Extra options to be added under production in config/gitlab.yml, as a nix attribute set.
Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting config/gitlab.yml file, the production.omniauth.providers[0].args.client_options.secret key will be set to the contents of the /var/keys/gitlab_oidc_secret file.
Declarations
Type
YAML valueDefault
{ }Example
{
gitlab = {
default_projects_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = ["openid_connect"];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "OpenID Connect";
args = {
name = "openid_connect";
scope = ["openid" "profile"];
response_type = "code";
issuer = "https://keycloak.example.com/auth/realms/My%20Realm";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
client_options = {
identifier = "gitlab";
secret = { _secret = "/var/keys/gitlab_oidc_secret"; };
redirect_uri = "https://git.example.com/users/auth/openid_connect/callback";
};
};
}
];
};
};