diff --git a/nixos/modules/services/web-apps/nexus.nix b/nixos/modules/services/web-apps/nexus.nix
index f6a5ce73a12..d5bd0f12feb 100644
--- a/nixos/modules/services/web-apps/nexus.nix
+++ b/nixos/modules/services/web-apps/nexus.nix
@@ -42,6 +42,34 @@ in
         default = 8081;
         description = "Port to listen on.";
       };
+
+      jvmOpts = mkOption {
+        type = types.lines;
+        default = ''
+          -Xms1200M
+          -Xmx1200M
+          -XX:MaxDirectMemorySize=2G
+          -XX:+UnlockDiagnosticVMOptions
+          -XX:+UnsyncloadClass
+          -XX:+LogVMOutput
+          -XX:LogFile=${cfg.home}/nexus3/log/jvm.log
+          -XX:-OmitStackTraceInFastThrow
+          -Djava.net.preferIPv4Stack=true
+          -Dkaraf.home=${pkgs.nexus}
+          -Dkaraf.base=${pkgs.nexus}
+          -Dkaraf.etc=${pkgs.nexus}/etc/karaf
+          -Djava.util.logging.config.file=${pkgs.nexus}/etc/karaf/java.util.logging.properties
+          -Dkaraf.data=${cfg.home}/nexus3
+          -Djava.io.tmpdir=${cfg.home}/nexus3/tmp
+          -Dkaraf.startLocalConsole=false
+        '';
+
+        description = ''
+          Options for the JVM written to `nexus.jvmopts`.
+          Please refer to the docs (https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment)
+          for further information.
+        '';
+      };
     };
   };
 
@@ -63,13 +91,13 @@ in
       environment = {
         NEXUS_USER = cfg.user;
         NEXUS_HOME = cfg.home;
+
+        VM_OPTS_FILE = pkgs.writeText "nexus.vmoptions" cfg.jvmOpts;
       };
 
       preStart = ''
         mkdir -p ${cfg.home}/nexus3/etc
 
-        ln -sf ${cfg.home} /run/sonatype-work
-
         chown -R ${cfg.user}:${cfg.group} ${cfg.home}
 
         if [ ! -f ${cfg.home}/nexus3/etc/nexus.properties ]; then
@@ -77,10 +105,10 @@ in
           echo "application-port=${toString cfg.listenPort}" >> ${cfg.home}/nexus3/etc/nexus.properties
           echo "application-host=${toString cfg.listenAddress}" >> ${cfg.home}/nexus3/etc/nexus.properties
         else
-          sed 's/^application-port=.*/application-port=${toString cfg.listenPort}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
-          sed 's/^# application-port=.*/application-port=${toString cfg.listenPort}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
-          sed 's/^application-host=.*/application-host=${toString cfg.listenAddress}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
-          sed 's/^# application-host=.*/application-host=${toString cfg.listenAddress}/' -i ${cfg.home}/nexus3/etc/nexus.properties 
+          sed 's/^application-port=.*/application-port=${toString cfg.listenPort}/' -i ${cfg.home}/nexus3/etc/nexus.properties
+          sed 's/^# application-port=.*/application-port=${toString cfg.listenPort}/' -i ${cfg.home}/nexus3/etc/nexus.properties
+          sed 's/^application-host=.*/application-host=${toString cfg.listenAddress}/' -i ${cfg.home}/nexus3/etc/nexus.properties
+          sed 's/^# application-host=.*/application-host=${toString cfg.listenAddress}/' -i ${cfg.home}/nexus3/etc/nexus.properties
         fi
       '';
 
diff --git a/nixos/release.nix b/nixos/release.nix
index 7ec41af4fd4..365f93b731e 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -346,6 +346,7 @@ in rec {
   tests.networking.scripted = callSubTests tests/networking.nix { networkd = false; };
   # TODO: put in networking.nix after the test becomes more complete
   tests.networkingProxy = callTest tests/networking-proxy.nix {};
+  tests.nexus = callTest tests/nexus.nix { };
   tests.nfs3 = callTest tests/nfs.nix { version = 3; };
   tests.nfs4 = callTest tests/nfs.nix { version = 4; };
   tests.nginx = callTest tests/nginx.nix { };
diff --git a/nixos/tests/nexus.nix b/nixos/tests/nexus.nix
index 1f19fc0867a..d12d06c2c00 100644
--- a/nixos/tests/nexus.nix
+++ b/nixos/tests/nexus.nix
@@ -1,12 +1,12 @@
 # verifies:
 #   1. nexus service starts on server
-#   2. nexus user can be extended on server
-#   3. nexus service not can startup on server (creating database and all other initial stuff)
+#   2. nexus service can startup on server (creating database and all other initial stuff)
+#   3. the web application is reachable via HTTP
 
 import ./make-test.nix ({ pkgs, ...} : {
   name = "nexus";
   meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ ironpinguin ];
+    maintainers = [ ironpinguin ma27 ];
   };
 
   nodes = {
@@ -14,21 +14,19 @@ import ./make-test.nix ({ pkgs, ...} : {
     server =
       { config, pkgs, ... }:
       { virtualisation.memorySize = 2048;
+        virtualisation.diskSize = 2048;
 
         services.nexus.enable = true;
-
-        users.extraUsers.nexus.extraGroups = [ "users" ];
       };
+
   };
 
   testScript = ''
     startAll;
 
     $server->waitForUnit("nexus");
-
-    print $server->execute("sudo -u nexus groups");
-    $server->mustSucceed("sudo -u nexus groups | grep nexus | grep users");
-
     $server->waitForOpenPort(8081);
+
+    $server->succeed("curl -f 127.0.0.1:8081");
   '';
 })
diff --git a/pkgs/development/tools/repository-managers/nexus/default.nix b/pkgs/development/tools/repository-managers/nexus/default.nix
index 25dba0ac02f..fb7a6007074 100644
--- a/pkgs/development/tools/repository-managers/nexus/default.nix
+++ b/pkgs/development/tools/repository-managers/nexus/default.nix
@@ -1,22 +1,22 @@
 { stdenv, fetchurl, makeWrapper, jre, gawk }:
+
 stdenv.mkDerivation rec {
   name = "nexus-${version}";
-  version = "3.5.1-02";
+  version = "3.11.0-01";
 
   src = fetchurl {
     url = "https://sonatype-download.global.ssl.fastly.net/nexus/3/nexus-${version}-mac.tgz";
-    sha256 = "5ef3512c2bbdd45ef35921c1a0ba109b45bd9dad88311750196aa689262258b6";
+    sha256 = "1h5nfzb1sqhzb5j7w2dpmdi7vnnc9g6zx43a44f3zjvlxh1s0vim";
   };
 
   sourceRoot = name;
 
   nativeBuildInputs = [ makeWrapper ];
 
-  patches = [ ./nexus-bin.patch ];
+  patches = [ ./nexus-bin.patch ./nexus-vm-opts.patch ];
 
   postPatch = ''
     substituteInPlace bin/nexus.vmoptions \
-      --replace ../sonatype-work/nexus3 /run/sonatype-work/nexus3 \
       --replace etc/karaf $out/etc/karaf \
       --replace =. =$out
   '';
@@ -28,14 +28,12 @@ stdenv.mkDerivation rec {
     cp -rfv * .install4j $out
     rm -fv $out/bin/nexus.bat
 
-    runHook postInstall
-  '';
-
-  postInstall = ''
     wrapProgram $out/bin/nexus \
       --set JAVA_HOME ${jre} \
       --set ALTERNATIVE_NAME "nexus" \
       --prefix PATH "${stdenv.lib.makeBinPath [ gawk ]}"
+
+    runHook postInstall
   '';
 
   meta = with stdenv.lib; {
@@ -43,6 +41,6 @@ stdenv.mkDerivation rec {
     homepage = http://www.sonatype.org/nexus;
     license = licenses.epl10;
     platforms = platforms.all;
-    maintainers = with maintainers; [ aespinosa ironpinguin ];
+    maintainers = with maintainers; [ aespinosa ironpinguin ma27 ];
   };
 }
diff --git a/pkgs/development/tools/repository-managers/nexus/nexus-vm-opts.patch b/pkgs/development/tools/repository-managers/nexus/nexus-vm-opts.patch
new file mode 100644
index 00000000000..744b4b96a56
--- /dev/null
+++ b/pkgs/development/tools/repository-managers/nexus/nexus-vm-opts.patch
@@ -0,0 +1,14 @@
+diff --git a/bin/nexus b/bin/nexus
+index e7ed3fb..8db766b 100755
+--- a/bin/nexus
++++ b/bin/nexus
+@@ -440,7 +440,8 @@ add_class_path "$app_home/lib/boot/org.apache.karaf.diagnostic.boot-4.0.9.jar"
+ add_class_path "$app_home/lib/boot/org.apache.karaf.jaas.boot-4.0.9.jar"
+ 
+ vmoptions_val=""
+-read_vmoptions "$prg_dir/$progname.vmoptions"
++VM_OPTS=${VM_OPTS_FILE:-"$prg_dir/$progname.vmoptions"}
++read_vmoptions "$VM_OPTS"
+ INSTALL4J_ADD_VM_PARAMS="$INSTALL4J_ADD_VM_PARAMS $vmoptions_val"
+ 
+