diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1903.xml | 18 | ||||
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 4 |
2 files changed, 16 insertions, 6 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1903.xml b/nixos/doc/manual/release-notes/rl-1903.xml index cedd5fc21c6d..376a5355f7c9 100644 --- a/nixos/doc/manual/release-notes/rl-1903.xml +++ b/nixos/doc/manual/release-notes/rl-1903.xml @@ -241,8 +241,22 @@ (<literal>networking.firewall.interfaces.default.*</literal>), and assigning to this pseudo device will override the (<literal>networking.firewall.allow*</literal>) options. - </para> - </listitem> + </para> + </listitem> + <listitem> + <para> + GitLab Shell previously used the nix store paths for the + <literal>gitlab-shell</literal> command in its + <literal>authorized_keys</literal> file, which might stop working after + garbage collection. To circumvent that, we regenerated that file on each + startup. As <literal>gitlab-shell</literal> has now been changed to use + <literal>/var/run/current-system/sw/bin/gitlab-shell</literal>, this is + not necessary anymore, but there might be leftover lines with a nix store + path. Regenerate the <literal>authorized_keys</literal> file via + <command>sudo -u git -H gitlab-rake gitlab:shell:setup</command> in that + case. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 07adf58c9b26..769a9526cf64 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -609,10 +609,6 @@ in { touch "${cfg.statePath}/db-seeded" fi - # The gitlab:shell:setup regenerates the authorized_keys file so that - # the store path to the gitlab-shell in it gets updated - ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup - # The gitlab:shell:create_hooks task seems broken for fixing links # so we instead delete all the hooks and create them anew rm -f ${cfg.statePath}/repositories/**/*.git/hooks |