diff options
author | Robin Gloster <mail@glob.in> | 2019-09-25 11:28:20 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-25 11:28:20 +0200 |
commit | 68b42a84fdd167e358ec9f76c40ff3907d0c3c2e (patch) | |
tree | 1a54ec197e8e7d73be867bebf6e79c6a89d5af9d /nixos/doc | |
parent | 5ee383ea8c31cd7c8489c2b076aac9c51f63b55c (diff) | |
parent | fb6595eafdb90ef0bc7a31c2bfc9204e4cad11d9 (diff) | |
download | nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.tar nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.tar.gz nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.tar.bz2 nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.tar.lz nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.tar.xz nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.tar.zst nixlib-68b42a84fdd167e358ec9f76c40ff3907d0c3c2e.zip |
Merge branch 'master' into networkd-disallow-dhcp
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 012c2e4f9929..ddce4df5098d 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -485,7 +485,34 @@ </para> </listitem> <listitem> - <para> + <para> + The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>, + <option>services.gitlab.databasePassword</option>, + <option>services.gitlab.initialRootPassword</option>, + <option>services.gitlab.secrets.secret</option>, + <option>services.gitlab.secrets.db</option>, + <option>services.gitlab.secrets.otp</option> and + <option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>, + <option>services.gitlab.databasePasswordFile</option>, + <option>services.gitlab.initialRootPasswordFile</option>, + <option>services.gitlab.secrets.secretFile</option>, + <option>services.gitlab.secrets.dbFile</option>, + <option>services.gitlab.secrets.otpFile</option> and + <option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored + in the world-readable nix store, but means that for each option you'll have to create a file with + the same exact string, add "File" to the end of the option name, and change the definition to a + string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal> + becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the + file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>. + </para> + <para> + The state path (<option>services.gitlab.statePath</option>) now has the following restriction: + no parent directory can be owned by any other user than <literal>root</literal> or the user + specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option> + is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories + must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>. + </para> + <para> The <option>networking.useDHCP</option> option is unsupported in combination with <option>networking.useNetworkd</option> in anticipation of defaulting to it by default. It has to be set to <literal>false</literal> and enabled per |