From 2b455c1649ea4f36d868f0a8b7d331172253651a Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:09:23 +0100
Subject: [PATCH 01/12] nixosTests.plantuml-server: init

---
 nixos/tests/all-tests.nix       |  1 +
 nixos/tests/plantuml-server.nix | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 nixos/tests/plantuml-server.nix

diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index f44fcfcf54ab..fdd95a9b4f94 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -656,6 +656,7 @@ in {
   phylactery = handleTest ./web-apps/phylactery.nix {};
   pict-rs = handleTest ./pict-rs.nix {};
   pinnwand = handleTest ./pinnwand.nix {};
+  plantuml-server = handleTest ./plantuml-server.nix {};
   plasma-bigscreen = handleTest ./plasma-bigscreen.nix {};
   plasma5 = handleTest ./plasma5.nix {};
   plasma5-systemd-start = handleTest ./plasma5-systemd-start.nix {};
diff --git a/nixos/tests/plantuml-server.nix b/nixos/tests/plantuml-server.nix
new file mode 100644
index 000000000000..460c30919aec
--- /dev/null
+++ b/nixos/tests/plantuml-server.nix
@@ -0,0 +1,20 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
+  name = "plantuml-server";
+  meta.maintainers = with lib.maintainers; [ anthonyroussel ];
+
+  nodes.machine = { pkgs, ... }: {
+    environment.systemPackages = [ pkgs.curl ];
+    services.plantuml-server.enable = true;
+  };
+
+  testScript = ''
+    start_all()
+
+    machine.wait_for_unit("plantuml-server.service")
+    machine.wait_for_open_port(8080)
+
+    with subtest("Generate chart"):
+      chart_id = machine.succeed("curl -sSf http://localhost:8080/plantuml/coder -d 'Alice -> Bob'")
+      machine.succeed("curl -sSf http://localhost:8080/plantuml/txt/{}".format(chart_id))
+  '';
+})

From b7851eed077bbc924aabcb93dbd8d0dc3f61362a Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:09:47 +0100
Subject: [PATCH 02/12] plantuml-server: add nixosTest to passthru.tests

---
 pkgs/tools/misc/plantuml-server/default.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkgs/tools/misc/plantuml-server/default.nix b/pkgs/tools/misc/plantuml-server/default.nix
index 039e9acb2e8e..dc7fe1627a1c 100644
--- a/pkgs/tools/misc/plantuml-server/default.nix
+++ b/pkgs/tools/misc/plantuml-server/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, nixosTests }:
 
 let
   version = "1.2023.12";
@@ -17,6 +17,10 @@ stdenv.mkDerivation rec {
     cp "$src" "$out/webapps/plantuml.war"
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) plantuml-server;
+  };
+
   meta = with lib; {
     description = "A web application to generate UML diagrams on-the-fly.";
     homepage = "https://plantuml.com/";

From acd3c673a2849cd048b0eb7c9c6497c924d3afc1 Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:10:18 +0100
Subject: [PATCH 03/12] jetty: fix meta.homepage

---
 pkgs/servers/http/jetty/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/servers/http/jetty/default.nix b/pkgs/servers/http/jetty/default.nix
index 1ebd33f51d6f..638f2b6e6a4b 100644
--- a/pkgs/servers/http/jetty/default.nix
+++ b/pkgs/servers/http/jetty/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
 
   meta = with lib; {
     description = "A Web server and javax.servlet container";
-    homepage = "https://www.eclipse.org/jetty/";
+    homepage = "https://eclipse.dev/jetty/";
     platforms = platforms.all;
     sourceProvenance = with sourceTypes; [ binaryBytecode ];
     license = with licenses; [ asl20 epl10 ];

From 4d77d2a63f18b622df8d15ba529761a3c92d62d5 Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:10:27 +0100
Subject: [PATCH 04/12] jetty: 12.0.2 -> 12.0.3

---
 pkgs/servers/http/jetty/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pkgs/servers/http/jetty/default.nix b/pkgs/servers/http/jetty/default.nix
index 638f2b6e6a4b..d89001b4f76a 100644
--- a/pkgs/servers/http/jetty/default.nix
+++ b/pkgs/servers/http/jetty/default.nix
@@ -2,10 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "jetty";
-  version = "12.0.2";
+  version = "12.0.3";
+
   src = fetchurl {
     url = "mirror://maven/org/eclipse/jetty/jetty-home/${version}/jetty-home-${version}.tar.gz";
-    hash = "sha256-DtlHTXjbr31RmK6ycDdiWOL7jIpbWNh0la90OnOhzvM=";
+    hash = "sha256-Z/jJKKzoqTPZnoFOMwbpSd/Kd1w+rXloKH+aw6aNrKs=";
   };
 
   dontBuild = true;

From e3839eef716ba5627b141698d80adf90edd8c05c Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:56:17 +0100
Subject: [PATCH 05/12] nixos/plantuml-server: remove `with lib;` notation

https://nix.dev/guides/best-practices#with-scopes
---
 .../services/web-apps/plantuml-server.nix     | 39 +++++++++++--------
 1 file changed, 23 insertions(+), 16 deletions(-)

diff --git a/nixos/modules/services/web-apps/plantuml-server.nix b/nixos/modules/services/web-apps/plantuml-server.nix
index 5ebee48c3e0b..d84e9fb683ca 100644
--- a/nixos/modules/services/web-apps/plantuml-server.nix
+++ b/nixos/modules/services/web-apps/plantuml-server.nix
@@ -1,8 +1,15 @@
 { config, lib, pkgs, ... }:
 
-with lib;
-
 let
+  inherit (lib)
+    literalExpression
+    mdDoc
+    mkEnableOption
+    mkIf
+    mkOption
+    mkPackageOptionMD
+    types
+    ;
 
   cfg = config.services.plantuml-server;
 
@@ -11,13 +18,13 @@ in
 {
   options = {
     services.plantuml-server = {
-      enable = mkEnableOption (lib.mdDoc "PlantUML server");
+      enable = mkEnableOption (mdDoc "PlantUML server");
 
       package = mkOption {
         type = types.package;
         default = pkgs.plantuml-server;
         defaultText = literalExpression "pkgs.plantuml-server";
-        description = lib.mdDoc "PlantUML server package to use";
+        description = mdDoc "PlantUML server package to use";
       };
 
       packages = {
@@ -25,75 +32,75 @@ in
           type = types.package;
           default = pkgs.jdk;
           defaultText = literalExpression "pkgs.jdk";
-          description = lib.mdDoc "JDK package to use for the server";
+          description = mdDoc "JDK package to use for the server";
         };
         jetty = mkOption {
           type = types.package;
           default = pkgs.jetty;
           defaultText = literalExpression "pkgs.jetty";
-          description = lib.mdDoc "Jetty package to use for the server";
+          description = mdDoc "Jetty package to use for the server";
         };
       };
 
       user = mkOption {
         type = types.str;
         default = "plantuml";
-        description = lib.mdDoc "User which runs PlantUML server.";
+        description = mdDoc "User which runs PlantUML server.";
       };
 
       group = mkOption {
         type = types.str;
         default = "plantuml";
-        description = lib.mdDoc "Group which runs PlantUML server.";
+        description = mdDoc "Group which runs PlantUML server.";
       };
 
       home = mkOption {
         type = types.str;
         default = "/var/lib/plantuml";
-        description = lib.mdDoc "Home directory of the PlantUML server instance.";
+        description = mdDoc "Home directory of the PlantUML server instance.";
       };
 
       listenHost = mkOption {
         type = types.str;
         default = "127.0.0.1";
-        description = lib.mdDoc "Host to listen on.";
+        description = mdDoc "Host to listen on.";
       };
 
       listenPort = mkOption {
         type = types.int;
         default = 8080;
-        description = lib.mdDoc "Port to listen on.";
+        description = mdDoc "Port to listen on.";
       };
 
       plantumlLimitSize = mkOption {
         type = types.int;
         default = 4096;
-        description = lib.mdDoc "Limits image width and height.";
+        description = mdDoc "Limits image width and height.";
       };
 
       graphvizPackage = mkOption {
         type = types.package;
         default = pkgs.graphviz;
         defaultText = literalExpression "pkgs.graphviz";
-        description = lib.mdDoc "Package containing the dot executable.";
+        description = mdDoc "Package containing the dot executable.";
       };
 
       plantumlStats = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc "Set it to on to enable statistics report (https://plantuml.com/statistics-report).";
+        description = mdDoc "Set it to on to enable statistics report (https://plantuml.com/statistics-report).";
       };
 
       httpAuthorization = mkOption {
         type = types.nullOr types.str;
         default = null;
-        description = lib.mdDoc "When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.";
+        description = mdDoc "When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.";
       };
 
       allowPlantumlInclude = mkOption {
         type = types.bool;
         default = false;
-        description = lib.mdDoc "Enables !include processing which can read files from the server into diagrams. Files are read relative to the current working directory.";
+        description = mdDoc "Enables !include processing which can read files from the server into diagrams. Files are read relative to the current working directory.";
       };
     };
   };

From 09e9d47508a1bc6c90c3c324a166d8f13b89528c Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:58:37 +0100
Subject: [PATCH 06/12] nixos/plantuml-server: add hardening

---
 .../services/web-apps/plantuml-server.nix     | 37 ++++++++++++++-----
 1 file changed, 28 insertions(+), 9 deletions(-)

diff --git a/nixos/modules/services/web-apps/plantuml-server.nix b/nixos/modules/services/web-apps/plantuml-server.nix
index d84e9fb683ca..0c23efe47f3c 100644
--- a/nixos/modules/services/web-apps/plantuml-server.nix
+++ b/nixos/modules/services/web-apps/plantuml-server.nix
@@ -106,19 +106,11 @@ in
   };
 
   config = mkIf cfg.enable {
-    users.users.${cfg.user} = {
-      isSystemUser = true;
-      group = cfg.group;
-      home = cfg.home;
-      createHome = true;
-    };
-
-    users.groups.${cfg.group} = {};
-
     systemd.services.plantuml-server = {
       description = "PlantUML server";
       wantedBy = [ "multi-user.target" ];
       path = [ cfg.home ];
+
       environment = {
         PLANTUML_LIMIT_SIZE = builtins.toString cfg.plantumlLimitSize;
         GRAPHVIZ_DOT = "${cfg.graphvizPackage}/bin/dot";
@@ -135,10 +127,37 @@ in
           jetty.http.host=${cfg.listenHost} \
           jetty.http.port=${builtins.toString cfg.listenPort}
       '';
+
       serviceConfig = {
         User = cfg.user;
         Group = cfg.group;
+        StateDirectory = mkIf (cfg.home == "/var/lib/plantuml") "plantuml";
+        StateDirectoryMode = mkIf (cfg.home == "/var/lib/plantuml") "0750";
+
+        # Hardening
+        AmbientCapabilities = [ "" ];
+        CapabilityBoundingSet = [ "" ];
+        DynamicUser = true;
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateNetwork = false;
         PrivateTmp = true;
+        PrivateUsers = true;
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectSystem = "strict";
+        RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [ "@system-service" ];
       };
     };
   };

From 3b17b80525812587783500cf56344361642d77f8 Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Wed, 15 Nov 2023 00:04:08 +0100
Subject: [PATCH 07/12] nixos/plantuml-server: add anthonyroussel to
 maintainers

---
 nixos/modules/services/web-apps/plantuml-server.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/web-apps/plantuml-server.nix b/nixos/modules/services/web-apps/plantuml-server.nix
index 0c23efe47f3c..397371105407 100644
--- a/nixos/modules/services/web-apps/plantuml-server.nix
+++ b/nixos/modules/services/web-apps/plantuml-server.nix
@@ -162,5 +162,5 @@ in
     };
   };
 
-  meta.maintainers = with lib.maintainers; [ truh ];
+  meta.maintainers = with lib.maintainers; [ truh anthonyroussel ];
 }

From 2c94d267c2bd0f154ad5479da4d23e49f39ed5a1 Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Wed, 15 Nov 2023 00:04:43 +0100
Subject: [PATCH 08/12] nixos/plantuml-server: use mkPackageOptionMD

---
 .../services/web-apps/plantuml-server.nix     | 28 +++----------------
 1 file changed, 4 insertions(+), 24 deletions(-)

diff --git a/nixos/modules/services/web-apps/plantuml-server.nix b/nixos/modules/services/web-apps/plantuml-server.nix
index 397371105407..e5a6f0283474 100644
--- a/nixos/modules/services/web-apps/plantuml-server.nix
+++ b/nixos/modules/services/web-apps/plantuml-server.nix
@@ -20,26 +20,11 @@ in
     services.plantuml-server = {
       enable = mkEnableOption (mdDoc "PlantUML server");
 
-      package = mkOption {
-        type = types.package;
-        default = pkgs.plantuml-server;
-        defaultText = literalExpression "pkgs.plantuml-server";
-        description = mdDoc "PlantUML server package to use";
-      };
+      package = mkPackageOptionMD pkgs "plantuml-server" { };
 
       packages = {
-        jdk = mkOption {
-          type = types.package;
-          default = pkgs.jdk;
-          defaultText = literalExpression "pkgs.jdk";
-          description = mdDoc "JDK package to use for the server";
-        };
-        jetty = mkOption {
-          type = types.package;
-          default = pkgs.jetty;
-          defaultText = literalExpression "pkgs.jetty";
-          description = mdDoc "Jetty package to use for the server";
-        };
+        jdk = mkPackageOptionMD pkgs "jdk" { };
+        jetty = mkPackageOptionMD pkgs "jetty" { };
       };
 
       user = mkOption {
@@ -78,12 +63,7 @@ in
         description = mdDoc "Limits image width and height.";
       };
 
-      graphvizPackage = mkOption {
-        type = types.package;
-        default = pkgs.graphviz;
-        defaultText = literalExpression "pkgs.graphviz";
-        description = mdDoc "Package containing the dot executable.";
-      };
+      graphvizPackage = mkPackageOptionMD pkgs "graphviz" { };
 
       plantumlStats = mkOption {
         type = types.bool;

From c7d414ef389f42959b71d6c274f70fec7aaa8e9b Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Tue, 14 Nov 2023 23:42:58 +0100
Subject: [PATCH 09/12] jetty_11,jetty_12: init

---
 pkgs/servers/http/jetty/11.x.nix                    | 4 ++++
 pkgs/servers/http/jetty/12.x.nix                    | 4 ++++
 pkgs/servers/http/jetty/{default.nix => common.nix} | 7 +++++--
 pkgs/top-level/all-packages.nix                     | 4 +++-
 4 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 pkgs/servers/http/jetty/11.x.nix
 create mode 100644 pkgs/servers/http/jetty/12.x.nix
 rename pkgs/servers/http/jetty/{default.nix => common.nix} (87%)

diff --git a/pkgs/servers/http/jetty/11.x.nix b/pkgs/servers/http/jetty/11.x.nix
new file mode 100644
index 000000000000..3196b24d7485
--- /dev/null
+++ b/pkgs/servers/http/jetty/11.x.nix
@@ -0,0 +1,4 @@
+import ./common.nix {
+  version = "11.0.18";
+  hash = "sha256-HxtO2r6YWo6+MAYUgk7dNSPDqQZoyO9t/8NdI5pPkL4=";
+}
diff --git a/pkgs/servers/http/jetty/12.x.nix b/pkgs/servers/http/jetty/12.x.nix
new file mode 100644
index 000000000000..4dba445b6b90
--- /dev/null
+++ b/pkgs/servers/http/jetty/12.x.nix
@@ -0,0 +1,4 @@
+import ./common.nix {
+  version = "12.0.3";
+  hash = "sha256-Z/jJKKzoqTPZnoFOMwbpSd/Kd1w+rXloKH+aw6aNrKs=";
+}
diff --git a/pkgs/servers/http/jetty/default.nix b/pkgs/servers/http/jetty/common.nix
similarity index 87%
rename from pkgs/servers/http/jetty/default.nix
rename to pkgs/servers/http/jetty/common.nix
index d89001b4f76a..5b36282eb2f1 100644
--- a/pkgs/servers/http/jetty/default.nix
+++ b/pkgs/servers/http/jetty/common.nix
@@ -1,12 +1,15 @@
+{ version, hash }:
+
 { lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   pname = "jetty";
-  version = "12.0.3";
+
+  inherit version;
 
   src = fetchurl {
     url = "mirror://maven/org/eclipse/jetty/jetty-home/${version}/jetty-home-${version}.tar.gz";
-    hash = "sha256-Z/jJKKzoqTPZnoFOMwbpSd/Kd1w+rXloKH+aw6aNrKs=";
+    inherit hash;
   };
 
   dontBuild = true;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index bda9a5447d0b..b70f26cdbe23 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -26523,7 +26523,9 @@ with pkgs;
 
   jboss_mysql_jdbc = callPackage ../servers/http/jboss/jdbc/mysql { };
 
-  jetty = callPackage ../servers/http/jetty { };
+  jetty = jetty_12;
+  jetty_12 = callPackage ../servers/http/jetty/12.x.nix { };
+  jetty_11 = callPackage ../servers/http/jetty/11.x.nix { };
 
   jibri = callPackage ../servers/jibri { };
 

From 252d793e792eff90b11e97d03251daf65e5e506c Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Wed, 15 Nov 2023 00:02:36 +0100
Subject: [PATCH 10/12] jetty_11,jetty_12: add anthonyroussel to maintainers

---
 pkgs/servers/http/jetty/common.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/servers/http/jetty/common.nix b/pkgs/servers/http/jetty/common.nix
index 5b36282eb2f1..83adac4ddd0d 100644
--- a/pkgs/servers/http/jetty/common.nix
+++ b/pkgs/servers/http/jetty/common.nix
@@ -25,6 +25,6 @@ stdenv.mkDerivation rec {
     platforms = platforms.all;
     sourceProvenance = with sourceTypes; [ binaryBytecode ];
     license = with licenses; [ asl20 epl10 ];
-    maintainers = with maintainers; [ emmanuelrosa ];
+    maintainers = with maintainers; [ emmanuelrosa anthonyroussel ];
   };
 }

From deae39af435a3088be677dbeb88a0167fd4682c4 Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Wed, 15 Nov 2023 00:05:07 +0100
Subject: [PATCH 11/12] nixos/plantuml-server: use jetty_11

PlantUML Server does not support Jetty versions higher than 12.x.

Jetty 12.x has introduced major breaking changes, see
* https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.0
* https://eclipse.dev/jetty/documentation/jetty-12/programming-guide/index.html#pg-migration-11-to-12
---
 .../modules/services/web-apps/plantuml-server.nix  | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/web-apps/plantuml-server.nix b/nixos/modules/services/web-apps/plantuml-server.nix
index e5a6f0283474..4e24b3f24b10 100644
--- a/nixos/modules/services/web-apps/plantuml-server.nix
+++ b/nixos/modules/services/web-apps/plantuml-server.nix
@@ -24,7 +24,17 @@ in
 
       packages = {
         jdk = mkPackageOptionMD pkgs "jdk" { };
-        jetty = mkPackageOptionMD pkgs "jetty" { };
+        jetty = mkPackageOptionMD pkgs "jetty" {
+          default = "jetty_11";
+          extraDescription = ''
+            At the time of writing (v1.2023.12), PlantUML Server does not support
+            Jetty versions higher than 12.x.
+
+            Jetty 12.x has introduced major breaking changes, see
+            <https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.0> and
+            <https://eclipse.dev/jetty/documentation/jetty-12/programming-guide/index.html#pg-migration-11-to-12>
+          '';
+        };
       };
 
       user = mkOption {
@@ -40,7 +50,7 @@ in
       };
 
       home = mkOption {
-        type = types.str;
+        type = types.path;
         default = "/var/lib/plantuml";
         description = mdDoc "Home directory of the PlantUML server instance.";
       };

From 8c7c1e7a302671c685cbcfc3730b6d33dfde34b9 Mon Sep 17 00:00:00 2001
From: Anthony Roussel <anthony@roussel.dev>
Date: Wed, 15 Nov 2023 00:34:14 +0100
Subject: [PATCH 12/12] nixos/plantuml-server: remove deprecated
 allowPlantumlInclude option

See https://github.com/plantuml/plantuml-server/pull/301
---
 nixos/modules/services/web-apps/plantuml-server.nix | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/nixos/modules/services/web-apps/plantuml-server.nix b/nixos/modules/services/web-apps/plantuml-server.nix
index 4e24b3f24b10..1fa69814c6c9 100644
--- a/nixos/modules/services/web-apps/plantuml-server.nix
+++ b/nixos/modules/services/web-apps/plantuml-server.nix
@@ -8,6 +8,7 @@ let
     mkIf
     mkOption
     mkPackageOptionMD
+    mkRemovedOptionModule
     types
     ;
 
@@ -16,6 +17,10 @@ let
 in
 
 {
+  imports = [
+    (mkRemovedOptionModule [ "services" "plantuml-server" "allowPlantumlInclude" ] "This option has been removed from PlantUML.")
+  ];
+
   options = {
     services.plantuml-server = {
       enable = mkEnableOption (mdDoc "PlantUML server");
@@ -86,12 +91,6 @@ in
         default = null;
         description = mdDoc "When calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.";
       };
-
-      allowPlantumlInclude = mkOption {
-        type = types.bool;
-        default = false;
-        description = mdDoc "Enables !include processing which can read files from the server into diagrams. Files are read relative to the current working directory.";
-      };
     };
   };
 
@@ -106,7 +105,6 @@ in
         GRAPHVIZ_DOT = "${cfg.graphvizPackage}/bin/dot";
         PLANTUML_STATS = if cfg.plantumlStats then "on" else "off";
         HTTP_AUTHORIZATION = cfg.httpAuthorization;
-        ALLOW_PLANTUML_INCLUDE = if cfg.allowPlantumlInclude then "true" else "false";
       };
       script = ''
       ${cfg.packages.jdk}/bin/java \