commit e72375464b32eac1d749e4905c17baf68320c73b · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2105.xml

···

       523
       523
        
             as an hardware RNG, as it will automatically run the krngd task to periodically collect random

     

       524
       524
        
             data from the device and mix it into the kernel's RNG.

     

       525
       525
        
           </para>

     

       526
       526
       +
           <para>

     

       527
       527
       +
             The default SMTP port for GitLab has been changed to

     

       528
       528
       +
             <literal>25</literal> from its previous default of

     

       529
       529
       +
             <literal>465</literal>. If you depended on this default, you

     

       530
       530
       +
             should now set the <xref linkend="opt-services.gitlab.smtp.port" />

     

       531
       531
       +
             option.

     

       532
       532
       +
           </para>

     

       526
       533
        
          </listitem>

     

       527
       534
        
          <listitem>

     

       528
       535
        
           <para>

-69

nixos/modules/services/misc/defaultUnicornConfig.rb

···

       1
       1
       -
       worker_processes 3

     

       2
       2
       -
       

     

       3
       3
       -
       listen ENV["UNICORN_PATH"] + "/tmp/sockets/gitlab.socket", :backlog => 1024

     

       4
       4
       -
       listen "/run/gitlab/gitlab.socket", :backlog => 1024

     

       5
       5
       -
       

     

       6
       6
       -
       working_directory ENV["GITLAB_PATH"]

     

       7
       7
       -
       

     

       8
       8
       -
       pid ENV["UNICORN_PATH"] + "/tmp/pids/unicorn.pid"

     

       9
       9
       -
       

     

       10
       10
       -
       timeout 60

     

       11
       11
       -
       

     

       12
       12
       -
       # combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings

     

       13
       13
       -
       # http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow

     

       14
       14
       -
       preload_app true

     

       15
       15
       -
       GC.respond_to?(:copy_on_write_friendly=) and

     

       16
       16
       -
         GC.copy_on_write_friendly = true

     

       17
       17
       -
       

     

       18
       18
       -
       check_client_connection false

     

       19
       19
       -
       

     

       20
       20
       -
       before_fork do |server, worker|

     

       21
       21
       -
         # the following is highly recommended for Rails + "preload_app true"

     

       22
       22
       -
         # as there's no need for the master process to hold a connection

     

       23
       23
       -
         defined?(ActiveRecord::Base) and

     

       24
       24
       -
           ActiveRecord::Base.connection.disconnect!

     

       25
       25
       -
       

     

       26
       26
       -
         # The following is only recommended for memory/DB-constrained

     

       27
       27
       -
         # installations.  It is not needed if your system can house

     

       28
       28
       -
         # twice as many worker_processes as you have configured.

     

       29
       29
       -
         #

     

       30
       30
       -
         # This allows a new master process to incrementally

     

       31
       31
       -
         # phase out the old master process with SIGTTOU to avoid a

     

       32
       32
       -
         # thundering herd (especially in the "preload_app false" case)

     

       33
       33
       -
         # when doing a transparent upgrade.  The last worker spawned

     

       34
       34
       -
         # will then kill off the old master process with a SIGQUIT.

     

       35
       35
       -
         old_pid = "#{server.config[:pid]}.oldbin"

     

       36
       36
       -
         if old_pid != server.pid

     

       37
       37
       -
           begin

     

       38
       38
       -
             sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU

     

       39
       39
       -
             Process.kill(sig, File.read(old_pid).to_i)

     

       40
       40
       -
           rescue Errno::ENOENT, Errno::ESRCH

     

       41
       41
       -
           end

     

       42
       42
       -
         end

     

       43
       43
       -
       

     

       44
       44
       -
         # Throttle the master from forking too quickly by sleeping.  Due

     

       45
       45
       -
         # to the implementation of standard Unix signal handlers, this

     

       46
       46
       -
         # helps (but does not completely) prevent identical, repeated signals

     

       47
       47
       -
         # from being lost when the receiving process is busy.

     

       48
       48
       -
         # sleep 1

     

       49
       49
       -
       end

     

       50
       50
       -
       

     

       51
       51
       -
       after_fork do |server, worker|

     

       52
       52
       -
         # per-process listener ports for debugging/admin/migrations

     

       53
       53
       -
         # addr = "127.0.0.1:#{9293 + worker.nr}"

     

       54
       54
       -
         # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)

     

       55
       55
       -
       

     

       56
       56
       -
         # the following is *required* for Rails + "preload_app true",

     

       57
       57
       -
         defined?(ActiveRecord::Base) and

     

       58
       58
       -
           ActiveRecord::Base.establish_connection

     

       59
       59
       -
       

     

       60
       60
       -
         # reset prometheus client, this will cause any opened metrics files to be closed

     

       61
       61
       -
         defined?(::Prometheus::Client.reinitialize_on_pid_change) &&

     

       62
       62
       -
           Prometheus::Client.reinitialize_on_pid_change

     

       63
       63
       -
       

     

       64
       64
       -
         # if preload_app is true, then you may also want to check and

     

       65
       65
       -
         # restart any other shared sockets/descriptors such as Memcached,

     

       66
       66
       -
         # and Redis.  TokyoCabinet file handles are safe to reuse

     

       67
       67
       -
         # between any number of forked children (assuming your kernel

     

       68
       68
       -
         # correctly implements pread()/pwrite() system calls)

     

       69
       69
       -
       end

+203 -119

nixos/modules/services/misc/gitlab.nix

···

       142
       142
        
       

     

       143
       143
        
         gitlabEnv = {

     

       144
       144
        
           HOME = "${cfg.statePath}/home";

     

       145
       145
       -
           UNICORN_PATH = "${cfg.statePath}/";

     

       145
       145
       +
           PUMA_PATH = "${cfg.statePath}/";

     

       146
       146
        
           GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/";

     

       147
       147
        
           SCHEMA = "${cfg.statePath}/db/structure.sql";

     

       148
       148
        
           GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads";

     
···

       424
       424
        
       

     

       425
       425
        
               port = mkOption {

     

       426
       426
        
                 type = types.int;

     

       427
       427
       -
                 default = 465;

     

       427
       427
       +
                 default = 25;

     

       428
       428
        
                 description = "Port of the SMTP server for Gitlab.";

     

       429
       429
        
               };

     

       430
       430
        
       

     
···

       641
       641
        
       

     

       642
       642
        
           environment.systemPackages = [ pkgs.git gitlab-rake gitlab-rails cfg.packages.gitlab-shell ];

     

       643
       643
        
       

     

       644
       644
       +
           systemd.targets.gitlab = {

     

       645
       645
       +
             description = "Common target for all GitLab services.";

     

       646
       646
       +
             wantedBy = [ "multi-user.target" ];

     

       647
       647
       +
           };

     

       648
       648
       +
       

     

       644
       649
        
           # Redis is required for the sidekiq queue runner.

     

       645
       650
        
           services.redis.enable = mkDefault true;

     

       646
       651
        
       

     
···

       655
       660
        
           # here.

     

       656
       661
        
           systemd.services.gitlab-postgresql = let pgsql = config.services.postgresql; in mkIf databaseActuallyCreateLocally {

     

       657
       662
        
             after = [ "postgresql.service" ];

     

       658
       658
       -
             wantedBy = [ "multi-user.target" ];

     

       659
       659
       -
             path = [ pgsql.package ];

     

       663
       663
       +
             bindsTo = [ "postgresql.service" ];

     

       664
       664
       +
             wantedBy = [ "gitlab.target" ];

     

       665
       665
       +
             partOf = [ "gitlab.target" ];

     

       666
       666
       +
             path = [

     

       667
       667
       +
               pgsql.package

     

       668
       668
       +
               pkgs.util-linux

     

       669
       669
       +
             ];

     

       660
       670
        
             script = ''

     

       661
       671
        
               set -eu

     

       662
       672
        
       

     

       663
       663
       -
               PSQL="${pkgs.util-linux}/bin/runuser -u ${pgsql.superUser} -- psql --port=${toString pgsql.port}"

     

       673
       673
       +
               PSQL() {

     

       674
       674
       +
                   psql --port=${toString pgsql.port} "$@"

     

       675
       675
       +
               }

     

       664
       676
        
       

     

       665
       665
       -
               $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'

     

       666
       666
       -
               current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")

     

       677
       677
       +
               PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'

     

       678
       678
       +
               current_owner=$(PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")

     

       667
       679
        
               if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then

     

       668
       668
       -
                   $PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"'

     

       680
       680
       +
                   PSQL -tAc 'ALTER DATABASE "${cfg.databaseName}" OWNER TO "${cfg.databaseUsername}"'

     

       669
       681
        
                   if [[ -e "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}" ]]; then

     

       670
       682
        
                       echo "Reassigning ownership of database ${cfg.databaseName} to user ${cfg.databaseUsername} failed on last boot. Failing..."

     

       671
       683
        
                       exit 1

     

       672
       684
        
                   fi

     

       673
       685
        
                   touch "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"

     

       674
       674
       -
                   $PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\""

     

       686
       686
       +
                   PSQL "${cfg.databaseName}" -tAc "REASSIGN OWNED BY \"$current_owner\" TO \"${cfg.databaseUsername}\""

     

       675
       687
        
                   rm "${config.services.postgresql.dataDir}/.reassigning_${cfg.databaseName}"

     

       676
       688
        
               fi

     

       677
       677
       -
               $PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"

     

       678
       678
       -
               $PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS btree_gist;"

     

       689
       689
       +
               PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS pg_trgm"

     

       690
       690
       +
               PSQL '${cfg.databaseName}' -tAc "CREATE EXTENSION IF NOT EXISTS btree_gist;"

     

       679
       691
        
             '';

     

       680
       692
        
       

     

       681
       693
        
             serviceConfig = {

     

       694
       694
       +
               User = pgsql.superUser;

     

       682
       695
        
               Type = "oneshot";

     

       696
       696
       +
               RemainAfterExit = true;

     

       683
       697
        
             };

     

       684
       698
        
           };

     

       685
       699
        
       

     

       686
       700
        
           # Use postfix to send out mails.

     

       687
       687
       -
           services.postfix.enable = mkDefault true;

     

       701
       701
       +
           services.postfix.enable = mkDefault (cfg.smtp.enable && cfg.smtp.address == "localhost");

     

       688
       702
        
       

     

       689
       703
        
           users.users.${cfg.user} =

     

       690
       704
        
             { group = cfg.group;

     
···

       703
       717
        
             "d ${cfg.statePath} 0750 ${cfg.user} ${cfg.group} -"

     

       704
       718
        
             "d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -"

     

       705
       719
        
             "d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -"

     

       706
       706
       -
             "d ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -"

     

       707
       720
        
             "d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -"

     

       708
       721
        
             "d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -"

     

       709
       722
        
             "d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -"

     
···

       726
       739
        
             "L+ /run/gitlab/uploads - - - - ${cfg.statePath}/uploads"

     

       727
       740
        
       

     

       728
       741
        
             "L+ /run/gitlab/shell-config.yml - - - - ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)}"

     

       742
       742
       +
           ];

     

       743
       743
       +
       

     

       729
       744
        
       

     

       730
       730
       -
             "L+ ${cfg.statePath}/config/unicorn.rb - - - - ${./defaultUnicornConfig.rb}"

     

       731
       731
       -
           ];

     

       745
       745
       +
           systemd.services.gitlab-config = {

     

       746
       746
       +
             wantedBy = [ "gitlab.target" ];

     

       747
       747
       +
             partOf = [ "gitlab.target" ];

     

       748
       748
       +
             path = with pkgs; [

     

       749
       749
       +
               jq

     

       750
       750
       +
               openssl

     

       751
       751
       +
               replace

     

       752
       752
       +
               git

     

       753
       753
       +
             ];

     

       754
       754
       +
             serviceConfig = {

     

       755
       755
       +
               Type = "oneshot";

     

       756
       756
       +
               User = cfg.user;

     

       757
       757
       +
               Group = cfg.group;

     

       758
       758
       +
               TimeoutSec = "infinity";

     

       759
       759
       +
               Restart = "on-failure";

     

       760
       760
       +
               WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";

     

       761
       761
       +
               RemainAfterExit = true;

     

       762
       762
       +
       

     

       763
       763
       +
               ExecStartPre = let

     

       764
       764
       +
                 preStartFullPrivileges = ''

     

       765
       765
       +
                   shopt -s dotglob nullglob

     

       766
       766
       +
                   set -eu

     

       767
       767
       +
       

     

       768
       768
       +
                   chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*

     

       769
       769
       +
                   if [[ -n "$(ls -A '${cfg.statePath}'/config/)" ]]; then

     

       770
       770
       +
                     chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*

     

       771
       771
       +
                   fi

     

       772
       772
       +
                 '';

     

       773
       773
       +
               in "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}";

     

       774
       774
       +
       

     

       775
       775
       +
               ExecStart = pkgs.writeShellScript "gitlab-config" ''

     

       776
       776
       +
                 set -eu

     

       777
       777
       +
       

     

       778
       778
       +
                 umask u=rwx,g=rx,o=

     

       779
       779
       +
       

     

       780
       780
       +
                 cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION

     

       781
       781
       +
                 rm -rf ${cfg.statePath}/db/*

     

       782
       782
       +
                 rm -f ${cfg.statePath}/lib

     

       783
       783
       +
                 find '${cfg.statePath}/config/' -maxdepth 1 -mindepth 1 -type d -execdir rm -rf {} \;

     

       784
       784
       +
                 cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config

     

       785
       785
       +
                 cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db

     

       786
       786
       +
                 ln -sf ${extraGitlabRb} ${cfg.statePath}/config/initializers/extra-gitlab.rb

     

       787
       787
       +
       

     

       788
       788
       +
                 ${cfg.packages.gitlab-shell}/bin/install

     

       789
       789
       +
       

     

       790
       790
       +
                 ${optionalString cfg.smtp.enable ''

     

       791
       791
       +
                     install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb

     

       792
       792
       +
                     ${optionalString (cfg.smtp.passwordFile != null) ''

     

       793
       793
       +
                         smtp_password=$(<'${cfg.smtp.passwordFile}')

     

       794
       794
       +
                         replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb'

     

       795
       795
       +
                     ''}

     

       796
       796
       +
                 ''}

     

       797
       797
       +
       

     

       798
       798
       +
                 (

     

       799
       799
       +
                   umask u=rwx,g=,o=

     

       800
       800
       +
       

     

       801
       801
       +
                   openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret

     

       802
       802
       +
       

     

       803
       803
       +
                   rm -f '${cfg.statePath}/config/database.yml'

     

       804
       804
       +
       

     

       805
       805
       +
                   ${if cfg.databasePasswordFile != null then ''

     

       806
       806
       +
                       export db_password="$(<'${cfg.databasePasswordFile}')"

     

       807
       807
       +
       

     

       808
       808
       +
                       if [[ -z "$db_password" ]]; then

     

       809
       809
       +
                         >&2 echo "Database password was an empty string!"

     

       810
       810
       +
                         exit 1

     

       811
       811
       +
                       fi

     

       812
       812
       +
       

     

       813
       813
       +
                       jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \

     

       814
       814
       +
                          '.production.password = $ENV.db_password' \

     

       815
       815
       +
                          >'${cfg.statePath}/config/database.yml'

     

       816
       816
       +
                     ''

     

       817
       817
       +
                     else ''

     

       818
       818
       +
                       jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \

     

       819
       819
       +
                          >'${cfg.statePath}/config/database.yml'

     

       820
       820
       +
                     ''

     

       821
       821
       +
                   }

     

       822
       822
       +
       

     

       823
       823
       +
                   ${utils.genJqSecretsReplacementSnippet

     

       824
       824
       +
                       gitlabConfig

     

       825
       825
       +
                       "${cfg.statePath}/config/gitlab.yml"

     

       826
       826
       +
                   }

     

       827
       827
       +
       

     

       828
       828
       +
                   rm -f '${cfg.statePath}/config/secrets.yml'

     

       829
       829
       +
       

     

       830
       830
       +
                   export secret="$(<'${cfg.secrets.secretFile}')"

     

       831
       831
       +
                   export db="$(<'${cfg.secrets.dbFile}')"

     

       832
       832
       +
                   export otp="$(<'${cfg.secrets.otpFile}')"

     

       833
       833
       +
                   export jws="$(<'${cfg.secrets.jwsFile}')"

     

       834
       834
       +
                   jq -n '{production: {secret_key_base: $ENV.secret,

     

       835
       835
       +
                           otp_key_base: $ENV.otp,

     

       836
       836
       +
                           db_key_base: $ENV.db,

     

       837
       837
       +
                           openid_connect_signing_key: $ENV.jws}}' \

     

       838
       838
       +
                      > '${cfg.statePath}/config/secrets.yml'

     

       839
       839
       +
                 )

     

       840
       840
       +
       

     

       841
       841
       +
                 # We remove potentially broken links to old gitlab-shell versions

     

       842
       842
       +
                 rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks

     

       843
       843
       +
       

     

       844
       844
       +
                 git config --global core.autocrlf "input"

     

       845
       845
       +
               '';

     

       846
       846
       +
             };

     

       847
       847
       +
           };

     

       848
       848
       +
       

     

       849
       849
       +
           systemd.services.gitlab-db-config = {

     

       850
       850
       +
             after = [ "gitlab-config.service" "gitlab-postgresql.service" "postgresql.service" ];

     

       851
       851
       +
             bindsTo = [

     

       852
       852
       +
               "gitlab-config.service"

     

       853
       853
       +
             ] ++ optional (cfg.databaseHost == "") "postgresql.service"

     

       854
       854
       +
               ++ optional databaseActuallyCreateLocally "gitlab-postgresql.service";

     

       855
       855
       +
             wantedBy = [ "gitlab.target" ];

     

       856
       856
       +
             partOf = [ "gitlab.target" ];

     

       857
       857
       +
             serviceConfig = {

     

       858
       858
       +
               Type = "oneshot";

     

       859
       859
       +
               User = cfg.user;

     

       860
       860
       +
               Group = cfg.group;

     

       861
       861
       +
               TimeoutSec = "infinity";

     

       862
       862
       +
               Restart = "on-failure";

     

       863
       863
       +
               WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";

     

       864
       864
       +
               RemainAfterExit = true;

     

       865
       865
       +
       

     

       866
       866
       +
               ExecStart = pkgs.writeShellScript "gitlab-db-config" ''

     

       867
       867
       +
                 set -eu

     

       868
       868
       +
                 umask u=rwx,g=rx,o=

     

       869
       869
       +
       

     

       870
       870
       +
                 initial_root_password="$(<'${cfg.initialRootPasswordFile}')"

     

       871
       871
       +
                 ${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \

     

       872
       872
       +
                                                                    GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' > /dev/null

     

       873
       873
       +
               '';

     

       874
       874
       +
             };

     

       875
       875
       +
           };

     

       732
       876
        
       

     

       733
       877
        
           systemd.services.gitlab-sidekiq = {

     

       734
       734
       -
             after = [ "network.target" "redis.service" "gitlab.service" ];

     

       735
       735
       -
             wantedBy = [ "multi-user.target" ];

     

       878
       878
       +
             after = [

     

       879
       879
       +
               "network.target"

     

       880
       880
       +
               "redis.service"

     

       881
       881
       +
               "postgresql.service"

     

       882
       882
       +
               "gitlab-config.service"

     

       883
       883
       +
               "gitlab-db-config.service"

     

       884
       884
       +
             ];

     

       885
       885
       +
             bindsTo = [

     

       886
       886
       +
               "redis.service"

     

       887
       887
       +
               "gitlab-config.service"

     

       888
       888
       +
               "gitlab-db-config.service"

     

       889
       889
       +
             ] ++ optional (cfg.databaseHost == "") "postgresql.service";

     

       890
       890
       +
             wantedBy = [ "gitlab.target" ];

     

       891
       891
       +
             partOf = [ "gitlab.target" ];

     

       736
       892
        
             environment = gitlabEnv;

     

       737
       893
        
             path = with pkgs; [

     

       738
       894
        
               postgresqlPackage

     
···

       758
       914
        
           };

     

       759
       915
        
       

     

       760
       916
        
           systemd.services.gitaly = {

     

       761
       761
       -
             after = [ "network.target" "gitlab.service" ];

     

       762
       762
       -
             bindsTo = [ "gitlab.service" ];

     

       763
       763
       -
             wantedBy = [ "multi-user.target" ];

     

       917
       917
       +
             after = [ "network.target" "gitlab-config.service" ];

     

       918
       918
       +
             bindsTo = [ "gitlab-config.service" ];

     

       919
       919
       +
             wantedBy = [ "gitlab.target" ];

     

       920
       920
       +
             partOf = [ "gitlab.target" ];

     

       764
       921
        
             path = with pkgs; [

     

       765
       922
        
               openssh

     

       766
       923
        
               procps  # See https://gitlab.com/gitlab-org/gitaly/issues/1562

     
···

       783
       940
        
       

     

       784
       941
        
           systemd.services.gitlab-pages = mkIf (gitlabConfig.production.pages.enabled or false) {

     

       785
       942
        
             description = "GitLab static pages daemon";

     

       786
       786
       -
             after = [ "network.target" "redis.service" "gitlab.service" ]; # gitlab.service creates configs

     

       787
       787
       -
             wantedBy = [ "multi-user.target" ];

     

       943
       943
       +
             after = [ "network.target" "gitlab-config.service" ];

     

       944
       944
       +
             bindsTo = [ "gitlab-config.service" ];

     

       945
       945
       +
             wantedBy = [ "gitlab.target" ];

     

       946
       946
       +
             partOf = [ "gitlab.target" ];

     

       788
       947
        
       

     

       789
       948
        
             path = [ pkgs.unzip ];

     

       790
       949
        
       

     
···

       803
       962
        
       

     

       804
       963
        
           systemd.services.gitlab-workhorse = {

     

       805
       964
        
             after = [ "network.target" ];

     

       806
       806
       -
             wantedBy = [ "multi-user.target" ];

     

       965
       965
       +
             wantedBy = [ "gitlab.target" ];

     

       966
       966
       +
             partOf = [ "gitlab.target" ];

     

       807
       967
        
             path = with pkgs; [

     

       808
       968
        
               exiftool

     

       809
       969
        
               git

     
···

       832
       992
        
       

     

       833
       993
        
           systemd.services.gitlab-mailroom = mkIf (gitlabConfig.production.incoming_email.enabled or false) {

     

       834
       994
        
             description = "GitLab incoming mail daemon";

     

       835
       835
       -
             after = [ "network.target" "redis.service" "gitlab.service" ]; # gitlab.service creates configs

     

       836
       836
       -
             wantedBy = [ "multi-user.target" ];

     

       995
       995
       +
             after = [ "network.target" "redis.service" "gitlab-config.service" ];

     

       996
       996
       +
             bindsTo = [ "gitlab-config.service" ];

     

       997
       997
       +
             wantedBy = [ "gitlab.target" ];

     

       998
       998
       +
             partOf = [ "gitlab.target" ];

     

       837
       999
        
             environment = gitlabEnv;

     

       838
       1000
        
             serviceConfig = {

     

       839
       1001
        
               Type = "simple";

     
···

       842
       1004
        
       

     

       843
       1005
        
               User = cfg.user;

     

       844
       1006
        
               Group = cfg.group;

     

       845
       845
       -
               ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/bundle exec mail_room -c ${cfg.packages.gitlab}/share/gitlab/config.dist/mail_room.yml";

     

       1007
       1007
       +
               ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/bundle exec mail_room -c ${cfg.statePath}/config/mail_room.yml";

     

       846
       1008
        
               WorkingDirectory = gitlabEnv.HOME;

     

       847
       1009
        
             };

     

       848
       1010
        
           };

     

       849
       1011
        
       

     

       850
       1012
        
           systemd.services.gitlab = {

     

       851
       851
       -
             after = [ "gitlab-workhorse.service" "network.target" "gitlab-postgresql.service" "redis.service" ];

     

       852
       852
       -
             requires = [ "gitlab-sidekiq.service" ];

     

       853
       853
       -
             wantedBy = [ "multi-user.target" ];

     

       1013
       1013
       +
             after = [

     

       1014
       1014
       +
               "gitlab-workhorse.service"

     

       1015
       1015
       +
               "network.target"

     

       1016
       1016
       +
               "redis.service"

     

       1017
       1017
       +
               "gitlab-config.service"

     

       1018
       1018
       +
               "gitlab-db-config.service"

     

       1019
       1019
       +
             ];

     

       1020
       1020
       +
             bindsTo = [

     

       1021
       1021
       +
               "redis.service"

     

       1022
       1022
       +
               "gitlab-config.service"

     

       1023
       1023
       +
               "gitlab-db-config.service"

     

       1024
       1024
       +
             ] ++ optional (cfg.databaseHost == "") "postgresql.service";

     

       1025
       1025
       +
             wantedBy = [ "gitlab.target" ];

     

       1026
       1026
       +
             partOf = [ "gitlab.target" ];

     

       854
       1027
        
             environment = gitlabEnv;

     

       855
       1028
        
             path = with pkgs; [

     

       856
       1029
        
               postgresqlPackage

     
···

       868
       1041
        
               TimeoutSec = "infinity";

     

       869
       1042
        
               Restart = "on-failure";

     

       870
       1043
        
               WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";

     

       871
       871
       -
               ExecStartPre = let

     

       872
       872
       -
                 preStartFullPrivileges = ''

     

       873
       873
       -
                   shopt -s dotglob nullglob

     

       874
       874
       -
                   set -eu

     

       875
       875
       -
       

     

       876
       876
       -
                   chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*

     

       877
       877
       -
                   chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*

     

       878
       878
       -
                 '';

     

       879
       879
       -
                 preStart = ''

     

       880
       880
       -
                   set -eu

     

       881
       881
       -
       

     

       882
       882
       -
                   cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION

     

       883
       883
       -
                   rm -rf ${cfg.statePath}/db/*

     

       884
       884
       -
                   rm -rf ${cfg.statePath}/config/initializers/*

     

       885
       885
       -
                   rm -f ${cfg.statePath}/lib

     

       886
       886
       -
                   cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config

     

       887
       887
       -
                   cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db

     

       888
       888
       -
                   ln -sf ${extraGitlabRb} ${cfg.statePath}/config/initializers/extra-gitlab.rb

     

       889
       889
       -
       

     

       890
       890
       -
                   ${cfg.packages.gitlab-shell}/bin/install

     

       891
       891
       -
       

     

       892
       892
       -
                   ${optionalString cfg.smtp.enable ''

     

       893
       893
       -
                     install -m u=rw ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb

     

       894
       894
       -
                     ${optionalString (cfg.smtp.passwordFile != null) ''

     

       895
       895
       -
                       smtp_password=$(<'${cfg.smtp.passwordFile}')

     

       896
       896
       -
                       ${pkgs.replace}/bin/replace-literal -e '@smtpPassword@' "$smtp_password" '${cfg.statePath}/config/initializers/smtp_settings.rb'

     

       897
       897
       -
                     ''}

     

       898
       898
       -
                   ''}

     

       899
       899
       -
       

     

       900
       900
       -
                   (

     

       901
       901
       -
                     umask u=rwx,g=,o=

     

       902
       902
       -
       

     

       903
       903
       -
                     ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/gitlab_shell_secret

     

       904
       904
       -
       

     

       905
       905
       -
                     if [[ -h '${cfg.statePath}/config/database.yml' ]]; then

     

       906
       906
       -
                       rm '${cfg.statePath}/config/database.yml'

     

       907
       907
       -
                     fi

     

       908
       908
       -
       

     

       909
       909
       -
                     ${if cfg.databasePasswordFile != null then ''

     

       910
       910
       -
                         export db_password="$(<'${cfg.databasePasswordFile}')"

     

       911
       911
       -
       

     

       912
       912
       -
                         if [[ -z "$db_password" ]]; then

     

       913
       913
       -
                           >&2 echo "Database password was an empty string!"

     

       914
       914
       -
                           exit 1

     

       915
       915
       -
                         fi

     

       916
       916
       -
       

     

       917
       917
       -
                         ${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \

     

       918
       918
       -
                                           '.production.password = $ENV.db_password' \

     

       919
       919
       -
                                           >'${cfg.statePath}/config/database.yml'

     

       920
       920
       -
                       ''

     

       921
       921
       -
                       else ''

     

       922
       922
       -
                         ${pkgs.jq}/bin/jq <${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} \

     

       923
       923
       -
                                           >'${cfg.statePath}/config/database.yml'

     

       924
       924
       -
                       ''

     

       925
       925
       -
                     }

     

       926
       926
       -
       

     

       927
       927
       -
                     ${utils.genJqSecretsReplacementSnippet

     

       928
       928
       -
                         gitlabConfig

     

       929
       929
       -
                         "${cfg.statePath}/config/gitlab.yml"

     

       930
       930
       -
                     }

     

       931
       931
       -
       

     

       932
       932
       -
                     if [[ -h '${cfg.statePath}/config/secrets.yml' ]]; then

     

       933
       933
       -
                       rm '${cfg.statePath}/config/secrets.yml'

     

       934
       934
       -
                     fi

     

       935
       935
       -
       

     

       936
       936
       -
                     export secret="$(<'${cfg.secrets.secretFile}')"

     

       937
       937
       -
                     export db="$(<'${cfg.secrets.dbFile}')"

     

       938
       938
       -
                     export otp="$(<'${cfg.secrets.otpFile}')"

     

       939
       939
       -
                     export jws="$(<'${cfg.secrets.jwsFile}')"

     

       940
       940
       -
                     ${pkgs.jq}/bin/jq -n '{production: {secret_key_base: $ENV.secret,

     

       941
       941
       -
                                                         otp_key_base: $ENV.otp,

     

       942
       942
       -
                                                         db_key_base: $ENV.db,

     

       943
       943
       -
                                                         openid_connect_signing_key: $ENV.jws}}' \

     

       944
       944
       -
                                       > '${cfg.statePath}/config/secrets.yml'

     

       945
       945
       -
                   )

     

       946
       946
       -
       

     

       947
       947
       -
                   initial_root_password="$(<'${cfg.initialRootPasswordFile}')"

     

       948
       948
       -
                   ${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \

     

       949
       949
       -
                                                                      GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' > /dev/null

     

       950
       950
       -
       

     

       951
       951
       -
                   # We remove potentially broken links to old gitlab-shell versions

     

       952
       952
       -
                   rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks

     

       953
       953
       -
       

     

       954
       954
       -
                   ${pkgs.git}/bin/git config --global core.autocrlf "input"

     

       955
       955
       -
                 '';

     

       956
       956
       -
               in [

     

       957
       957
       -
                 "+${pkgs.writeShellScript "gitlab-pre-start-full-privileges" preStartFullPrivileges}"

     

       958
       958
       -
                 "${pkgs.writeShellScript "gitlab-pre-start" preStart}"

     

       959
       959
       -
               ];

     

       960
       960
       -
               ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/unicorn -c ${cfg.statePath}/config/unicorn.rb -E production";

     

       1044
       1044
       +
               ExecStart = "${cfg.packages.gitlab.rubyEnv}/bin/puma -C ${cfg.statePath}/config/puma.rb -e production";

     

       961
       1045
        
             };

     

       962
       1046
        
       

     

       963
       1047
        
           };

+26

nixos/tests/gitlab.nix

···

       11
       11
        
       

     

       12
       12
        
         nodes = {

     

       13
       13
        
           gitlab = { ... }: {

     

       14
       14
       +
             imports = [ common/user-account.nix ];

     

       15
       15
       +
       

     

       14
       16
        
             virtualisation.memorySize = if pkgs.stdenv.is64bit then 4096 else 2047;

     

       15
       17
        
             systemd.services.gitlab.serviceConfig.Restart = mkForce "no";

     

       16
       18
        
             systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no";

     
···

       25
       27
        
                   locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";

     

       26
       28
        
                 };

     

       27
       29
        
               };

     

       30
       30
       +
             };

     

       31
       31
       +
       

     

       32
       32
       +
             services.dovecot2 = {

     

       33
       33
       +
               enable = true;

     

       34
       34
       +
               enableImap = true;

     

       28
       35
        
             };

     

       29
       36
        
       

     

       30
       37
        
             services.gitlab = {

     
···

       32
       39
        
               databasePasswordFile = pkgs.writeText "dbPassword" "xo0daiF4";

     

       33
       40
        
               initialRootPasswordFile = pkgs.writeText "rootPassword" initialRootPassword;

     

       34
       41
        
               smtp.enable = true;

     

       42
       42
       +
               extraConfig = {

     

       43
       43
       +
                 incoming_email = {

     

       44
       44
       +
                   enabled = true;

     

       45
       45
       +
                   mailbox = "inbox";

     

       46
       46
       +
                   address = "alice@localhost";

     

       47
       47
       +
                   user = "alice";

     

       48
       48
       +
                   password = "foobar";

     

       49
       49
       +
                   host = "localhost";

     

       50
       50
       +
                   port = 143;

     

       51
       51
       +
                 };

     

       52
       52
       +
                 pages = {

     

       53
       53
       +
                   enabled = true;

     

       54
       54
       +
                   host = "localhost";

     

       55
       55
       +
                 };

     

       56
       56
       +
               };

     

       35
       57
        
               secrets = {

     

       36
       58
        
                 secretFile = pkgs.writeText "secret" "r8X9keSKynU7p4aKlh4GO1Bo77g5a7vj";

     

       37
       59
        
                 otpFile = pkgs.writeText "otpsecret" "Zu5hGx3YvQx40DvI8WoZJQpX2paSDOlG";

     
···

       64
       86
        
         in

     

       65
       87
        
         ''

     

       66
       88
        
           gitlab.start()

     

       89
       89
       +
       

     

       67
       90
        
           gitlab.wait_for_unit("gitaly.service")

     

       68
       91
        
           gitlab.wait_for_unit("gitlab-workhorse.service")

     

       92
       92
       +
           gitlab.wait_for_unit("gitlab-pages.service")

     

       93
       93
       +
           gitlab.wait_for_unit("gitlab-mailroom.service")

     

       69
       94
        
           gitlab.wait_for_unit("gitlab.service")

     

       70
       95
        
           gitlab.wait_for_unit("gitlab-sidekiq.service")

     

       71
       96
        
           gitlab.wait_for_file("/var/gitlab/state/tmp/sockets/gitlab.socket")

     

       72
       97
        
           gitlab.wait_until_succeeds("curl -sSf http://gitlab/users/sign_in")

     

       98
       98
       +
       

     

       73
       99
        
           gitlab.succeed(

     

       74
       100
        
               "curl -isSf http://gitlab | grep -i location | grep -q http://gitlab/users/sign_in"

     

       75
       101
        
           )

pkgs/applications/version-management/gitlab/default.nix

···

       137
       137
        
           sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake

     

       138
       138
        
           sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb

     

       139
       139
        
       

     

       140
       140
       +
           mv config/puma.rb.example config/puma.rb

     

       140
       141
        
           # Always require lib-files and application.rb through their store

     

       141
       142
        
           # path, not their relative state directory path. This gets rid of

     

       142
       143
        
           # warnings and means we don't have to link back to lib from the

+85 -39

pkgs/applications/version-management/gitlab/remove-hardcoded-locations.patch

···

       1
       1
        
       diff --git a/config/environments/production.rb b/config/environments/production.rb

     

       2
       2
       -
       index c5cbfcf64c..4d01f6fab8 100644

     

       2
       2
       +
       index d9b3ee354b0..1eb0507488b 100644

     

       3
       3
        
       --- a/config/environments/production.rb

     

       4
       4
        
       +++ b/config/environments/production.rb

     

       5
       5
       -
       @@ -70,10 +70,10 @@ Rails.application.configure do

     

       5
       5
       +
       @@ -69,10 +69,10 @@

     

       6
       6
        
        

     

       7
       7
        
          config.action_mailer.delivery_method = :sendmail

     

       8
       8
        
          # Defaults to:

     
···

       11
       11
        
       -  # #   arguments: '-i -t'

     

       12
       12
        
       -  # # }

     

       13
       13
        
       +  config.action_mailer.sendmail_settings = {

     

       14
       14
       -
       +    location: '/usr/sbin/sendmail',

     

       14
       14
       +
       +    location: '/run/wrappers/bin/sendmail',

     

       15
       15
        
       +    arguments: '-i -t'

     

       16
       16
        
       +  }

     

       17
       17
        
          config.action_mailer.perform_deliveries = true

     

       18
       18
        
          config.action_mailer.raise_delivery_errors = true

     

       19
       19
        
        

     

       20
       20
        
       diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example

     

       21
       21
       -
       index bd696a7f2c..44e3863736 100644

     

       21
       21
       +
       index 92e7501d49d..4ee5a1127df 100644

     

       22
       22
        
       --- a/config/gitlab.yml.example

     

       23
       23
        
       +++ b/config/gitlab.yml.example

     

       24
       24
       -
       @@ -590,7 +590,7 @@ production: &base

     

       24
       24
       +
       @@ -1168,7 +1168,7 @@ production: &base

     

       25
       25
        
          # CAUTION!

     

       26
       26
        
          # Use the default values unless you really know what you are doing

     

       27
       27
        
          git:

     
···

       31
       31
        
          ## Webpack settings

     

       32
       32
        
          # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running

     

       33
       33
        
       diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb

     

       34
       34
       -
       index 0bea8a4f4b..290248547b 100644

     

       34
       34
       +
       index bbed08f5044..2906e5c44af 100644

     

       35
       35
        
       --- a/config/initializers/1_settings.rb

     

       36
       36
        
       +++ b/config/initializers/1_settings.rb

     

       37
       37
       -
       @@ -177,7 +177,7 @@ Settings.gitlab['ssh_user'] ||= Settings.gitlab['user']

     

       37
       37
       +
       @@ -183,7 +183,7 @@

     

       38
       38
        
        Settings.gitlab['user_home'] ||= begin

     

       39
       39
        
          Etc.getpwnam(Settings.gitlab['user']).dir

     

       40
       40
        
                                         rescue ArgumentError # no user configured

     
···

       43
       43
        
        end

     

       44
       44
        
        Settings.gitlab['time_zone'] ||= nil

     

       45
       45
        
        Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?

     

       46
       46
       -
       @@ -507,7 +507,7 @@ Settings.backup['upload']['storage_class'] ||= nil

     

       46
       46
       +
       @@ -751,7 +751,7 @@

     

       47
       47
        
        # Git

     

       48
       48
        
        #

     

       49
       49
        
        Settings['git'] ||= Settingslogic.new({})

     
···

       52
       52
        
        

     

       53
       53
        
        # Important: keep the satellites.path setting until GitLab 9.0 at

     

       54
       54
        
        # least. This setting is fed to 'rm -rf' in

     

       55
       55
       +
       diff --git a/config/puma.rb.example b/config/puma.rb.example

     

       56
       56
       +
       index 9fc354a8fe8..2352ca9b58c 100644

     

       57
       57
       +
       --- a/config/puma.rb.example

     

       58
       58
       +
       +++ b/config/puma.rb.example

     

       59
       59
       +
       @@ -5,12 +5,8 @@

     

       60
       60
       +
        # The default is "config.ru".

     

       61
       61
       +
        #

     

       62
       62
       +
        rackup 'config.ru'

     

       63
       63
       +
       -pidfile '/home/git/gitlab/tmp/pids/puma.pid'

     

       64
       64
       +
       -state_path '/home/git/gitlab/tmp/pids/puma.state'

     

       65
       65
       +
       -

     

       66
       66
       +
       -stdout_redirect '/home/git/gitlab/log/puma.stdout.log',

     

       67
       67
       +
       -  '/home/git/gitlab/log/puma.stderr.log',

     

       68
       68
       +
       -  true

     

       69
       69
       +
       +pidfile ENV['PUMA_PATH'] + '/tmp/pids/puma.pid'

     

       70
       70
       +
       +state_path ENV['PUMA_PATH'] + '/tmp/pids/puma.state'

     

       71
       71
       +
        

     

       72
       72
       +
        # Configure "min" to be the minimum number of threads to use to answer

     

       73
       73
       +
        # requests and "max" the maximum.

     

       74
       74
       +
       @@ -31,12 +27,12 @@ queue_requests false

     

       75
       75
       +
        

     

       76
       76
       +
        # Bind the server to "url". "tcp://", "unix://" and "ssl://" are the only

     

       77
       77
       +
        # accepted protocols.

     

       78
       78
       +
       -bind 'unix:///home/git/gitlab/tmp/sockets/gitlab.socket'

     

       79
       79
       +
       +bind "unix://#{ENV['PUMA_PATH']}/tmp/sockets/gitlab.socket"

     

       80
       80
       +
        

     

       81
       81
       +
        workers 3

     

       82
       82
       +
        

     

       83
       83
       +
       -require_relative "/home/git/gitlab/lib/gitlab/cluster/lifecycle_events"

     

       84
       84
       +
       -require_relative "/home/git/gitlab/lib/gitlab/cluster/puma_worker_killer_initializer"

     

       85
       85
       +
       +require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/lifecycle_events"

     

       86
       86
       +
       +require_relative ENV['GITLAB_PATH'] + "lib/gitlab/cluster/puma_worker_killer_initializer"

     

       87
       87
       +
        

     

       88
       88
       +
        on_restart do

     

       89
       89
       +
          # Signal application hooks that we're about to restart

     

       90
       90
       +
       @@ -80,7 +76,7 @@ if defined?(nakayoshi_fork)

     

       91
       91
       +
        end

     

       92
       92
       +
        

     

       93
       93
       +
        # Use json formatter

     

       94
       94
       +
       -require_relative "/home/git/gitlab/lib/gitlab/puma_logging/json_formatter"

     

       95
       95
       +
       +require_relative ENV['GITLAB_PATH'] + "lib/gitlab/puma_logging/json_formatter"

     

       96
       96
       +
        

     

       97
       97
       +
        json_formatter = Gitlab::PumaLogging::JSONFormatter.new

     

       98
       98
       +
        log_formatter do |str|

     

       55
       99
        
       diff --git a/lib/api/api.rb b/lib/api/api.rb

     

       56
       56
       -
       index e953f3d2ec..3a8d9f076b 100644

     

       100
       100
       +
       index ada0da28749..8a3f5824008 100644

     

       57
       101
        
       --- a/lib/api/api.rb

     

       58
       102
        
       +++ b/lib/api/api.rb

     

       59
       59
       -
       @@ -2,7 +2,7 @@ module API

     

       60
       60
       -
          class API < Grape::API

     

       103
       103
       +
       @@ -4,7 +4,7 @@ module API

     

       104
       104
       +
          class API < ::API::Base

     

       61
       105
        
            include APIGuard

     

       62
       106
        
        

     

       63
       107
        
       -    LOG_FILENAME = Rails.root.join("log", "api_json.log")

     

       64
       108
        
       +    LOG_FILENAME = File.join(ENV["GITLAB_LOG_PATH"], "api_json.log")

     

       65
       109
        
        

     

       66
       66
       -
            NO_SLASH_URL_PART_REGEX = %r{[^/]+}

     

       67
       67
       -
            PROJECT_ENDPOINT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze

     

       110
       110
       +
            NO_SLASH_URL_PART_REGEX = %r{[^/]+}.freeze

     

       111
       111
       +
            NAMESPACE_OR_PROJECT_REQUIREMENTS = { id: NO_SLASH_URL_PART_REGEX }.freeze

     

       112
       112
       +
       diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb

     

       113
       113
       +
       index 50cd15b7a10..3ac89e5b8e9 100644

     

       114
       114
       +
       --- a/lib/gitlab/authorized_keys.rb

     

       115
       115
       +
       +++ b/lib/gitlab/authorized_keys.rb

     

       116
       116
       +
       @@ -157,7 +157,7 @@ def command(id)

     

       117
       117
       +
                raise KeyError, "Invalid ID: #{id.inspect}"

     

       118
       118
       +
              end

     

       119
       119
       +
        

     

       120
       120
       +
       -      "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}"

     

       121
       121
       +
       +      "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}"

     

       122
       122
       +
            end

     

       123
       123
       +
        

     

       124
       124
       +
            def strip(key)

     

       68
       125
        
       diff --git a/lib/gitlab/logger.rb b/lib/gitlab/logger.rb

     

       69
       69
       -
       index a42e312b5d..ccaab9229e 100644

     

       126
       126
       +
       index 89a4e36a232..ae379ffb27a 100644

     

       70
       127
        
       --- a/lib/gitlab/logger.rb

     

       71
       128
        
       +++ b/lib/gitlab/logger.rb

     

       72
       72
       -
       @@ -26,7 +26,7 @@ module Gitlab

     

       129
       129
       +
       @@ -37,7 +37,7 @@ def self.build

     

       73
       130
        
            end

     

       74
       131
        
        

     

       75
       132
        
            def self.full_log_path

     

       76
       133
        
       -      Rails.root.join("log", file_name)

     

       77
       77
       -
       +        File.join(ENV["GITLAB_LOG_PATH"], file_name)

     

       134
       134
       +
       +      File.join(ENV["GITLAB_LOG_PATH"], file_name)

     

       78
       135
        
            end

     

       79
       136
        
        

     

       80
       137
        
            def self.cache_key

     

       81
       138
        
       diff --git a/lib/gitlab/uploads_transfer.rb b/lib/gitlab/uploads_transfer.rb

     

       82
       82
       -
       index 7d7400bdab..cb25211d44 100644

     

       139
       139
       +
       index e0e7084e27e..19fab855b90 100644

     

       83
       140
        
       --- a/lib/gitlab/uploads_transfer.rb

     

       84
       141
        
       +++ b/lib/gitlab/uploads_transfer.rb

     

       85
       85
       -
       @@ -1,7 +1,7 @@

     

       142
       142
       +
       @@ -3,7 +3,7 @@

     

       86
       143
        
        module Gitlab

     

       87
       144
        
          class UploadsTransfer < ProjectTransfer

     

       88
       145
        
            def root_dir

     
···

       92
       149
        
          end

     

       93
       150
        
        end

     

       94
       151
        
       diff --git a/lib/system_check/app/log_writable_check.rb b/lib/system_check/app/log_writable_check.rb

     

       95
       95
       -
       index 3e0c436d6e..28cefc5514 100644

     

       152
       152
       +
       index 2c108f0c18d..3a16ff52d01 100644

     

       96
       153
        
       --- a/lib/system_check/app/log_writable_check.rb

     

       97
       154
        
       +++ b/lib/system_check/app/log_writable_check.rb

     

       98
       98
       -
       @@ -21,7 +21,7 @@ module SystemCheck

     

       155
       155
       +
       @@ -23,7 +23,7 @@ def show_error

     

       99
       156
        
              private

     

       100
       157
        
        

     

       101
       158
        
              def log_path

     
···

       105
       162
        
            end

     

       106
       163
        
          end

     

       107
       164
        
       diff --git a/lib/system_check/app/uploads_directory_exists_check.rb b/lib/system_check/app/uploads_directory_exists_check.rb

     

       108
       108
       -
       index 7026d0ba07..c56e1f7ed9 100644

     

       165
       165
       +
       index 54dff63ab61..882da702f29 100644

     

       109
       166
        
       --- a/lib/system_check/app/uploads_directory_exists_check.rb

     

       110
       167
        
       +++ b/lib/system_check/app/uploads_directory_exists_check.rb

     

       111
       111
       -
       @@ -4,12 +4,13 @@ module SystemCheck

     

       168
       168
       +
       @@ -6,12 +6,13 @@ class UploadsDirectoryExistsCheck < SystemCheck::BaseCheck

     

       112
       169
        
              set_name 'Uploads directory exists?'

     

       113
       170
        
        

     

       114
       171
        
              def check?

     
···

       120
       177
        
       +        uploads_dir = ENV['GITLAB_UPLOADS_PATH'] || Rails.root.join('public/uploads')

     

       121
       178
        
                try_fixing_it(

     

       122
       179
        
       -          "sudo -u #{gitlab_user} mkdir #{Rails.root}/public/uploads"

     

       123
       123
       -
       +            "sudo -u #{gitlab_user} mkdir #{uploads_dir}"

     

       180
       180
       +
       +          "sudo -u #{gitlab_user} mkdir #{uploads_dir}"

     

       124
       181
        
                )

     

       125
       182
        
                for_more_information(

     

       126
       126
       -
                  see_installation_guide_section 'GitLab'

     

       183
       183
       +
                  see_installation_guide_section('GitLab')

     

       127
       184
        
       diff --git a/lib/system_check/app/uploads_path_permission_check.rb b/lib/system_check/app/uploads_path_permission_check.rb

     

       128
       128
       -
       index 7df6c06025..bb447c16b2 100644

     

       185
       185
       +
       index 2e1cc687c43..ca69d63bcf6 100644

     

       129
       186
        
       --- a/lib/system_check/app/uploads_path_permission_check.rb

     

       130
       187
        
       +++ b/lib/system_check/app/uploads_path_permission_check.rb

     

       131
       131
       -
       @@ -25,7 +25,7 @@ module SystemCheck

     

       188
       188
       +
       @@ -27,7 +27,7 @@ def show_error

     

       132
       189
        
              private

     

       133
       190
        
        

     

       134
       191
        
              def rails_uploads_path

     
···

       138
       195
        
        

     

       139
       196
        
              def uploads_fullpath

     

       140
       197
        
       diff --git a/lib/system_check/app/uploads_path_tmp_permission_check.rb b/lib/system_check/app/uploads_path_tmp_permission_check.rb

     

       141
       141
       -
       index b276a81eac..070e3ebd81 100644

     

       198
       198
       +
       index 567c7540777..29906b1c132 100644

     

       142
       199
        
       --- a/lib/system_check/app/uploads_path_tmp_permission_check.rb

     

       143
       200
        
       +++ b/lib/system_check/app/uploads_path_tmp_permission_check.rb

     

       144
       144
       -
       @@ -33,7 +33,7 @@ module SystemCheck

     

       201
       201
       +
       @@ -35,7 +35,7 @@ def upload_path_tmp

     

       145
       202
        
              end

     

       146
       203
        
        

     

       147
       204
        
              def uploads_fullpath

     
···

       150
       207
        
              end

     

       151
       208
        
            end

     

       152
       209
        
          end

     

       153
       153
       -
       --- a/lib/gitlab/authorized_keys.rb

     

       154
       154
       -
       +++ b/lib/gitlab/authorized_keys.rb

     

       155
       155
       -
       @@ -157,7 +157,7 @@

     

       156
       156
       -
                raise KeyError, "Invalid ID: #{id.inspect}"

     

       157
       157
       -
              end

     

       158
       158
       -
        

     

       159
       159
       -
       -      "#{File.join(Gitlab.config.gitlab_shell.path, 'bin', 'gitlab-shell')} #{id}"

     

       160
       160
       -
       +      "#{File.join('/run/current-system/sw/bin', 'gitlab-shell')} #{id}"

     

       161
       161
       -
            end

     

       162
       162
       -
        

     

       163
       163
       -
            def strip(key)