pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / atlassian / crowd.nix
at 17.09-beta 4.2 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.crowd; 8 9 pkg = pkgs.atlassian-crowd.override { 10 home = cfg.home; 11 port = cfg.listenPort; 12 proxyUrl = "${cfg.proxy.scheme}://${cfg.proxy.name}:${toString cfg.proxy.port}"; 13 openidPassword = cfg.openidPassword; 14 }; 15 16in 17 18{ 19 options = { 20 services.crowd = { 21 enable = mkEnableOption "Atlassian Crowd service"; 22 23 user = mkOption { 24 type = types.str; 25 default = "crowd"; 26 description = "User which runs Crowd."; 27 }; 28 29 group = mkOption { 30 type = types.str; 31 default = "crowd"; 32 description = "Group which runs Crowd."; 33 }; 34 35 home = mkOption { 36 type = types.str; 37 default = "/var/lib/crowd"; 38 description = "Home directory of the Crowd instance."; 39 }; 40 41 listenAddress = mkOption { 42 type = types.str; 43 default = "127.0.0.1"; 44 description = "Address to listen on."; 45 }; 46 47 listenPort = mkOption { 48 type = types.int; 49 default = 8092; 50 description = "Port to listen on."; 51 }; 52 53 openidPassword = mkOption { 54 type = types.str; 55 description = "Application password for OpenID server."; 56 }; 57 58 catalinaOptions = mkOption { 59 type = types.listOf types.str; 60 default = []; 61 example = [ "-Xms1024m" "-Xmx2048m" ]; 62 description = "Java options to pass to catalina/tomcat."; 63 }; 64 65 proxy = { 66 enable = mkEnableOption "reverse proxy support"; 67 68 name = mkOption { 69 type = types.str; 70 example = "crowd.example.com"; 71 description = "Virtual hostname at the proxy"; 72 }; 73 74 port = mkOption { 75 type = types.int; 76 default = 443; 77 example = 80; 78 description = "Port used at the proxy"; 79 }; 80 81 scheme = mkOption { 82 type = types.str; 83 default = "https"; 84 example = "http"; 85 description = "Protocol used at the proxy."; 86 }; 87 88 secure = mkOption { 89 type = types.bool; 90 default = true; 91 description = "Whether the connections to the proxy should be considered secure."; 92 }; 93 }; 94 95 jrePackage = let 96 jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free; 97 in mkOption { 98 type = types.package; 99 default = jreSwitch pkgs.oraclejre8 pkgs.openjdk8.jre; 100 defaultText = jreSwitch "pkgs.oraclejre8" "pkgs.openjdk8.jre"; 101 example = literalExample "pkgs.openjdk8.jre"; 102 description = "Java Runtime to use for Crowd. Note that Atlassian recommends the Oracle JRE."; 103 }; 104 }; 105 }; 106 107 config = mkIf cfg.enable { 108 users.extraUsers."${cfg.user}" = { 109 isSystemUser = true; 110 group = cfg.group; 111 }; 112 113 users.extraGroups."${cfg.group}" = {}; 114 115 systemd.services.atlassian-crowd = { 116 description = "Atlassian Crowd"; 117 118 wantedBy = [ "multi-user.target" ]; 119 requires = [ "postgresql.service" ]; 120 after = [ "postgresql.service" ]; 121 122 path = [ cfg.jrePackage ]; 123 124 environment = { 125 JAVA_HOME = "${cfg.jrePackage}"; 126 CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions; 127 CATALINA_TMPDIR = "/tmp"; 128 }; 129 130 preStart = '' 131 mkdir -p ${cfg.home}/{logs,work,database} 132 133 mkdir -p /run/atlassian-crowd 134 ln -sf ${cfg.home}/{database,work,server.xml} /run/atlassian-crowd 135 136 chown -R ${cfg.user} ${cfg.home} 137 138 sed -e 's,port="8095",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \ 139 '' + (lib.optionalString cfg.proxy.enable '' 140 -e 's,compression="on",compression="off" protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${boolToString cfg.proxy.secure}",' \ 141 '') + '' 142 ${pkg}/apache-tomcat/conf/server.xml.dist > ${cfg.home}/server.xml 143 ''; 144 145 script = "${pkg}/start_crowd.sh"; 146 147 serviceConfig = { 148 User = cfg.user; 149 Group = cfg.group; 150 PrivateTmp = true; 151 PermissionsStartOnly = true; 152 }; 153 }; 154 }; 155}