aboutsummaryrefslogtreecommitdiff
path: root/nixos/doc/manual/release-notes/rl-1909.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-1909.xml')
-rw-r--r--nixos/doc/manual/release-notes/rl-1909.xml29
1 files changed, 29 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml
index 58ab7207f53..e4dcc90cdd3 100644
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@@ -484,6 +484,35 @@
(<literal>citrix_workspace</literal>).
</para>
</listitem>
+ <listitem>
+ <para>
+ The <literal>services.gitlab</literal> module has had its literal secret options (<option>services.gitlab.smtp.password</option>,
+ <option>services.gitlab.databasePassword</option>,
+ <option>services.gitlab.initialRootPassword</option>,
+ <option>services.gitlab.secrets.secret</option>,
+ <option>services.gitlab.secrets.db</option>,
+ <option>services.gitlab.secrets.otp</option> and
+ <option>services.gitlab.secrets.jws</option>) replaced by file-based versions (<option>services.gitlab.smtp.passwordFile</option>,
+ <option>services.gitlab.databasePasswordFile</option>,
+ <option>services.gitlab.initialRootPasswordFile</option>,
+ <option>services.gitlab.secrets.secretFile</option>,
+ <option>services.gitlab.secrets.dbFile</option>,
+ <option>services.gitlab.secrets.otpFile</option> and
+ <option>services.gitlab.secrets.jwsFile</option>). This was done so that secrets aren't stored
+ in the world-readable nix store, but means that for each option you'll have to create a file with
+ the same exact string, add "File" to the end of the option name, and change the definition to a
+ string pointing to the corresponding file; e.g. <literal>services.gitlab.databasePassword = "supersecurepassword"</literal>
+ becomes <literal>services.gitlab.databasePasswordFile = "/path/to/secret_file"</literal> where the
+ file <literal>secret_file</literal> contains the string <literal>supersecurepassword</literal>.
+ </para>
+ <para>
+ The state path (<option>services.gitlab.statePath</option>) now has the following restriction:
+ no parent directory can be owned by any other user than <literal>root</literal> or the user
+ specified in <option>services.gitlab.user</option>; i.e. if <option>services.gitlab.statePath</option>
+ is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
+ must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
+ </para>
+ </listitem>
</itemizedlist>
</section>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 06:30:20 +0000