|
|
|
@ -6,7 +6,22 @@ let |
|
|
|
|
|
|
|
|
|
cfg = config.services.confluence; |
|
|
|
|
|
|
|
|
|
pkg = pkgs.atlassian-confluence; |
|
|
|
|
pkg = pkgs.atlassian-confluence.override { |
|
|
|
|
enableSSO = cfg.sso.enable; |
|
|
|
|
crowdProperties = '' |
|
|
|
|
application.name ${cfg.sso.applicationName} |
|
|
|
|
application.password ${cfg.sso.applicationPassword} |
|
|
|
|
application.login.url ${cfg.sso.crowd}/console/ |
|
|
|
|
|
|
|
|
|
crowd.server.url ${cfg.sso.crowd}/services/ |
|
|
|
|
crowd.base.url ${cfg.sso.crowd}/ |
|
|
|
|
|
|
|
|
|
session.isauthenticated session.isauthenticated |
|
|
|
|
session.tokenkey session.tokenkey |
|
|
|
|
session.validationinterval ${toString cfg.sso.validationInterval} |
|
|
|
|
session.lastvalidation session.lastvalidation |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
in |
|
|
|
|
|
|
|
|
@ -76,6 +91,42 @@ in |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
sso = { |
|
|
|
|
enable = mkEnableOption "SSO with Atlassian Crowd"; |
|
|
|
|
|
|
|
|
|
crowd = mkOption { |
|
|
|
|
type = types.str; |
|
|
|
|
example = "http://localhost:8095/crowd"; |
|
|
|
|
description = "Crowd Base URL without trailing slash"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
applicationName = mkOption { |
|
|
|
|
type = types.str; |
|
|
|
|
example = "jira"; |
|
|
|
|
description = "Exact name of this Confluence instance in Crowd"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
applicationPassword = mkOption { |
|
|
|
|
type = types.str; |
|
|
|
|
description = "Application password of this Confluence instance in Crowd"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
validationInterval = mkOption { |
|
|
|
|
type = types.int; |
|
|
|
|
default = 2; |
|
|
|
|
example = 0; |
|
|
|
|
description = '' |
|
|
|
|
Set to 0, if you want authentication checks to occur on each |
|
|
|
|
request. Otherwise set to the number of minutes between request |
|
|
|
|
to validate if the user is logged in or out of the Crowd SSO |
|
|
|
|
server. Setting this value to 1 or higher will increase the |
|
|
|
|
performance of Crowd's integration. |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
jrePackage = let |
|
|
|
|
jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; |
|
|
|
|
in mkOption { |
|
|
|
|