From 40de28afca0faa6673948bf99f444faad1d1a2d4 Mon Sep 17 00:00:00 2001 From: Corey O'Connor Date: Thu, 6 Mar 2014 10:06:53 -0800 Subject: [PATCH] remove users.jenkins config start on slave config. Uses standard NixOS user config merging. Work in progress: The slave config does not actually start the slave agent. This just configures a jenkins user if required. Bare minimum to enable a nice jenkins SSH slave. --- nixos/modules/module-list.nix | 2 +- .../jenkins/default.nix | 31 +++++++-- .../continuous-integration/jenkins/slave.nix | 67 +++++++++++++++++++ .../continuous-integration/jenkins/user.nix | 61 ----------------- nixos/tests/jenkins.nix | 21 ++++++ 5 files changed, 115 insertions(+), 67 deletions(-) create mode 100644 nixos/modules/services/continuous-integration/jenkins/slave.nix delete mode 100644 nixos/modules/services/continuous-integration/jenkins/user.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index f3d6bdb297dd..b419942057ac 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -82,7 +82,7 @@ ./services/backup/sitecopy-backup.nix ./services/backup/tarsnap.nix ./services/continuous-integration/jenkins/default.nix - ./services/continuous-integration/jenkins/user.nix + ./services/continuous-integration/jenkins/slave.nix ./services/databases/4store-endpoint.nix ./services/databases/4store.nix ./services/databases/couchdb.nix diff --git a/nixos/modules/services/continuous-integration/jenkins/default.nix b/nixos/modules/services/continuous-integration/jenkins/default.nix index 6e3f6abbb870..c3dc59a9fbd0 100644 --- a/nixos/modules/services/continuous-integration/jenkins/default.nix +++ b/nixos/modules/services/continuous-integration/jenkins/default.nix @@ -2,7 +2,6 @@ with pkgs.lib; let cfg = config.services.jenkins; - userCfg = config.users.jenkins; in { options = { services.jenkins = { @@ -18,15 +17,24 @@ in { default = "jenkins"; type = with types; string; description = '' - User the jenkins server should execute under. Defaults to the "jenkins" user. + User the jenkins server should execute under. + ''; + }; + + group = mkOption { + default = "jenkins"; + type = with types; string; + description = '' + User the jenkins server should execute under. ''; }; home = mkOption { - default = userCfg.home; + default = "/var/lib/jenkins"; type = with types; string; description = '' - The path to use as JENKINS_HOME. Defaults to the home of the "jenkins" user. + The path to use as JENKINS_HOME. If the default user "jenkins" is configured then + this is the home of the "jenkins" user. ''; }; @@ -58,7 +66,20 @@ in { }; config = mkIf cfg.enable { - users.jenkins.enable = true; + users.extraGroups = optional (cfg.group == "jenkins") { + name = "jenkins"; + gid = config.ids.gids.jenkins; + }; + + users.extraUsers = optional (cfg.user == "jenkins") { + name = "jenkins"; + description = "jenkins user"; + createHome = true; + home = cfg.home; + group = cfg.group; + useDefaultShell = true; + uid = config.ids.uids.jenkins; + }; systemd.services.jenkins = { description = "Jenkins Continuous Integration Server"; diff --git a/nixos/modules/services/continuous-integration/jenkins/slave.nix b/nixos/modules/services/continuous-integration/jenkins/slave.nix new file mode 100644 index 000000000000..1d31ab830f6c --- /dev/null +++ b/nixos/modules/services/continuous-integration/jenkins/slave.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: +with pkgs.lib; +let + cfg = config.services.jenkinsSlave; + masterCfg = config.services.jenkins; +in { + options = { + services.jenkinsSlave = { + # todo: + # * assure the profile of the jenkins user has a JRE and any specified packages. This would + # enable ssh slaves. + # * Optionally configure the node as a jenkins ad-hoc slave. This would imply configuration + # properties for the master node. + enable = mkOption { + type = types.bool; + default = false; + description = '' + If true the system will be configured to work as a jenkins slave. + If the system is also configured to work as a jenkins master then this has no effect. + In progress: Currently only assures the jenkins user is configured. + ''; + }; + + user = mkOption { + default = "jenkins"; + type = with types; string; + description = '' + User the jenkins slave agent should execute under. + ''; + }; + + group = mkOption { + default = "jenkins"; + type = with types; string; + description = '' + User the jenkins slave agent should execute under. + ''; + }; + + home = mkOption { + default = "/var/lib/jenkins"; + type = with types; string; + description = '' + The path to use as JENKINS_HOME. If the default user "jenkins" is configured then + this is the home of the "jenkins" user. + ''; + }; + }; + }; + + config = mkIf (cfg.enable && !masterCfg.enable) { + users.extraGroups = optional (cfg.group == "jenkins") { + name = "jenkins"; + gid = config.ids.gids.jenkins; + }; + + users.extraUsers = optional (cfg.user == "jenkins") { + name = "jenkins"; + description = "jenkins user"; + createHome = true; + home = cfg.home; + group = cfg.group; + useDefaultShell = true; + uid = config.ids.uids.jenkins; + }; + }; +} diff --git a/nixos/modules/services/continuous-integration/jenkins/user.nix b/nixos/modules/services/continuous-integration/jenkins/user.nix deleted file mode 100644 index cb4d9a60a4a3..000000000000 --- a/nixos/modules/services/continuous-integration/jenkins/user.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, pkgs, ... }: -with pkgs.lib; -let - cfg = config.users.jenkins; -in { - options = { - users.jenkins = { - enable = mkOption { - type = types.bool; - default = false; - description = '' - Whether to enable the jenkins user. By default enabling a jenkins service enables the - jenkins user. The "user" config property of the service can be used to select a different - user. - ''; - }; - - extraGroups = mkOption { - default = []; - type = with types; listOf string; - description = '' - Extra groups of the "jenkins" user. - ''; - }; - - group = mkOption { - default = "jenkins"; - description = '' - Default group of "jenkins" user. - ''; - }; - - home = mkOption { - default = "/var/lib/jenkins"; - type = types.string; - description = '' - Home of the "jenkins" user and JENKINS_HOME. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - users.extraGroups = optional (cfg.group == "jenkins") { - name = "jenkins"; - gid = config.ids.gids.jenkins; - }; - - users.extraUsers = { - jenkins = { - description = "jenkins user"; - createHome = true; - home = cfg.home; - group = cfg.group; - extraGroups = cfg.extraGroups; - useDefaultShell = true; - uid = config.ids.uids.jenkins; - }; - }; - }; -} diff --git a/nixos/tests/jenkins.nix b/nixos/tests/jenkins.nix index b05a9d3eaf9d..e6524ec56538 100644 --- a/nixos/tests/jenkins.nix +++ b/nixos/tests/jenkins.nix @@ -1,8 +1,22 @@ +# verifies: +# 1. jenkins service starts on master node +# 2. jenkins user can be extended on both master and slave +# 3. jenkins service not started on slave node { pkgs, ... }: { nodes = { master = { pkgs, config, ... }: { services.jenkins.enable = true; + + # should have no effect + services.jenkinsSlave.enable = true; + + users.extraUsers.jenkins.extraGroups = [ "users" ]; + }; + slave = { pkgs, config, ... }: { + services.jenkinsSlave.enable = true; + + users.extraUsers.jenkins.extraGroups = [ "users" ]; }; }; @@ -10,5 +24,12 @@ startAll; $master->waitForUnit("jenkins"); + print $master->execute("sudo -u jenkins groups"); + $master->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users"); + + print $slave->execute("sudo -u jenkins groups"); + $slave->mustSucceed("sudo -u jenkins groups | grep jenkins | grep users"); + + $slave->mustFail("systemctl status jenkins.service"); ''; }