in
<option>services.gitlab.user</option>.
'';
};
backupPath = mkOption {