services.gitlab.extraConfig

Extra options to be added under production in config/gitlab.yml, as a nix attribute set.

Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting config/gitlab.yml file, the production.omniauth.providers[0].args.client_options.secret key will be set to the contents of the /var/keys/gitlab_oidc_secret file.

Type

YAML 1.1 value

Default

{ }

Example

{
  gitlab = {
    default_projects_features = {
      builds = false;
    };
  };
  omniauth = {
    enabled = true;
    auto_sign_in_with_provider = "openid_connect";
    allow_single_sign_on = ["openid_connect"];
    block_auto_created_users = false;
    providers = [
      {
        name = "openid_connect";
        label = "OpenID Connect";
        args = {
          name = "openid_connect";
          scope = ["openid" "profile"];
          response_type = "code";
          issuer = "https://keycloak.example.com/auth/realms/My%20Realm";
          discovery = true;
          client_auth_method = "query";
          uid_field = "preferred_username";
          client_options = {
            identifier = "gitlab";
            secret = { _secret = "/var/keys/gitlab_oidc_secret"; };
            redirect_uri = "https://git.example.com/users/auth/openid_connect/callback";
          };
        };
      }
    ];
  };
};

Declared

<nixpkgs/nixos/modules/services/misc/gitlab.nix>