public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

atlassian-{jira,confluence}: add crowd sso support

Browse Source
This commit is contained in:
Franz Pletz 2017-06-17 18:32:00 +02:00 committed by Robin Gloster
parent 1075919413
commit 02791ced34
No known key found for this signature in database
GPG Key ID: 5E4C836C632C2882
4 changed files with 126 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
nixos/modules/services/web-apps/atlassian/confluence.nix
View File

@ -6,7 +6,22 @@ let
cfg = config.services.confluence; cfg = config.services.confluence;
pkg = pkgs.atlassian-confluence; pkg = pkgs.atlassian-confluence.override {
enableSSO = cfg.sso.enable;
crowdProperties = ''
application.name ${cfg.sso.applicationName}
application.password ${cfg.sso.applicationPassword}
application.login.url ${cfg.sso.crowd}/console/
crowd.server.url ${cfg.sso.crowd}/services/
crowd.base.url ${cfg.sso.crowd}/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval ${toString cfg.sso.validationInterval}
session.lastvalidation session.lastvalidation
'';
};
in in
@ -76,6 +91,42 @@ in
}; };
}; };
sso = {
enable = mkEnableOption "SSO with Atlassian Crowd";
crowd = mkOption {
type = types.str;
example = "http://localhost:8095/crowd";
description = "Crowd Base URL without trailing slash";
};
applicationName = mkOption {
type = types.str;
example = "jira";
description = "Exact name of this Confluence instance in Crowd";
};
applicationPassword = mkOption {
type = types.str;
description = "Application password of this Confluence instance in Crowd";
};
validationInterval = mkOption {
type = types.int;
default = 2;
example = 0;
description = ''
Set to 0, if you want authentication checks to occur on each
request. Otherwise set to the number of minutes between request
to validate if the user is logged in or out of the Crowd SSO
server. Setting this value to 1 or higher will increase the
performance of Crowd's integration.
'';
};
};
jrePackage = let jrePackage = let
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
in mkOption { in mkOption {

51
nixos/modules/services/web-apps/atlassian/jira.nix
View File

@ -6,7 +6,22 @@ let
cfg = config.services.jira; cfg = config.services.jira;
pkg = pkgs.atlassian-jira; pkg = pkgs.atlassian-jira.override {
enableSSO = cfg.sso.enable;
crowdProperties = ''
application.name ${cfg.sso.applicationName}
application.password ${cfg.sso.applicationPassword}
application.login.url ${cfg.sso.crowd}/console/
crowd.server.url ${cfg.sso.crowd}/services/
crowd.base.url ${cfg.sso.crowd}/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval ${toString cfg.sso.validationInterval}
session.lastvalidation session.lastvalidation
'';
};
in in
@ -82,6 +97,40 @@ in
}; };
}; };
sso = {
enable = mkEnableOption "SSO with Atlassian Crowd";
crowd = mkOption {
type = types.str;
example = "http://localhost:8095/crowd";
description = "Crowd Base URL without trailing slash";
};
applicationName = mkOption {
type = types.str;
example = "jira";
description = "Exact name of this JIRA instance in Crowd";
};
applicationPassword = mkOption {
type = types.str;
description = "Application password of this JIRA instance in Crowd";
};
validationInterval = mkOption {
type = types.int;
default = 2;
example = 0;
description = ''
Set to 0, if you want authentication checks to occur on each
request. Otherwise set to the number of minutes between request
to validate if the user is logged in or out of the Crowd SSO
server. Setting this value to 1 or higher will increase the
performance of Crowd's integration.
'';
};
};
jrePackage = let jrePackage = let
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
in mkOption { in mkOption {

13
pkgs/servers/atlassian/confluence.nix
View File

@ -1,4 +1,7 @@
{ stdenv, fetchurl }: { stdenv, lib, fetchurl
, enableSSO ? false
, crowdProperties ? null
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "atlassian-confluence-${version}"; name = "atlassian-confluence-${version}";
@ -19,6 +22,14 @@ stdenv.mkDerivation rec {
rm -r logs; ln -sf /run/confluence/logs/ . rm -r logs; ln -sf /run/confluence/logs/ .
rm -r work; ln -sf /run/confluence/work/ . rm -r work; ln -sf /run/confluence/work/ .
rm -r temp; ln -sf /run/confluence/temp/ . rm -r temp; ln -sf /run/confluence/temp/ .
'' + lib.optionalString enableSSO ''
substituteInPlace confluence/WEB-INF/classes/seraph-config.xml \
--replace com.atlassian.confluence.user.ConfluenceAuthenticator\
com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator
'' + lib.optionalString (crowdProperties != null) ''
cat <<EOF > confluence/WEB-INF/classes/crowd.properties
${crowdProperties}
EOF
''; '';
installPhase = '' installPhase = ''

13
pkgs/servers/atlassian/jira.nix
View File

@ -1,4 +1,7 @@
{ stdenv, fetchurl }: { stdenv, lib, fetchurl
, enableSSO ? false
, crowdProperties ? null
}:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "atlassian-jira-${version}"; name = "atlassian-jira-${version}";
@ -17,6 +20,14 @@ stdenv.mkDerivation rec {
rm -r logs; ln -sf /run/atlassian-jira/logs/ . rm -r logs; ln -sf /run/atlassian-jira/logs/ .
rm -r work; ln -sf /run/atlassian-jira/work/ . rm -r work; ln -sf /run/atlassian-jira/work/ .
rm -r temp; ln -sf /run/atlassian-jira/temp/ . rm -r temp; ln -sf /run/atlassian-jira/temp/ .
'' + lib.optionalString enableSSO ''
substituteInPlace atlassian-jira/WEB-INF/classes/seraph-config.xml \
--replace com.atlassian.jira.security.login.JiraSeraphAuthenticator \
com.atlassian.jira.security.login.SSOSeraphAuthenticator
'' + lib.optionalString (crowdProperties != null) ''
cat <<EOF > atlassian-jira/WEB-INF/classes/crowd.properties
${crowdProperties}
EOF
''; '';
installPhase = '' installPhase = ''