Skip to content

Commit

Permalink
nixos/gitlab: Document the restriction introduced on statePath
Browse files Browse the repository at this point in the history 
The state path now, since the transition from initialization in
preStart to using systemd-tmpfiles, has the following restriction: no
parent directory can be owned by any other user than root or the user
specified in services.gitlab.user. This is a potentially breaking
change and the cause of the error isn't immediately obvious, so
document it both in the release notes and statePath description.
  • Loading branch information
@talyz
talyz committed Sep 23, 2019
1 parent 7e325c2 commit dfc43f7
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
7 changes: 7 additions & 0 deletions nixos/doc/manual/release-notes/rl-1909.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -505,6 +505,13 @@
becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the
file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>.
</para>
<para>
The state path (<option>services.gitlab.statePath</option>) now has the following restriction:
no parent directory can be owned by any other user than <literal>root</literal> or the user
specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option>
is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
</para>
</listitem>
</itemizedlist>
</section>
Expand Down
10 changes: 9 additions & 1 deletion nixos/modules/services/misc/gitlab.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,15 @@ in {
statePath = mkOption {
type = types.str;
default = "/var/gitlab/state";
description = "Gitlab state directory, logs are stored here.";
description = ''
Gitlab state directory. Configuration, repositories and
logs, among other things, are stored here.
The directory will be created automatically if it doesn't
exist already. Its parent directories must be owned by
either <literal>root</literal> or the user set in
<option>services.gitlab.user</option>.
'';
};

backupPath = mkOption {
Expand Down

0 comments on commit dfc43f7

Please sign in to comment.