According to
https://github.com/NixOS/nixpkgs/issues/147599#issuecomment-1272286679
the bug that prevented this UMask directive from working has been fixed
in systemd, so it should be safe to use now.
This stops paperless-ngx from making everything world-readable on disk,
but it does not change permissions of any files previously created.
The WEBHOOK_URL options is only able to be set through environment variables. Was considering adding a more generic "environment" parameter but wasn't sure the best way to approach this.
Support for gitlab-container-registry has been added in 014816cbe4.
However, when enabling the registry it will throw an error as it can't
find a `package` attribute.
This commit fixes the registry configuration by adding the missing
`registry` part.
Support for external container registries (namely
`pkgs.docker-distribution`) has ended in GitLab 16.0 [1] and is
scheduled for removal in a future release. [2]
This commit adds a new registry package option, defaulting to
`pkgs.docker-distribution` and `pkgs.gitlab-container-registry` for
system state versions >= 23.11.
While it is still possible to use the docker container registry, module
users should switch to gitlab's container registry fork soon. A warning
message will be added in a future commit to advise affected users to
back up their state and then switch to the new container registry
package.
[1]: https://gitlab.com/gitlab-org/gitlab/-/issues/376217
[2]: https://gitlab.com/gitlab-org/gitlab/-/issues/403322
From my understanding, procps was added to the gitlay systemd service
path in #58487 to fix gitaly-ruby's internal memory leak detection.
Now that the last ruby remnants have been removed in gitaly 16.0.0,
this should not be necessary anymore.
The pufferpanel module (#225274) was merged shortly after the tree-wide
rename f63a12f296 (#225748), so the use of
deperecated buildFHSUserEnv in the docs slipped through review 😅
Using escapeShellArg does not make sense here because (a) it turned the
list into a string, so the entire service failed and (b) because systemd
does not use the same escaping mechanism as bash.
The clientCertAuth option must be mapped to the etcd environment
variable ETCD_CLIENT_CERT_AUTH and the peerClientCertAuth option to
ETCD_PEER_CLIENT_CERT_AUTH.
Signed-off-by: Maximilian Nitsch <maximilian.nitsch@d3tn.com>
