diff options
author | Thomas Hunger <tehunger@gmail.com> | 2014-10-25 17:22:49 +0100 |
---|---|---|
committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2014-12-12 18:01:29 +0100 |
commit | 59995e168cf3f682ca8086a58015edc9781a847b (patch) | |
tree | 5736415c0f023eb00cf744c3b89725e549da929b /pkgs/applications/version-management/gitlab-shell | |
parent | b7eba773dc636fc0892753b11c941dae85ddf390 (diff) | |
download | nixlib-59995e168cf3f682ca8086a58015edc9781a847b.tar nixlib-59995e168cf3f682ca8086a58015edc9781a847b.tar.gz nixlib-59995e168cf3f682ca8086a58015edc9781a847b.tar.bz2 nixlib-59995e168cf3f682ca8086a58015edc9781a847b.tar.lz nixlib-59995e168cf3f682ca8086a58015edc9781a847b.tar.xz nixlib-59995e168cf3f682ca8086a58015edc9781a847b.tar.zst nixlib-59995e168cf3f682ca8086a58015edc9781a847b.zip |
nixos: Add gitlab and gitlab-shell
I had to make several adjustments to make it work with nixos: * Replace relative config file lookups with ENV variable. * Modify gitlab-shell to not clear then environment when running pre-receive. * Modify gitlab-shell to write some environment variables into the .authorized_keys file to make sure gitlab-shell reads the correct config file. * Log unicorn output to syslog. I tried various ways of adding a syslog package but the bundler would not pick them up. Please fix in a better way if possible. * Gitlab-runner program wrapper. This is useful to run e.g. backups etc. with the correct environment set up.
Diffstat (limited to 'pkgs/applications/version-management/gitlab-shell')
-rw-r--r-- | pkgs/applications/version-management/gitlab-shell/default.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/gitlab-shell/default.nix b/pkgs/applications/version-management/gitlab-shell/default.nix new file mode 100644 index 000000000000..3d4ae689f6b6 --- /dev/null +++ b/pkgs/applications/version-management/gitlab-shell/default.nix @@ -0,0 +1,59 @@ +{ stdenv, ruby, rubyLibs, fetchgit }: + +stdenv.mkDerivation rec { + version = "2.1.0"; + name = "gitlab-shell-${version}"; + + srcs = fetchgit { + url = "https://gitlab.com/gitlab-org/gitlab-shell.git"; + rev = "823aba63e444afa2f45477819770fec3cb5f0159"; + sha256 = "0ppf547xs9pvmk49v4h043d0j93k5n4q0yx3b9ssrc4qf2smflgq"; + }; + + buildInputs = [ + ruby rubyLibs.bundler + ]; + + installPhase = '' + mkdir -p $out/ + cp -R . $out/ + + # Nothing to install ATM for non-development but keeping the + # install command anyway in case that changes in the future: + export HOME=$(pwd) + bundle install -j4 --verbose --local --deployment --without development test + ''; + + # gitlab-shell will try to read its config relative to the source + # code by default which doesn't work in nixos because it's a + # read-only filesystem + postPatch = '' + substituteInPlace lib/gitlab_config.rb --replace\ + "File.join(ROOT_PATH, 'config.yml')"\ + "ENV['GITLAB_SHELL_CONFIG_PATH']" + substituteInPlace lib/gitlab_net.rb --replace\ + "File.read File.join(ROOT_PATH, '.gitlab_shell_secret')"\ + "File.read ENV['GITLAB_SHELL_SECRET_PATH']" + + # Note that we're running gitlab-shell from current-system/sw + # because otherwise updating gitlab-shell won't be reflected in + # the hardcoded path of the authorized-keys file: + substituteInPlace lib/gitlab_keys.rb --replace\ + "auth_line = \"command=\\\"#{ROOT_PATH}/bin/gitlab-shell"\ + "auth_line = \"command=\\\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} GITLAB_SHELL_SECRET_PATH=#{ENV['GITLAB_SHELL_SECRET_PATH']} /run/current-system/sw/bin/gitlab-shell" + + # We're setting GITLAB_SHELL_CONFIG_PATH in the ssh authorized key + # environment because we need it in gitlab_configrb + # . unsetenv_others will remove that so we're not doing it for + # now. + # + # TODO: Are there any security implications? The commit adding + # unsetenv_others didn't mention anything... + # + # Kernel::exec({'PATH' => ENV['PATH'], 'LD_LIBRARY_PATH' => ENV['LD_LIBRARY_PATH'], 'GL_ID' => ENV['GL_ID']}, *args, unsetenv_others: true) + substituteInPlace lib/gitlab_shell.rb --replace\ + " *args, unsetenv_others: true)"\ + " *args)" + ''; + +} |