diff options
author | talyz <kim.lindberger@gmail.com> | 2019-09-20 18:04:03 +0200 |
---|---|---|
committer | talyz <kim.lindberger@gmail.com> | 2019-09-23 17:55:58 +0200 |
commit | dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7 (patch) | |
tree | 56c25fa91d892f3806839199250b78efef375a51 /nixos | |
parent | 7e325c2251cd9d21f5d7010add19c14f6b7badae (diff) | |
download | nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.tar nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.tar.gz nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.tar.bz2 nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.tar.lz nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.tar.xz nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.tar.zst nixlib-dfc43f7d0a6c22417b4522f42d9c4e196fdbe7f7.zip |
nixos/gitlab: Document the restriction introduced on statePath
The state path now, since the transition from initialization in preStart to using systemd-tmpfiles, has the following restriction: no parent directory can be owned by any other user than root or the user specified in services.gitlab.user. This is a potentially breaking change and the cause of the error isn't immediately obvious, so document it both in the release notes and statePath description.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 7 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 10 |
2 files changed, 16 insertions, 1 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 19062bbc9d80..e4dcc90cdd30 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -505,6 +505,13 @@ becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>. </para> + <para> + The state path (<option>services.gitlab.statePath</option>) now has the following restriction: + no parent directory can be owned by any other user than <literal>root</literal> or the user + specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option> + is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories + must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>. + </para> </listitem> </itemizedlist> </section> diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 1e1eb0fd9a11..4c1ffead00c8 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -223,7 +223,15 @@ in { statePath = mkOption { type = types.str; default = "/var/gitlab/state"; - description = "Gitlab state directory, logs are stored here."; + description = '' + Gitlab state directory. Configuration, repositories and + logs, among other things, are stored here. + + The directory will be created automatically if it doesn't + exist already. Its parent directories must be owned by + either <literal>root</literal> or the user set in + <option>services.gitlab.user</option>. + ''; }; backupPath = mkOption { |