Gitlab
Gitlab is a feature-rich git hosting service.
Prerequisites
The gitlab service exposes only an Unix socket at
/run/gitlab/gitlab-workhorse.socket. You need to configure a
webserver to proxy HTTP requests to the socket.
For instance, the following configuration could be used to use nginx as
frontend proxy:
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."git.example.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
'';
Configuring
Gitlab depends on both PostgreSQL and Redis and will automatically enable
both services. In the case of PostgreSQL, a database and a role will be created.
The default state dir is /var/gitlab/state. This is where
all data like the repositories and uploads will be stored.
A basic configuration with some custom settings could look like this:
services.gitlab = {
enable = true;
databasePassword = "eXaMpl3";
initialRootPassword = "UseNixOS!";
https = true;
host = "git.example.com";
port = 443;
user = "git";
group = "git";
smtp = {
enable = true;
address = "localhost";
port = 25;
};
secrets = {
db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";
secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";
otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";
};
extraConfig = {
gitlab = {
email_from = "gitlab-no-reply@example.com";
email_display_name = "Example GitLab";
email_reply_to = "gitlab-no-reply@example.com";
default_projects_features = { builds = false; };
};
};
};
If you're setting up a new Gitlab instance, generate new secrets. You
for instance use tr -dc A-Za-z0-9 < /dev/urandom | head -c 128
to generate a new secret. Gitlab encrypts sensitive data stored in the database.
If you're restoring an existing Gitlab instance, you must specify the secrets
secret from config/secrets.yml located in your Gitlab state
folder.
Refer to for all available configuration
options for the services.gitlab module.
Maintenance
You can run Gitlab's rake tasks with gitlab-rake
which will be available on the system when gitlab is enabled. You will
have to run the command as the user that you configured to run gitlab
with.
For example, to backup a Gitlab instance:
$ sudo -u git -H gitlab-rake gitlab:backup:create
A list of all availabe rake tasks can be obtained by running:
$ sudo -u git -H gitlab-rake -T