Set up offline maven repository for Jenkins, while 3rd party atrifacts cannot be reached

Question

I work with an external company on a large project with hundreds of their own artifacts and plugins. Every developer can download them from remote repository only with per-user personal VPN.

I want to set up an intranet Nexus repository that mirrors remote repository for use with Jenkins. Problem is that there is no chance to have a VPN account for Nexus (neither Jenkins). So while every developer has these artifacts in a local repository, we need to manually update Jenkins' m2 repostiory, which is troublesome.

We've came to few ideas, bot none of these sound great:

1. Manually rsync my local repository to Jenkins' local repository
2. Mount Jenkins' local repository with sshfs to my .m2/repository so it gets updated on builds I do (so I don't have a real local repository on my disk, it's mounted)
3. Set up Nexus, create a user nexus on my machine and let him use my VPN connection as a proxy to remote repository (it creates a loop: my maven - Nexus - my VPN - remote)

How would you recommend to set up Nexus for Jenkins in that situation?

Answer 1

Ultimately you would save the external company a lot of traffic and money if you can proxy their Nexus repo with your own Nexus repo. This should provide enough reasons to set up a VPN user for Nexus. It can be very limited and have only access to the Nexus instance there and even be secured with a specific account in Nexus as well.

Every other workaround will ultimately be a hack. Worst case I would set up Nexus in your company and get it to access the external network with your user account, but a reasonable organization would understand the benefits of setting this up properly.

And if you are both using Nexus Professional you could use Smart Proxy for even better trusted connections and immediate updates of available components.