3 files changed, 121 insertions, 5 deletions
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix
new file mode 100644
index 000000000..b62f37bdb
--- /dev/null
+++ b/makefu/2configs/deployment/bureautomation/hass.nix
@@ -0,0 +1,75 @@
+{ pkgs, lib, ... }:
+let
+  firetv = "192.168.1.238";
+in {
+  imports = [
+    <nixpkgs-unstable/nixos/modules/services/misc/home-assistant.nix>
+  ];
+  systemd.services.firetv = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody";
+      ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+    };
+  };
+  nixpkgs.config.packageOverrides = oldpkgs: {
+    home-assistant = (import <nixpkgs-unstable> {}).home-assistant;
+  };
+  ids.uids.hass = 286;
+  ids.gids.hass = 286;
+  services.home-assistant = {
+  #panel_iframe:
+  #configurator:
+  #  title: Configurator
+  #  icon: mdi:wrench
+  #  url: http://hassio.local:3218
+  # sensor:
+  # - platform: random
+    enable = true;
+    config = {
+      homeassistant = {
+        name = "Bureautomation";
+        time_zone = "Europe/Berlin";
+      };
+      panel_iframe = {
+        euer_blog = {
+          title = "Euer Blog";
+          icon =  "mdi:wrench";
+          url = "https://euer.krebsco.de";
+        };
+      };
+      media_player = [
+        { platform = "kodi";
+          host = firetv;
+        }
+        { platform = "firetv";
+          # assumes python-firetv running
+        }
+      ];
+      sensor = [
+        {
+          platform = "luftdaten";
+          name = "Shack 1";
+          sensorid = "50";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        {
+          platform = "luftdaten";
+          name = "Shack 2";
+          sensorid = "658";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        {
+          platform = "luftdaten";
+          name = "Ditzingen";
+          sensorid = "5341";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        { platform = "random"; }
+      ];
+      frontend = { };
+      http = { };
+      feedreader.urls = [ "https://nixos.org/blogs.xml" ];
+    };
+  };
+}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 3a9d57dbb..e9d4b18e0 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -1,6 +1,18 @@
 { lib, pkgs, config, ... }:
 with lib;
 
+# imperative in config.php:
+# #local memcache:
+#     'memcache.local' => '\\OC\\Memcache\\APCu',
+# #local locking:
+#     'memcache.locking' => '\\OC\\Memcache\\Redis',
+#     'redis' =>
+#      array (
+#       'host' => 'localhost',
+#       'port' => 6379,
+#      ),
+
+
 let
   # TODO: copy-paste from lass/2/websites/util.nix
   serveCloud = domains:
@@ -124,20 +136,48 @@ let
         env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
         catch_workers_output = yes
       '';
+      services.phpfpm.phpOptions = ''
+        opcache.enable=1
+        opcache.enable_cli=1
+        opcache.interned_strings_buffer=8
+        opcache.max_accelerated_files=10000
+        opcache.memory_consumption=128
+        opcache.save_comments=1
+        opcache.revalidate_freq=1
+
+        display_errors = on
+        display_startup_errors = on
+        always_populate_raw_post_data = -1
+        error_reporting = E_ALL | E_STRICT
+        html_errors = On
+        date.timezone = "Europe/Berlin"
+        # extension=${pkgs.phpPackages.memcached}/lib/php/extensions/memcached.so
+        extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
+        extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+      '';
     };
 in  {
   imports = [
     ( serveCloud [ "o.euer.krebsco.de" ] )
   ];
 
-  services.mysql = { # TODO: currently nextcloud uses sqlite
+  services.redis.enable = true;
+  services.mysql = {
     enable = false;
     package = pkgs.mariadb;
     rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
-  };
-  services.mysqlBackup = {
-    enable = false;
-    databases = [ "nextcloud" ];
+    initialDatabases = [
+      # Or use writeText instead of literalExample?
+      #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+      {
+        name = "nextcloud";
+        schema = pkgs.writeText "nextcloud.sql"
+        ''
+        create user if not exists 'nextcloud'@'localhost' identified by 'password';
+        grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+        '';
+      }
+    ];
   };
   # dataDir is only defined after mysql is enabled
   # krebs.secret.files.mysql_rootPassword = {
diff --git a/makefu/2configs/deployment/photostore.krebsco.de.nix b/makefu/2configs/deployment/photostore.krebsco.de.nix
index ecbca9ea3..19a8df235 100644
--- a/makefu/2configs/deployment/photostore.krebsco.de.nix
+++ b/makefu/2configs/deployment/photostore.krebsco.de.nix
@@ -30,6 +30,7 @@ in {
       forceSSL = true;
       locations = {
         "/".extraConfig = ''
+        expires -1;
         uwsgi_pass                  unix://${wsgi-sock};
         uwsgi_param UWSGI_CHDIR     ${workdir};
         uwsgi_param UWSGI_MODULE    cuserver.main;