pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / web-apps / atlassian / jira.nix
at 18.09-beta 5.6 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.jira; 8 9 pkg = pkgs.atlassian-jira.override (optionalAttrs cfg.sso.enable { 10 enableSSO = cfg.sso.enable; 11 crowdProperties = '' 12 application.name ${cfg.sso.applicationName} 13 application.password ${cfg.sso.applicationPassword} 14 application.login.url ${cfg.sso.crowd}/console/ 15 16 crowd.server.url ${cfg.sso.crowd}/services/ 17 crowd.base.url ${cfg.sso.crowd}/ 18 19 session.isauthenticated session.isauthenticated 20 session.tokenkey session.tokenkey 21 session.validationinterval ${toString cfg.sso.validationInterval} 22 session.lastvalidation session.lastvalidation 23 ''; 24 }); 25 26in 27 28{ 29 options = { 30 services.jira = { 31 enable = mkEnableOption "Atlassian JIRA service"; 32 33 user = mkOption { 34 type = types.str; 35 default = "jira"; 36 description = "User which runs JIRA."; 37 }; 38 39 group = mkOption { 40 type = types.str; 41 default = "jira"; 42 description = "Group which runs JIRA."; 43 }; 44 45 home = mkOption { 46 type = types.str; 47 default = "/var/lib/jira"; 48 description = "Home directory of the JIRA instance."; 49 }; 50 51 listenAddress = mkOption { 52 type = types.str; 53 default = "127.0.0.1"; 54 description = "Address to listen on."; 55 }; 56 57 listenPort = mkOption { 58 type = types.int; 59 default = 8091; 60 description = "Port to listen on."; 61 }; 62 63 catalinaOptions = mkOption { 64 type = types.listOf types.str; 65 default = []; 66 example = [ "-Xms1024m" "-Xmx2048m" ]; 67 description = "Java options to pass to catalina/tomcat."; 68 }; 69 70 proxy = { 71 enable = mkEnableOption "reverse proxy support"; 72 73 name = mkOption { 74 type = types.str; 75 example = "jira.example.com"; 76 description = "Virtual hostname at the proxy"; 77 }; 78 79 port = mkOption { 80 type = types.int; 81 default = 443; 82 example = 80; 83 description = "Port used at the proxy"; 84 }; 85 86 scheme = mkOption { 87 type = types.str; 88 default = "https"; 89 example = "http"; 90 description = "Protocol used at the proxy."; 91 }; 92 93 secure = mkOption { 94 type = types.bool; 95 default = true; 96 description = "Whether the connections to the proxy should be considered secure."; 97 }; 98 }; 99 100 sso = { 101 enable = mkEnableOption "SSO with Atlassian Crowd"; 102 103 crowd = mkOption { 104 type = types.str; 105 example = "http://localhost:8095/crowd"; 106 description = "Crowd Base URL without trailing slash"; 107 }; 108 109 applicationName = mkOption { 110 type = types.str; 111 example = "jira"; 112 description = "Exact name of this JIRA instance in Crowd"; 113 }; 114 115 applicationPassword = mkOption { 116 type = types.str; 117 description = "Application password of this JIRA instance in Crowd"; 118 }; 119 120 validationInterval = mkOption { 121 type = types.int; 122 default = 2; 123 example = 0; 124 description = '' 125 Set to 0, if you want authentication checks to occur on each 126 request. Otherwise set to the number of minutes between request 127 to validate if the user is logged in or out of the Crowd SSO 128 server. Setting this value to 1 or higher will increase the 129 performance of Crowd's integration. 130 ''; 131 }; 132 }; 133 134 jrePackage = mkOption { 135 type = types.package; 136 default = pkgs.oraclejre8; 137 defaultText = "pkgs.oraclejre8"; 138 description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152)."; 139 }; 140 }; 141 }; 142 143 config = mkIf cfg.enable { 144 users.users."${cfg.user}" = { 145 isSystemUser = true; 146 group = cfg.group; 147 }; 148 149 users.groups."${cfg.group}" = {}; 150 151 systemd.services.atlassian-jira = { 152 description = "Atlassian JIRA"; 153 154 wantedBy = [ "multi-user.target" ]; 155 requires = [ "postgresql.service" ]; 156 after = [ "postgresql.service" ]; 157 158 path = [ cfg.jrePackage pkgs.bash ]; 159 160 environment = { 161 JIRA_USER = cfg.user; 162 JIRA_HOME = cfg.home; 163 JAVA_HOME = "${cfg.jrePackage}"; 164 CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions; 165 }; 166 167 preStart = '' 168 mkdir -p ${cfg.home}/{logs,work,temp,deploy} 169 170 mkdir -p /run/atlassian-jira 171 ln -sf ${cfg.home}/{logs,work,temp,server.xml} /run/atlassian-jira 172 ln -sf ${cfg.home} /run/atlassian-jira/home 173 174 chown -R ${cfg.user} ${cfg.home} 175 176 sed -e 's,port="8080",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \ 177 '' + (lib.optionalString cfg.proxy.enable '' 178 -e 's,protocol="HTTP/1.1",protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${toString cfg.proxy.secure}",' \ 179 '') + '' 180 ${pkg}/conf/server.xml.dist > ${cfg.home}/server.xml 181 ''; 182 183 serviceConfig = { 184 User = cfg.user; 185 Group = cfg.group; 186 PrivateTmp = true; 187 PermissionsStartOnly = true; 188 ExecStart = "${pkg}/bin/start-jira.sh -fg"; 189 ExecStop = "${pkg}/bin/stop-jira.sh"; 190 }; 191 }; 192 }; 193}