aboutsummaryrefslogtreecommitdiff
path: root/modules/apps/jenkins/instance.nix
blob: 89c5c933d9a6d0ea3f9bb67b290e355551686c48 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
pkgs:
{ lib, name, config, ... }:

let

  inherit (builtins) all attrNames;

  inherit (lib)
    concatStrings filterAttrs hasSuffix mapAttrsToList mkOption ;

  inherit (lib.types)
    addCheck attrsOf bool either enum int listOf nullOr package path str
    submodule
    ;

  default = d: t: mkOption { type = t; default = d; };
  optional = t: mkOption { type = nullOr t; default = null; };
  readonly = d: t: mkOption { type = nullOr t; default = d; readOnly = true; };

in {
  options = {

    jre = {
      package = mkOption {
        description = "Java runtime package";
        default = pkgs.jre8;
        type = package;
      };

      properties = {
        hudson.model.DirectoryBrowserSupport.CSP = optional str;
        java.io.tmpdir = readonly "${config.home}/tmp" path;
        java.util.logging.config.file = optional path;
      };
    };

    war = mkOption {
      description = "Jenkins web application archive (WAR)";
      default = pkgs.jenkins;
      type = path;
    };

    user = mkOption {
      description = "User to run as";
      default = "jenkins-${name}";
      readOnly = true;
      type = str;
    };

    home = mkOption {
      description = "Jenkins data directory";
      type = path;
      default = "/jenkins/${name}";
    };

    master-access-control = mkOption {
      description = ''
        Enable Agent -> Master Access Control.
        See https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control
        '';
      type = bool;
      default = true;
    };

    nodes = mkOption {
      description = ''
        Nodes. Each value is either inline XML text or an XML file.
        Any existing nodes, not mentioned here, are physically removed.
      '';
      type = attrsOf (either str path);
      default = {};
    };

    jobs = mkOption {
      description = ''
        Jenkins jobs. Each value is either inline XML text or an XML file.
        Any existing jobs, not mentioned here, are physically removed.
      '';
      type = attrsOf (either str path);
      default = {};
    };

    config = mkOption {
      description = ''
        Jenkins XML configuration files. Either inline text or file. Any
        existing XML files, not mentioned here, are physically removed. You
        might want to add `config.xml` at least. You can use XInclude
        facility to include sensitive pieces of configuration like passwords
        or private keys.  Those grains  will be processed (expanded) to
        create proper configuration files. Also they will be automatically
        picked up and deployed (requires read-write mode of evaluation).
        E. g. if you write '<xi:include href="/run/keys/github-oauth.xml"/>',
        that file will be deployed as a secret key, and when Jenkins starts,
        that piece will be replaced by the file contents. All configuration
        files reside in Jenkins private directory so secrets remain secret.
      '';
      type = addCheck (attrsOf (either str path)) (aa: all (hasSuffix ".xml") (attrNames aa));
      default = {};
    };

    path = mkOption {
      description = ''
        Additional packages available to Jenkins in PATH.  You also may opt in specifying
        paths to executables in various config files.
      '';
      type = listOf package;
      default = [];
      example = [ pkgs.gitMinimal ];
    };

    options = {
      controlPort          = optional int;
      debug                = optional (enum [1 2 3 4 5 6 7 8 9]);
      httpKeepAliveTimeout = optional int;
      httpListenAddress    = default "127.0.0.1" str;
      httpPort             = default 8080 int;
      prefix               = optional str;
      sessionTimeout       = optional int;
    };

  };
}