From cb675083df029d447b43814e5ef5d37a528aa80c Mon Sep 17 00:00:00 2001
From: Igor Pashev <pashev.igor@gmail.com>
Date: Sun, 26 Nov 2017 21:11:54 +0300
Subject: (*BREAKING*) Jenkins: set user home directory

BREAKING: user is now read-only
---
 modules/apps/jenkins/default.nix  | 7 ++++++-
 modules/apps/jenkins/instance.nix | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'modules/apps')

diff --git a/modules/apps/jenkins/default.nix b/modules/apps/jenkins/default.nix
index 0e5fa6b..8bf230a 100644
--- a/modules/apps/jenkins/default.nix
+++ b/modules/apps/jenkins/default.nix
@@ -7,7 +7,7 @@ let
 
   inherit (lib)
     concatMapStringsSep concatStringsSep escape filterAttrs foldAttrs foldl
-    hasPrefix mapAttrs mapAttrsToList mkOption nameValuePair optionalString
+    hasPrefix mapAttrs mapAttrs' mapAttrsToList mkOption nameValuePair optionalString
     unique ;
 
   inherit (lib.types)
@@ -157,6 +157,11 @@ in {
     systemd.services = foldl (a: b: a//b) {} (mapAttrsToList mkService instances);
     nixsap.deployment.keyrings = keyrings;
     nixsap.system.users.daemons = users;
+
+    # Although jenkins user is a daemon, many tools require proper home
+    # directory and ignore $HOME (e. g. Maven). This assumes each Jenkins
+    # instance has its own user (this is true because i.user is read-only):
+    users.users = mapAttrs' (_: i: nameValuePair i.user {home = i.home;}) instances;
   };
 
 }
diff --git a/modules/apps/jenkins/instance.nix b/modules/apps/jenkins/instance.nix
index 6735ab8..cda6462 100644
--- a/modules/apps/jenkins/instance.nix
+++ b/modules/apps/jenkins/instance.nix
@@ -40,6 +40,7 @@ in {
     user = mkOption {
       description = "User to run as";
       default = "jenkins-${name}";
+      readOnly = true;
       type = str;
     };
 
-- 
cgit v1.2.3