diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2017-11-26 21:11:54 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2017-11-26 21:11:57 +0300 |
commit | cb675083df029d447b43814e5ef5d37a528aa80c (patch) | |
tree | e948f86885eac91a1f38282be506f80086a50223 /modules | |
parent | 6ba5900c3311ccb8fa683e03294993deb8b036f9 (diff) | |
download | nixsap-cb675083df029d447b43814e5ef5d37a528aa80c.tar.gz |
(*BREAKING*) Jenkins: set user home directory
BREAKING: user is now read-only
Diffstat (limited to 'modules')
-rw-r--r-- | modules/apps/jenkins/default.nix | 7 | ||||
-rw-r--r-- | modules/apps/jenkins/instance.nix | 1 |
2 files changed, 7 insertions, 1 deletions
diff --git a/modules/apps/jenkins/default.nix b/modules/apps/jenkins/default.nix index 0e5fa6b..8bf230a 100644 --- a/modules/apps/jenkins/default.nix +++ b/modules/apps/jenkins/default.nix @@ -7,7 +7,7 @@ let inherit (lib) concatMapStringsSep concatStringsSep escape filterAttrs foldAttrs foldl - hasPrefix mapAttrs mapAttrsToList mkOption nameValuePair optionalString + hasPrefix mapAttrs mapAttrs' mapAttrsToList mkOption nameValuePair optionalString unique ; inherit (lib.types) @@ -157,6 +157,11 @@ in { systemd.services = foldl (a: b: a//b) {} (mapAttrsToList mkService instances); nixsap.deployment.keyrings = keyrings; nixsap.system.users.daemons = users; + + # Although jenkins user is a daemon, many tools require proper home + # directory and ignore $HOME (e. g. Maven). This assumes each Jenkins + # instance has its own user (this is true because i.user is read-only): + users.users = mapAttrs' (_: i: nameValuePair i.user {home = i.home;}) instances; }; } diff --git a/modules/apps/jenkins/instance.nix b/modules/apps/jenkins/instance.nix index 6735ab8..cda6462 100644 --- a/modules/apps/jenkins/instance.nix +++ b/modules/apps/jenkins/instance.nix @@ -40,6 +40,7 @@ in { user = mkOption { description = "User to run as"; default = "jenkins-${name}"; + readOnly = true; type = str; }; |