Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Commit 5517b6f0 authored Jul 16, 2025 by Julian Stecklina

nixos/dependency-track: fix default JVM heap size

The default of 4GB is too low for a production setup and causes
DependencyTrack to hit java.lang.OutOfMemoryError. This causes
Dependency Track to enter a weird state where it will throw 502 and
504 errors.

The initial 4GB was set to make Dependency Track run in the (too
small) VM in the NixOS integration test. Move the explicit heap
configuration there. For the service itself, we now don't set a limit.
This means the JVM will choose its maximum heap on its own, which does
a much better job for realistic scenarios.

I added a release note, because people who run Dependency Track on
very tiny VMs/machines may experience issues.

parent 62e0f05e

nixos/doc/manual/release-notes/rl-2511.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -112,6 +112,8 @@

		- `services.clamsmtp` is unmaintained and was removed from Nixpkgs.

		- `services.dependency-track` removed its configuration of the JVM heap size. This lets the JVM choose its maximum heap size automatically, which should work much better in practice for most users. For deployments on systems with little RAM, it may now be necessary to manually configure a maximum heap size using {option}`services.dependency-track.javaArgs`.

		- `services.dnscrypt-proxy2` gains a `package` option to specify dnscrypt-proxy package to use.

		- `services.gitea` supports sending notifications with sendmail again. To do this, activate the parameter `services.gitea.mailerUseSendmail` and configure SMTP server.

nixos/modules/services/web-apps/dependency-track.nix

+6 −2

Original line number	Diff line number	Diff line
		@@ -76,8 +76,12 @@ in

		javaArgs = lib.mkOption {
		type = lib.types.listOf lib.types.str;
		default = [ "-Xmx4G" ];
		description = "Java options passed to JVM";
		default = [ ];
		example = lib.literalExpression ''[ "-Xmx16G" ] '';
		description = ''
		Java options passed to JVM. Configuring this is usually not necessary, but for small systems
		it can be useful to tweak the JVM heap size.
		'';
		};

		database = {

nixos/tests/dependency-track.nix

+5 −0

Original line number	Diff line number	Diff line
		@@ -37,6 +37,11 @@ in
		};
		services.dependency-track = {
		enable = true;

		# The Java VM defaults (correctly) to tiny heap on this tiny
		# VM, but that's not enough to start dependency-track.
		javaArgs = [ "-Xmx4G" ];

		port = dependencyTrackPort;
		nginx.domain = "localhost";
		database.passwordFile = "${pkgs.writeText "dbPassword" ''hunter2'THE'''H''''E''}";