pyrox.dev
nixos/jenkins: reduce default environment
Don't pull in all of environment.sessionVariables, only add what's
needed for nix and HTTPS to work (which was the point of the previous
patch).
+19
-9
nixos/modules/services/continuous-integration/jenkins/default.nix
+19
-9
nixos/modules/services/continuous-integration/jenkins/default.nix
···
69
69
type = with types; attrsOf str;
70
70
description = ''
71
71
Additional environment variables to be passed to the jenkins process.
72
-
This setting will merge with everything in
73
-
<option>config.environment.sessionVariables</option>,
74
-
JENKINS_HOME and NIX_REMOTE. This option takes precedence and can
75
-
override any previously set environment variable.
72
+
As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and
73
+
GIT_SSL_CAINFO from <option>environment.sessionVariables</option>,
74
+
NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to
75
+
the value of <option>services.jenkins.home</option>. This option has
76
+
precedence and can be used to override those mentioned variables.
76
77
'';
77
78
};
78
79
···
110
111
wantedBy = [ "multi-user.target" ];
111
112
112
113
environment =
113
-
config.environment.sessionVariables //
114
-
{ JENKINS_HOME = cfg.home;
115
-
NIX_REMOTE = "daemon";
116
-
} //
117
-
cfg.environment;
114
+
let
115
+
selectedSessionVars =
116
+
lib.filterAttrs (n: v: builtins.elem n
117
+
[ "NIX_PATH"
118
+
"SSL_CERT_FILE"
119
+
"GIT_SSL_CAINFO"
120
+
])
121
+
config.environment.sessionVariables;
122
+
in
123
+
selectedSessionVars //
124
+
{ JENKINS_HOME = cfg.home;
125
+
NIX_REMOTE = "daemon";
126
+
} //
127
+
cfg.environment;
118
128
119
129
path = cfg.packages;
120
130