Merge pull request #181715 from mayflower/jira-secret-opts
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store
This commit is contained in:
commit
dab3ae9d8b
@ -8,21 +8,22 @@ let
|
||||
|
||||
pkg = cfg.package.override (optionalAttrs cfg.sso.enable {
|
||||
enableSSO = cfg.sso.enable;
|
||||
crowdProperties = ''
|
||||
application.name ${cfg.sso.applicationName}
|
||||
application.password ${cfg.sso.applicationPassword}
|
||||
application.login.url ${cfg.sso.crowd}/console/
|
||||
|
||||
crowd.server.url ${cfg.sso.crowd}/services/
|
||||
crowd.base.url ${cfg.sso.crowd}/
|
||||
|
||||
session.isauthenticated session.isauthenticated
|
||||
session.tokenkey session.tokenkey
|
||||
session.validationinterval ${toString cfg.sso.validationInterval}
|
||||
session.lastvalidation session.lastvalidation
|
||||
'';
|
||||
});
|
||||
|
||||
crowdProperties = pkgs.writeText "crowd.properties" ''
|
||||
application.name ${cfg.sso.applicationName}
|
||||
application.password @NIXOS_JIRA_CROWD_SSO_PWD@
|
||||
application.login.url ${cfg.sso.crowd}/console/
|
||||
|
||||
crowd.server.url ${cfg.sso.crowd}/services/
|
||||
crowd.base.url ${cfg.sso.crowd}/
|
||||
|
||||
session.isauthenticated session.isauthenticated
|
||||
session.tokenkey session.tokenkey
|
||||
session.validationinterval ${toString cfg.sso.validationInterval}
|
||||
session.lastvalidation session.lastvalidation
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
@ -112,9 +113,9 @@ in
|
||||
description = "Exact name of this JIRA instance in Crowd";
|
||||
};
|
||||
|
||||
applicationPassword = mkOption {
|
||||
applicationPasswordFile = mkOption {
|
||||
type = types.str;
|
||||
description = "Application password of this JIRA instance in Crowd";
|
||||
description = "Path to the file containing the application password of this JIRA instance in Crowd";
|
||||
};
|
||||
|
||||
validationInterval = mkOption {
|
||||
@ -181,6 +182,7 @@ in
|
||||
JIRA_HOME = cfg.home;
|
||||
JAVA_HOME = "${cfg.jrePackage}";
|
||||
CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
|
||||
JAVA_OPTS = mkIf cfg.sso.enable "-Dcrowd.properties=${cfg.home}/crowd.properties";
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
@ -191,6 +193,14 @@ in
|
||||
-e 's,protocol="HTTP/1.1",protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${toString cfg.proxy.secure}",' \
|
||||
'') + ''
|
||||
${pkg}/conf/server.xml.dist > ${cfg.home}/server.xml
|
||||
|
||||
${optionalString cfg.sso.enable ''
|
||||
install -m660 ${crowdProperties} ${cfg.home}/crowd.properties
|
||||
${pkgs.replace-secret}/bin/replace-secret \
|
||||
'@NIXOS_JIRA_CROWD_SSO_PWD@' \
|
||||
${cfg.sso.applicationPasswordFile} \
|
||||
${cfg.home}/crowd.properties
|
||||
''}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
@ -204,4 +214,10 @@ in
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "jira" "sso" "applicationPassword" ] ''
|
||||
Use `applicationPasswordFile` instead!
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
@ -3,7 +3,7 @@
|
||||
, fetchurl
|
||||
, gawk
|
||||
, enableSSO ? false
|
||||
, crowdProperties ? null
|
||||
, makeWrapper
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
|
||||
sha256 = "sha256-Zog0m8tsx8mDLU1rsW5zhhHgyRmi4JGWuy9DV8yp9nY=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
buildPhase = ''
|
||||
mv conf/server.xml conf/server.xml.dist
|
||||
ln -sf /run/atlassian-jira/server.xml conf/server.xml
|
||||
@ -27,10 +29,6 @@ stdenv.mkDerivation rec {
|
||||
substituteInPlace atlassian-jira/WEB-INF/classes/seraph-config.xml \
|
||||
--replace com.atlassian.jira.security.login.JiraSeraphAuthenticator \
|
||||
com.atlassian.jira.security.login.SSOSeraphAuthenticator
|
||||
'' + lib.optionalString (crowdProperties != null) ''
|
||||
cat <<EOF > atlassian-jira/WEB-INF/classes/crowd.properties
|
||||
${crowdProperties}
|
||||
EOF
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
@ -41,6 +39,6 @@ stdenv.mkDerivation rec {
|
||||
description = "Proprietary issue tracking product, also providing project management functions";
|
||||
homepage = "https://www.atlassian.com/software/jira";
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ fpletz globin ciil megheaiulian techknowlogick ];
|
||||
maintainers = with maintainers; [ fpletz globin ciil megheaiulian techknowlogick ma27 ];
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user