Merge remote-tracking branch 'prism/makefu'

author: lassulus <lass@blue.r> 2018-07-28 19:19:17 +0200
committer: lassulus <lass@blue.r> 2018-07-28 19:19:17 +0200
commit: 8d281b3dde22cca048b1ea02360906c66a7f4246 (patch)
tree: 6faa37ffa82718e2b164aaafdc44bf79df8b3430
parent: 2712a197eb1e9a0534fe949594ad9f5f2206d195 (diff)
parent: 54990bce8941dfc9b38504fbff357cadd66354a3 (diff)
5 files changed, 34 insertions, 9 deletions
diff --git a/krebs/1systems/onebutton/source.nix b/krebs/1systems/onebutton/source.nix
index 6842bfaab..91a998de7 100644
--- a/krebs/1systems/onebutton/source.nix
+++ b/krebs/1systems/onebutton/source.nix
@@ -1,11 +1,8 @@
 with import <stockholm/lib>;
 let
   pkgs = import <nixpkgs> {};
-  nixpkgs = pkgs.fetchFromGitHub {
-    owner = "nixos";
-    repo = "nixpkgs-channels";
-    rev = "nixos-unstable"; # only binary cache for unstable arm6
-    sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd";
+  nixpkgs = builtins.fetchTarball {
+    url = https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz;
   };
 in import <stockholm/krebs/source.nix> {
   name = "onebutton";
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index df317a016..7c81a2015 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -43,16 +43,18 @@ in {
       <stockholm/makefu/2configs/stats/external/aralast.nix>
       <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
       # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
+      <stockholm/makefu/2configs/hw/mceusb.nix>
 
       <stockholm/makefu/2configs/deployment/bureautomation>
       (let
           collectd-port = 25826;
           influx-port = 8086;
+          admin-port = 8083;
           grafana-port = 3000; # TODO nginx forward
           db = "collectd_db";
           logging-interface = "enp0s25";
         in {
-          networking.firewall.allowedTCPPorts = [ 3000 ];
+          networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ];
 
           services.grafana.enable = true;
           services.grafana.addr = "0.0.0.0";
@@ -61,7 +63,7 @@ in {
             meta.hostname = config.krebs.build.host.name;
             # meta.logging-enabled = true;
             http.bind-address = ":${toString influx-port}";
-            admin.bind-address = ":8083";
+            admin.bind-address = ":${toString admin-port}";
             collectd = [{
               enabled = true;
               typesdb = "${pkgs.collectd}/share/collectd/types.db";
@@ -125,7 +127,6 @@ in {
   networking.firewall.allowedTCPPorts = [
     655
     8081 #smokeping
-    8086 #influx
     49152
   ];
   networking.firewall.trustedInterfaces = [ "enp0s25" ];
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index e9d4b18e0..cfde0aba8 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -108,7 +108,6 @@ let
           # Add headers to serve security related headers
           add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
           add_header X-Content-Type-Options nosniff;
-          add_header X-Frame-Options "SAMEORIGIN";
           add_header X-XSS-Protection "1; mode=block";
           add_header X-Robots-Tag none;
           # Optional: Don't log access to assets
@@ -144,6 +143,8 @@ let
         opcache.memory_consumption=128
         opcache.save_comments=1
         opcache.revalidate_freq=1
+        opcache.file_cache = .opcache
+        zend_extension=${pkgs.php}/lib/php/extensions/opcache.so
 
         display_errors = on
         display_startup_errors = on
@@ -155,6 +156,13 @@ let
         extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
         extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
       '';
+      systemd.services."nextcloud-cron-${domain}" = {
+        serviceConfig = {
+          User = "nginx";
+          ExecStart = "${pkgs.php}/bin/php -f ${root}/cron.php";
+        };
+        startAt = "*:0/15";
+      };
     };
 in  {
   imports = [
diff --git a/makefu/2configs/hw/mceusb.nix b/makefu/2configs/hw/mceusb.nix
new file mode 100644
index 000000000..c1d6f5651
--- /dev/null
+++ b/makefu/2configs/hw/mceusb.nix
@@ -0,0 +1,18 @@
+{pkgs,...}:{
+  # Disable the MCE remote from acting like a keyboard.  (We use lirc instead.)
+  services.xserver.inputClassSections = [''
+    Identifier   "MCE USB Keyboard mimic blacklist"
+    Driver       "mceusb"
+    MatchProduct "Media Center Ed. eHome Infrared Remote Transceiver (1934:5168)"
+    Option       "Ignore" "on"
+  ''];
+  boot.kernelPackages = builtins.trace "Using linux kernel 4.16, not latest" pkgs.linuxPackages_4_16;
+  nixpkgs.config.packageOverrides = pkgs: {
+    linux_4_16 = pkgs.linux_4_16.override {
+        extraConfig = ''
+          LIRC y
+        '';
+    };
+  };
+
+}
diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix
index dd6ddddaf..cfb5e3fd2 100644
--- a/makefu/2configs/stats/client.nix
+++ b/makefu/2configs/stats/client.nix
@@ -31,6 +31,7 @@
         FSType "tmpfs"
         FSType "binfmt_misc"
         FSType "debugfs"
+        FSType "tracefs"
         FSType "mqueue"
         FSType "hugetlbfs"
         FSType "systemd-1"
author	lassulus <lass@blue.r>	2018-07-28 19:19:17 +0200
committer	lassulus <lass@blue.r>	2018-07-28 19:19:17 +0200
commit	8d281b3dde22cca048b1ea02360906c66a7f4246 (patch)
tree	6faa37ffa82718e2b164aaafdc44bf79df8b3430
parent	2712a197eb1e9a0534fe949594ad9f5f2206d195 (diff)
parent	54990bce8941dfc9b38504fbff357cadd66354a3 (diff)