diff --git a/services/nexus-vm-opts.patch b/services/nexus-vm-opts.patch new file mode 100644 index 0000000..684434d --- /dev/null +++ b/services/nexus-vm-opts.patch @@ -0,0 +1,12 @@ +--- a/bin/nexus 2025-05-02 22:27:48.000000000 +0200 ++++ b/bin/nexus 2025-06-09 14:59:58.617397105 +0200 +@@ -139,7 +139,8 @@ + + cd "$HOME" || exit 1 + vmoptions_val="" +-read_vmoptions "nexus.vmoptions" ++VM_OPTS=${VM_OPTS_FILE:-"nexus.vmoptions"} ++read_vmoptions "$VM_OPTS" + INSTALL4J_ADD_VM_PARAMS="$INSTALL4J_ADD_VM_PARAMS $vmoptions_val" + + # deduce the chosen data directory and prepare log and tmp directories diff --git a/services/nexus.nix b/services/nexus.nix index 66ba852..0eb9027 100644 --- a/services/nexus.nix +++ b/services/nexus.nix @@ -5,25 +5,41 @@ let lPort = 9081; nexusPkgs = pkgs.nexus.overrideAttrs (oldAttrs: rec { pname = "nexus"; - version = "3.69.0-02"; + version = "3.80.0-06"; sourceRoot = "${pname}-${version}"; src = pkgs.fetchurl { - url = "https://sonatype-download.global.ssl.fastly.net/nexus/3/nexus-${version}-unix.tar.gz"; - sha256 = "sha256-7sgLPuM93mFEPlTd3qJY+FGVHErvgcTGJWwSBcqBgWI="; + url = "https://download.sonatype.com/nexus/3/nexus-${version}-linux-x86_64.tar.gz"; + sha256 = "sha256-+Xr6qmmG1tH2wWv+jyZzkZJMB1hngO51IXLyfwKUfS0="; }; + + patches = [ + # ./nexus-bin.patch + ./nexus-vm-opts.patch + ]; + + postPatch = '' + substituteInPlace bin/nexus.vmoptions \ + --replace-fail ../sonatype-work /var/lib/sonatype-work \ + --replace-fail =. =$out + ''; + installPhase = '' runHook preInstall mkdir -p $out - cp -rfv * .install4j $out + cp -rfv * $out rm -fv $out/bin/nexus.bat wrapProgram $out/bin/nexus \ - --set JAVA_HOME ${pkgs.jre8_headless} \ + --set JAVA_HOME ${pkgs.jdk17_headless} \ --set ALTERNATIVE_NAME "nexus" \ --prefix PATH "${lib.makeBinPath [ pkgs.gawk ]}" runHook postInstall ''; }); +home ="/var/lib/sonatype-work"; + +package = nexusPkgs; + in { services.nginx.virtualHosts."nexus.stubbe.rocks" = { @@ -37,5 +53,45 @@ in listenAddress = lAddress; listenPort = lPort; package = nexusPkgs; + jvmOpts = '' + -Xms2703m + -Xmx2703m + -XX:+UnlockDiagnosticVMOptions + -XX:+LogVMOutput + -XX:LogFile=${home}/nexus3/log/jvm.log + -XX:-OmitStackTraceInFastThrow + -Djava.net.preferIPv4Stack=true + -Dkaraf.home=${package} + -Dkaraf.base=${package} + -Dkaraf.etc=${package}/etc/karaf + -Djava.util.logging.config.file=${package}/etc/karaf/java.util.logging.properties + -Dkaraf.data=${home}/nexus3 + -Djava.io.tmpdir=${home}/nexus3/tmp + -Djdk.tls.ephemeralDHKeySize=2048 + --add-reads=java.xml=java.logging +--add-opens +java.base/java.security=ALL-UNNAMED +--add-opens +java.base/java.net=ALL-UNNAMED +--add-opens +java.base/java.lang=ALL-UNNAMED +--add-opens +java.base/java.util=ALL-UNNAMED +--add-opens +java.naming/javax.naming.spi=ALL-UNNAMED +--add-opens +java.rmi/sun.rmi.transport.tcp=ALL-UNNAMED +--add-exports=java.base/sun.net.www.protocol.http=ALL-UNNAMED +--add-exports=java.base/sun.net.www.protocol.https=ALL-UNNAMED +--add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED +--add-exports=jdk.xml.dom/org.w3c.dom.html=ALL-UNNAMED +--add-exports=jdk.naming.rmi/com.sun.jndi.url.rmi=ALL-UNNAMED +--add-exports=java.security.sasl/com.sun.security.sasl=ALL-UNNAMED +--add-exports=java.base/sun.security.x509=ALL-UNNAMED +--add-exports=java.base/sun.security.rsa=ALL-UNNAMED +--add-exports=java.base/sun.security.pkcs=ALL-UNNAMED +''; }; + + programs.nix-ld.enable = true; }