pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6
7 cfg = config.services.crowd;
8
9 pkg = cfg.package.override {
10 home = cfg.home;
11 port = cfg.listenPort;
12 openidPassword = cfg.openidPassword;
13 } // (optionalAttrs cfg.proxy.enable {
14 proxyUrl = "${cfg.proxy.scheme}://${cfg.proxy.name}:${toString cfg.proxy.port}";
15 });
16
17in
18
19{
20 options = {
21 services.crowd = {
22 enable = mkEnableOption "Atlassian Crowd service";
23
24 user = mkOption {
25 type = types.str;
26 default = "crowd";
27 description = "User which runs Crowd.";
28 };
29
30 group = mkOption {
31 type = types.str;
32 default = "crowd";
33 description = "Group which runs Crowd.";
34 };
35
36 home = mkOption {
37 type = types.str;
38 default = "/var/lib/crowd";
39 description = "Home directory of the Crowd instance.";
40 };
41
42 listenAddress = mkOption {
43 type = types.str;
44 default = "127.0.0.1";
45 description = "Address to listen on.";
46 };
47
48 listenPort = mkOption {
49 type = types.int;
50 default = 8092;
51 description = "Port to listen on.";
52 };
53
54 openidPassword = mkOption {
55 type = types.str;
56 description = "Application password for OpenID server.";
57 };
58
59 catalinaOptions = mkOption {
60 type = types.listOf types.str;
61 default = [];
62 example = [ "-Xms1024m" "-Xmx2048m" ];
63 description = "Java options to pass to catalina/tomcat.";
64 };
65
66 proxy = {
67 enable = mkEnableOption "reverse proxy support";
68
69 name = mkOption {
70 type = types.str;
71 example = "crowd.example.com";
72 description = "Virtual hostname at the proxy";
73 };
74
75 port = mkOption {
76 type = types.int;
77 default = 443;
78 example = 80;
79 description = "Port used at the proxy";
80 };
81
82 scheme = mkOption {
83 type = types.str;
84 default = "https";
85 example = "http";
86 description = "Protocol used at the proxy.";
87 };
88
89 secure = mkOption {
90 type = types.bool;
91 default = true;
92 description = "Whether the connections to the proxy should be considered secure.";
93 };
94 };
95
96 package = mkOption {
97 type = types.package;
98 default = pkgs.atlassian-crowd;
99 defaultText = "pkgs.atlassian-crowd";
100 description = "Atlassian Crowd package to use.";
101 };
102
103 jrePackage = mkOption {
104 type = types.package;
105 default = pkgs.oraclejre8;
106 defaultText = "pkgs.oraclejre8";
107 description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152).";
108 };
109 };
110 };
111
112 config = mkIf cfg.enable {
113 users.users.${cfg.user} = {
114 isSystemUser = true;
115 group = cfg.group;
116 };
117
118 users.groups.${cfg.group} = {};
119
120 systemd.tmpfiles.rules = [
121 "d '${cfg.home}' - ${cfg.user} ${cfg.group} - -"
122 "d /run/atlassian-crowd - - - - -"
123
124 "L+ /run/atlassian-crowd/database - - - - ${cfg.home}/database"
125 "L+ /run/atlassian-crowd/logs - - - - ${cfg.home}/logs"
126 "L+ /run/atlassian-crowd/work - - - - ${cfg.home}/work"
127 "L+ /run/atlassian-crowd/server.xml - - - - ${cfg.home}/server.xml"
128 ];
129
130 systemd.services.atlassian-crowd = {
131 description = "Atlassian Crowd";
132
133 wantedBy = [ "multi-user.target" ];
134 requires = [ "postgresql.service" ];
135 after = [ "postgresql.service" ];
136
137 path = [ cfg.jrePackage ];
138
139 environment = {
140 JAVA_HOME = "${cfg.jrePackage}";
141 CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
142 CATALINA_TMPDIR = "/tmp";
143 };
144
145 preStart = ''
146 rm -rf ${cfg.home}/work
147 mkdir -p ${cfg.home}/{logs,database,work}
148
149 sed -e 's,port="8095",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \
150 '' + (lib.optionalString cfg.proxy.enable ''
151 -e 's,compression="on",compression="off" protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${boolToString cfg.proxy.secure}",' \
152 '') + ''
153 ${pkg}/apache-tomcat/conf/server.xml.dist > ${cfg.home}/server.xml
154 '';
155
156 serviceConfig = {
157 User = cfg.user;
158 Group = cfg.group;
159 PrivateTmp = true;
160 ExecStart = "${pkg}/start_crowd.sh -fg";
161 };
162 };
163 };
164}