From 1749e8657781860c49199e39dd73edab12247746 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Tue, 11 Oct 2016 15:21:43 +0200
Subject: [PATCH] crowd module: init

---
 nixos/modules/module-list.nix                 |   1 +
 .../services/web-apps/atlassian/crowd.nix     | 147 ++++++++++++++++++
 2 files changed, 148 insertions(+)
 create mode 100644 nixos/modules/services/web-apps/atlassian/crowd.nix

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 4d2fa219e1e6..2520118b5338 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -482,6 +482,7 @@
   ./services/ttys/gpm.nix
   ./services/ttys/kmscon.nix
   ./services/web-apps/atlassian/confluence.nix
+  ./services/web-apps/atlassian/crowd.nix
   ./services/web-apps/atlassian/jira.nix
   ./services/web-apps/mattermost.nix
   ./services/web-apps/nixbot.nix
diff --git a/nixos/modules/services/web-apps/atlassian/crowd.nix b/nixos/modules/services/web-apps/atlassian/crowd.nix
new file mode 100644
index 000000000000..5e79678023da
--- /dev/null
+++ b/nixos/modules/services/web-apps/atlassian/crowd.nix
@@ -0,0 +1,147 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.crowd;
+
+  pkg = pkgs.atlassian-crowd;
+
+in
+
+{
+  options = {
+    services.crowd = {
+      enable = mkEnableOption "Atlassian Crowd service";
+
+      user = mkOption {
+        type = types.str;
+        default = "crowd";
+        description = "User which runs Crowd.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "crowd";
+        description = "Group which runs Crowd.";
+      };
+
+      home = mkOption {
+        type = types.str;
+        default = "/var/lib/crowd";
+        description = "Home directory of the Crowd instance.";
+      };
+
+      listenAddress = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = "Address to listen on.";
+      };
+
+      listenPort = mkOption {
+        type = types.int;
+        default = 8092;
+        description = "Port to listen on.";
+      };
+
+      catalinaOptions = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = [ "-Xms1024m" "-Xmx2048m" ];
+        description = "Java options to pass to catalina/tomcat.";
+      };
+
+      proxy = {
+        enable = mkEnableOption "reverse proxy support";
+
+        name = mkOption {
+          type = types.str;
+          example = "crowd.example.com";
+          description = "Virtual hostname at the proxy";
+        };
+
+        port = mkOption {
+          type = types.int;
+          default = 443;
+          example = 80;
+          description = "Port used at the proxy";
+        };
+
+        scheme = mkOption {
+          type = types.str;
+          default = "https";
+          example = "http";
+          description = "Protocol used at the proxy.";
+        };
+
+        secure = mkOption {
+          type = types.bool;
+          default = true;
+          example = false;
+          description = "Whether the connections to the proxy should be considered secure.";
+        };
+      };
+
+      jrePackage = let
+        jreSwitch = unfree: free: if config.nixpkgs.config.allowUnfree or false then unfree else free;
+      in mkOption {
+        type = types.package;
+        default = jreSwitch pkgs.oraclejre8 pkgs.openjdk8.jre;
+        defaultText = jreSwitch "pkgs.oraclejre8" "pkgs.openjdk8.jre";
+        example = literalExample "pkgs.openjdk8.jre";
+        description = "Java Runtime to use for Crowd. Note that Atlassian recommends the Oracle JRE.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.extraUsers."${cfg.user}" = {
+      isSystemUser = true;
+      group = cfg.group;
+    };
+
+    users.extraGroups."${cfg.group}" = {};
+
+    systemd.services.atlassian-crowd = {
+      description = "Atlassian Crowd";
+
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "postgresql.service" ];
+      after = [ "postgresql.service" ];
+
+      path = [ cfg.jrePackage ];
+
+      environment = {
+        JAVA_HOME = "${cfg.jrePackage}";
+        CATALINA_OPTS = concatStringsSep " " cfg.catalinaOptions;
+        CATALINA_TMPDIR = "/tmp";
+      };
+
+      preStart = ''
+        mkdir -p ${cfg.home}/{logs,work}
+
+        mkdir -p /run/atlassian-crowd
+        ln -sf ${cfg.home}/{work,server.xml} /run/atlassian-crowd
+
+        chown -R ${cfg.user} ${cfg.home}
+
+        sed -e 's,port="8095",port="${toString cfg.listenPort}" address="${cfg.listenAddress}",' \
+        '' + (lib.optionalString cfg.proxy.enable ''
+          -e 's,compression="on",compression="off" protocol="HTTP/1.1" proxyName="${cfg.proxy.name}" proxyPort="${toString cfg.proxy.port}" scheme="${cfg.proxy.scheme}" secure="${toString cfg.proxy.secure}",' \
+        '') + ''
+          ${pkg}/apache-tomcat/conf/server.xml.dist > ${cfg.home}/server.xml
+      '';
+
+      script = "${pkg}/start_crowd.sh";
+      #stopScript  = "${pkg}/bin/stop_crowd.sh";
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        PrivateTmp = true;
+        PermissionsStartOnly = true;
+      };
+    };
+  };
+}