Gitlab

`services.gitlab.backup.keepTime`

How long to keep the backups around, in hours. 0 means “keep forever”.

Type: signed integer

Default

0

Example

48

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.backup.path`

GitLab path for backups. Type: string

Default

config.services.gitlab.statePath + "/backup"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.backup.skip`

Directories to exclude from the backup. The example excludes CI artifacts and LFS objects from the backups. The tar option skips the creation of a tar file.

Refer to https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup for more information.

Type: one of "db", "uploads", "builds", "artifacts", "lfs", "registry", "pages", "repositories", "tar" or list of (one of "db", "uploads", "builds", "artifacts", "lfs", "registry", "pages", "repositories", "tar")

Default

[ ]

Example

["artifacts""lfs"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.backup.startAt`

The time(s) to run automatic backup of GitLab state. Specified in systemd's time format; see {manpage}systemd.time(7).

Type: string or list of string

Default

[ ]

Example

"03:00"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.backup.uploadOptions`

GitLab automatic upload specification. Tells GitLab to upload the backup to a remote location when done.

Attributes specified here are added under production -> backup -> upload in {file}config/gitlab.yml.

Type: attribute set

Default

{ }

Example

`#!nix { # Fog storage connection settings, see http://fog.io/storage/ connection = { provider = "AWS"; region = "eu-north-1"; aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX"; aws_secret_access_key = { _secret = config.deployment.keys.aws_access_key.path; }; };

# The remote 'directory' to store your backups in. # For S3, this would be the bucket name. remote_directory = "my-gitlab-backups";

# Use multipart uploads when file size reaches 100MB, see # http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html multipart_chunk_size = 104857600;

# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional encryption = "AES256";

# Specifies Amazon S3 storage class to use for backups, this is optional storage_class = "STANDARD"; }; `

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.databaseCreateLocally`

Whether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself. This has no effect if {option}services.gitlab.databaseHost is customized.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.databaseHost`

GitLab database hostname. An empty string means “use local unix socket connection”.

Type: string

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.databaseName`

GitLab database name. Type: string

Default

"gitlab"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.databasePasswordFile`

File containing the GitLab database user password.

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.databasePool`

Database connection pool size. Type: signed integer

Default

5

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.databaseUsername`

GitLab database user. Type: string

Default

"gitlab"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.enable`

Enable the gitlab service.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.extraConfig`

Extra options to be added under production in {file}config/gitlab.yml, as a nix attribute set.

Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting {file}config/gitlab.yml file, the production.omniauth.providers[0].args.client_options.secret key will be set to the contents of the {file}/var/keys/gitlab_oidc_secret file.

Type: YAML value

Default

{ }

Example

{gitlab = {default_projects_features = {builds = false;};};omniauth = {enabled = true;auto_sign_in_with_provider = "openid_connect";allow_single_sign_on = ["openid_connect"];block_auto_created_users = false;providers = [{name = "openid_connect";label = "OpenID Connect";args = {name = "openid_connect";scope = ["openid" "profile"];response_type = "code";issuer = "https://keycloak.example.com/auth/realms/My%20Realm";discovery = true;client_auth_method = "query";uid_field = "preferred_username";client_options = {identifier = "gitlab";secret = { _secret = "/var/keys/gitlab_oidc_secret"; };redirect_uri = "https://git.example.com/users/auth/openid_connect/callback";};};}];};};

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.extraDatabaseConfig`

Extra configuration in config/database.yml. Type: attribute set

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.extraEnv`

Additional environment variables for the GitLab environment.

Type: attribute set of string

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.extraGitlabRb`

Extra configuration to be placed in config/extra-gitlab.rb. This can be used to add configuration not otherwise exposed through this module's options.

Type: string

Default

""

Example

'' if Rails.env.production? Rails.application.config.action_mailer.delivery_method = :sendmail ActionMailer::Base.delivery_method = :sendmail ActionMailer::Base.sendmail_settings = { location: "/run/wrappers/bin/sendmail", arguments: "-i -t" } end''

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.extraShellConfig`

Extra configuration to merge into shell-config.yml Type: attribute set

Default

{ }

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.group`

Group to run gitlab and all related services. Type: string

Default

"gitlab"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.host`

GitLab host name. Used e.g. for copy-paste URLs. Type: string

Default

config.networking.hostName

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.https`

Whether gitlab prints URLs with https as scheme. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.initialRootEmail`

Initial email address of the root account if this is a new install.

Type: string

Default

"admin@local.host"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.initialRootPasswordFile`

File containing the initial password of the root account if this is a new install.

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.logrotate.enable`

Enable rotation of log files.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.logrotate.frequency`

How often to rotate the logs. Type: string

Default

"daily"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.logrotate.keep`

How many rotations to keep. Type: signed integer

Default

30

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.packages.gitaly`

The gitaly package to use. Type: package

Default

pkgs.gitaly

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.packages.gitlab`

The gitlab package to use. Type: package

Default

pkgs.gitlab

Example

gitlab-ee

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.packages.gitlab-shell`

The gitlab-shell package to use. Type: package

Default

pkgs.gitlab-shell

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.packages.gitlab-workhorse`

The gitlab-workhorse package to use. Type: package

Default

pkgs.gitlab-workhorse

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.packages.pages`

The gitlab-pages package to use. Type: package

Default

pkgs.gitlab-pages

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.enable`

Whether to enable the GitLab Pages service. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings`

Configuration options to set in the GitLab Pages config file.

Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting configuration file, the auth-client-secret and auth-secret keys will be set to the contents of the {file}/var/keys/auth-client-secret and {file}/var/keys/auth-secret files respectively.

Type: attribute set of (null or string or signed integer or boolean or (attribute set))

Example

{pages-domain = "example.com";auth-client-id = "generated-id-xxxxxxx";auth-client-secret = { _secret = "/var/keys/auth-client-secret"; };auth-redirect-uri = "https://projects.example.com/auth";auth-secret = { _secret = "/var/keys/auth-secret"; };auth-server = "https://gitlab.example.com";}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.artifacts-server`

API URL to proxy artifact requests to.

Type: null or string

Default

"http(s)://<services.gitlab.host>/api/v4"

Example

"https://gitlab.example.com/api/v4"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.gitlab-server`

Public GitLab server URL.

Type: null or string

Default

"http(s)://<services.gitlab.host>"

Example

"https://gitlab.example.com"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.internal-gitlab-server`

Internal GitLab server used for API requests, useful if you want to send that traffic over an internal load balancer. By default, the value of services.gitlab.pages.settings.gitlab-server is used.

Type: null or string

Default

"http(s)://<services.gitlab.host>"

Example

"https://gitlab.example.internal"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.listen-http`

The address(es) to listen on for HTTP requests.

Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.listen-https`

The address(es) to listen on for HTTPS requests.

Type: list of string

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.listen-proxy`

The address(es) to listen on for proxy requests.

Type: list of string

Default

["127.0.0.1:8090"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.pages-domain`

The domain to serve static pages on.

Type: null or string

Example

"example.com"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.pages.settings.pages-root`

The directory where pages are stored.

Type: string

Default

config.services.gitlab.extraConfig.production.shared.path + "/pages"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.port`

GitLab server port for copy-paste URLs, e.g. 80 or 443 if you're service over https.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

8080

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.puma.threadsMax`

The maximum number of threads Puma should use per worker. This limits how many threads Puma will automatically spawn in response to requests. In contrast to workers, threads will never be able to run Ruby code in parallel, but give higher IO parallelism.

::: {.note} Each thread consumes memory and contributes to Global VM Lock contention, so be careful when increasing this. :::

Type: signed integer

Default

4

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.puma.threadsMin`

The minimum number of threads Puma should use per worker.

::: {.note} Each thread consumes memory and contributes to Global VM Lock contention, so be careful when increasing this. :::

Type: signed integer

Default

0

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.puma.workers`

The number of worker processes Puma should spawn. This controls the amount of parallel Ruby code can be executed. GitLab recommends Number of CPU cores - 1, but at least two.

::: {.note} Each worker consumes quite a bit of memory, so be careful when increasing this. :::

Type: signed integer

Default

2

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.redisUrl`

Redis URL for all GitLab services. Type: string

Default

"unix:/run/gitlab/redis.sock"

Example

"redis://localhost:6379/"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.certFile`

Path to GitLab container registry certificate. Type: path

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.defaultForProjects`

If GitLab container registry should be enabled by default for projects. Type: boolean

Default

config.services.gitlab.registry.enable

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.enable`

Enable GitLab container registry. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.externalAddress`

External address used to access registry from the internet Type: string

Default

""

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.externalPort`

External port used to access registry from the internet Type: signed integer

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.host`

GitLab container registry host name. Type: string

Default

config.services.gitlab.host

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.issuer`

GitLab container registry issuer. Type: string

Default

"gitlab-issuer"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.keyFile`

Path to GitLab container registry certificate-key. Type: path

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.package`

Container registry package to use.

External container registries such as pkgs.docker-distribution are not supported anymore since GitLab 16.0.0.

Type: package

Default

pkgs.docker-distribution

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.port`

GitLab container registry port. Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

4567

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.registry.serviceName`

GitLab container registry service name. Type: string

Default

"container_registry"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.secrets.dbFile`

A file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.

Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.secrets.jwsFile`

A file containing the secret used to encrypt session keys. If you change or lose this key, users will be disconnected.

Make sure the secret is an RSA private key in PEM format. You can generate one with

openssl genrsa 2048

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.secrets.otpFile`

A file containing the secret used to encrypt secrets for OTP tokens. If you change or lose this key, users which have 2FA enabled for login won't be able to login anymore.

Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.secrets.secretFile`

A file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.

Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.sidekiq.concurrency`

How many processor threads to use for processing sidekiq background job queues. When null, the GitLab default is used.

See https://docs.gitlab.com/ee/administration/sidekiq/extra_sidekiq_processes.html#manage-thread-counts-explicitly for details.

Type: null or signed integer

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.sidekiq.memoryKiller.enable`

Whether the Sidekiq MemoryKiller should be turned on. MemoryKiller kills Sidekiq when its memory consumption exceeds a certain limit.

See https://docs.gitlab.com/ee/administration/operations/sidekiq_memory_killer.html for details.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.sidekiq.memoryKiller.graceTime`

The time MemoryKiller waits after noticing excessive memory consumption before killing Sidekiq.

Type: signed integer

Default

900

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.sidekiq.memoryKiller.maxMemory`

The maximum amount of memory, in MiB, a Sidekiq worker is allowed to consume before being killed.

Type: signed integer

Default

2000

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.sidekiq.memoryKiller.shutdownWait`

The time allowed for all jobs to finish before Sidekiq is killed forcefully.

Type: signed integer

Default

30

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.address`

Address of the SMTP server for GitLab. Type: string

Default

"localhost"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.authentication`

Authentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.domain`

HELO domain to use for outgoing mail. Type: string

Default

"localhost"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.enable`

Enable gitlab mail delivery over SMTP. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.enableStartTLSAuto`

Whether to try to use StartTLS. Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.opensslVerifyMode`

How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html Type: string

Default

"peer"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.passwordFile`

File containing the password of the SMTP server for GitLab.

This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.

Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.port`

Port of the SMTP server for GitLab. Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

25

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.tls`

Whether to use TLS wrapper-mode. Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.smtp.username`

Username of the SMTP server for GitLab. Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.statePath`

GitLab state directory. Configuration, repositories and logs, among other things, are stored here.

The directory will be created automatically if it doesn't exist already. Its parent directories must be owned by either root or the user set in {option}services.gitlab.user.

Type: string

Default

"/var/gitlab/state"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.user`

User to run gitlab and all related services. Type: string

Default

"gitlab"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix

`services.gitlab.workhorse.config`

Configuration options to add to Workhorse's configuration file.

See https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/config.toml.example and https://docs.gitlab.com/ee/development/workhorse/configuration.html for examples and option documentation.

Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting configuration file, the object_storage.s3.aws_secret_access_key key will be set to the contents of the {file}/var/keys/aws_secret_access_key file.

Type: TOML value

Default

{ }

Example

{object_storage.provider = "AWS";object_storage.s3 = {aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX";aws_secret_access_key = { _secret = "/var/keys/aws_secret_access_key"; };};};

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix