Gitlab service does not work in NixOS 17.09

[aforemny]

Issue description

Trying to follow the documentation to get Gitlab service running does not work.

Steps to reproduce

I am creating a fresh NixOps VirtualBox image. I copied the code snippets for Nginx and Gitlab into the resulting configuration file.

Starting up the VirtualBox instance first leads to:

error: attribute ‘gitaly’ missing, at /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/services/misc/gitlab.nix:226:19

I managed to solve this by adding the following line to <nixpkgs/pkgs/all-packages.nix>:

  gitaly = callPackage ../applications/version-management/gitaly { };

The next error is:

error: The option `services.gitlab.secrets.jws' is used but not defined.

This mandatory option is not documented in the manual, the configuration option's description is:

           The secret is used to encrypt session keys. If you change or lose this key, users
           will be disconnected. Make sure the secret is an RSA private key in PEM format.
           You can generate one with openssl genrsa 2048openssl genpkey -algorithm RSA -out
           - -pkeyopt rsa_keygen_bits:2048

           Type: string

           Declared by:
               <nixpkgs/nixos/modules/services/misc/gitlab.nix>

The referenced command is not working:

$  openssl genrsa 2048openssl genpkey -algorithm RSA -out - -pkeyopt rsa_keygen_bits:2048
genrsa: Can't parse "2048openssl" as a number

Only using $ openssl genrsa 2048 seems to work, and setting services.gitlab.secret.jws that command's output lets me proceed:

services.gitlab.secrets.jws = ''
-----BEGIN RSA PRIVATE KEY-----
…
-----END RSA PRIVATE KEY-----
          '';

Building the system configuration now works, but Gitlab service does not start:

# systemctl status gitlab
● gitlab.service
   Loaded: loaded (/nix/store/gfh2mx92i9ildmdvwahwskm62dds4fyp-unit-gitlab.service/gitlab.servi
   Active: failed (Result: exit-code) since Tue 2017-10-03 13:58:42 UTC; 1min 39s ago
  Process: 2307 ExecStartPre=/nix/store/4jhwzbckcic5q7wpih490hcmpw8i7lxi-unit-script/bin/gitlab

The full log can be found here. It seems that the directory /var/gitlab/state/shell ought to be created but is not. Adding the following line to Gitlab's preStart seems to solve it:

mkdir -p ${cfg.statePath}/shell

Now I can access Gitlab on the machine - I have not actually tested signing in nor registration, but I get a 200 response on http://0.0.0.0/.

I would be happy to prepare a PR containing my changes detailed here. Please let me know!

Technical details

• System: NixOS 17.09 inside VirtualBox deployed with NixOps
• Nix version: 1.11.15
• Nixpkgs version: 16.09.1943.25f4906da6
• Sandboxing enabled: false

[aforemny]

@fpletz @globin Could you help out? :)

[fpletz]

Thanks for the report! This is indeed unfortunate. We had to fix Gitlab due to an update right before the release and forgot to update the documentation and check a fresh install.

A PR would be really awesome! Otherwise we would also fix this soon.

[aforemny]

I opened a PR #30066. Please take it from here as I would appreciate an extra pair of eyes with respect to guidelines.

I tested again on a fresh install to make sure the commit is right. I did not test the manual as nix-build doc did not seem to produce the manual I was looking at. Thanks!

[fpletz]

To build the NixOS manual use: nix-build nixos/release.nix -A manual

[orivej]

or add services.nixosManual.enable = true; in the config.