3.5 KiB
GitLab
GitLab is a feature-rich git hosting service.
Prerequisites
The gitlab
service exposes only an Unix socket at
/run/gitlab/gitlab-workhorse.socket
. You need to
configure a webserver to proxy HTTP requests to the socket.
For instance, the following configuration could be used to use nginx as frontend proxy:
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."git.example.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
Configuring
GitLab depends on both PostgreSQL and Redis and will automatically enable both services. In the case of PostgreSQL, a database and a role will be created.
The default state dir is /var/gitlab/state
. This is where
all data like the repositories and uploads will be stored.
A basic configuration with some custom settings could look like this:
services.gitlab = {
enable = true;
databasePasswordFile = "/var/keys/gitlab/db_password";
initialRootPasswordFile = "/var/keys/gitlab/root_password";
https = true;
host = "git.example.com";
port = 443;
user = "git";
group = "git";
smtp = {
enable = true;
address = "localhost";
port = 25;
};
secrets = {
dbFile = "/var/keys/gitlab/db";
secretFile = "/var/keys/gitlab/secret";
otpFile = "/var/keys/gitlab/otp";
jwsFile = "/var/keys/gitlab/jws";
};
extraConfig = {
gitlab = {
email_from = "gitlab-no-reply@example.com";
email_display_name = "Example GitLab";
email_reply_to = "gitlab-no-reply@example.com";
default_projects_features = { builds = false; };
};
};
};
If you're setting up a new GitLab instance, generate new
secrets. You for instance use
tr -dc A-Za-z0-9 < /dev/urandom | head -c 128 > /var/keys/gitlab/db
to
generate a new db secret. Make sure the files can be read by, and
only by, the user specified by
services.gitlab.user. GitLab
encrypts sensitive data stored in the database. If you're restoring
an existing GitLab instance, you must specify the secrets secret
from config/secrets.yml
located in your GitLab
state folder.
When incoming_mail.enabled
is set to true
in extraConfig an additional
service called gitlab-mailroom
is enabled for fetching incoming mail.
Refer to for all available configuration options for the services.gitlab module.
Maintenance
Backups
Backups can be configured with the options in services.gitlab.backup. Use the services.gitlab.backup.startAt option to configure regular backups.
To run a manual backup, start the gitlab-backup
service:
$ systemctl start gitlab-backup.service
Rake tasks
You can run GitLab's rake tasks with gitlab-rake
which will be available on the system when GitLab is enabled. You
will have to run the command as the user that you configured to run
GitLab with.
A list of all available rake tasks can be obtained by running:
$ sudo -u git -H gitlab-rake -T