aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIgor Pashev <pashev.igor@gmail.com>2017-11-26 21:11:54 +0300
committerIgor Pashev <pashev.igor@gmail.com>2017-11-26 21:11:57 +0300
commitcb675083df029d447b43814e5ef5d37a528aa80c (patch)
treee948f86885eac91a1f38282be506f80086a50223 /modules
parent6ba5900c3311ccb8fa683e03294993deb8b036f9 (diff)
downloadnixsap-cb675083df029d447b43814e5ef5d37a528aa80c.tar.gz
(*BREAKING*) Jenkins: set user home directory
BREAKING: user is now read-only
Diffstat (limited to 'modules')
-rw-r--r--modules/apps/jenkins/default.nix7
-rw-r--r--modules/apps/jenkins/instance.nix1
2 files changed, 7 insertions, 1 deletions
diff --git a/modules/apps/jenkins/default.nix b/modules/apps/jenkins/default.nix
index 0e5fa6b..8bf230a 100644
--- a/modules/apps/jenkins/default.nix
+++ b/modules/apps/jenkins/default.nix
@@ -7,7 +7,7 @@ let
inherit (lib)
concatMapStringsSep concatStringsSep escape filterAttrs foldAttrs foldl
- hasPrefix mapAttrs mapAttrsToList mkOption nameValuePair optionalString
+ hasPrefix mapAttrs mapAttrs' mapAttrsToList mkOption nameValuePair optionalString
unique ;
inherit (lib.types)
@@ -157,6 +157,11 @@ in {
systemd.services = foldl (a: b: a//b) {} (mapAttrsToList mkService instances);
nixsap.deployment.keyrings = keyrings;
nixsap.system.users.daemons = users;
+
+ # Although jenkins user is a daemon, many tools require proper home
+ # directory and ignore $HOME (e. g. Maven). This assumes each Jenkins
+ # instance has its own user (this is true because i.user is read-only):
+ users.users = mapAttrs' (_: i: nameValuePair i.user {home = i.home;}) instances;
};
}
diff --git a/modules/apps/jenkins/instance.nix b/modules/apps/jenkins/instance.nix
index 6735ab8..cda6462 100644
--- a/modules/apps/jenkins/instance.nix
+++ b/modules/apps/jenkins/instance.nix
@@ -40,6 +40,7 @@ in {
user = mkOption {
description = "User to run as";
default = "jenkins-${name}";
+ readOnly = true;
type = str;
};