remove hard coded gitlab user

debian/conf/gitlab.yml.example

@@ -46,7 +46,7 @@ production: &base
     # relative_url_root: /gitlab
 
     # Uncomment and customize if you can't use the default user to run GitLab (default: 'git')
-    user: gitlab
+    user: GITLAB_USER
     user_home: /var/lib/gitlab
 
     ## Date & Time settings

debian/gitlab.gitlab-mailroom.service

@@ -9,7 +9,6 @@ ReloadPropagatedFrom=gitlab-unicorn.service
 
 [Service]
 Type=simple
-User=gitlab
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 SyslogIdentifier=gitlab-mailroom

debian/gitlab.gitlab-sidekiq.service

@@ -9,7 +9,6 @@ ReloadPropagatedFrom=gitlab.service
 
 [Service]
 Type=simple
-User=gitlab
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 SyslogIdentifier=gitlab-sidekiq

debian/gitlab.gitlab-unicorn.service

@@ -9,7 +9,6 @@ ReloadPropagatedFrom=gitlab.service
 
 [Service]
 Type=simple
-User=gitlab
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 EnvironmentFile=-/etc/default/gitlab

debian/gitlab.gitlab-workhorse.service

@@ -9,7 +9,6 @@ ReloadPropagatedFrom=gitlab-unicorn.service
 
 [Service]
 Type=simple
-User=gitlab
 WorkingDirectory=/usr/share/gitlab
 EnvironmentFile=/etc/gitlab/gitlab-debian.conf
 SyslogIdentifier=gitlab-workhorse

debian/postinst

@@ -143,6 +143,8 @@ EOF
       test -f ${gitlab_shell_config_private} || \
       cp ${gitlab_shell_config_example} ${gitlab_shell_config_private}
 
+      sed -i "s/GITLAB_USER/${gitlab_user}/" ${gitlab_yml_private}
+
       if [ "${RET}" = "true" ]; then
         echo "Configuring nginx with HTTPS..."
         if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then
@@ -203,6 +205,13 @@ EOF
       ucf --debconf-ok --three-way ${gitlab_tmpfiles_private} ${gitlab_tmpfiles}
       ucfr gitlab ${gitlab_tmpfiles}
 
+      # Override User for systemd services
+      for service in mailroom unicorn sidekiq workhorse; do
+        path=/etc/systemd/system/gitlab-${service}.service.d
+        mkdir -p $path
+        printf "[Service]\nUser=${gitlab_user}\n" > $path/override.conf
+      done
+
       # Manage gitlab-shell's config.yml via ucf
       mkdir -p /etc/gitlab-shell
       echo "Registering ${gitlab_shell_config} via ucf"

debian/postrm

@@ -44,16 +44,17 @@ case "$1" in
       # Check if we should remove data?
       db_get gitlab/purge
       if [ "${RET}" = "true" ]; then
-        rm -rf /var/lib/gitlab/shared
+        rm -rf ${gitlab_data_dir}/shared
-        rm -rf /var/lib/gitlab/public
+        rm -rf ${gitlab_data_dir}/public
-        rm -rf /var/lib/gitlab/db
+        rm -rf ${gitlab_data_dir}/db
-	rm -rf /var/lib/gitlab/repositories
+	rm -rf ${gitlab_data_dir}/repositories
-	rm -rf /var/lib/gitlab/secrets.yml
+	rm -rf ${gitlab_data_dir}/secrets.yml
-	rm -rf /var/lib/gitlab/Gemfile.lock
+	rm -rf ${gitlab_data_dir}/Gemfile.lock
-        rm -rf /var/log/gitlab
+        rm -rf ${gitlab_log_dir}
-        rm -rf /var/cache/gitlab
+        rm -rf ${gitlab_cache_path}
-        rm -rf /run/gitlab
+        rm -rf ${gitlab_pid_path}
         userdel -r ${gitlab_user}
+        rm -rf ${gitlab_data_dir}
         su postgres -c "dropdb gitlab_production"
       fi
 
@@ -102,7 +103,7 @@ case "$1" in
     fi
 
     # remove generated assets
-    rm -rf /var/lib/gitlab/public/assets
+    rm -rf ${gitlab_data_dir}/public/assets
       
     # Remove private copies of configuration files
     rm -f ${nginx_site_private}
@@ -111,6 +112,12 @@ case "$1" in
     rm -f ${gitlab_tmpfiles_private}
     rm -f ${gitlab_shell_config_private}
 
+    # Remove systemd service overrides
+    for service in mailroom unicorn sidekiq workhorse; do
+      path=/etc/systemd/system/gitlab-${service}.service.d
+      rm -rf $path
+    done
+
        # cleanup complete
     exit 0