1 files changed, 93 insertions, 0 deletions

diff --git a/modules/apps/jenkins/instance.nix b/modules/apps/jenkins/instance.nix
new file mode 100644
index 0000000..692b066
--- /dev/null
+++ b/modules/apps/jenkins/instance.nix
@@ -0,0 +1,93 @@
+pkgs:
+{ lib, name, ... }:
+
+let
+
+  inherit (builtins) all attrNames;
+
+  inherit (lib)
+    concatStrings filterAttrs hasSuffix mapAttrsToList mkOption ;
+
+  inherit (lib.types)
+    addCheck attrsOf either enum int listOf nullOr package path str submodule ;
+
+  default = d: t: mkOption { type = t; default = d; };
+  optional = t: mkOption { type = nullOr t; default = null; };
+
+in {
+  options = {
+
+    jre = mkOption {
+      description = "Java runtime package";
+      default = pkgs.jre8;
+      type = package;
+    };
+
+    war = mkOption {
+      description = "Jenkins web application archive (WAR)";
+      default = pkgs.jenkins;
+      type = path;
+    };
+
+    user = mkOption {
+      description = "User to run as";
+      default = "jenkins-${name}";
+      type = str;
+    };
+
+    home = mkOption {
+      description = "Jenkins data directory";
+      type = path;
+      default = "/jenkins/${name}";
+    };
+
+    jobs = mkOption {
+      description = ''
+        Jenkins jobs. Each value is either inline XML text or an XML file.
+        Any existing jobs, not mentioned here, are physically removed.
+      '';
+      type = attrsOf (either str path);
+      default = {};
+    };
+
+    config = mkOption {
+      description = ''
+        Jenkins XML configuration files. Either inline text or file. Any
+        existing XML files, not mentioned here, are physically removed. You
+        might want to add `config.xml` at least. You can use XInclude
+        facility to include sensitive pieces of configuration like passwords
+        or private keys.  Those grains  will be processed (expanded) to
+        create proper configuration files. Also they will be automatically
+        picked up and deployed (requires read-write mode of evaluation).
+        E. g. if you write '<xi:include href="/run/keys/github-oauth.xml"/>',
+        that file will be deployed as a secret key, and when Jenkins starts,
+        that piece will be replaced by the file contents. All configuration
+        files reside in Jenkins private directory so secrets remain secret.
+      '';
+      type = addCheck (attrsOf (either str path)) (aa: all (hasSuffix ".xml") (attrNames aa));
+      default = {};
+    };
+
+    path = mkOption {
+      description = ''
+        Additional packages available to Jenkins in PATH.  You also may opt in specifying
+        paths to executables in various config files.
+      '';
+      type = listOf package;
+      default = [];
+      example = [ pkgs.gitMinimal ];
+    };
+
+    options = {
+      controlPort          = optional int;
+      debug                = optional (enum [1 2 3 4 5 6 7 8 9]);
+      httpKeepAliveTimeout = optional int;
+      httpListenAddress    = default "127.0.0.1" str;
+      httpPort             = default 8080 int;
+      prefix               = optional str;
+      sessionTimeout       = optional int;
+    };
+
+  };
+}
+