Merge pull request #181715 from mayflower/jira-secret-opts

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store

authored by

Maximilian Bosch and committed by

GitHub 3 years ago dab3ae9d 9b09ad47

+34 -20

2 changed files

expand all

unified split

nixos

modules

services

web-apps

atlassian

jira.nix

pkgs

servers

atlassian

jira.nix

+30 -14

nixos/modules/services/web-apps/atlassian/jira.nix

··· 8 8 9 9 pkg = cfg.package.override (optionalAttrs cfg.sso.enable { 10 10 enableSSO = cfg.sso.enable; 11 - crowdProperties = '' 12 - application.name ${cfg.sso.applicationName} 13 - application.password ${cfg.sso.applicationPassword} 14 - application.login.url ${cfg.sso.crowd}/console/ 11 + }); 15 12 16 - crowd.server.url ${cfg.sso.crowd}/services/ 17 - crowd.base.url ${cfg.sso.crowd}/ 13 + crowdProperties = pkgs.writeText "crowd.properties" '' 14 + application.name ${cfg.sso.applicationName} 15 + application.password @NIXOS_JIRA_CROWD_SSO_PWD@ 16 + application.login.url ${cfg.sso.crowd}/console/ 18 17 19 - session.isauthenticated session.isauthenticated 20 - session.tokenkey session.tokenkey 21 - session.validationinterval ${toString cfg.sso.validationInterval} 22 - session.lastvalidation session.lastvalidation 23 - ''; 24 - }); 18 + crowd.server.url ${cfg.sso.crowd}/services/ 19 + crowd.base.url ${cfg.sso.crowd}/ 20 + 21 + session.isauthenticated session.isauthenticated 22 + session.tokenkey session.tokenkey 23 + session.validationinterval ${toString cfg.sso.validationInterval} 24 + session.lastvalidation session.lastvalidation 25 + ''; 25 26 26 27 in 27 28 ··· 112 113 description = "Exact name of this JIRA instance in Crowd"; 113 114 }; 114 115 115 - applicationPassword = mkOption { 116 + applicationPasswordFile = mkOption { 116 117 type = types.str; 117 - description = "Application password of this JIRA instance in Crowd"; 118 + description = "Path to the file containing the application password of this JIRA instance in Crowd"; 118 119 }; 119 120 120 121 validationInterval = mkOption { ··· 181 182 JIRA_HOME = cfg.home; 182 183 JAVA_HOME = "${cfg.jrePackage}"; 183 184 CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions; 185 + JAVA_OPTS = mkIf cfg.sso.enable "-Dcrowd.properties=${cfg.home}/crowd.properties"; 184 186 }; 185 187 186 188 preStart = '' ··· 191 193 -e 's,protocol="HTTP/1.1",protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${toString cfg.proxy.secure}",' \ 192 194 '') + '' 193 195 ${pkg}/conf/server.xml.dist > ${cfg.home}/server.xml 196 + 197 + ${optionalString cfg.sso.enable '' 198 + install -m660 ${crowdProperties} ${cfg.home}/crowd.properties 199 + ${pkgs.replace-secret}/bin/replace-secret \ 200 + '@NIXOS_JIRA_CROWD_SSO_PWD@' \ 201 + ${cfg.sso.applicationPasswordFile} \ 202 + ${cfg.home}/crowd.properties 203 + ''} 194 204 ''; 195 205 196 206 serviceConfig = { ··· 204 214 }; 205 215 }; 206 216 }; 217 + 218 + imports = [ 219 + (mkRemovedOptionModule [ "services" "jira" "sso" "applicationPassword" ] '' 220 + Use `applicationPasswordFile` instead! 221 + '') 222 + ]; 207 223 }

+4 -6

pkgs/servers/atlassian/jira.nix

··· 3 3 , fetchurl 4 4 , gawk 5 5 , enableSSO ? false 6 - , crowdProperties ? null 6 + , makeWrapper 7 7 }: 8 8 9 9 stdenv.mkDerivation rec { ··· 14 14 url = "https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-${version}.tar.gz"; 15 15 sha256 = "sha256-Zog0m8tsx8mDLU1rsW5zhhHgyRmi4JGWuy9DV8yp9nY="; 16 16 }; 17 + 18 + nativeBuildInputs = [ makeWrapper ]; 17 19 18 20 buildPhase = '' 19 21 mv conf/server.xml conf/server.xml.dist ··· 27 29 substituteInPlace atlassian-jira/WEB-INF/classes/seraph-config.xml \ 28 30 --replace com.atlassian.jira.security.login.JiraSeraphAuthenticator \ 29 31 com.atlassian.jira.security.login.SSOSeraphAuthenticator 30 - '' + lib.optionalString (crowdProperties != null) '' 31 - cat <<EOF > atlassian-jira/WEB-INF/classes/crowd.properties 32 - ${crowdProperties} 33 - EOF 34 32 ''; 35 33 36 34 installPhase = '' ··· 41 39 description = "Proprietary issue tracking product, also providing project management functions"; 42 40 homepage = "https://www.atlassian.com/software/jira"; 43 41 license = licenses.unfree; 44 - maintainers = with maintainers; [ fpletz globin ciil megheaiulian techknowlogick ]; 42 + maintainers = with maintainers; [ fpletz globin ciil megheaiulian techknowlogick ma27 ]; 45 43 }; 46 44 }