diff options
| author | talyz <kim.lindberger@gmail.com> | 2019-09-20 18:00:36 +0200 |
|---|---|---|
| committer | talyz <kim.lindberger@gmail.com> | 2019-09-23 17:55:58 +0200 |
| commit | 7e325c2251cd9d21f5d7010add19c14f6b7badae (patch) | |
| tree | 1ab5d50677e998063edd8c2f5bb7bb122a6730c8 /nixos/doc/manual/release-notes | |
| parent | d70eba7ab354778ec292e06799fef2c8982e8952 (diff) | |
| download | nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.tar nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.tar.gz nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.tar.bz2 nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.tar.lz nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.tar.xz nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.tar.zst nixlib-7e325c2251cd9d21f5d7010add19c14f6b7badae.zip | |
nixos/gitlab: Mention secret option transition in release notes
Document the breaking secret option transition from literal secrets to file-based ones.
Diffstat (limited to 'nixos/doc/manual/release-notes')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 58ab7207f533..19062bbc9d80 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -484,6 +484,28 @@ (<literal>citrix_workspace</literal>). </para> </listitem> + <listitem> + <para> + The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>, + <option>services.gitlab.databasePassword</option>, + <option>services.gitlab.initialRootPassword</option>, + <option>services.gitlab.secrets.secret</option>, + <option>services.gitlab.secrets.db</option>, + <option>services.gitlab.secrets.otp</option> and + <option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>, + <option>services.gitlab.databasePasswordFile</option>, + <option>services.gitlab.initialRootPasswordFile</option>, + <option>services.gitlab.secrets.secretFile</option>, + <option>services.gitlab.secrets.dbFile</option>, + <option>services.gitlab.secrets.otpFile</option> and + <option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored + in the world-readable nix store, but means that for each option you'll have to create a file with + the same exact string, add "File" to the end of the option name, and change the definition to a + string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal> + becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the + file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>. + </para> + </listitem> </itemizedlist> </section> |