pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / applications / version-management / gitlab-shell / default.nix
at v192 59 lines 2.3 kB view raw
1{ stdenv, ruby, bundler, fetchgit }: 2 3stdenv.mkDerivation rec { 4 version = "2.1.0"; 5 name = "gitlab-shell-${version}"; 6 7 srcs = fetchgit { 8 url = "https://gitlab.com/gitlab-org/gitlab-shell.git"; 9 rev = "823aba63e444afa2f45477819770fec3cb5f0159"; 10 sha256 = "0ppf547xs9pvmk49v4h043d0j93k5n4q0yx3b9ssrc4qf2smflgq"; 11 }; 12 13 buildInputs = [ 14 ruby bundler 15 ]; 16 17 installPhase = '' 18 mkdir -p $out/ 19 cp -R . $out/ 20 21 # Nothing to install ATM for non-development but keeping the 22 # install command anyway in case that changes in the future: 23 export HOME=$(pwd) 24 bundle install -j4 --verbose --local --deployment --without development test 25 ''; 26 27 # gitlab-shell will try to read its config relative to the source 28 # code by default which doesn't work in nixos because it's a 29 # read-only filesystem 30 postPatch = '' 31 substituteInPlace lib/gitlab_config.rb --replace\ 32 "File.join(ROOT_PATH, 'config.yml')"\ 33 "ENV['GITLAB_SHELL_CONFIG_PATH']" 34 substituteInPlace lib/gitlab_net.rb --replace\ 35 "File.read File.join(ROOT_PATH, '.gitlab_shell_secret')"\ 36 "File.read ENV['GITLAB_SHELL_SECRET_PATH']" 37 38 # Note that we're running gitlab-shell from current-system/sw 39 # because otherwise updating gitlab-shell won't be reflected in 40 # the hardcoded path of the authorized-keys file: 41 substituteInPlace lib/gitlab_keys.rb --replace\ 42 "auth_line = \"command=\\\"#{ROOT_PATH}/bin/gitlab-shell"\ 43 "auth_line = \"command=\\\"GITLAB_SHELL_CONFIG_PATH=#{ENV['GITLAB_SHELL_CONFIG_PATH']} GITLAB_SHELL_SECRET_PATH=#{ENV['GITLAB_SHELL_SECRET_PATH']} /run/current-system/sw/bin/gitlab-shell" 44 45 # We're setting GITLAB_SHELL_CONFIG_PATH in the ssh authorized key 46 # environment because we need it in gitlab_configrb 47 # . unsetenv_others will remove that so we're not doing it for 48 # now. 49 # 50 # TODO: Are there any security implications? The commit adding 51 # unsetenv_others didn't mention anything... 52 # 53 # Kernel::exec({'PATH' => ENV['PATH'], 'LD_LIBRARY_PATH' => ENV['LD_LIBRARY_PATH'], 'GL_ID' => ENV['GL_ID']}, *args, unsetenv_others: true) 54 substituteInPlace lib/gitlab_shell.rb --replace\ 55 " *args, unsetenv_others: true)"\ 56 " *args)" 57 ''; 58 59}