nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store (765cc350) · Commits · nix / nixpkgs

nixos/modules/services/web-apps/atlassian/jira.nix

+31 −15

Original line number	Diff line number	Diff line
		@@ -8,9 +8,11 @@ let

		pkg = cfg.package.override (optionalAttrs cfg.sso.enable {
		enableSSO = cfg.sso.enable;
		crowdProperties = ''
		});

		crowdProperties = pkgs.writeText "crowd.properties" ''
		application.name ${cfg.sso.applicationName}
		application.password ${cfg.sso.applicationPassword}
		application.password @NIXOS_JIRA_CROWD_SSO_PWD@
		application.login.url ${cfg.sso.crowd}/console/

		crowd.server.url ${cfg.sso.crowd}/services/
		@@ -21,7 +23,6 @@ let
		session.validationinterval ${toString cfg.sso.validationInterval}
		session.lastvalidation session.lastvalidation
		'';
		});

		in

		@@ -112,9 +113,9 @@ in
		description = "Exact name of this JIRA instance in Crowd";
		};

		applicationPassword = mkOption {
		applicationPasswordFile = mkOption {
		type = types.str;
		description = "Application password of this JIRA instance in Crowd";
		description = "Path to the file containing the application password of this JIRA instance in Crowd";
		};

		validationInterval = mkOption {
		@@ -181,6 +182,7 @@ in
		JIRA_HOME = cfg.home;
		JAVA_HOME = "${cfg.jrePackage}";
		CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
		JAVA_OPTS = mkIf cfg.sso.enable "-Dcrowd.properties=${cfg.home}/crowd.properties";
		};

		preStart = ''
		@@ -191,6 +193,14 @@ in
		-e 's,protocol="HTTP/1.1",protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${toString cfg.proxy.secure}",' \
		'') + ''
		${pkg}/conf/server.xml.dist > ${cfg.home}/server.xml

		${optionalString cfg.sso.enable ''
		install -m660 ${crowdProperties} ${cfg.home}/crowd.properties
		${pkgs.replace-secret}/bin/replace-secret \
		'@NIXOS_JIRA_CROWD_SSO_PWD@' \
		${cfg.sso.applicationPasswordFile} \
		${cfg.home}/crowd.properties
		''}
		'';

		serviceConfig = {
		@@ -204,4 +214,10 @@ in
		};
		};
		};

		imports = [
		(mkRemovedOptionModule [ "services" "jira" "sso" "applicationPassword" ] ''
		Use `applicationPasswordFile` instead!
		'')
		];
		}

pkgs/servers/atlassian/jira.nix

+4 −6

Original line number	Diff line number	Diff line
		@@ -3,7 +3,7 @@
		, fetchurl
		, gawk
		, enableSSO ? false
		, crowdProperties ? null
		, makeWrapper
		}:

		stdenv.mkDerivation rec {
		@@ -15,6 +15,8 @@ stdenv.mkDerivation rec {
		sha256 = "sha256-Zog0m8tsx8mDLU1rsW5zhhHgyRmi4JGWuy9DV8yp9nY=";
		};

		nativeBuildInputs = [ makeWrapper ];

		buildPhase = ''
		mv conf/server.xml conf/server.xml.dist
		ln -sf /run/atlassian-jira/server.xml conf/server.xml
		@@ -27,10 +29,6 @@ stdenv.mkDerivation rec {
		substituteInPlace atlassian-jira/WEB-INF/classes/seraph-config.xml \
		--replace com.atlassian.jira.security.login.JiraSeraphAuthenticator \
		com.atlassian.jira.security.login.SSOSeraphAuthenticator
		'' + lib.optionalString (crowdProperties != null) ''
		cat <<EOF > atlassian-jira/WEB-INF/classes/crowd.properties
		${crowdProperties}
		EOF
		'';

		installPhase = ''
		@@ -41,6 +39,6 @@ stdenv.mkDerivation rec {
		description = "Proprietary issue tracking product, also providing project management functions";
		homepage = "https://www.atlassian.com/software/jira";
		license = licenses.unfree;
		maintainers = with maintainers; [ fpletz globin ciil megheaiulian techknowlogick ];
		maintainers = with maintainers; [ fpletz globin ciil megheaiulian techknowlogick ma27 ];
		};
		}

Admin message