{ config, pkgs, lib, ...}:

let
  lAddress = "127.0.0.1";
  lPort = 9081;
  nexusPkgs = pkgs.nexus.overrideAttrs (oldAttrs: rec {
    pname = "nexus";
    version = "3.80.0-06";
    sourceRoot = "${pname}-${version}";
    src = pkgs.fetchurl {
      url = "https://download.sonatype.com/nexus/3/nexus-${version}-linux-x86_64.tar.gz";
      sha256 = "sha256-+Xr6qmmG1tH2wWv+jyZzkZJMB1hngO51IXLyfwKUfS0=";
    };

    patches = [
    # ./nexus-bin.patch
     ./nexus-vm-opts.patch
    ];

    postPatch = ''
      substituteInPlace bin/nexus.vmoptions \
        --replace-fail ../sonatype-work /var/lib/sonatype-work \
        --replace-fail =. =$out
    '';

    installPhase = ''
      runHook preInstall
      mkdir -p $out
      cp -rfv *  $out
      rm -fv $out/bin/nexus.bat
      wrapProgram $out/bin/nexus \
        --set JAVA_HOME ${pkgs.jdk17_headless} \
        --set ALTERNATIVE_NAME "nexus" \
        --prefix PATH "${lib.makeBinPath [ pkgs.gawk ]}"
      runHook postInstall
    '';
});

home ="/var/lib/sonatype-work";

package = nexusPkgs;

in
{
  services.nginx.virtualHosts."nexus.stubbe.rocks" = {
    enableACME = true;
    forceSSL = true;
    locations."/".proxyPass = "http://${lAddress}:${toString lPort}";
  };

  services.nexus= {
    enable = true;
    listenAddress = lAddress;
    listenPort = lPort;
    package = nexusPkgs;
    jvmOpts = ''
  -Xms2703m
  -Xmx2703m
  -XX:+UnlockDiagnosticVMOptions
  -XX:+LogVMOutput
  -XX:LogFile=${home}/nexus3/log/jvm.log
  -XX:-OmitStackTraceInFastThrow
  -Djava.net.preferIPv4Stack=true
  -Dkaraf.home=${package}
  -Dkaraf.base=${package}
  -Dkaraf.etc=${package}/etc/karaf
  -Djava.util.logging.config.file=${package}/etc/karaf/java.util.logging.properties
  -Dkaraf.data=${home}/nexus3
  -Djava.io.tmpdir=${home}/nexus3/tmp
  -Djdk.tls.ephemeralDHKeySize=2048
  --add-reads=java.xml=java.logging
--add-opens
java.base/java.security=ALL-UNNAMED
--add-opens
java.base/java.net=ALL-UNNAMED
--add-opens
java.base/java.lang=ALL-UNNAMED
--add-opens
java.base/java.util=ALL-UNNAMED
--add-opens
java.naming/javax.naming.spi=ALL-UNNAMED
--add-opens
java.rmi/sun.rmi.transport.tcp=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.http=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.https=ALL-UNNAMED
--add-exports=java.base/sun.net.www.protocol.jar=ALL-UNNAMED
--add-exports=jdk.xml.dom/org.w3c.dom.html=ALL-UNNAMED
--add-exports=jdk.naming.rmi/com.sun.jndi.url.rmi=ALL-UNNAMED
--add-exports=java.security.sasl/com.sun.security.sasl=ALL-UNNAMED
--add-exports=java.base/sun.security.x509=ALL-UNNAMED
--add-exports=java.base/sun.security.rsa=ALL-UNNAMED
--add-exports=java.base/sun.security.pkcs=ALL-UNNAMED
'';
  };

  programs.nix-ld.enable = true;
}