nixos/modules/services/web-apps/atlassian/crowd.nix at 22.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-apps / atlassian / crowd.nix
at 22.05-pre 4.5 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.crowd;
  8
  9  pkg = cfg.package.override {
 10    home = cfg.home;
 11    port = cfg.listenPort;
 12    openidPassword = cfg.openidPassword;
 13  } // (optionalAttrs cfg.proxy.enable {
 14    proxyUrl = "${cfg.proxy.scheme}://${cfg.proxy.name}:${toString cfg.proxy.port}";
 15  });
 16
 17in
 18
 19{
 20  options = {
 21    services.crowd = {
 22      enable = mkEnableOption "Atlassian Crowd service";
 23
 24      user = mkOption {
 25        type = types.str;
 26        default = "crowd";
 27        description = "User which runs Crowd.";
 28      };
 29
 30      group = mkOption {
 31        type = types.str;
 32        default = "crowd";
 33        description = "Group which runs Crowd.";
 34      };
 35
 36      home = mkOption {
 37        type = types.str;
 38        default = "/var/lib/crowd";
 39        description = "Home directory of the Crowd instance.";
 40      };
 41
 42      listenAddress = mkOption {
 43        type = types.str;
 44        default = "127.0.0.1";
 45        description = "Address to listen on.";
 46      };
 47
 48      listenPort = mkOption {
 49        type = types.int;
 50        default = 8092;
 51        description = "Port to listen on.";
 52      };
 53
 54      openidPassword = mkOption {
 55        type = types.str;
 56        description = "Application password for OpenID server.";
 57      };
 58
 59      catalinaOptions = mkOption {
 60        type = types.listOf types.str;
 61        default = [];
 62        example = [ "-Xms1024m" "-Xmx2048m" ];
 63        description = "Java options to pass to catalina/tomcat.";
 64      };
 65
 66      proxy = {
 67        enable = mkEnableOption "reverse proxy support";
 68
 69        name = mkOption {
 70          type = types.str;
 71          example = "crowd.example.com";
 72          description = "Virtual hostname at the proxy";
 73        };
 74
 75        port = mkOption {
 76          type = types.int;
 77          default = 443;
 78          example = 80;
 79          description = "Port used at the proxy";
 80        };
 81
 82        scheme = mkOption {
 83          type = types.str;
 84          default = "https";
 85          example = "http";
 86          description = "Protocol used at the proxy.";
 87        };
 88
 89        secure = mkOption {
 90          type = types.bool;
 91          default = true;
 92          description = "Whether the connections to the proxy should be considered secure.";
 93        };
 94      };
 95
 96      package = mkOption {
 97        type = types.package;
 98        default = pkgs.atlassian-crowd;
 99        defaultText = literalExpression "pkgs.atlassian-crowd";
100        description = "Atlassian Crowd package to use.";
101      };
102
103      jrePackage = mkOption {
104        type = types.package;
105        default = pkgs.oraclejre8;
106        defaultText = literalExpression "pkgs.oraclejre8";
107        description = "Note that Atlassian only support the Oracle JRE (JRASERVER-46152).";
108      };
109    };
110  };
111
112  config = mkIf cfg.enable {
113    users.users.${cfg.user} = {
114      isSystemUser = true;
115      group = cfg.group;
116    };
117
118    users.groups.${cfg.group} = {};
119
120    systemd.tmpfiles.rules = [
121      "d '${cfg.home}' - ${cfg.user} ${cfg.group} - -"
122      "d /run/atlassian-crowd - - - - -"
123
124      "L+ /run/atlassian-crowd/database - - - - ${cfg.home}/database"
125      "L+ /run/atlassian-crowd/logs - - - - ${cfg.home}/logs"
126      "L+ /run/atlassian-crowd/work - - - - ${cfg.home}/work"
127      "L+ /run/atlassian-crowd/server.xml - - - - ${cfg.home}/server.xml"
128    ];
129
130    systemd.services.atlassian-crowd = {
131      description = "Atlassian Crowd";
132
133      wantedBy = [ "multi-user.target" ];
134      requires = [ "postgresql.service" ];
135      after = [ "postgresql.service" ];
136
137      path = [ cfg.jrePackage ];
138
139      environment = {
140        JAVA_HOME = "${cfg.jrePackage}";
141        CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
142        CATALINA_TMPDIR = "/tmp";
143      };
144
145      preStart = ''
146        rm -rf ${cfg.home}/work
147        mkdir -p ${cfg.home}/{logs,database,work}
148
149        sed -e 's,port="8095",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \
150        '' + (lib.optionalString cfg.proxy.enable ''
151          -e 's,compression="on",compression="off" protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${boolToString cfg.proxy.secure}",' \
152        '') + ''
153          ${pkg}/apache-tomcat/conf/server.xml.dist > ${cfg.home}/server.xml
154      '';
155
156      serviceConfig = {
157        User = cfg.user;
158        Group = cfg.group;
159        PrivateTmp = true;
160        ExecStart = "${pkg}/start_crowd.sh -fg";
161      };
162    };
163  };
164}